Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/K3rWwyr5SdhL9daGbLAbAKrGWaw.roa
File: K3rWwyr5SdhL9daGbLAbAKrGWaw.roa (raw, json)
Hash identifier: /FaU5VugDQS0MQ6ZhW9GzkrHn/yfN9BFaBxYia+GE94=
Subject key identifier: 2B:7A:D6:C3:2A:F9:49:D8:4B:F5:D6:86:6C:B0:1B:00:AA:C6:59:AC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 416B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/K3rWwyr5SdhL9daGbLAbAKrGWaw.roa
Signing time: Mon 15 Apr 2024 19:22:53 +0000
ROA not before: Mon 15 Apr 2024 19:22:53 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16747 (0x416b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 19:22:53 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=2B7AD6C32AF949D84BF5D6866CB01B00AAC659AC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:7e:f6:f7:3e:42:89:a9:12:b5:4a:2e:7e:d2:
d1:93:6c:42:2a:a6:89:66:33:07:db:f9:14:d7:0a:
54:a4:ca:b1:bb:0c:bc:73:55:7b:75:03:6f:57:1d:
17:8d:f9:9e:af:b8:8c:b1:10:32:4f:7b:f9:25:cb:
1c:ca:60:fd:b3:a6:43:93:48:1a:df:06:d2:e4:0c:
a1:84:c0:2e:ac:3c:92:83:39:df:1e:06:12:fd:e5:
96:c8:a5:1c:16:a1:c1:32:2f:23:44:78:66:63:3a:
8a:77:f6:59:25:06:bd:a6:c3:6a:84:47:a4:46:e6:
67:7a:05:37:86:95:48:57:6a:f7:bb:26:68:05:87:
3d:87:28:10:21:72:e7:70:45:6d:44:71:aa:43:24:
12:80:50:7f:77:d4:b7:bb:55:7b:b4:a6:77:76:ba:
74:7f:51:31:1f:d6:ee:15:6b:7b:2c:11:fb:12:a5:
c9:e6:f0:f8:43:b2:9e:50:2c:17:44:cd:6f:91:07:
0e:52:ad:14:5c:0b:0d:5a:96:b4:39:5f:41:8b:d2:
64:0a:be:46:b9:09:0b:e7:b0:55:7f:19:2c:7b:20:
44:57:07:95:d2:63:7f:98:58:93:ae:b1:b6:94:d6:
5c:ed:4a:8d:4c:f9:11:5c:0a:35:7b:23:b1:77:bb:
d6:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:7A:D6:C3:2A:F9:49:D8:4B:F5:D6:86:6C:B0:1B:00:AA:C6:59:AC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/K3rWwyr5SdhL9daGbLAbAKrGWaw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
06:28:23:36:d7:6d:3d:ce:88:be:b0:52:43:29:94:2c:a9:82:
d7:a4:3d:a4:70:86:8a:4a:bf:fa:b8:ca:ee:45:c8:e8:92:5e:
0b:ab:9f:2d:9d:79:22:13:ff:db:a4:58:c5:64:c1:b7:89:47:
14:b5:b9:59:99:08:61:f5:cf:ef:4b:76:cd:6d:8a:38:ac:44:
5e:89:1e:66:67:f0:e6:a9:c0:9d:a0:98:f0:22:39:dc:e9:3d:
f0:47:2b:ee:aa:18:8c:c8:cf:25:ec:eb:5f:78:2e:f2:00:f3:
26:70:c1:57:23:5f:16:a5:e7:5b:a3:a3:df:aa:08:31:3e:81:
12:ae:3b:9d:de:eb:a2:bb:71:17:a3:23:3b:77:09:49:8c:8e:
d9:80:99:54:0b:ac:c9:e8:b6:b5:b5:cd:fc:12:c2:d7:97:91:
01:f6:32:2e:01:1d:8a:29:45:ef:80:ba:bd:ab:a1:2a:48:6c:
38:69:04:ee:f7:e7:7b:1b:27:bc:e4:d3:c4:30:b4:17:c0:e1:
3e:22:86:32:13:7a:cf:9d:ed:34:99:55:8c:a5:0d:9a:d4:56:
17:e4:cc:75:de:ce:c2:2e:9c:e0:19:5c:fd:97:ed:5a:6f:d6:
f1:27:b1:de:e8:79:d6:f8:fd:e1:8d:5a:6a:34:45:0b:7f:7f:
42:6f:4e:e7
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQWswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUx
OTIyNTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDJCN0FENkMzMkFGOTQ5
RDg0QkY1RDY4NjZDQjAxQjAwQUFDNjU5QUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDPfvb3PkKJqRK1Si5+0tGTbEIqpolmMwfb+RTXClSkyrG7DLxz
VXt1A29XHReN+Z6vuIyxEDJPe/klyxzKYP2zpkOTSBrfBtLkDKGEwC6sPJKDOd8e
BhL95ZbIpRwWocEyLyNEeGZjOop39lklBr2mw2qER6RG5md6BTeGlUhXave7JmgF
hz2HKBAhcudwRW1EcapDJBKAUH931Le7VXu0pnd2unR/UTEf1u4Va3ssEfsSpcnm
8PhDsp5QLBdEzW+RBw5SrRRcCw1alrQ5X0GL0mQKvka5CQvnsFV/GSx7IERXB5XS
Y3+YWJOusbaU1lztSo1M+RFcCjV7I7F3u9aPAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUK3rWwyr5SdhL9daGbLAbAKrGWawwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0szcld3eXI1U2RoTDlk
YUdiTEFiQUtyR1dhdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAAYoIzbXbT3OiL6wUkMplCypgtekPaRw
hopKv/q4yu5FyOiSXgurny2deSIT/9ukWMVkwbeJRxS1uVmZCGH1z+9Lds1tijis
RF6JHmZn8OapwJ2gmPAiOdzpPfBHK+6qGIzIzyXs6194LvIA8yZwwVcjXxal51uj
o9+qCDE+gRKuO53e66K7cRejIzt3CUmMjtmAmVQLrMnotrW1zfwSwteXkQH2Mi4B
HYopRe+Aur2roSpIbDhpBO7353sbJ7zk08QwtBfA4T4ihjITes+d7TSZVYylDZrU
VhfkzHXezsIunOAZXP2X7Vpv1vEnsd7oedb4/eGNWmo0RQt/f0JvTuc=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:47:33 2025 by rpki-client