Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/aFKzvtWkALqNRut1GliVhc12n1s.roa
File: aFKzvtWkALqNRut1GliVhc12n1s.roa (raw, json)
Hash identifier: KjkgbSh9iQEBKJUhG1sKeZCIafUQtxbYwhQehLjqffo=
Subject key identifier: 68:52:B3:BE:D5:A4:00:BA:8D:46:EB:75:1A:58:95:85:CD:76:9F:5B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 553B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/aFKzvtWkALqNRut1GliVhc12n1s.roa
Signing time: Sun 12 May 2024 05:24:04 +0000
ROA not before: Sun 12 May 2024 05:24:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21819 (0x553b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 12 05:24:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=6852B3BED5A400BA8D46EB751A589585CD769F5B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:48:d6:7a:67:80:0c:6c:59:d6:35:c2:63:6c:
7a:60:73:fe:0e:26:17:8c:a0:a0:31:c3:d0:38:91:
67:a2:02:08:c9:99:0a:b5:5b:bc:a1:76:0a:7d:1d:
d8:3f:38:d1:1b:ef:38:35:4f:9f:a4:7d:97:b5:76:
48:18:b3:66:ef:c6:0f:fa:01:3e:17:ac:e1:d1:e9:
1a:a9:4f:54:d6:6b:fb:aa:91:dc:99:e1:3b:4c:fb:
bd:ac:87:2b:83:14:2c:bc:f6:b1:15:a5:a0:2c:cf:
bf:00:31:b2:99:df:4b:ae:c5:87:10:6e:ed:40:5f:
fd:75:22:64:a6:9b:de:ea:d4:dd:79:33:06:97:dc:
e3:a9:1b:a9:f6:27:c1:41:3e:dd:67:08:ee:29:30:
7f:c9:da:21:5f:7b:00:b5:de:71:80:2f:f8:fd:27:
1d:e3:e4:1b:c9:48:6f:1b:f0:e8:5c:bb:b6:c6:4b:
84:70:e4:67:eb:1b:98:45:13:80:4e:24:22:af:81:
13:e5:fa:72:32:bd:29:13:c6:53:73:4f:af:2d:ca:
05:4e:a4:ca:8a:bb:f4:75:9e:a3:19:d6:64:9a:c4:
4a:47:a9:87:de:3f:aa:5f:a7:95:98:08:71:0c:85:
60:b8:1f:3a:70:ad:be:4c:3c:41:38:b8:25:c8:12:
4f:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:52:B3:BE:D5:A4:00:BA:8D:46:EB:75:1A:58:95:85:CD:76:9F:5B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/aFKzvtWkALqNRut1GliVhc12n1s.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
2b:58:02:01:c6:ed:13:9a:84:16:06:6d:00:6d:51:d4:a1:fe:
a6:62:af:bf:b5:e4:56:7b:7e:24:4d:29:d1:61:c5:0e:3a:a1:
1a:5c:fb:70:bb:83:2d:eb:53:1a:27:ef:8d:83:85:1c:ff:62:
fa:3a:05:c7:b2:20:36:cf:d1:c1:cd:00:e0:6e:5b:9a:75:28:
d7:f8:cd:72:d5:4e:cc:46:a4:76:19:36:bd:cc:05:5f:89:3f:
db:0a:dc:4f:08:f5:19:91:02:4c:97:43:23:f5:c1:4d:26:8a:
88:74:f8:c1:fa:c5:d2:67:15:2e:8e:f2:3e:93:2f:02:1b:ff:
95:04:e1:a8:8f:47:e7:aa:5f:bb:67:02:69:19:c3:36:fa:4f:
d4:f6:8b:b7:bf:46:87:17:98:80:15:62:a8:3b:f4:fa:07:fd:
64:3a:0f:10:1f:27:a0:3b:2d:c1:e1:8a:42:4b:16:88:03:39:
c9:84:d5:01:4e:2b:da:16:41:47:90:c0:60:30:9b:bc:81:88:
68:5f:c8:97:fd:0d:f9:7a:35:f8:81:42:22:20:c0:9f:38:ea:
e6:53:39:c8:a3:45:05:4c:5c:9a:3f:2c:4d:7a:bb:e2:e8:bb:
1b:71:59:29:2d:ed:d6:f9:84:d2:02:a2:c2:a1:00:77:d3:e3:
87:bb:26:3c
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICVTswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTIw
NTI0MDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDY4NTJCM0JFRDVBNDAw
QkE4RDQ2RUI3NTFBNTg5NTg1Q0Q3NjlGNUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDkSNZ6Z4AMbFnWNcJjbHpgc/4OJheMoKAxw9A4kWeiAgjJmQq1
W7yhdgp9Hdg/ONEb7zg1T5+kfZe1dkgYs2bvxg/6AT4XrOHR6RqpT1TWa/uqkdyZ
4TtM+72shyuDFCy89rEVpaAsz78AMbKZ30uuxYcQbu1AX/11ImSmm97q1N15MwaX
3OOpG6n2J8FBPt1nCO4pMH/J2iFfewC13nGAL/j9Jx3j5BvJSG8b8Ohcu7bGS4Rw
5GfrG5hFE4BOJCKvgRPl+nIyvSkTxlNzT68tygVOpMqKu/R1nqMZ1mSaxEpHqYfe
P6pfp5WYCHEMhWC4Hzpwrb5MPEE4uCXIEk+xAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUaFKzvtWkALqNRut1GliVhc12n1swHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2FGS3p2dFdrQUxxTlJ1
dDFHbGlWaGMxMm4xcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBACtYAgHG7ROahBYGbQBtUdSh/qZir7+1
5FZ7fiRNKdFhxQ46oRpc+3C7gy3rUxon742DhRz/Yvo6BceyIDbP0cHNAOBuW5p1
KNf4zXLVTsxGpHYZNr3MBV+JP9sK3E8I9RmRAkyXQyP1wU0mioh0+MH6xdJnFS6O
8j6TLwIb/5UE4aiPR+eqX7tnAmkZwzb6T9T2i7e/RocXmIAVYqg79PoH/WQ6DxAf
J6A7LcHhikJLFogDOcmE1QFOK9oWQUeQwGAwm7yBiGhfyJf9Dfl6NfiBQiIgwJ84
6uZTOcijRQVMXJo/LE16u+LouxtxWSkt7db5hNICosKhAHfT44e7Jjw=
-----END CERTIFICATE-----
Generated at Sun Jun 22 06:26:24 2025 by rpki-client