Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/poFPH3kN-wHkhVGZAHkWyq7IN1s.roa
File: poFPH3kN-wHkhVGZAHkWyq7IN1s.roa (raw, json)
Hash identifier: PME8GqTpHlR4WLlwe5FAg9S5M5MTQggKhygo2+3ZBoY=
Subject key identifier: A6:81:4F:1F:79:0D:FB:01:E4:85:51:99:00:79:16:CA:AE:C8:37:5B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4343
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/poFPH3kN-wHkhVGZAHkWyq7IN1s.roa
Signing time: Thu 18 Apr 2024 06:23:04 +0000
ROA not before: Thu 18 Apr 2024 06:23:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17219 (0x4343)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 18 06:23:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A6814F1F790DFB01E4855199007916CAAEC8375B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:d3:a6:95:14:ca:eb:6c:46:d7:a8:47:0e:aa:
2f:a4:67:bf:82:17:cb:08:65:ab:46:b5:da:e9:f4:
7c:f2:6a:85:30:b3:96:e9:46:7a:29:c6:74:29:85:
3c:77:4b:ee:25:08:a0:75:b0:a6:bf:dc:5e:9b:2c:
c6:54:14:49:30:87:04:34:ff:d2:e9:6b:ff:28:6e:
d6:c4:4b:9f:a5:89:b1:2c:a8:f2:bf:9c:e5:70:8e:
30:75:80:80:80:a1:be:cb:8c:4f:ac:cf:cb:06:42:
76:dd:95:bb:ea:92:16:19:eb:0c:c4:4e:2d:f8:ed:
58:05:53:7d:43:9c:9e:13:bb:a4:af:f7:50:b8:69:
9e:74:ec:7d:88:d0:17:33:3a:f7:55:c0:78:54:0c:
aa:d9:54:35:c9:a9:58:90:43:2e:4b:98:2b:85:d1:
bc:52:69:f4:96:fb:3e:b0:75:9a:7d:91:de:62:9f:
c8:73:03:a4:8a:e6:90:4e:94:7c:65:ce:9f:55:8f:
b5:05:55:75:ff:dd:43:70:b1:5a:28:6c:c2:7d:d4:
04:04:45:03:1b:7f:0d:1f:9e:ee:3e:91:81:c7:b6:
cd:b3:bc:db:41:6b:4f:d5:f1:cd:1e:c7:94:10:63:
ce:7c:f4:cd:1f:ec:1d:8c:4c:5e:08:8e:d4:ef:1a:
57:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:81:4F:1F:79:0D:FB:01:E4:85:51:99:00:79:16:CA:AE:C8:37:5B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/poFPH3kN-wHkhVGZAHkWyq7IN1s.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
5d:28:96:7e:da:2d:18:c6:1b:92:9c:b8:92:3b:e8:dc:27:6e:
53:74:69:4b:dc:76:38:5a:a2:8b:78:93:b0:b8:0a:cb:2a:a5:
89:45:4f:83:69:5b:7b:9e:bd:fe:39:f8:3b:24:5b:22:e6:40:
e8:01:39:01:bd:05:1d:5e:44:84:22:4c:0a:2e:e3:1d:c2:26:
39:ad:f3:85:c9:87:24:7a:7d:50:f2:d3:26:8c:88:f6:e1:a0:
95:2f:aa:de:e1:58:81:55:d9:6c:db:6d:a6:48:22:b0:02:80:
50:13:f7:d7:63:91:eb:7c:23:bc:79:0b:f1:9b:e1:ed:d1:27:
9e:c5:a3:70:a1:88:b2:a1:a5:98:69:f0:48:4d:b9:b1:07:20:
b9:98:41:ef:61:04:47:61:1d:b0:60:07:35:bf:34:48:b3:f0:
58:8e:80:4c:f7:00:da:a0:a1:11:2f:08:e1:27:0f:e6:29:ad:
ba:d8:7f:f1:21:e4:33:78:fd:af:81:b5:65:40:02:d3:fc:1c:
d0:6c:24:cd:c3:90:1f:dd:44:63:92:aa:5f:02:cd:47:5f:e6:
fe:9e:13:c4:d8:cb:60:54:4d:a6:fc:9b:01:c3:46:25:76:cd:
f2:88:36:ac:20:bb:ba:44:a9:34:0e:ff:24:cf:ac:f8:c4:b0:
b9:53:1a:91
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQ0MwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTgw
NjIzMDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEE2ODE0RjFGNzkwREZC
MDFFNDg1NTE5OTAwNzkxNkNBQUVDODM3NUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDG06aVFMrrbEbXqEcOqi+kZ7+CF8sIZatGtdrp9HzyaoUws5bp
RnopxnQphTx3S+4lCKB1sKa/3F6bLMZUFEkwhwQ0/9Lpa/8obtbES5+libEsqPK/
nOVwjjB1gICAob7LjE+sz8sGQnbdlbvqkhYZ6wzETi347VgFU31DnJ4Tu6Sv91C4
aZ507H2I0BczOvdVwHhUDKrZVDXJqViQQy5LmCuF0bxSafSW+z6wdZp9kd5in8hz
A6SK5pBOlHxlzp9Vj7UFVXX/3UNwsVoobMJ91AQERQMbfw0fnu4+kYHHts2zvNtB
a0/V8c0ex5QQY8589M0f7B2MTF4IjtTvGlfpAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUpoFPH3kN+wHkhVGZAHkWyq7IN1swHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3BvRlBIM2tOLXdIa2hW
R1pBSGtXeXE3SU4xcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAF0oln7aLRjGG5KcuJI76NwnblN0aUvc
djhaoot4k7C4CssqpYlFT4NpW3uevf45+DskWyLmQOgBOQG9BR1eRIQiTAou4x3C
Jjmt84XJhyR6fVDy0yaMiPbhoJUvqt7hWIFV2WzbbaZIIrACgFAT99djket8I7x5
C/Gb4e3RJ57Fo3ChiLKhpZhp8EhNubEHILmYQe9hBEdhHbBgBzW/NEiz8FiOgEz3
ANqgoREvCOEnD+YprbrYf/Eh5DN4/a+BtWVAAtP8HNBsJM3DkB/dRGOSql8CzUdf
5v6eE8TYy2BUTab8mwHDRiV2zfKINqwgu7pEqTQO/yTPrPjEsLlTGpE=
-----END CERTIFICATE-----
Generated at Sun Jun 22 18:00:44 2025 by rpki-client