Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/tOo-1XF7g7i7rvfjubD7OifSMyQ.roa
File: tOo-1XF7g7i7rvfjubD7OifSMyQ.roa (raw, json)
Hash identifier: KOwxdRmpbBSLXtwmoZuvNsezAYZA+MTRvhoAAPR5wMg=
Subject key identifier: B4:EA:3E:D5:71:7B:83:B8:BB:AE:F7:E3:B9:B0:FB:3A:27:D2:33:24
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5437
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tOo-1XF7g7i7rvfjubD7OifSMyQ.roa
Signing time: Fri 10 May 2024 20:54:09 +0000
ROA not before: Fri 10 May 2024 20:54:09 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21559 (0x5437)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 10 20:54:09 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B4EA3ED5717B83B8BBAEF7E3B9B0FB3A27D23324
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:5d:68:0f:69:3a:b6:39:6c:fa:30:7d:c8:96:
84:6b:9e:db:b0:82:5c:88:7d:0c:de:6b:1a:2d:32:
6f:0d:be:33:8b:eb:95:d7:7e:36:08:7d:e4:ac:68:
20:8e:38:89:36:32:6c:c5:f8:c4:89:bd:0d:f4:01:
00:c8:be:c8:b3:3c:80:25:db:ba:28:4d:90:b6:f5:
ef:42:c2:c8:0a:dd:0c:99:6b:d1:1f:22:88:e0:b4:
31:8f:73:d3:68:bd:56:e9:a7:89:a3:f5:40:f4:5d:
eb:43:b1:10:df:aa:35:6e:cc:44:96:75:80:ec:92:
05:1f:8d:cd:e4:be:ca:b4:88:29:b5:0e:15:ac:3f:
4b:c3:90:7c:4f:31:1f:df:87:e2:da:df:3b:8d:d7:
b4:e6:43:7c:06:6c:f6:f2:68:b8:40:48:13:7a:e1:
76:2a:ed:2a:35:12:2c:45:b8:17:88:fc:9c:78:e6:
9f:01:e6:34:14:0f:e6:4d:c4:30:5d:0d:2e:30:ca:
ab:e8:0e:87:b1:9e:b2:fe:5d:96:50:00:40:9e:b3:
a8:82:0b:ba:97:c3:b9:e5:04:0f:cd:c9:8f:59:29:
42:53:da:ea:2b:1e:d9:d8:0a:b7:69:3a:8f:ec:3b:
ac:7e:6f:d9:d6:64:8a:15:1b:74:92:0b:c7:f6:4c:
d0:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:EA:3E:D5:71:7B:83:B8:BB:AE:F7:E3:B9:B0:FB:3A:27:D2:33:24
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tOo-1XF7g7i7rvfjubD7OifSMyQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
96:91:f4:3f:16:21:5b:5b:0b:9b:4e:fe:23:60:cb:6c:0b:0d:
2e:e4:f6:90:48:3a:00:7a:d6:2f:03:b7:be:9c:cf:79:73:e3:
8c:89:ca:14:1c:fb:46:b8:4b:2d:16:37:66:38:7a:53:49:bc:
fa:0f:13:56:86:2d:d0:68:c6:20:4b:d9:b6:f0:dd:bc:ce:cc:
8d:1b:23:15:88:5d:c7:09:5d:83:4e:ea:bb:6c:ed:e1:50:b9:
08:7a:97:bb:a4:a2:e7:64:e4:a7:fb:d3:35:fb:bd:e3:4f:5d:
48:e7:91:82:82:77:41:82:b0:bd:86:2f:07:aa:ab:67:44:61:
69:b6:12:c5:25:12:3e:7e:c9:9f:19:79:88:d5:6a:f1:07:4f:
5f:1d:d3:ea:28:7d:48:27:98:89:76:ef:43:ab:eb:0f:61:f8:
f9:fd:6c:f7:44:a5:4f:5b:88:c1:35:c4:a7:36:ec:dd:30:40:
20:73:90:3e:26:3f:8e:da:67:1c:3c:3d:6e:ff:32:4d:d4:30:
24:45:03:0c:7f:0e:64:16:e0:cb:ca:12:90:55:25:60:95:ee:
0b:bc:ff:37:b4:c6:24:80:f5:82:3b:c6:54:97:a6:b4:71:38:
44:61:f7:47:89:1d:ba:3d:e5:e6:c8:75:68:ec:73:16:a9:11:
6d:03:f6:12
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICVDcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTAy
MDU0MDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEI0RUEzRUQ1NzE3Qjgz
QjhCQkFFRjdFM0I5QjBGQjNBMjdEMjMzMjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDmXWgPaTq2OWz6MH3IloRrntuwglyIfQzeaxotMm8NvjOL65XX
fjYIfeSsaCCOOIk2MmzF+MSJvQ30AQDIvsizPIAl27ooTZC29e9CwsgK3QyZa9Ef
IojgtDGPc9NovVbpp4mj9UD0XetDsRDfqjVuzESWdYDskgUfjc3kvsq0iCm1DhWs
P0vDkHxPMR/fh+La3zuN17TmQ3wGbPbyaLhASBN64XYq7So1EixFuBeI/Jx45p8B
5jQUD+ZNxDBdDS4wyqvoDoexnrL+XZZQAECes6iCC7qXw7nlBA/NyY9ZKUJT2uor
HtnYCrdpOo/sO6x+b9nWZIoVG3SSC8f2TNDZAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUtOo+1XF7g7i7rvfjubD7OifSMyQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3RPby0xWEY3ZzdpN3J2
Zmp1YkQ3T2lmU015US5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAJaR9D8WIVtbC5tO/iNgy2wLDS7k9pBI
OgB61i8Dt76cz3lz44yJyhQc+0a4Sy0WN2Y4elNJvPoPE1aGLdBoxiBL2bbw3bzO
zI0bIxWIXccJXYNO6rts7eFQuQh6l7ukoudk5Kf70zX7veNPXUjnkYKCd0GCsL2G
Lweqq2dEYWm2EsUlEj5+yZ8ZeYjVavEHT18d0+oofUgnmIl270Or6w9h+Pn9bPdE
pU9biME1xKc27N0wQCBzkD4mP47aZxw8PW7/Mk3UMCRFAwx/DmQW4MvKEpBVJWCV
7gu8/ze0xiSA9YI7xlSXprRxOERh90eJHbo95ebIdWjscxapEW0D9hI=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:58:50 2025 by rpki-client