Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/cMNCYeCyMbLRHziOMcx0TetGRYo.roa
File: cMNCYeCyMbLRHziOMcx0TetGRYo.roa (raw, json)
Hash identifier: RfMg+nKbGfOvlZLze5Fqfw0n7Zy/hFEackKkDYshFq8=
Subject key identifier: 70:C3:42:61:E0:B2:31:B2:D1:1F:38:8E:31:CC:74:4D:EB:46:45:8A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3337
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/cMNCYeCyMbLRHziOMcx0TetGRYo.roa
Signing time: Wed 27 Mar 2024 20:52:01 +0000
ROA not before: Wed 27 Mar 2024 20:52:01 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13111 (0x3337)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 27 20:52:01 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=70C34261E0B231B2D11F388E31CC744DEB46458A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f2:4a:56:46:98:92:71:96:22:4a:4f:40:ca:d5:
97:8a:bc:2e:30:7e:84:bd:19:ae:c6:78:79:ef:29:
b2:95:53:67:77:ea:0b:5f:bb:c2:0b:f2:69:88:1e:
dd:8e:87:ed:c8:68:c6:73:fe:a2:d8:59:4c:e9:06:
58:e7:de:60:e3:f8:13:1d:5d:f3:c1:2f:dd:e9:fc:
1e:30:04:4c:c4:44:42:db:f9:71:06:22:e7:64:ab:
1f:0e:1c:10:81:d7:19:db:40:80:b1:5c:51:c5:63:
eb:f4:2f:96:6d:32:66:16:89:20:75:fa:79:dd:e9:
14:c1:1d:da:fd:8d:fa:d5:fc:f6:17:d0:73:db:ac:
10:d2:5b:de:3a:65:93:98:bc:32:c5:cf:25:54:75:
80:e5:3b:84:d9:08:d7:f4:00:07:6d:09:2d:4c:10:
50:d8:6c:01:71:ea:3d:54:1f:96:fc:89:8c:6f:7d:
d8:38:94:d3:e0:09:93:28:7a:95:58:eb:79:47:2e:
41:d3:ac:e2:3f:7a:22:37:b7:cf:15:22:d0:85:f4:
24:41:88:fc:02:39:c0:a2:86:53:4e:1d:ff:a3:f5:
c4:20:da:12:7e:c9:53:c4:99:3f:c6:90:89:ed:19:
7f:f0:67:c1:50:2a:6c:45:47:09:b7:fb:32:bf:40:
38:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:C3:42:61:E0:B2:31:B2:D1:1F:38:8E:31:CC:74:4D:EB:46:45:8A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/cMNCYeCyMbLRHziOMcx0TetGRYo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
a6:12:05:91:b6:a7:0a:12:55:c1:fc:45:bc:ba:19:be:81:1c:
d4:62:c5:9d:2f:78:10:82:48:a1:0b:66:35:6a:fa:b4:50:d1:
93:93:c8:38:e9:67:af:56:fe:b7:e2:33:44:8a:7e:39:36:b4:
c9:2a:aa:65:63:b5:d2:40:a9:e2:9a:51:7e:81:66:e7:b5:57:
33:7e:ba:a0:9a:09:7f:cd:68:53:94:ae:77:64:1e:11:aa:ef:
9e:c6:5c:59:48:9b:ae:02:9a:a4:4f:1a:f9:4c:11:71:b5:e7:
b8:22:de:9b:dd:75:72:9a:5c:ff:03:d9:5d:c2:0f:0a:8c:67:
44:58:8c:24:50:a9:67:50:3a:bb:7a:39:12:91:d9:d3:c1:19:
d0:3a:18:b1:c2:71:12:5f:8c:9b:35:60:f6:5f:17:39:37:35:
93:9a:ac:d0:88:bf:32:c4:aa:c8:ca:06:9f:d2:f1:fc:ea:95:
02:70:32:f5:ec:cd:07:c4:1a:d5:dc:80:aa:b0:aa:89:50:e9:
51:9a:17:4c:fa:f4:04:41:cb:6d:95:31:aa:a3:e8:8c:22:22:
f6:ee:24:3c:1d:0c:38:45:ab:33:f5:9e:1f:11:75:b8:e1:2b:
f1:21:c9:b2:15:ad:ef:e7:f9:ef:d9:71:4d:33:21:ec:9d:23:
a7:d6:73:36
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICMzcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjcy
MDUyMDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDcwQzM0MjYxRTBCMjMx
QjJEMTFGMzg4RTMxQ0M3NDRERUI0NjQ1OEEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDySlZGmJJxliJKT0DK1ZeKvC4wfoS9Ga7GeHnvKbKVU2d36gtf
u8IL8mmIHt2Oh+3IaMZz/qLYWUzpBljn3mDj+BMdXfPBL93p/B4wBEzERELb+XEG
Iudkqx8OHBCB1xnbQICxXFHFY+v0L5ZtMmYWiSB1+nnd6RTBHdr9jfrV/PYX0HPb
rBDSW946ZZOYvDLFzyVUdYDlO4TZCNf0AAdtCS1MEFDYbAFx6j1UH5b8iYxvfdg4
lNPgCZMoepVY63lHLkHTrOI/eiI3t88VItCF9CRBiPwCOcCihlNOHf+j9cQg2hJ+
yVPEmT/GkIntGX/wZ8FQKmxFRwm3+zK/QDjLAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUcMNCYeCyMbLRHziOMcx0TetGRYowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2NNTkNZZUN5TWJMUkh6
aU9NY3gwVGV0R1JZby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAKYSBZG2pwoSVcH8Rby6Gb6BHNRixZ0v
eBCCSKELZjVq+rRQ0ZOTyDjpZ69W/rfiM0SKfjk2tMkqqmVjtdJAqeKaUX6BZue1
VzN+uqCaCX/NaFOUrndkHhGq757GXFlIm64CmqRPGvlMEXG157gi3pvddXKaXP8D
2V3CDwqMZ0RYjCRQqWdQOrt6ORKR2dPBGdA6GLHCcRJfjJs1YPZfFzk3NZOarNCI
vzLEqsjKBp/S8fzqlQJwMvXszQfEGtXcgKqwqolQ6VGaF0z69ARBy22VMaqj6Iwi
IvbuJDwdDDhFqzP1nh8RdbjhK/EhybIVre/n+e/ZcU0zIeydI6fWczY=
-----END CERTIFICATE-----
Generated at Sat Jun 21 04:58:26 2025 by rpki-client