Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/02znHyBMr4RCED2PONve6q2gG88.roa
File: 02znHyBMr4RCED2PONve6q2gG88.roa (raw, json)
Hash identifier: G1+ul9vGZKHXyuB4qOl1t6R8nmgk6Eke4slTu1Lr3uo=
Subject key identifier: D3:6C:E7:1F:20:4C:AF:84:42:10:3D:8F:38:DB:DE:EA:AD:A0:1B:CF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3817
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/02znHyBMr4RCED2PONve6q2gG88.roa
Signing time: Wed 03 Apr 2024 08:52:17 +0000
ROA not before: Wed 03 Apr 2024 08:52:17 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14359 (0x3817)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 3 08:52:17 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D36CE71F204CAF8442103D8F38DBDEEAADA01BCF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:ff:61:bd:de:c2:54:5b:79:6e:3c:22:9a:00:
2e:d0:37:de:bc:0c:5e:00:ab:c9:b6:a4:03:d7:2f:
c1:6e:75:0a:fc:a1:e1:89:6f:d1:34:48:46:20:43:
ca:c8:fc:e4:16:e8:57:df:20:8e:e4:4a:54:32:69:
40:ce:6d:71:6f:dc:40:cb:d3:70:10:2e:e1:d0:1c:
66:1e:f6:12:6e:01:15:67:20:92:55:1d:79:e4:52:
0b:59:b7:33:e8:36:52:b2:01:ee:fb:26:b3:fb:7f:
36:ba:0b:cd:d5:1c:5a:66:80:cd:fd:43:03:6a:e7:
b8:52:79:c8:df:ae:61:11:4a:fd:96:9c:fe:93:e6:
88:8e:fe:1b:5a:07:67:2d:a5:05:ab:9c:d7:cc:56:
44:72:9a:a5:ef:db:dd:f1:e1:a5:d5:59:21:0e:75:
e1:5c:5d:8f:91:53:73:8b:19:87:62:f7:e0:1e:0f:
cf:b5:5b:ca:06:b7:1a:a5:b9:24:b1:da:ba:86:c5:
30:0f:c4:78:8f:0d:2c:51:b7:28:d0:e3:77:06:4e:
e5:8b:1a:d8:6a:25:ea:87:f2:eb:be:9b:c1:9f:3e:
30:8f:8c:30:07:13:9c:0b:3c:96:b7:09:f2:a0:5c:
43:9f:fa:b1:8c:8e:32:b8:18:6e:3e:5e:d7:bc:e0:
36:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:6C:E7:1F:20:4C:AF:84:42:10:3D:8F:38:DB:DE:EA:AD:A0:1B:CF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/02znHyBMr4RCED2PONve6q2gG88.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
40:a9:f8:09:de:37:bc:62:73:e4:bd:e3:aa:7a:c7:7e:0b:62:
1c:a7:28:1e:42:82:40:26:da:66:a9:5f:a4:34:c1:4d:56:aa:
53:1b:91:1b:1f:98:f8:aa:18:ed:f0:85:5a:18:88:69:ee:53:
b2:34:2f:fe:49:df:bb:8c:dd:ff:f9:65:f4:a6:98:40:21:28:
03:38:89:46:66:db:82:ce:85:a0:e0:9f:de:0d:06:6b:7f:62:
bc:1a:55:c8:31:b0:3d:bc:11:19:68:a6:69:26:37:8b:e4:b7:
63:a5:f0:7c:77:e6:74:3f:a4:7c:1a:d3:0d:52:cb:cc:8a:34:
9a:37:fd:74:f0:8f:d4:38:31:74:d9:12:2d:50:4d:89:9a:81:
ff:0b:7a:8f:d8:8d:1d:e7:47:e8:06:79:16:24:5b:88:e1:13:
e9:54:b0:b3:2c:eb:d9:75:45:70:e4:cd:7b:4b:ba:59:1d:5a:
6f:ed:5b:9e:f0:63:56:e2:f1:2b:ed:5a:14:59:d5:9f:ac:ed:
a9:81:e3:89:23:fd:d0:bc:e8:54:32:00:9e:ce:28:c7:e1:83:
47:b6:08:62:51:ee:59:6a:ac:23:9d:e2:c9:dd:21:f2:21:f2:
22:fa:de:ad:01:77:84:2b:82:56:a8:bc:9b:f2:67:6d:87:5d:
c1:a6:02:ec
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICOBcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDMw
ODUyMTdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQzNkNFNzFGMjA0Q0FG
ODQ0MjEwM0Q4RjM4REJERUVBQURBMDFCQ0YwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCt/2G93sJUW3luPCKaAC7QN968DF4Aq8m2pAPXL8FudQr8oeGJ
b9E0SEYgQ8rI/OQW6FffII7kSlQyaUDObXFv3EDL03AQLuHQHGYe9hJuARVnIJJV
HXnkUgtZtzPoNlKyAe77JrP7fza6C83VHFpmgM39QwNq57hSecjfrmERSv2WnP6T
5oiO/htaB2ctpQWrnNfMVkRymqXv293x4aXVWSEOdeFcXY+RU3OLGYdi9+AeD8+1
W8oGtxqluSSx2rqGxTAPxHiPDSxRtyjQ43cGTuWLGthqJeqH8uu+m8GfPjCPjDAH
E5wLPJa3CfKgXEOf+rGMjjK4GG4+Xte84DbNAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU02znHyBMr4RCED2PONve6q2gG88wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzAyem5IeUJNcjRSQ0VE
MlBPTnZlNnEyZ0c4OC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAECp+AneN7xic+S946p6x34LYhynKB5C
gkAm2mapX6Q0wU1WqlMbkRsfmPiqGO3whVoYiGnuU7I0L/5J37uM3f/5ZfSmmEAh
KAM4iUZm24LOhaDgn94NBmt/YrwaVcgxsD28ERlopmkmN4vkt2Ol8Hx35nQ/pHwa
0w1Sy8yKNJo3/XTwj9Q4MXTZEi1QTYmagf8Leo/YjR3nR+gGeRYkW4jhE+lUsLMs
69l1RXDkzXtLulkdWm/tW57wY1bi8SvtWhRZ1Z+s7amB44kj/dC86FQyAJ7OKMfh
g0e2CGJR7llqrCOd4sndIfIh8iL63q0Bd4QrglaovJvyZ22HXcGmAuw=
-----END CERTIFICATE-----
Generated at Sun May 18 01:51:12 2025 by rpki-client