Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/oiapkQ7Yd6k8Kux8fnbht1Gvk4U.roa
File: oiapkQ7Yd6k8Kux8fnbht1Gvk4U.roa (raw, json)
Hash identifier: jQ2Vxh6pQ7kMQTjCVdBHx3xwgsp4w2M7M/hU0jqWb6g=
Subject key identifier: A2:26:A9:91:0E:D8:77:A9:3C:2A:EC:7C:7E:76:E1:B7:51:AF:93:85
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 349F
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/oiapkQ7Yd6k8Kux8fnbht1Gvk4U.roa
Signing time: Fri 29 Mar 2024 17:52:05 +0000
ROA not before: Fri 29 Mar 2024 17:52:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13471 (0x349f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 29 17:52:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A226A9910ED877A93C2AEC7C7E76E1B751AF9385
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:66:6c:22:63:b3:e6:c4:df:2e:20:2d:9a:c3:
0c:14:a3:e3:40:c1:17:0c:c7:a8:eb:e2:64:06:ba:
39:26:b8:8c:2c:de:67:37:d6:df:8a:07:20:40:b6:
0f:92:06:ce:88:bd:35:bf:7d:e9:90:cd:cc:b5:ab:
79:ee:b1:21:b1:af:d1:1e:5c:7d:97:d7:bf:18:34:
87:67:9d:22:74:46:df:d3:f5:d1:7b:c6:80:46:ca:
2d:f3:41:a8:a4:0e:55:a9:66:5a:b7:cb:ca:f9:86:
39:42:ce:9c:c0:7a:ef:0e:20:de:1e:58:ff:09:a5:
bd:c0:96:3c:a5:ec:ad:e6:cc:88:12:f1:72:9d:98:
4c:98:97:39:0b:55:e0:02:60:1b:35:8e:55:c8:01:
0f:d9:86:82:59:65:43:a3:a9:a5:ce:87:0c:5b:44:
03:dc:15:67:e2:89:6d:01:75:70:b0:b5:51:67:84:
14:90:42:d2:fc:2e:b8:65:ac:44:11:7b:c5:7d:2a:
3a:51:c4:cd:c1:28:94:c7:d7:b0:12:5f:02:41:ce:
0d:60:92:f6:36:10:c5:17:8a:ae:86:63:a7:ae:26:
2d:99:b4:25:56:82:d5:07:c1:29:53:b4:3c:d1:f6:
2f:8c:fe:24:93:5d:35:e1:cc:22:e9:15:5d:48:61:
4b:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:26:A9:91:0E:D8:77:A9:3C:2A:EC:7C:7E:76:E1:B7:51:AF:93:85
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/oiapkQ7Yd6k8Kux8fnbht1Gvk4U.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
2f:12:42:11:cc:fd:a3:e1:e6:d2:4f:b6:12:b5:f5:9e:9f:6b:
c3:f5:a6:15:df:22:3e:26:ce:db:11:ce:64:2a:d6:45:54:f7:
a7:c6:e0:d9:bf:08:78:99:a7:91:16:bf:9d:99:87:7a:c0:62:
09:d0:50:66:06:5e:4c:e7:36:33:fe:03:e8:59:e1:7d:78:36:
fd:0f:96:43:d1:8c:0c:aa:b2:76:6f:ec:c2:9f:bf:c7:50:b1:
f8:65:d3:d8:c8:7a:ad:ed:26:ed:19:95:ee:5d:8c:f5:89:f1:
27:aa:b6:aa:a4:cb:15:ef:9c:36:ef:0b:d8:5c:80:17:c5:23:
d7:50:d0:90:c7:71:51:bd:8c:42:16:dd:a6:2f:6c:ea:a5:b4:
c9:dd:be:c4:b1:77:58:6b:1c:34:56:69:8c:8b:86:83:df:a4:
22:b3:89:82:c9:bc:a6:d8:f0:9e:0b:51:b4:8e:7d:50:24:d3:
c8:b5:36:b5:81:ff:7e:81:6f:11:77:ec:33:b5:47:fc:ad:ad:
33:d4:bc:c5:1a:ad:fe:a7:0d:b6:1c:6d:a2:3e:21:f6:eb:67:
52:3a:07:e4:35:8a:13:4b:af:09:32:64:10:03:9d:bd:8f:a4:
be:c4:fc:e1:19:7e:3c:cf:1b:13:78:d3:17:da:b5:27:88:b9:
51:32:55:82
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICNJ8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjkx
NzUyMDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEEyMjZBOTkxMEVEODc3
QTkzQzJBRUM3QzdFNzZFMUI3NTFBRjkzODUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCiZmwiY7PmxN8uIC2awwwUo+NAwRcMx6jr4mQGujkmuIws3mc3
1t+KByBAtg+SBs6IvTW/femQzcy1q3nusSGxr9EeXH2X178YNIdnnSJ0Rt/T9dF7
xoBGyi3zQaikDlWpZlq3y8r5hjlCzpzAeu8OIN4eWP8Jpb3Aljyl7K3mzIgS8XKd
mEyYlzkLVeACYBs1jlXIAQ/ZhoJZZUOjqaXOhwxbRAPcFWfiiW0BdXCwtVFnhBSQ
QtL8LrhlrEQRe8V9KjpRxM3BKJTH17ASXwJBzg1gkvY2EMUXiq6GY6euJi2ZtCVW
gtUHwSlTtDzR9i+M/iSTXTXhzCLpFV1IYUupAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUoiapkQ7Yd6k8Kux8fnbht1Gvk4UwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L29pYXBrUTdZZDZrOEt1
eDhmbmJodDFHdms0VS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAC8SQhHM/aPh5tJPthK19Z6fa8P1phXf
Ij4mztsRzmQq1kVU96fG4Nm/CHiZp5EWv52Zh3rAYgnQUGYGXkznNjP+A+hZ4X14
Nv0PlkPRjAyqsnZv7MKfv8dQsfhl09jIeq3tJu0Zle5djPWJ8SeqtqqkyxXvnDbv
C9hcgBfFI9dQ0JDHcVG9jEIW3aYvbOqltMndvsSxd1hrHDRWaYyLhoPfpCKziYLJ
vKbY8J4LUbSOfVAk08i1NrWB/36BbxF37DO1R/ytrTPUvMUarf6nDbYcbaI+Ifbr
Z1I6B+Q1ihNLrwkyZBADnb2PpL7E/OEZfjzPGxN40xfatSeIuVEyVYI=
-----END CERTIFICATE-----
Generated at Sun Jun 22 12:46:00 2025 by rpki-client