Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/t_dFq5izHhhMBUbKmst1w9vMcIM.roa
File: t_dFq5izHhhMBUbKmst1w9vMcIM.roa (raw, json)
Hash identifier: CtYN2irADAob83K2+sGC5OG7/t4uv7SkJUmfSSfbAAM=
Subject key identifier: B7:F7:45:AB:98:B3:1E:18:4C:05:46:CA:9A:CB:75:C3:DB:CC:70:83
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 41A3
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/t_dFq5izHhhMBUbKmst1w9vMcIM.roa
Signing time: Tue 16 Apr 2024 02:23:25 +0000
ROA not before: Tue 16 Apr 2024 02:23:25 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16803 (0x41a3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 16 02:23:25 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B7F745AB98B31E184C0546CA9ACB75C3DBCC7083
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:69:6c:5e:d6:4e:bd:74:2b:45:8e:4f:80:c7:
29:35:02:ae:86:63:c9:46:7a:ed:1f:48:3a:6d:ce:
29:40:12:62:d2:cf:44:45:34:1f:8e:eb:19:04:2e:
ee:29:c8:51:26:87:24:da:45:44:cd:45:91:00:19:
ef:87:2f:50:be:2f:de:07:a2:12:26:f1:e2:91:ad:
7c:54:d0:0b:72:e3:69:1c:6e:55:f5:83:ee:6f:a7:
22:a7:87:77:02:f6:23:76:e2:9c:f5:13:2b:d9:16:
ad:78:d1:3a:03:68:2a:85:6c:b1:3b:d9:fa:1a:34:
82:67:28:09:11:23:dc:14:f4:95:78:1c:04:86:1f:
a0:ed:f5:f0:97:90:43:48:4b:14:7a:90:9c:bb:4f:
0f:ed:e8:a6:96:ea:51:18:41:6f:d8:0f:01:1b:4d:
a3:39:0a:ef:39:df:51:16:89:11:d8:6b:d6:b1:62:
78:89:aa:86:7f:d9:9f:39:94:b6:f0:ec:ca:86:d6:
69:84:e2:ee:42:1d:5f:ae:65:50:c0:f7:04:77:9f:
a8:cf:e8:e5:0c:b0:c1:84:fc:3b:c6:aa:c9:54:a4:
46:5b:28:8d:7d:8a:1d:4a:dd:ca:92:df:d6:e6:d1:
14:38:71:62:5a:b0:1d:8a:c6:ea:61:9e:65:b4:6f:
64:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:F7:45:AB:98:B3:1E:18:4C:05:46:CA:9A:CB:75:C3:DB:CC:70:83
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/t_dFq5izHhhMBUbKmst1w9vMcIM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
3e:46:74:45:02:21:21:14:b9:a1:03:0a:62:0e:63:f7:5e:41:
8a:e5:7c:ce:8a:48:76:ba:d5:90:be:f7:d4:74:82:dd:b1:ca:
87:33:0e:ad:32:c2:0e:e6:5c:b8:a0:ca:52:78:a0:ea:8f:7c:
e3:93:cf:38:0d:fc:bb:41:86:90:72:41:bf:02:28:6c:a6:3c:
aa:e7:58:6f:a3:a6:96:ac:f9:b5:3f:df:44:5f:41:c9:6b:a7:
8c:51:26:d9:92:78:16:ae:34:23:f2:4f:84:09:2c:2b:82:e8:
73:00:57:8c:af:13:3e:ff:f2:7c:1b:2c:41:74:12:7f:ec:ad:
9d:66:5b:97:51:b2:15:4d:7e:8f:04:56:3c:33:1b:13:3b:3a:
46:d3:34:ee:5a:ae:73:2c:2c:6c:71:66:f3:fc:ba:bb:43:aa:
f6:51:c6:df:bd:72:ce:1f:c3:e1:a2:ae:66:e4:ed:3a:06:83:
8a:29:fe:3d:8b:4d:fa:a5:35:b0:ef:ab:03:60:7b:c0:57:d3:
86:98:7b:ac:84:39:58:5d:76:fe:a4:08:fd:7c:90:f8:af:30:
2a:0b:73:32:24:78:07:79:a5:b9:53:95:cb:3b:7e:52:ca:f0:
c9:38:b7:1a:fe:9e:2f:84:64:f2:f6:ba:c0:c1:98:98:42:52:
78:a8:af:94
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQaMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTYw
MjIzMjVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEI3Rjc0NUFCOThCMzFF
MTg0QzA1NDZDQTlBQ0I3NUMzREJDQzcwODMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC0aWxe1k69dCtFjk+Axyk1Aq6GY8lGeu0fSDptzilAEmLSz0RF
NB+O6xkELu4pyFEmhyTaRUTNRZEAGe+HL1C+L94HohIm8eKRrXxU0Aty42kcblX1
g+5vpyKnh3cC9iN24pz1EyvZFq140ToDaCqFbLE72foaNIJnKAkRI9wU9JV4HASG
H6Dt9fCXkENISxR6kJy7Tw/t6KaW6lEYQW/YDwEbTaM5Cu8531EWiRHYa9axYniJ
qoZ/2Z85lLbw7MqG1mmE4u5CHV+uZVDA9wR3n6jP6OUMsMGE/DvGqslUpEZbKI19
ih1K3cqS39bm0RQ4cWJasB2KxuphnmW0b2RrAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUt/dFq5izHhhMBUbKmst1w9vMcIMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3RfZEZxNWl6SGhoTUJV
Ykttc3Qxdzl2TWNJTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAD5GdEUCISEUuaEDCmIOY/deQYrlfM6K
SHa61ZC+99R0gt2xyoczDq0ywg7mXLigylJ4oOqPfOOTzzgN/LtBhpByQb8CKGym
PKrnWG+jppas+bU/30RfQclrp4xRJtmSeBauNCPyT4QJLCuC6HMAV4yvEz7/8nwb
LEF0En/srZ1mW5dRshVNfo8EVjwzGxM7OkbTNO5arnMsLGxxZvP8urtDqvZRxt+9
cs4fw+Girmbk7ToGg4op/j2LTfqlNbDvqwNge8BX04aYe6yEOVhddv6kCP18kPiv
MCoLczIkeAd5pblTlcs7flLK8Mk4txr+ni+EZPL2usDBmJhCUnior5Q=
-----END CERTIFICATE-----
Generated at Tue Jun 17 00:51:56 2025 by rpki-client