Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/japlM8rZeIh28O75hweecTiz2cQ.roa
File: japlM8rZeIh28O75hweecTiz2cQ.roa (raw, json)
Hash identifier: F/ju4BwKB0k+96jC3hTlL/itu3y1UIrloDDZa2z+JW8=
Subject key identifier: 8D:AA:65:33:CA:D9:78:88:76:F0:EE:F9:87:07:9E:71:38:B3:D9:C4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 42FF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/japlM8rZeIh28O75hweecTiz2cQ.roa
Signing time: Wed 17 Apr 2024 21:53:01 +0000
ROA not before: Wed 17 Apr 2024 21:53:01 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17151 (0x42ff)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 17 21:53:01 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8DAA6533CAD9788876F0EEF987079E7138B3D9C4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:7e:7e:cf:8b:08:8b:72:7f:56:bb:e0:ee:e4:
b6:6c:09:6f:35:5e:0a:3c:57:32:10:a3:a6:35:e2:
ec:7b:55:ba:2e:e6:d6:92:53:7d:79:87:7b:fd:0b:
46:72:85:b9:d3:04:61:8b:70:93:aa:11:05:69:5b:
28:78:b5:14:6b:4e:99:14:80:ed:2b:b6:a4:d8:b2:
f6:ce:cc:b6:b8:80:36:ec:ef:ae:e8:86:1d:2b:e1:
64:c6:d0:37:02:a8:0c:a6:51:db:74:af:93:e3:5f:
1b:40:cd:ba:57:ae:cc:94:47:bb:a9:9b:05:28:53:
9f:13:22:2f:39:b4:88:ad:8f:c2:00:1d:9e:1c:66:
a3:a1:ee:9b:9b:b9:b8:83:57:a9:60:b4:be:43:89:
fd:b8:47:e8:69:34:29:d5:28:f2:53:46:0a:e8:66:
0f:79:c8:8a:e5:eb:36:8c:40:f3:32:d8:62:f2:01:
9f:97:ed:ef:f7:35:50:d6:bb:6c:a3:ff:e0:44:82:
b3:af:0b:b8:ff:a0:72:77:f0:15:a9:a1:fd:c7:b2:
31:dd:f6:7f:bc:64:20:57:2f:10:12:b3:de:f8:ab:
30:89:1f:5b:78:fb:a9:2f:58:0d:58:9b:21:4c:5b:
b8:19:13:c2:5b:32:0d:14:9d:f6:46:90:52:2b:5e:
19:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:AA:65:33:CA:D9:78:88:76:F0:EE:F9:87:07:9E:71:38:B3:D9:C4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/japlM8rZeIh28O75hweecTiz2cQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
70:69:df:9e:54:16:41:f5:58:fb:c6:90:49:98:82:9d:cf:11:
43:73:d2:b0:b0:4b:ae:69:95:45:cd:a5:0b:89:c3:a9:d2:d8:
7c:9e:28:7c:3c:76:a3:26:ca:16:9f:41:71:68:5b:68:34:f6:
e5:78:16:87:6b:93:c3:50:cf:d6:22:d8:5b:a0:9e:68:87:9b:
b8:9f:cb:08:e4:e2:7a:fa:5e:8c:6a:9a:b1:13:90:48:81:a6:
98:c3:76:44:fa:de:0e:69:7e:6c:07:a3:4b:d4:1d:27:b1:76:
9e:b9:92:11:ec:e6:e0:3a:e1:80:a4:4d:21:f5:77:c1:cd:6c:
18:a9:11:e2:33:0c:74:63:74:23:3b:30:57:4e:bf:59:c2:ab:
bc:69:80:84:31:73:c2:34:14:77:88:c8:a3:71:41:0a:f7:87:
ed:f0:70:70:12:25:df:c7:88:b0:ca:3e:c2:70:60:a2:b1:ba:
3a:f7:21:7e:e3:69:e7:88:33:be:ba:e2:d9:f0:7e:ba:1d:2f:
09:12:d4:3f:67:76:9e:c0:d2:5e:30:6e:c5:cf:a4:0c:7f:82:
e1:00:de:c0:40:89:dc:48:fc:50:3e:c7:c7:fa:6f:6f:a6:88:
fc:f5:19:bc:c7:ce:ba:fe:04:78:19:95:af:19:95:f5:5d:43:
d8:68:2d:f2
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQv8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTcy
MTUzMDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhEQUE2NTMzQ0FEOTc4
ODg3NkYwRUVGOTg3MDc5RTcxMzhCM0Q5QzQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC5fn7PiwiLcn9Wu+Du5LZsCW81Xgo8VzIQo6Y14ux7Vbou5taS
U315h3v9C0ZyhbnTBGGLcJOqEQVpWyh4tRRrTpkUgO0rtqTYsvbOzLa4gDbs767o
hh0r4WTG0DcCqAymUdt0r5PjXxtAzbpXrsyUR7upmwUoU58TIi85tIitj8IAHZ4c
ZqOh7pububiDV6lgtL5Dif24R+hpNCnVKPJTRgroZg95yIrl6zaMQPMy2GLyAZ+X
7e/3NVDWu2yj/+BEgrOvC7j/oHJ38BWpof3HsjHd9n+8ZCBXLxASs974qzCJH1t4
+6kvWA1YmyFMW7gZE8JbMg0UnfZGkFIrXhk/AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUjaplM8rZeIh28O75hweecTiz2cQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2phcGxNOHJaZUloMjhP
NzVod2VlY1RpejJjUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAHBp355UFkH1WPvGkEmYgp3PEUNz0rCw
S65plUXNpQuJw6nS2HyeKHw8dqMmyhafQXFoW2g09uV4Fodrk8NQz9Yi2FugnmiH
m7ifywjk4nr6XoxqmrETkEiBppjDdkT63g5pfmwHo0vUHSexdp65khHs5uA64YCk
TSH1d8HNbBipEeIzDHRjdCM7MFdOv1nCq7xpgIQxc8I0FHeIyKNxQQr3h+3wcHAS
Jd/HiLDKPsJwYKKxujr3IX7jaeeIM7664tnwfrodLwkS1D9ndp7A0l4wbsXPpAx/
guEA3sBAidxI/FA+x8f6b2+miPz1GbzHzrr+BHgZla8ZlfVdQ9hoLfI=
-----END CERTIFICATE-----
Generated at Sun Jun 22 08:18:50 2025 by rpki-client