Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/tJZrDj1bBRxOJXGWmCYzujk9oHU.roa
File: tJZrDj1bBRxOJXGWmCYzujk9oHU.roa (raw, json)
Hash identifier: bGXtDMPRcH9DHMkMp6ArEzvOV0BybYNz92nl+0BlOFo=
Subject key identifier: B4:96:6B:0E:3D:5B:05:1C:4E:25:71:96:98:26:33:BA:39:3D:A0:75
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3377
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tJZrDj1bBRxOJXGWmCYzujk9oHU.roa
Signing time: Thu 28 Mar 2024 04:52:01 +0000
ROA not before: Thu 28 Mar 2024 04:52:01 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13175 (0x3377)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 28 04:52:01 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B4966B0E3D5B051C4E257196982633BA393DA075
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:fb:a0:7e:24:a7:41:d2:15:fc:45:60:d2:05:
80:db:7b:59:94:7e:03:27:48:37:32:96:cc:4c:e2:
11:3b:15:ab:32:c0:b4:16:dd:d6:e7:be:cf:5a:41:
44:b6:c1:9c:6e:75:77:c1:6f:35:91:47:8e:c8:60:
6f:0f:7f:ef:95:16:de:97:25:bd:90:2d:6f:54:4d:
bf:6f:ef:f2:62:78:3f:04:e1:c9:50:da:c2:75:2d:
c3:c5:fb:3b:b8:8f:fa:ee:d7:e2:e6:2e:0c:c7:60:
db:78:3e:71:d3:79:96:ac:79:22:7c:b2:72:87:61:
a9:10:47:b8:85:16:e8:4c:96:ba:18:d2:88:27:09:
5a:7c:07:28:89:4b:53:b8:84:68:ee:db:2f:39:c6:
99:bf:8b:17:4e:34:a7:d4:34:55:7a:5e:7f:da:7a:
97:97:fc:9c:e4:7c:81:ac:e5:20:10:f9:bb:d4:2b:
3a:61:76:d1:22:07:95:e8:50:e5:3e:33:6a:76:b6:
ad:a9:dd:0e:85:a2:d0:e1:b4:0f:de:a4:44:b9:33:
1a:23:8e:4c:d1:1d:21:f2:a0:40:b0:6f:83:e8:25:
37:af:ec:87:36:a1:d4:12:ab:c2:5c:12:16:c8:c4:
b5:fb:61:12:51:cd:6f:e9:78:f4:77:76:ca:f2:1e:
7d:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:96:6B:0E:3D:5B:05:1C:4E:25:71:96:98:26:33:BA:39:3D:A0:75
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tJZrDj1bBRxOJXGWmCYzujk9oHU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
b7:e9:ce:d2:1e:31:d9:46:40:fe:46:70:bd:00:23:93:b0:d2:
7e:c9:4f:15:59:6b:a5:81:11:37:b6:a1:21:a6:82:c4:93:c4:
2a:1f:b5:ed:d4:7b:a5:f8:96:84:ff:00:14:e1:e7:3f:a9:22:
05:b0:dc:94:ad:2c:4b:0b:0f:34:ac:2e:d2:2d:33:96:81:ea:
1b:ae:a3:70:68:76:1f:3a:de:d6:de:97:bf:4c:5c:3e:08:24:
bd:20:e1:d9:9a:92:eb:89:c9:10:30:52:a5:5a:1f:20:92:af:
55:00:0e:78:14:b8:85:93:1a:8c:00:8e:bb:fa:ca:8d:5c:e4:
4c:79:c0:8f:10:7d:8b:ed:07:05:b5:0c:31:35:4b:91:32:10:
1f:ec:9b:fc:bf:57:49:ac:1d:b0:60:96:36:f5:0d:03:03:c3:
7e:9f:b0:89:a5:7e:e8:02:74:9f:11:4b:ae:56:58:85:74:bc:
d4:45:f4:46:1a:0e:21:d9:11:0f:01:bf:57:4d:8a:cb:f3:8e:
71:08:ef:33:20:cc:db:74:88:2f:93:03:e2:e3:7b:27:4c:d6:
14:35:00:d6:0e:5f:5b:be:6c:c6:be:f2:1d:cc:cd:da:4c:c8:
b3:f6:b5:4f:0a:48:60:26:79:ca:02:61:55:87:84:76:c2:6e:
f0:ab:a5:d7
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICM3cwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjgw
NDUyMDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEI0OTY2QjBFM0Q1QjA1
MUM0RTI1NzE5Njk4MjYzM0JBMzkzREEwNzUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDO+6B+JKdB0hX8RWDSBYDbe1mUfgMnSDcylsxM4hE7FasywLQW
3dbnvs9aQUS2wZxudXfBbzWRR47IYG8Pf++VFt6XJb2QLW9UTb9v7/JieD8E4clQ
2sJ1LcPF+zu4j/ru1+LmLgzHYNt4PnHTeZaseSJ8snKHYakQR7iFFuhMlroY0ogn
CVp8ByiJS1O4hGju2y85xpm/ixdONKfUNFV6Xn/aepeX/JzkfIGs5SAQ+bvUKzph
dtEiB5XoUOU+M2p2tq2p3Q6FotDhtA/epES5MxojjkzRHSHyoECwb4PoJTev7Ic2
odQSq8JcEhbIxLX7YRJRzW/pePR3dsryHn1NAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUtJZrDj1bBRxOJXGWmCYzujk9oHUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3RKWnJEajFiQlJ4T0pY
R1dtQ1l6dWprOW9IVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBALfpztIeMdlGQP5GcL0AI5Ow0n7JTxVZ
a6WBETe2oSGmgsSTxCofte3Ue6X4loT/ABTh5z+pIgWw3JStLEsLDzSsLtItM5aB
6huuo3Bodh863tbel79MXD4IJL0g4dmakuuJyRAwUqVaHyCSr1UADngUuIWTGowA
jrv6yo1c5Ex5wI8QfYvtBwW1DDE1S5EyEB/sm/y/V0msHbBgljb1DQMDw36fsIml
fugCdJ8RS65WWIV0vNRF9EYaDiHZEQ8Bv1dNisvzjnEI7zMgzNt0iC+TA+LjeydM
1hQ1ANYOX1u+bMa+8h3MzdpMyLP2tU8KSGAmecoCYVWHhHbCbvCrpdc=
-----END CERTIFICATE-----
Generated at Sun Jun 22 10:36:26 2025 by rpki-client