Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/cgNnbju2smAkKjjcqIlUBR9tnFk.roa
File: cgNnbju2smAkKjjcqIlUBR9tnFk.roa (raw, json)
Hash identifier: X2ybucMhuP1gdsKvrMCD6NYajTpotZpHO7ngrzI33qU=
Subject key identifier: 72:03:67:6E:3B:B6:B2:60:24:2A:38:DC:A8:89:54:05:1F:6D:9C:59
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4E73
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/cgNnbju2smAkKjjcqIlUBR9tnFk.roa
Signing time: Fri 03 May 2024 04:23:48 +0000
ROA not before: Fri 03 May 2024 04:23:48 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20083 (0x4e73)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 3 04:23:48 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=7203676E3BB6B260242A38DCA88954051F6D9C59
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:4f:9f:c8:dd:1f:79:d2:d5:64:8b:fe:5d:9b:
26:f0:34:93:29:f7:28:0c:e6:6b:a7:0a:24:f0:b3:
58:64:33:03:a3:a9:71:d4:ae:2d:bc:74:dc:0a:42:
67:16:3c:3b:2c:64:30:e4:c0:55:f9:13:57:df:07:
a3:22:d3:03:24:a4:21:5e:4b:50:d2:81:dc:7e:44:
1e:52:1e:21:9d:10:13:cc:0c:cd:b2:c0:6e:54:b2:
f9:21:bc:f2:e2:13:7d:68:ba:a6:db:86:12:1e:95:
af:82:e8:77:65:2a:da:8e:06:8d:fa:2f:78:d4:3e:
10:3b:a0:f7:46:a6:3c:b3:e3:97:46:6f:18:6c:26:
7a:a3:99:cf:22:5c:92:91:87:0f:ff:b4:71:3c:7f:
0e:9e:24:6b:25:8f:bf:e1:84:8d:6f:b2:73:55:fc:
81:a1:8b:25:1f:6b:9a:80:f8:2b:4f:22:4e:1f:e0:
86:e3:ae:b2:57:dc:ef:f1:e8:29:3a:50:3c:18:e3:
b7:f9:c9:e2:51:86:9d:13:60:66:6d:c4:6f:9e:64:
d6:9d:6c:b8:01:5e:84:7b:f4:cc:55:65:7b:c0:e6:
2d:73:37:f3:db:aa:24:f2:47:f2:2a:24:eb:30:83:
44:93:db:61:44:04:2d:bf:50:7e:74:65:c7:5d:e7:
71:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:03:67:6E:3B:B6:B2:60:24:2A:38:DC:A8:89:54:05:1F:6D:9C:59
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/cgNnbju2smAkKjjcqIlUBR9tnFk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
3b:c6:ed:22:c0:e9:77:63:c9:8a:79:de:53:f5:cb:6e:98:18:
cc:ee:75:22:97:d1:c7:eb:cb:3f:a6:1a:14:b9:1b:6d:bd:ea:
b9:91:41:e3:9a:f2:bc:d4:96:1f:d8:e5:92:6d:04:e2:6f:67:
4f:f9:5d:a8:d3:f7:02:5a:bc:fc:88:60:b7:2b:66:49:74:62:
24:c5:4b:c3:ee:ea:29:5c:48:47:94:97:c2:99:e3:0e:28:bd:
0d:20:fe:da:8a:a1:10:4e:a8:30:30:48:ec:1f:3b:4f:d8:74:
17:7b:17:52:d8:d2:bb:e9:eb:a6:c2:5e:4f:ed:45:28:8f:20:
fc:8a:a3:03:1a:45:19:be:db:28:66:ee:5c:b4:c7:d1:d5:74:
bf:3b:42:6e:69:fd:0e:d3:9d:87:48:aa:42:f5:ed:79:4f:76:
85:db:04:4c:8f:94:82:80:4b:4a:d3:c5:fb:eb:2e:01:ee:8c:
ea:a5:1d:45:b1:d3:07:ad:ce:8e:67:50:f0:f6:81:f6:ea:f7:
de:c0:0e:e5:73:ef:fd:5c:9e:3f:69:b2:5f:46:d3:d8:90:74:
89:1e:92:ad:0e:bc:df:56:09:77:87:b2:07:c7:b2:90:84:58:
76:21:1d:b7:0e:22:29:a8:f8:f5:29:d4:23:1b:6c:ea:79:35:
da:01:82:0e
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICTnMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDMw
NDIzNDhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDcyMDM2NzZFM0JCNkIy
NjAyNDJBMzhEQ0E4ODk1NDA1MUY2RDlDNTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCwT5/I3R950tVki/5dmybwNJMp9ygM5munCiTws1hkMwOjqXHU
ri28dNwKQmcWPDssZDDkwFX5E1ffB6Mi0wMkpCFeS1DSgdx+RB5SHiGdEBPMDM2y
wG5UsvkhvPLiE31ouqbbhhIela+C6HdlKtqOBo36L3jUPhA7oPdGpjyz45dGbxhs
Jnqjmc8iXJKRhw//tHE8fw6eJGslj7/hhI1vsnNV/IGhiyUfa5qA+CtPIk4f4Ibj
rrJX3O/x6Ck6UDwY47f5yeJRhp0TYGZtxG+eZNadbLgBXoR79MxVZXvA5i1zN/Pb
qiTyR/IqJOswg0ST22FEBC2/UH50Zcdd53EPAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUcgNnbju2smAkKjjcqIlUBR9tnFkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2NnTm5ianUyc21Ba0tq
amNxSWxVQlI5dG5Gay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBADvG7SLA6XdjyYp53lP1y26YGMzudSKX
0cfryz+mGhS5G2296rmRQeOa8rzUlh/Y5ZJtBOJvZ0/5XajT9wJavPyIYLcrZkl0
YiTFS8Pu6ilcSEeUl8KZ4w4ovQ0g/tqKoRBOqDAwSOwfO0/YdBd7F1LY0rvp66bC
Xk/tRSiPIPyKowMaRRm+2yhm7ly0x9HVdL87Qm5p/Q7TnYdIqkL17XlPdoXbBEyP
lIKAS0rTxfvrLgHujOqlHUWx0wetzo5nUPD2gfbq997ADuVz7/1cnj9psl9G09iQ
dIkekq0OvN9WCXeHsgfHspCEWHYhHbcOIimo+PUp1CMbbOp5NdoBgg4=
-----END CERTIFICATE-----
Generated at Sun Jun 22 06:30:01 2025 by rpki-client