Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/WkBdgzK3CALdcP6y-riClVdw7nU.roa
File: WkBdgzK3CALdcP6y-riClVdw7nU.roa (raw, json)
Hash identifier: yhKrT0JfXAnHoTb3mfOZope4r425riEWfCA7hIm9dAw=
Subject key identifier: 5A:40:5D:83:32:B7:08:02:DD:70:FE:B2:FA:B8:82:95:57:70:EE:75
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3BEF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WkBdgzK3CALdcP6y-riClVdw7nU.roa
Signing time: Mon 08 Apr 2024 11:52:34 +0000
ROA not before: Mon 08 Apr 2024 11:52:34 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15343 (0x3bef)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 8 11:52:34 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5A405D8332B70802DD70FEB2FAB882955770EE75
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:b9:cc:83:d3:7a:76:4a:83:c3:59:0a:4c:fe:
89:dd:a8:f4:de:83:6e:c2:c1:a3:61:e7:df:e2:15:
e7:e8:8a:64:84:58:05:fe:c8:74:3a:45:f2:ed:af:
37:3e:c9:b1:6d:ab:b1:9d:25:67:4a:f9:6b:9d:94:
60:98:ee:4b:f7:8d:f4:10:27:85:c6:4b:e4:4a:e9:
bd:0c:a0:f7:a4:eb:1c:ae:ed:df:8f:43:22:29:94:
7f:a8:3f:5c:dd:d4:08:71:cd:0d:c7:8e:72:0e:9c:
9d:96:c5:a8:84:32:ad:bf:bc:a8:4c:28:3b:07:d3:
41:ba:3c:02:8e:ef:3b:61:26:bc:40:b1:36:2e:19:
11:49:10:c9:57:cc:20:41:03:72:83:9f:60:ea:f4:
4c:95:bf:22:fa:a1:41:d6:47:ff:45:b4:1d:8a:87:
a6:f4:5c:cf:84:69:53:6d:13:2b:4b:3c:34:85:50:
87:ea:2d:b4:da:20:b5:2a:a2:58:fb:72:11:0c:97:
87:8b:71:bb:f5:8a:8e:fb:8d:72:31:8d:a6:24:6e:
6f:95:08:ca:17:97:14:79:f6:2c:28:6f:12:1b:fa:
5d:39:98:01:1f:11:61:74:03:22:1e:6f:3d:e5:ca:
ba:02:a8:ba:c6:38:20:a4:e6:04:14:50:9b:5d:a9:
42:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:40:5D:83:32:B7:08:02:DD:70:FE:B2:FA:B8:82:95:57:70:EE:75
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WkBdgzK3CALdcP6y-riClVdw7nU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
12:cb:92:a5:92:d5:bb:11:58:62:33:d3:2e:63:d8:7e:8a:76:
13:26:84:04:2d:d9:e4:a0:b9:64:71:a6:eb:7e:24:d0:fc:51:
5e:42:de:59:ca:f9:c7:89:93:0d:3e:e8:26:2b:a8:2b:8d:dc:
06:ac:02:a2:3c:86:14:2c:24:fe:c7:fa:ae:2a:0b:b9:71:5a:
79:79:21:db:6e:76:64:c3:bd:d0:cf:62:87:93:9b:97:2b:28:
b4:ec:2e:58:4a:9a:d8:39:f6:53:a7:d9:57:a8:b4:02:62:9e:
05:01:a3:a5:de:18:15:7b:1c:5d:7c:f0:26:2f:7b:4d:39:62:
9a:78:c6:f1:c4:98:7a:27:a1:45:b1:f8:10:f7:c2:79:c5:9b:
54:12:94:e3:6f:19:54:85:9d:29:50:ff:19:b3:89:4b:49:76:
f7:17:9e:e7:d8:55:9f:76:ef:d6:c0:ae:44:02:2a:ec:ca:ee:
87:a0:fe:37:76:d4:e0:17:54:b2:cd:96:b4:49:8f:76:63:a6:
d4:37:f8:30:08:d9:4e:85:8f:64:3e:a0:0f:4e:05:53:12:06:
6b:e1:ec:01:1d:db:18:89:75:41:0a:00:7f:51:aa:7e:67:2b:
88:66:b2:8d:db:21:3e:d5:10:0b:a2:cf:83:08:fc:19:13:a4:
45:fd:fd:78
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICO+8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDgx
MTUyMzRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDVBNDA1RDgzMzJCNzA4
MDJERDcwRkVCMkZBQjg4Mjk1NTc3MEVFNzUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDeucyD03p2SoPDWQpM/ondqPTeg27CwaNh59/iFefoimSEWAX+
yHQ6RfLtrzc+ybFtq7GdJWdK+WudlGCY7kv3jfQQJ4XGS+RK6b0MoPek6xyu7d+P
QyIplH+oP1zd1AhxzQ3HjnIOnJ2WxaiEMq2/vKhMKDsH00G6PAKO7zthJrxAsTYu
GRFJEMlXzCBBA3KDn2Dq9EyVvyL6oUHWR/9FtB2Kh6b0XM+EaVNtEytLPDSFUIfq
LbTaILUqolj7chEMl4eLcbv1io77jXIxjaYkbm+VCMoXlxR59iwobxIb+l05mAEf
EWF0AyIebz3lyroCqLrGOCCk5gQUUJtdqUK/AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUWkBdgzK3CALdcP6y+riClVdw7nUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1drQmRnekszQ0FMZGNQ
NnktcmlDbFZkdzduVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBABLLkqWS1bsRWGIz0y5j2H6KdhMmhAQt
2eSguWRxput+JND8UV5C3lnK+ceJkw0+6CYrqCuN3AasAqI8hhQsJP7H+q4qC7lx
Wnl5IdtudmTDvdDPYoeTm5crKLTsLlhKmtg59lOn2VeotAJingUBo6XeGBV7HF18
8CYve005Ypp4xvHEmHonoUWx+BD3wnnFm1QSlONvGVSFnSlQ/xmziUtJdvcXnufY
VZ9279bArkQCKuzK7oeg/jd21OAXVLLNlrRJj3ZjptQ3+DAI2U6Fj2Q+oA9OBVMS
Bmvh7AEd2xiJdUEKAH9Rqn5nK4hmso3bIT7VEAuiz4MI/BkTpEX9/Xg=
-----END CERTIFICATE-----
Generated at Sun Jun 22 04:42:22 2025 by rpki-client