Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/oaA73fLxUQMWsvHp52jKXzn0VYE.roa
File: oaA73fLxUQMWsvHp52jKXzn0VYE.roa (raw, json)
Hash identifier: 4ajm6BFvi3qiWBByyliAQTwgtglQBRFYCP1WNX/Qqgs=
Subject key identifier: A1:A0:3B:DD:F2:F1:51:03:16:B2:F1:E9:E7:68:CA:5F:39:F4:55:81
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4C1B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/oaA73fLxUQMWsvHp52jKXzn0VYE.roa
Signing time: Tue 30 Apr 2024 01:23:32 +0000
ROA not before: Tue 30 Apr 2024 01:23:32 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19483 (0x4c1b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 30 01:23:32 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A1A03BDDF2F1510316B2F1E9E768CA5F39F45581
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:da:d7:ef:34:23:3f:93:1a:b5:7a:98:f1:7d:
8c:16:13:89:65:1d:99:5c:37:1b:f8:16:da:a2:12:
45:b1:96:f4:66:83:e5:2b:a3:4b:92:ba:c0:ec:2f:
cc:0a:dc:0b:c0:05:e0:bc:f0:59:62:78:60:7a:d4:
b1:b7:62:1b:04:fd:2a:a8:c8:1a:6f:22:89:f7:94:
29:d0:df:51:ee:8c:30:b5:f4:ac:96:c1:82:00:a1:
8c:d3:41:64:4a:27:42:d9:bf:b5:f6:4d:74:ab:67:
8e:c7:64:0a:92:a2:28:bd:23:87:5d:94:a1:41:ce:
70:fe:c0:fc:65:94:7e:c6:b9:be:da:34:d4:6e:2e:
05:77:ed:15:7c:6c:94:c8:1e:b9:56:17:75:9d:90:
db:75:f9:e1:9f:ea:fb:f3:ae:43:88:0a:7a:27:44:
6c:60:65:06:ba:37:f3:0c:dd:43:5d:3e:b0:3c:58:
d7:84:48:ee:c8:90:9f:af:e1:ec:5a:18:0c:e6:7d:
2c:e4:79:ce:0f:82:4f:02:b9:69:be:1e:45:b1:14:
1c:3f:dc:de:ed:6d:95:a9:04:ad:55:22:0a:7a:9f:
32:64:15:f0:f8:63:62:a7:d9:d3:a5:f4:b1:4b:3d:
ae:6b:51:27:94:b2:ee:6a:ad:9f:22:ad:e5:f9:98:
93:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:A0:3B:DD:F2:F1:51:03:16:B2:F1:E9:E7:68:CA:5F:39:F4:55:81
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/oaA73fLxUQMWsvHp52jKXzn0VYE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
57:07:92:6a:64:e2:06:36:ca:90:26:ce:7d:a2:8e:d7:78:23:
82:90:38:2e:55:f7:32:f6:a9:3f:25:9d:dd:cb:02:35:7b:66:
82:b1:0d:8b:10:03:b3:25:c4:5f:66:96:15:31:4f:75:57:ac:
f4:28:2b:14:f5:a4:b9:4e:b3:b8:2e:4c:67:6f:dc:6d:f7:ff:
fa:83:eb:40:d5:f4:11:be:a1:f3:57:fd:8d:b1:aa:12:b4:08:
9e:72:60:26:76:ac:2f:17:ee:3a:f4:b7:df:14:fb:5d:c6:02:
10:fc:fb:4f:7a:45:d3:89:44:f3:77:51:5c:1a:99:a3:07:7a:
41:0f:f4:79:22:76:bf:95:b2:50:27:29:1c:11:88:3a:d8:de:
3a:6a:bb:a3:8c:be:ac:c4:f1:d4:58:08:c8:3a:cb:d7:e6:a5:
1e:26:01:7c:ef:a2:68:50:a5:56:3c:2d:b3:67:1a:b0:4f:96:
ec:e9:8d:bc:4a:0f:2f:e9:91:d7:9f:d5:4a:64:d9:c8:70:22:
73:1b:dc:b6:bc:73:82:1c:36:ec:1a:fc:23:0a:b2:19:e0:b4:
a6:e4:58:ba:a8:0d:ff:33:9c:20:c8:6f:a0:e0:87:4a:b5:7f:
30:ee:ff:1f:fa:08:8d:1f:f5:23:30:19:b0:d2:6e:32:dc:36:
e1:af:cd:69
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICTBswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MzAw
MTIzMzJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEExQTAzQkRERjJGMTUx
MDMxNkIyRjFFOUU3NjhDQTVGMzlGNDU1ODEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDN2tfvNCM/kxq1epjxfYwWE4llHZlcNxv4FtqiEkWxlvRmg+Ur
o0uSusDsL8wK3AvABeC88FlieGB61LG3YhsE/SqoyBpvIon3lCnQ31HujDC19KyW
wYIAoYzTQWRKJ0LZv7X2TXSrZ47HZAqSoii9I4ddlKFBznD+wPxllH7Gub7aNNRu
LgV37RV8bJTIHrlWF3WdkNt1+eGf6vvzrkOICnonRGxgZQa6N/MM3UNdPrA8WNeE
SO7IkJ+v4exaGAzmfSzkec4Pgk8CuWm+HkWxFBw/3N7tbZWpBK1VIgp6nzJkFfD4
Y2Kn2dOl9LFLPa5rUSeUsu5qrZ8ireX5mJPtAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUoaA73fLxUQMWsvHp52jKXzn0VYEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L29hQTczZkx4VVFNV3N2
SHA1MmpLWHpuMFZZRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAFcHkmpk4gY2ypAmzn2ijtd4I4KQOC5V
9zL2qT8lnd3LAjV7ZoKxDYsQA7MlxF9mlhUxT3VXrPQoKxT1pLlOs7guTGdv3G33
//qD60DV9BG+ofNX/Y2xqhK0CJ5yYCZ2rC8X7jr0t98U+13GAhD8+096RdOJRPN3
UVwamaMHekEP9Hkidr+VslAnKRwRiDrY3jpqu6OMvqzE8dRYCMg6y9fmpR4mAXzv
omhQpVY8LbNnGrBPluzpjbxKDy/pkdef1Upk2chwInMb3La8c4IcNuwa/CMKshng
tKbkWLqoDf8znCDIb6Dgh0q1fzDu/x/6CI0f9SMwGbDSbjLcNuGvzWk=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:52:54 2025 by rpki-client