Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/WvNmjfgzQA9w3QjvDKJ_4nxB_ZQ.roa
File: WvNmjfgzQA9w3QjvDKJ_4nxB_ZQ.roa (raw, json)
Hash identifier: HMFAETyAFoc66a2GyX9IGJXVqPuVLp1+CbENxIstIpk=
Subject key identifier: 5A:F3:66:8D:F8:33:40:0F:70:DD:08:EF:0C:A2:7F:E2:7C:41:FD:94
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 484F
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WvNmjfgzQA9w3QjvDKJ_4nxB_ZQ.roa
Signing time: Wed 24 Apr 2024 23:53:17 +0000
ROA not before: Wed 24 Apr 2024 23:53:17 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18511 (0x484f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 24 23:53:17 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5AF3668DF833400F70DD08EF0CA27FE27C41FD94
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:ab:e9:72:02:0d:62:32:8d:a8:5c:0d:7a:ef:
a7:d8:f3:13:cf:1b:a6:c0:45:e9:26:5a:33:ae:03:
18:bd:97:ea:4a:93:7e:57:d5:1d:79:f3:37:ed:ee:
21:3d:0c:bb:cc:35:9f:55:ac:df:e4:70:e1:7a:d4:
3f:e1:3b:7f:b3:3b:28:82:0c:0e:31:08:db:4e:30:
7b:e1:9d:a3:2b:db:9f:ec:7b:cf:ac:67:75:df:48:
6c:1a:3c:72:1e:f2:59:d4:cb:ca:fe:ca:31:e1:2f:
ed:87:b2:db:9a:06:eb:e3:c9:92:ad:42:da:a9:26:
8e:db:99:94:f1:57:9b:e2:bd:df:71:f8:67:20:d7:
50:e2:84:f1:da:ce:83:40:58:4e:c6:30:6a:1f:a6:
fb:80:a2:c9:63:30:5d:5b:5b:00:06:f1:52:35:fa:
d1:10:a4:25:63:97:53:e7:5c:80:3a:1f:41:7f:5c:
e4:54:b5:4f:6f:7b:0b:d7:ba:af:7f:f8:1d:e2:b8:
85:f6:16:2b:0b:fa:24:de:b5:80:6c:0e:78:7e:4a:
96:e1:81:11:de:f8:53:0a:77:54:ea:62:f1:3b:67:
71:ff:b7:eb:78:57:be:fc:1f:54:c1:ec:3c:98:78:
4e:5d:6c:a1:30:8a:54:08:c4:23:f7:de:d8:9b:b1:
f5:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:F3:66:8D:F8:33:40:0F:70:DD:08:EF:0C:A2:7F:E2:7C:41:FD:94
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WvNmjfgzQA9w3QjvDKJ_4nxB_ZQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
51:e7:14:16:2b:d4:26:9a:ca:f5:47:c6:d3:8e:37:66:75:f3:
51:f7:b4:09:5a:d0:51:ae:00:80:2b:64:60:37:fc:c0:a3:a8:
51:2a:fc:b0:87:5a:d9:8f:f5:a0:14:ee:2e:2f:ec:bd:d7:82:
93:7e:e1:54:3c:79:c6:b6:7d:28:de:a5:0a:e3:c0:09:63:df:
b2:5d:ba:3e:21:0c:f2:4c:52:30:bb:1e:01:68:44:6b:83:53:
39:82:5e:3c:40:5a:63:37:c6:0b:02:33:04:ed:00:4c:08:7b:
58:5a:eb:e0:f7:91:f8:e4:b5:60:e4:b4:13:7f:3a:b1:21:90:
97:67:f4:9b:bb:e2:95:dc:10:2a:c1:5d:00:76:81:6a:d7:2c:
55:30:aa:dc:01:d5:42:bf:1e:bd:e7:bd:85:df:a6:ba:86:29:
4d:e3:3a:d0:09:f1:8a:47:1a:f4:6a:71:64:54:ba:3a:5f:ac:
c8:05:ae:d3:5e:81:1f:20:6f:8c:fc:cb:79:aa:15:37:2f:3f:
e2:d8:f4:60:c4:fd:6f:b6:e0:be:ac:3a:19:40:be:0e:0c:c9:
8e:2f:1b:7e:be:d0:21:38:01:14:22:db:9a:ca:93:2d:7e:8d:
88:63:35:8e:b5:cb:a5:f2:6f:1c:2f:47:f9:7e:4a:a7:bb:f0:
8a:05:59:e7
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICSE8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjQy
MzUzMTdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDVBRjM2NjhERjgzMzQw
MEY3MEREMDhFRjBDQTI3RkUyN0M0MUZEOTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCgq+lyAg1iMo2oXA1676fY8xPPG6bARekmWjOuAxi9l+pKk35X
1R158zft7iE9DLvMNZ9VrN/kcOF61D/hO3+zOyiCDA4xCNtOMHvhnaMr25/se8+s
Z3XfSGwaPHIe8lnUy8r+yjHhL+2HstuaBuvjyZKtQtqpJo7bmZTxV5vivd9x+Gcg
11DihPHazoNAWE7GMGofpvuAosljMF1bWwAG8VI1+tEQpCVjl1PnXIA6H0F/XORU
tU9vewvXuq9/+B3iuIX2FisL+iTetYBsDnh+SpbhgRHe+FMKd1TqYvE7Z3H/t+t4
V778H1TB7DyYeE5dbKEwilQIxCP33tibsfVlAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUWvNmjfgzQA9w3QjvDKJ/4nxB/ZQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1d2Tm1qZmd6UUE5dzNR
anZES0pfNG54Ql9aUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAFHnFBYr1CaayvVHxtOON2Z181H3tAla
0FGuAIArZGA3/MCjqFEq/LCHWtmP9aAU7i4v7L3XgpN+4VQ8eca2fSjepQrjwAlj
37Jduj4hDPJMUjC7HgFoRGuDUzmCXjxAWmM3xgsCMwTtAEwIe1ha6+D3kfjktWDk
tBN/OrEhkJdn9Ju74pXcECrBXQB2gWrXLFUwqtwB1UK/Hr3nvYXfprqGKU3jOtAJ
8YpHGvRqcWRUujpfrMgFrtNegR8gb4z8y3mqFTcvP+LY9GDE/W+24L6sOhlAvg4M
yY4vG36+0CE4ARQi25rKky1+jYhjNY61y6XybxwvR/l+Sqe78IoFWec=
-----END CERTIFICATE-----
Generated at Sat Jun 21 00:05:22 2025 by rpki-client