Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/m0Nfmukwx6wryLARzNkWHRNN_A4.roa
File: m0Nfmukwx6wryLARzNkWHRNN_A4.roa (raw, json)
Hash identifier: +ECapVSl4ZAVbR+ALqzty+6ZqrKLn/uOMD1+fY6J7LY=
Subject key identifier: 9B:43:5F:9A:E9:30:C7:AC:2B:C8:B0:11:CC:D9:16:1D:13:4D:FC:0E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4DD3
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/m0Nfmukwx6wryLARzNkWHRNN_A4.roa
Signing time: Thu 02 May 2024 08:23:46 +0000
ROA not before: Thu 02 May 2024 08:23:46 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19923 (0x4dd3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 2 08:23:46 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=9B435F9AE930C7AC2BC8B011CCD9161D134DFC0E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:00:e7:88:f2:c4:5e:a4:c9:71:23:5e:2e:ff:
45:4a:68:b5:42:b6:36:26:01:e8:9f:2a:37:d1:c6:
49:ee:2c:09:7c:cf:42:c5:12:82:eb:b0:1d:c7:54:
21:70:ef:b5:5a:8b:42:95:6c:d4:3c:9c:5c:88:ee:
62:37:01:ac:d0:d1:87:96:3a:47:f4:90:48:aa:f0:
34:38:ea:98:16:b5:db:d5:76:8d:85:76:b6:48:35:
7b:2e:a6:c3:5e:dd:40:f9:d3:83:f8:71:0d:76:d1:
92:6b:a1:02:98:bd:60:67:dd:df:04:2e:57:6f:d4:
ec:fd:1c:0f:b8:01:29:a1:f5:c4:e1:22:6c:9a:a0:
47:df:31:93:45:43:a5:41:75:73:e1:53:9c:64:4e:
c9:1c:ab:04:cd:37:ea:a3:5b:ab:c8:c3:6e:d8:c1:
d7:57:68:ec:c2:42:a5:de:d6:fa:07:6a:f1:0b:e3:
72:0f:a7:af:45:f6:ae:ae:d4:cb:54:76:fb:31:7b:
c8:00:8a:e3:90:2f:ea:46:94:d1:0f:08:cf:82:4b:
5a:b0:21:25:c1:da:a0:29:ff:90:0f:bc:fd:6f:7e:
40:5f:5b:24:d3:f8:3e:19:00:0a:92:2d:35:f1:63:
b2:d4:e2:7d:4a:fd:d5:13:a6:d8:cb:35:00:a0:71:
ab:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:43:5F:9A:E9:30:C7:AC:2B:C8:B0:11:CC:D9:16:1D:13:4D:FC:0E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/m0Nfmukwx6wryLARzNkWHRNN_A4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
b1:b3:3a:ba:b1:e0:d0:e8:24:d8:36:30:9a:aa:08:76:c8:4e:
ec:5b:7e:65:66:a6:90:7b:46:01:da:ce:70:0d:73:fd:94:b2:
62:68:84:00:09:5e:b5:26:61:80:bf:eb:b4:ea:2a:d9:99:bd:
92:50:ac:b8:11:4d:05:f4:00:bf:3d:c0:ba:56:b2:b0:b5:09:
3b:1b:bd:46:2f:15:00:da:02:9b:eb:34:e8:f0:09:db:5f:45:
15:98:5d:2e:01:e7:22:34:d1:2b:45:aa:93:fb:a7:7c:f0:be:
6d:0f:e2:57:32:d0:6a:b7:9d:25:c7:0c:14:70:60:b8:73:fa:
4c:68:e6:d8:98:20:e1:1b:8d:8b:13:91:db:cc:0e:6b:1b:ff:
27:7b:6f:dc:26:6e:d9:a6:5f:10:51:b9:89:a8:12:69:9c:4e:
c0:ed:4b:59:f1:80:ac:4a:50:bb:4a:16:e2:85:65:64:27:43:
4e:77:85:8d:0c:70:6c:de:70:39:0f:a7:66:b2:39:91:48:60:
4d:7f:a2:c0:46:73:f7:24:67:11:f8:d2:d7:af:9c:28:e4:df:
9d:44:6a:aa:9d:82:06:da:ff:5a:aa:7f:5f:34:06:32:f7:83:
0d:e8:85:02:26:0c:7e:e5:d8:f9:ff:59:46:b7:3a:cb:6b:a8:
1f:aa:4c:71
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICTdMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDIw
ODIzNDZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDlCNDM1RjlBRTkzMEM3
QUMyQkM4QjAxMUNDRDkxNjFEMTM0REZDMEUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCuAOeI8sRepMlxI14u/0VKaLVCtjYmAeifKjfRxknuLAl8z0LF
EoLrsB3HVCFw77Vai0KVbNQ8nFyI7mI3AazQ0YeWOkf0kEiq8DQ46pgWtdvVdo2F
drZINXsupsNe3UD504P4cQ120ZJroQKYvWBn3d8ELldv1Oz9HA+4ASmh9cThImya
oEffMZNFQ6VBdXPhU5xkTskcqwTNN+qjW6vIw27YwddXaOzCQqXe1voHavEL43IP
p69F9q6u1MtUdvsxe8gAiuOQL+pGlNEPCM+CS1qwISXB2qAp/5APvP1vfkBfWyTT
+D4ZAAqSLTXxY7LU4n1K/dUTptjLNQCgcaubAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUm0Nfmukwx6wryLARzNkWHRNN/A4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L20wTmZtdWt3eDZ3cnlM
QVJ6TmtXSFJOTl9BNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBALGzOrqx4NDoJNg2MJqqCHbITuxbfmVm
ppB7RgHaznANc/2UsmJohAAJXrUmYYC/67TqKtmZvZJQrLgRTQX0AL89wLpWsrC1
CTsbvUYvFQDaApvrNOjwCdtfRRWYXS4B5yI00StFqpP7p3zwvm0P4lcy0Gq3nSXH
DBRwYLhz+kxo5tiYIOEbjYsTkdvMDmsb/yd7b9wmbtmmXxBRuYmoEmmcTsDtS1nx
gKxKULtKFuKFZWQnQ053hY0McGzecDkPp2ayOZFIYE1/osBGc/ckZxH40tevnCjk
351Eaqqdggba/1qqf180BjL3gw3ohQImDH7l2Pn/WUa3OstrqB+qTHE=
-----END CERTIFICATE-----
Generated at Sat Jun 21 22:45:59 2025 by rpki-client