Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/f6DzDaE0fMTgl3BF3Sy3n4aTKQs.roa
File: f6DzDaE0fMTgl3BF3Sy3n4aTKQs.roa (raw, json)
Hash identifier: JMm8xKjnSQghJlgQjIBeSjrMFj+wBYcDltnW1LsbAwU=
Subject key identifier: 7F:A0:F3:0D:A1:34:7C:C4:E0:97:70:45:DD:2C:B7:9F:86:93:29:0B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 41B3
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/f6DzDaE0fMTgl3BF3Sy3n4aTKQs.roa
Signing time: Tue 16 Apr 2024 04:22:56 +0000
ROA not before: Tue 16 Apr 2024 04:22:56 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16819 (0x41b3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 16 04:22:56 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=7FA0F30DA1347CC4E0977045DD2CB79F8693290B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f7:29:a7:90:0d:2a:b7:e9:df:4c:a2:f5:8e:7c:
3f:d9:15:35:55:ce:0a:f1:56:ef:38:9e:ce:e5:f4:
10:3a:ab:1b:38:f7:c5:d5:6d:e7:47:6e:08:ba:bf:
4c:9f:d1:30:45:c6:b2:0f:a4:d6:99:1a:70:ce:35:
fe:40:fe:7d:4b:0e:ae:12:d7:ab:8e:00:90:f6:90:
2e:28:b2:b0:c8:5b:ed:e3:21:96:03:b4:90:18:43:
bb:14:a5:ab:9f:3f:90:15:5b:56:25:18:58:f6:6f:
b0:a3:23:ac:98:4d:f6:2a:0f:e8:97:95:09:56:20:
38:52:29:f1:65:96:71:3e:13:6c:21:d5:f0:7c:86:
56:46:b0:e8:ad:0a:eb:ea:30:1d:16:84:6d:3e:fe:
8d:b6:96:20:e4:fd:9a:45:30:5c:d2:40:25:92:fe:
21:c5:d0:f0:af:fa:f2:8c:4a:09:e3:b5:c4:4f:34:
8b:21:6c:92:6e:52:c9:ed:cd:45:b3:7e:de:01:40:
c1:f4:da:ce:a9:39:8c:77:1e:9a:97:54:94:20:39:
b6:c0:9b:ba:a7:7c:f3:82:43:a5:4b:c3:39:44:bf:
0c:1f:d4:36:17:e5:08:08:a4:a2:e1:d2:09:0c:d0:
29:68:02:f9:1b:c9:72:ec:84:92:33:9a:71:4c:e7:
75:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:A0:F3:0D:A1:34:7C:C4:E0:97:70:45:DD:2C:B7:9F:86:93:29:0B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/f6DzDaE0fMTgl3BF3Sy3n4aTKQs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
bc:9d:62:92:87:8d:fa:71:e6:cd:9f:e2:07:ef:fc:a9:6e:0f:
c5:04:9a:ba:a7:a8:fe:90:aa:c9:f5:ec:5b:03:79:ff:f6:d6:
d5:87:1b:04:44:f7:aa:b8:fd:81:ce:58:8c:fa:2a:c0:c4:4a:
94:fa:14:08:8c:99:f3:da:06:ce:b1:00:d2:9d:8a:db:87:d7:
bd:7d:6b:92:63:4a:09:01:4d:18:fc:44:14:9e:6f:c3:26:05:
73:fd:09:43:c8:d0:95:94:fd:e5:33:2f:1f:69:c6:8b:3f:8e:
a7:ed:88:1f:7e:1c:93:24:ef:9e:5e:30:f9:58:ca:52:7f:43:
73:ce:bf:40:e2:77:ff:42:a7:5b:a9:e8:3b:40:a5:dd:07:bc:
bf:81:9d:9c:31:78:e1:ea:79:70:aa:e3:73:5c:88:3c:b6:3b:
bc:e2:82:2e:bf:23:92:f8:50:78:fa:8f:4d:ad:c1:38:59:6e:
8c:74:dc:33:db:1e:02:5f:b0:5d:ef:c3:6b:c1:53:9b:81:3d:
bc:42:64:25:d2:9b:b6:31:9e:b8:58:71:d0:af:9a:ff:3c:28:
3c:c7:f5:e4:2d:13:2f:e9:cf:a4:a7:cc:21:0f:17:5d:7a:b0:
d0:a1:d6:de:91:af:b6:6d:5e:21:9b:31:1a:89:55:ff:e4:93:
21:61:65:54
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQbMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTYw
NDIyNTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDdGQTBGMzBEQTEzNDdD
QzRFMDk3NzA0NUREMkNCNzlGODY5MzI5MEIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD3KaeQDSq36d9MovWOfD/ZFTVVzgrxVu84ns7l9BA6qxs498XV
bedHbgi6v0yf0TBFxrIPpNaZGnDONf5A/n1LDq4S16uOAJD2kC4osrDIW+3jIZYD
tJAYQ7sUpaufP5AVW1YlGFj2b7CjI6yYTfYqD+iXlQlWIDhSKfFllnE+E2wh1fB8
hlZGsOitCuvqMB0WhG0+/o22liDk/ZpFMFzSQCWS/iHF0PCv+vKMSgnjtcRPNIsh
bJJuUsntzUWzft4BQMH02s6pOYx3HpqXVJQgObbAm7qnfPOCQ6VLwzlEvwwf1DYX
5QgIpKLh0gkM0CloAvkbyXLshJIzmnFM53V3AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUf6DzDaE0fMTgl3BF3Sy3n4aTKQswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2Y2RHpEYUUwZk1UZ2wz
QkYzU3kzbjRhVEtRcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBALydYpKHjfpx5s2f4gfv/KluD8UEmrqn
qP6Qqsn17FsDef/21tWHGwRE96q4/YHOWIz6KsDESpT6FAiMmfPaBs6xANKdituH
1719a5JjSgkBTRj8RBSeb8MmBXP9CUPI0JWU/eUzLx9pxos/jqftiB9+HJMk755e
MPlYylJ/Q3POv0Did/9Cp1up6DtApd0HvL+BnZwxeOHqeXCq43NciDy2O7zigi6/
I5L4UHj6j02twThZbox03DPbHgJfsF3vw2vBU5uBPbxCZCXSm7YxnrhYcdCvmv88
KDzH9eQtEy/pz6SnzCEPF116sNCh1t6Rr7ZtXiGbMRqJVf/kkyFhZVQ=
-----END CERTIFICATE-----
Generated at Fri Jun 20 20:54:54 2025 by rpki-client