Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/to2gi0zmNFdRSHcAG_i9Ux7lQJ8.roa
File: to2gi0zmNFdRSHcAG_i9Ux7lQJ8.roa (raw, json)
Hash identifier: 3MVMu15haSeC2QmaPDKKPVCDGWZ13awaIGtgRhPVuzE=
Subject key identifier: B6:8D:A0:8B:4C:E6:34:57:51:48:77:00:1B:F8:BD:53:1E:E5:40:9F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 42EF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/to2gi0zmNFdRSHcAG_i9Ux7lQJ8.roa
Signing time: Wed 17 Apr 2024 19:53:01 +0000
ROA not before: Wed 17 Apr 2024 19:53:01 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17135 (0x42ef)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 17 19:53:01 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B68DA08B4CE63457514877001BF8BD531EE5409F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:2d:a1:f9:12:09:74:dc:de:0f:f9:20:f3:7d:
c5:43:47:ee:b0:d1:a0:61:c8:c5:a2:38:48:ab:16:
62:f0:cb:1e:df:31:47:72:77:af:c0:4d:d9:48:61:
be:63:0d:ed:0b:ed:c5:88:fd:65:15:b0:fe:a4:9c:
51:1d:7c:30:6e:c9:2c:06:46:06:e6:5f:42:ab:23:
a8:8d:5b:07:13:0a:9f:ed:e4:a8:8f:dd:32:f5:ec:
6f:e4:87:04:83:c8:0a:84:58:68:d6:c2:c4:da:f1:
e8:3b:e0:fa:48:b8:7d:66:1e:20:f3:f6:cb:3d:db:
44:12:08:e8:29:e2:f8:29:1e:6a:a2:dd:f7:a6:93:
ea:8c:af:48:c8:e3:4a:2c:e6:65:a5:dd:70:4c:ee:
1c:af:dd:52:45:9a:c7:f6:0a:85:90:4b:2a:d8:67:
94:91:56:dc:6b:3e:a8:a4:cc:90:43:d0:75:fc:0f:
48:2e:4f:0d:50:4b:88:ee:d2:68:1a:ed:a3:ed:ab:
71:62:d4:05:ed:78:ee:bb:c5:40:0e:0b:78:62:d8:
48:ef:ac:87:78:ab:7a:22:94:6d:f3:13:3a:74:1b:
d8:0c:1f:68:7a:3e:26:5c:dd:84:f9:86:58:3f:69:
d5:08:83:bb:a1:e7:5b:73:79:11:d9:4c:f3:33:68:
4e:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:8D:A0:8B:4C:E6:34:57:51:48:77:00:1B:F8:BD:53:1E:E5:40:9F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/to2gi0zmNFdRSHcAG_i9Ux7lQJ8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
79:27:70:1e:42:05:e7:a6:42:87:57:a7:ef:7b:e0:81:6b:c8:
3c:93:0e:4d:ef:2b:bb:96:e2:2d:24:99:7e:42:12:67:7d:23:
47:db:b3:4b:cd:e7:9b:d5:4b:71:2a:89:cd:bb:40:cb:c1:ec:
f5:85:33:73:ab:d8:69:5b:cc:e6:a4:69:fd:87:b4:f1:25:90:
5d:61:b1:d4:ee:d8:9a:f9:51:49:b7:0d:ac:24:78:c1:47:c1:
a0:38:7b:07:12:96:2a:5f:31:a8:d1:0c:6b:95:16:8e:40:2c:
51:3c:9d:b6:1d:04:7a:94:26:84:ee:fe:ed:20:b9:e5:c0:ae:
ba:aa:e4:71:2e:10:98:c4:ce:78:9a:b3:0f:72:4e:04:1f:9e:
7f:73:2d:65:3c:9d:07:47:57:a1:0e:06:c1:01:35:6e:60:ef:
62:fc:54:da:9a:2c:f0:b7:63:fb:87:6e:8c:2b:21:17:7d:32:
0f:03:77:90:c8:e7:2f:fb:a6:b3:33:00:f5:f5:fa:71:e2:ff:
66:05:5c:6e:f5:82:64:9b:7b:4c:7c:37:c3:5f:c3:9b:7b:90:
97:75:30:a5:b9:8f:d0:c3:bd:9f:cd:b1:a2:8c:41:a3:9b:4f:
18:7b:78:6b:fd:c7:32:a3:63:31:c3:45:86:23:ec:00:74:63:
7a:84:f3:c3
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQu8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTcx
OTUzMDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEI2OERBMDhCNENFNjM0
NTc1MTQ4NzcwMDFCRjhCRDUzMUVFNTQwOUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDNLaH5Egl03N4P+SDzfcVDR+6w0aBhyMWiOEirFmLwyx7fMUdy
d6/ATdlIYb5jDe0L7cWI/WUVsP6knFEdfDBuySwGRgbmX0KrI6iNWwcTCp/t5KiP
3TL17G/khwSDyAqEWGjWwsTa8eg74PpIuH1mHiDz9ss920QSCOgp4vgpHmqi3fem
k+qMr0jI40os5mWl3XBM7hyv3VJFmsf2CoWQSyrYZ5SRVtxrPqikzJBD0HX8D0gu
Tw1QS4ju0mga7aPtq3Fi1AXteO67xUAOC3hi2EjvrId4q3oilG3zEzp0G9gMH2h6
PiZc3YT5hlg/adUIg7uh51tzeRHZTPMzaE6BAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUto2gi0zmNFdRSHcAG/i9Ux7lQJ8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3RvMmdpMHptTkZkUlNI
Y0FHX2k5VXg3bFFKOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAHkncB5CBeemQodXp+974IFryDyTDk3v
K7uW4i0kmX5CEmd9I0fbs0vN55vVS3Eqic27QMvB7PWFM3Or2GlbzOakaf2HtPEl
kF1hsdTu2Jr5UUm3DawkeMFHwaA4ewcSlipfMajRDGuVFo5ALFE8nbYdBHqUJoTu
/u0gueXArrqq5HEuEJjEzniasw9yTgQfnn9zLWU8nQdHV6EOBsEBNW5g72L8VNqa
LPC3Y/uHbowrIRd9Mg8Dd5DI5y/7prMzAPX1+nHi/2YFXG71gmSbe0x8N8Nfw5t7
kJd1MKW5j9DDvZ/NsaKMQaObTxh7eGv9xzKjYzHDRYYj7AB0Y3qE88M=
-----END CERTIFICATE-----
Generated at Sat Jun 21 17:31:32 2025 by rpki-client