Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/MiKTW1JzQoZSF5TWvAnVnlUghBY.roa
File: MiKTW1JzQoZSF5TWvAnVnlUghBY.roa (raw, json)
Hash identifier: OkNaC0dEqw/xqibab+krDObesGUMhFknRFevsZqRWi8=
Subject key identifier: 32:22:93:5B:52:73:42:86:52:17:94:D6:BC:09:D5:9E:55:20:84:16
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 35CF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MiKTW1JzQoZSF5TWvAnVnlUghBY.roa
Signing time: Sun 31 Mar 2024 07:52:11 +0000
ROA not before: Sun 31 Mar 2024 07:52:11 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13775 (0x35cf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 31 07:52:11 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3222935B52734286521794D6BC09D59E55208416
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:ac:83:6d:5e:60:05:04:b6:e2:a2:35:af:81:
ca:c0:7c:61:69:24:d8:40:bd:09:58:ca:63:c8:ff:
62:46:74:27:73:2f:f9:4b:36:b4:76:c5:b4:a5:48:
77:30:a0:47:97:9a:58:51:f3:e1:6e:5a:ac:ae:91:
42:bd:70:37:b5:17:a2:f1:7b:a6:55:d9:fd:0a:26:
85:c9:a7:8b:f9:3a:ae:f3:59:49:a5:79:33:9c:a1:
a5:3f:51:d7:e4:bd:86:43:36:0b:6b:12:a3:dc:dd:
fd:30:00:d9:36:db:dc:17:32:ee:8c:40:e2:e8:cf:
bb:59:bc:3c:2b:37:a3:7c:c3:60:f8:07:72:7f:d6:
b5:82:93:b1:db:3d:f2:d9:9d:1a:91:ea:a0:18:0b:
1e:5d:7b:f6:48:d7:5c:d7:e0:da:41:34:90:ed:74:
f5:f5:45:cb:26:85:5d:ff:72:76:95:da:c4:f4:ff:
55:d5:2f:2d:c1:d3:d8:4d:d8:fb:86:56:1d:11:b6:
70:1c:95:04:2a:76:02:c4:b4:c0:6f:28:ec:9d:9c:
f7:49:f2:58:8f:e8:21:79:91:ae:84:7f:99:63:0b:
4c:bb:5f:7f:f8:e5:90:69:29:51:81:a0:a9:ad:0b:
2b:b5:90:4f:38:a4:c1:15:82:bb:b8:1c:09:7e:c8:
33:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:22:93:5B:52:73:42:86:52:17:94:D6:BC:09:D5:9E:55:20:84:16
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MiKTW1JzQoZSF5TWvAnVnlUghBY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
68:fe:fd:cb:b2:ac:30:4b:dd:5f:b0:21:76:05:d7:88:0b:63:
0e:44:89:7a:8a:7d:4b:50:cb:97:8a:e8:2d:b7:e3:f2:2d:f8:
f1:63:6e:a9:b7:fe:58:bb:9d:e5:12:ed:2e:a7:c8:ba:d2:15:
3e:d1:29:fd:b0:1d:28:84:37:c1:20:54:d8:0a:e6:43:8b:20:
52:bf:d7:f2:bc:b3:5b:8c:16:f7:80:9a:9f:b9:21:6a:08:ec:
29:33:8e:61:96:c2:31:8c:7d:75:d4:3c:76:c6:6c:0b:ed:eb:
0d:b1:d2:17:c8:dd:26:65:a9:e6:ed:bf:5d:a7:dd:2b:41:95:
54:b1:c6:14:6c:0b:89:f3:e7:c3:b8:52:59:e2:b9:c1:4f:78:
f4:aa:c3:c3:68:19:27:96:38:f5:4c:51:c2:96:86:50:e9:96:
a2:54:91:12:a6:07:a0:eb:6c:8e:0d:f4:f7:58:55:a2:c0:2d:
ec:3e:07:5e:f3:c3:04:d1:98:23:59:66:bd:51:48:c3:6e:8d:
b4:80:c7:d5:17:4b:ad:49:89:cc:d2:0d:68:f0:7c:ff:c8:e1:
66:c6:0e:5d:f5:6c:f4:e5:84:f9:be:f7:b9:11:95:ae:7a:e4:
13:8c:c3:96:17:f7:2d:85:e6:ab:09:21:79:8c:65:88:f5:f5:
50:fb:a3:eb
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICNc8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzEw
NzUyMTFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDMyMjI5MzVCNTI3MzQy
ODY1MjE3OTRENkJDMDlENTlFNTUyMDg0MTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCzrINtXmAFBLbiojWvgcrAfGFpJNhAvQlYymPI/2JGdCdzL/lL
NrR2xbSlSHcwoEeXmlhR8+FuWqyukUK9cDe1F6Lxe6ZV2f0KJoXJp4v5Oq7zWUml
eTOcoaU/UdfkvYZDNgtrEqPc3f0wANk229wXMu6MQOLoz7tZvDwrN6N8w2D4B3J/
1rWCk7HbPfLZnRqR6qAYCx5de/ZI11zX4NpBNJDtdPX1RcsmhV3/cnaV2sT0/1XV
Ly3B09hN2PuGVh0RtnAclQQqdgLEtMBvKOydnPdJ8liP6CF5ka6Ef5ljC0y7X3/4
5ZBpKVGBoKmtCyu1kE84pMEVgru4HAl+yDP7AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUMiKTW1JzQoZSF5TWvAnVnlUghBYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L01pS1RXMUp6UW9aU0Y1
VFd2QW5WbmxVZ2hCWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAGj+/cuyrDBL3V+wIXYF14gLYw5EiXqK
fUtQy5eK6C234/It+PFjbqm3/li7neUS7S6nyLrSFT7RKf2wHSiEN8EgVNgK5kOL
IFK/1/K8s1uMFveAmp+5IWoI7CkzjmGWwjGMfXXUPHbGbAvt6w2x0hfI3SZlqebt
v12n3StBlVSxxhRsC4nz58O4UlniucFPePSqw8NoGSeWOPVMUcKWhlDplqJUkRKm
B6DrbI4N9PdYVaLALew+B17zwwTRmCNZZr1RSMNujbSAx9UXS61JiczSDWjwfP/I
4WbGDl31bPTlhPm+97kRla565BOMw5YX9y2F5qsJIXmMZYj19VD7o+s=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:45:50 2025 by rpki-client