Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/opZr6qQf32tn2Vbh_FZ22AeTutU.roa
File: opZr6qQf32tn2Vbh_FZ22AeTutU.roa (raw, json)
Hash identifier: dYLbBZ4al4G7+Now4meuQ701Fo5D4T63vW7G2OELrZo=
Subject key identifier: A2:96:6B:EA:A4:1F:DF:6B:67:D9:56:E1:FC:56:76:D8:07:93:BA:D5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 505F
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/opZr6qQf32tn2Vbh_FZ22AeTutU.roa
Signing time: Sun 05 May 2024 17:53:51 +0000
ROA not before: Sun 05 May 2024 17:53:51 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20575 (0x505f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 5 17:53:51 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A2966BEAA41FDF6B67D956E1FC5676D80793BAD5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:5c:3c:5a:3c:3e:f9:af:4b:26:6d:bb:74:75:
82:18:be:83:1e:ec:b6:d7:ec:89:24:02:4e:cb:ce:
bb:5c:31:af:da:f5:76:f2:f6:50:33:87:8e:a9:f9:
e1:b0:1e:d0:f5:7d:20:6f:45:f5:ca:77:6d:2f:34:
3b:b0:83:4a:f5:ab:93:65:76:e8:4d:dd:2f:a9:98:
26:80:91:d1:4c:2d:2d:fc:e6:79:68:79:2b:0b:63:
b4:6c:c0:c6:a8:c1:f6:1b:63:10:cb:97:33:0e:2a:
a3:52:73:e0:51:53:ab:1f:19:cc:e1:31:8e:39:6c:
4c:20:57:9e:84:b1:99:14:c3:4d:2b:ea:3c:1f:e6:
be:bf:da:aa:fd:40:50:e2:b5:63:0b:45:7b:0f:ef:
44:b3:a7:67:b6:00:ca:47:5a:e5:c0:12:d7:fa:0a:
b0:be:a7:b2:d4:0d:99:86:b6:71:ab:0e:77:af:b7:
23:68:5a:b0:41:2a:74:65:32:5e:08:45:54:a4:33:
fc:d1:2e:5a:c7:9e:10:14:ab:a5:b7:86:96:57:a1:
02:7d:12:cb:b3:c5:f2:b6:40:0a:1f:7e:9a:54:e5:
00:34:f5:15:05:ed:9e:a1:8c:48:2b:08:b7:c8:1f:
01:06:45:05:8c:11:01:f5:b6:22:94:a3:5a:28:cd:
e5:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:96:6B:EA:A4:1F:DF:6B:67:D9:56:E1:FC:56:76:D8:07:93:BA:D5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/opZr6qQf32tn2Vbh_FZ22AeTutU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
5d:bf:c6:ec:27:b9:04:57:58:88:ca:44:b7:51:74:59:1f:f1:
69:e5:e0:9d:3f:87:d3:f8:ac:4c:1d:b6:49:54:cf:23:96:16:
a9:7b:11:06:01:a1:e0:58:a2:96:26:14:ac:b3:b2:3f:ca:4e:
00:42:47:ec:ac:de:e7:a7:40:0b:6c:39:5a:af:dd:9c:5a:e6:
b7:fb:d7:0f:4f:79:78:c9:ba:4a:80:4a:41:40:1b:27:77:80:
98:39:86:ce:d0:77:2f:61:bb:f1:67:09:a6:7e:bc:50:db:13:
e5:40:39:74:e5:83:86:75:2e:6c:51:92:3f:4a:27:95:b7:06:
99:ce:6e:3e:58:eb:31:fb:54:c1:77:e8:7d:d0:55:f0:36:47:
68:00:ec:96:2f:f8:57:36:eb:9e:79:76:7b:84:50:81:59:6f:
f5:49:2c:8a:db:5f:37:82:82:b8:14:81:d5:4a:dc:b1:0c:35:
80:64:bb:6c:35:af:72:ac:36:75:8c:7a:bf:31:88:4a:81:12:
92:44:86:31:38:42:32:5f:97:73:72:ad:15:9a:ad:e4:d4:35:
f8:b1:47:8f:86:4f:89:19:69:c2:12:4f:22:e8:48:5a:62:79:
9d:00:ed:a4:86:b8:8d:f1:2a:e4:78:98:0c:67:ab:0d:00:4e:
53:54:40:ae
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICUF8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDUx
NzUzNTFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEEyOTY2QkVBQTQxRkRG
NkI2N0Q5NTZFMUZDNTY3NkQ4MDc5M0JBRDUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCXDxaPD75r0smbbt0dYIYvoMe7LbX7IkkAk7LzrtcMa/a9Xby
9lAzh46p+eGwHtD1fSBvRfXKd20vNDuwg0r1q5NlduhN3S+pmCaAkdFMLS385nlo
eSsLY7RswMaowfYbYxDLlzMOKqNSc+BRU6sfGczhMY45bEwgV56EsZkUw00r6jwf
5r6/2qr9QFDitWMLRXsP70Szp2e2AMpHWuXAEtf6CrC+p7LUDZmGtnGrDnevtyNo
WrBBKnRlMl4IRVSkM/zRLlrHnhAUq6W3hpZXoQJ9EsuzxfK2QAoffppU5QA09RUF
7Z6hjEgrCLfIHwEGRQWMEQH1tiKUo1oozeVTAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUopZr6qQf32tn2Vbh/FZ22AeTutUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L29wWnI2cVFmMzJ0bjJW
YmhfRloyMkFlVHV0VS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAF2/xuwnuQRXWIjKRLdRdFkf8Wnl4J0/
h9P4rEwdtklUzyOWFql7EQYBoeBYopYmFKyzsj/KTgBCR+ys3uenQAtsOVqv3Zxa
5rf71w9PeXjJukqASkFAGyd3gJg5hs7Qdy9hu/FnCaZ+vFDbE+VAOXTlg4Z1LmxR
kj9KJ5W3BpnObj5Y6zH7VMF36H3QVfA2R2gA7JYv+Fc26555dnuEUIFZb/VJLIrb
XzeCgrgUgdVK3LEMNYBku2w1r3KsNnWMer8xiEqBEpJEhjE4QjJfl3NyrRWareTU
NfixR4+GT4kZacISTyLoSFpieZ0A7aSGuI3xKuR4mAxnqw0ATlNUQK4=
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:36:17 2025 by rpki-client