Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/si5WxCZx_DrhImFtd-kd-yeLC0w.roa
File: si5WxCZx_DrhImFtd-kd-yeLC0w.roa (raw, json)
Hash identifier: t0QCC9PtcPzkSSMrihCOuG7tjWmpcstJmhThwPNBQOk=
Subject key identifier: B2:2E:56:C4:26:71:FC:3A:E1:22:61:6D:77:E9:1D:FB:27:8B:0B:4C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 330B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/si5WxCZx_DrhImFtd-kd-yeLC0w.roa
Signing time: Wed 27 Mar 2024 15:22:05 +0000
ROA not before: Wed 27 Mar 2024 15:22:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13067 (0x330b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 27 15:22:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B22E56C42671FC3AE122616D77E91DFB278B0B4C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:bd:47:e7:36:d0:80:ff:24:41:9a:80:90:a6:
06:8e:e9:2e:7e:02:f0:05:ec:1d:9c:a7:6e:8d:e4:
de:cd:53:33:75:5b:47:08:2a:18:34:7b:4e:88:f7:
50:ac:52:06:4c:50:bb:da:65:20:b2:84:ae:9a:07:
5e:5d:31:7c:9e:e4:74:8e:4f:7a:b3:c4:85:b5:d8:
a3:f9:9a:cd:d3:a2:60:7b:8f:b2:d2:63:af:3b:1e:
d2:5c:19:ed:aa:2b:4b:f1:e9:b7:fe:e3:e5:ce:a5:
0d:36:98:f5:c2:b6:51:48:9e:0e:28:b7:88:b8:4e:
5c:3b:54:2e:47:2b:f1:0d:e8:7e:57:15:96:34:ed:
be:88:e9:b3:57:65:90:a7:b0:ba:bc:38:61:03:d4:
43:36:73:a7:d9:00:c0:c7:b0:87:11:ad:b5:51:0c:
61:3b:56:10:f5:f0:ea:ed:11:7d:28:f1:14:45:0d:
1b:04:06:d7:dd:e6:ef:d8:61:96:69:70:1f:22:e5:
e0:18:55:63:cf:87:b7:b1:7a:a4:88:85:65:82:70:
43:84:12:dd:79:40:5e:e7:56:40:46:22:a3:44:82:
67:eb:62:39:29:a3:d1:6e:fd:9f:cd:05:b7:73:9d:
a1:43:86:e4:cd:ba:4b:50:62:50:fa:97:2d:03:c7:
59:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:2E:56:C4:26:71:FC:3A:E1:22:61:6D:77:E9:1D:FB:27:8B:0B:4C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/si5WxCZx_DrhImFtd-kd-yeLC0w.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
ac:fa:c1:1b:a6:3a:70:6d:c8:a5:d8:5b:2e:8b:e1:7a:0f:de:
6f:93:db:d0:40:77:21:4f:46:3d:e0:21:30:3a:d9:31:5d:e4:
5e:be:ae:4e:ab:82:18:cf:0e:d0:02:e0:40:87:ce:37:f6:96:
99:c8:27:c4:6c:da:64:06:e4:48:97:5e:86:97:f8:b7:75:8f:
9a:ec:d8:67:ae:8a:7d:c9:aa:05:ca:c2:7e:b0:84:05:a9:76:
6e:a8:62:69:e3:39:34:1b:ce:eb:25:00:73:3a:cc:fd:c1:f5:
79:17:a2:74:ca:64:df:f0:d1:65:a4:6a:71:58:ca:18:14:f0:
ce:a1:03:2a:85:e6:13:4d:19:36:13:35:f0:df:ba:b7:6a:f3:
87:8c:1d:31:3c:ec:5a:2f:5c:9d:05:d2:81:f2:6a:f0:61:75:
5c:28:06:a3:50:3a:db:49:f7:94:f2:5d:e8:15:c4:20:47:b5:
b8:03:28:dd:c7:0d:e2:fa:91:98:cd:63:c1:aa:35:95:af:05:
3b:d3:d2:4a:09:8c:7a:0c:28:57:f7:8f:04:e9:af:9f:32:ed:
fe:9a:34:21:6c:e3:d9:ec:3f:6d:95:f7:a7:c2:69:c1:66:86:
37:f3:ea:53:dd:fb:e3:a7:0a:a2:c0:37:5b:dc:f6:ce:0c:b7:
6c:56:0e:77
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICMwswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjcx
NTIyMDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEIyMkU1NkM0MjY3MUZD
M0FFMTIyNjE2RDc3RTkxREZCMjc4QjBCNEMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDYvUfnNtCA/yRBmoCQpgaO6S5+AvAF7B2cp26N5N7NUzN1W0cI
Khg0e06I91CsUgZMULvaZSCyhK6aB15dMXye5HSOT3qzxIW12KP5ms3TomB7j7LS
Y687HtJcGe2qK0vx6bf+4+XOpQ02mPXCtlFIng4ot4i4Tlw7VC5HK/EN6H5XFZY0
7b6I6bNXZZCnsLq8OGED1EM2c6fZAMDHsIcRrbVRDGE7VhD18OrtEX0o8RRFDRsE
Btfd5u/YYZZpcB8i5eAYVWPPh7exeqSIhWWCcEOEEt15QF7nVkBGIqNEgmfrYjkp
o9Fu/Z/NBbdznaFDhuTNuktQYlD6ly0Dx1kzAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUsi5WxCZx/DrhImFtd+kd+yeLC0wwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3NpNVd4Q1p4X0RyaElt
RnRkLWtkLXllTEMwdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAKz6wRumOnBtyKXYWy6L4XoP3m+T29BA
dyFPRj3gITA62TFd5F6+rk6rghjPDtAC4ECHzjf2lpnIJ8Rs2mQG5EiXXoaX+Ld1
j5rs2Geuin3JqgXKwn6whAWpdm6oYmnjOTQbzuslAHM6zP3B9XkXonTKZN/w0WWk
anFYyhgU8M6hAyqF5hNNGTYTNfDfurdq84eMHTE87FovXJ0F0oHyavBhdVwoBqNQ
OttJ95TyXegVxCBHtbgDKN3HDeL6kZjNY8GqNZWvBTvT0koJjHoMKFf3jwTpr58y
7f6aNCFs49nsP22V96fCacFmhjfz6lPd++OnCqLAN1vc9s4Mt2xWDnc=
-----END CERTIFICATE-----
Generated at Fri Jun 20 18:07:45 2025 by rpki-client