Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/1eHZWYTUJ3aWzlqQtNqewENXeCA.roa
File: 1eHZWYTUJ3aWzlqQtNqewENXeCA.roa (raw, json)
Hash identifier: dbO9H4diU5JMEZk6uw9MpduCMiRQ0sxY/7FJbUr3TlU=
Subject key identifier: D5:E1:D9:59:84:D4:27:76:96:CE:5A:90:B4:DA:9E:C0:43:57:78:20
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3307
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1eHZWYTUJ3aWzlqQtNqewENXeCA.roa
Signing time: Wed 27 Mar 2024 14:52:30 +0000
ROA not before: Wed 27 Mar 2024 14:52:30 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13063 (0x3307)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 27 14:52:30 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D5E1D95984D4277696CE5A90B4DA9EC043577820
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:cb:a6:3a:b6:e5:74:ce:0d:4e:38:80:7e:0b:
bb:6b:2e:b3:bb:33:51:e3:0e:f5:20:7b:2d:4d:04:
cb:ec:af:b5:c6:bf:79:b9:5e:13:14:e5:e2:3e:d0:
6d:40:34:cf:cc:f7:05:ed:37:2b:c9:31:cc:48:a5:
11:0b:ec:69:80:c7:fd:71:50:3e:a5:40:95:e8:90:
b6:03:e5:05:15:61:e2:7c:76:8f:ae:31:7d:d5:18:
5d:c6:1d:84:b4:ab:49:2c:ba:63:30:ad:a5:44:e1:
9f:62:c4:b7:e0:07:39:89:92:88:f0:59:04:a6:bc:
3f:76:c8:87:8a:fe:a1:d3:54:38:b8:44:ee:7b:eb:
74:36:56:f0:a5:2c:96:bb:31:80:32:aa:99:dc:c3:
a0:67:97:8f:0d:e8:a3:04:f6:cc:32:7f:71:4b:43:
fd:95:d5:ae:fd:e4:ab:97:16:61:c8:31:84:af:b5:
e3:54:e6:37:33:41:e4:b3:d2:85:91:66:a0:80:7e:
1a:a2:ba:f5:d7:1e:11:00:80:16:55:c7:b6:92:40:
f9:8e:d3:bc:53:0b:c0:1f:76:b7:ed:42:48:b5:ba:
44:d1:89:39:3b:91:36:55:c3:1e:d7:50:44:7a:bb:
96:be:b3:8a:b5:aa:5d:2a:c5:c1:e4:3e:a1:c5:53:
e7:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:E1:D9:59:84:D4:27:76:96:CE:5A:90:B4:DA:9E:C0:43:57:78:20
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1eHZWYTUJ3aWzlqQtNqewENXeCA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
17:d1:da:57:ae:e0:3b:25:e0:99:a6:e6:0c:1a:c5:c6:1e:d7:
02:b3:5e:57:aa:0f:d8:73:bc:9a:90:05:0b:af:21:17:12:0b:
bf:6b:1c:13:84:12:ea:5c:08:44:87:d5:06:cc:31:00:34:36:
9d:67:a5:55:cc:e3:36:54:70:64:5a:2d:4d:f1:05:55:1a:57:
70:89:fc:95:49:65:33:23:40:43:f4:77:f5:d1:bd:15:cb:e4:
f5:0e:a9:05:ce:42:88:c8:f3:d7:b6:d3:b3:91:53:44:cb:0e:
c4:57:b7:ed:38:50:0d:f6:9d:c5:b9:3b:5e:ac:87:ad:34:96:
2f:2c:46:1c:e1:ac:03:c5:44:2e:2d:50:27:d0:a5:47:53:9d:
53:71:24:96:75:4d:f3:c2:d2:7d:be:23:53:9d:06:52:24:a3:
3d:eb:75:05:4b:be:ea:23:ff:f0:fa:ee:da:4f:a2:d1:4e:5c:
5c:99:6a:f9:91:7e:0b:1c:95:84:5d:da:2e:06:b0:59:1f:91:
79:74:db:2c:21:85:86:2a:bb:ec:61:3e:05:b4:14:8d:4b:ef:
20:60:61:f9:71:50:ea:e2:0c:92:05:5f:d4:f9:08:d4:f9:35:
0e:13:68:4f:21:d5:17:88:30:1c:d6:fa:5f:51:93:de:a8:7d:
bb:b8:c8:24
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICMwcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjcx
NDUyMzBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQ1RTFEOTU5ODRENDI3
NzY5NkNFNUE5MEI0REE5RUMwNDM1Nzc4MjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMy6Y6tuV0zg1OOIB+C7trLrO7M1HjDvUgey1NBMvsr7XGv3m5
XhMU5eI+0G1ANM/M9wXtNyvJMcxIpREL7GmAx/1xUD6lQJXokLYD5QUVYeJ8do+u
MX3VGF3GHYS0q0ksumMwraVE4Z9ixLfgBzmJkojwWQSmvD92yIeK/qHTVDi4RO57
63Q2VvClLJa7MYAyqpncw6Bnl48N6KME9swyf3FLQ/2V1a795KuXFmHIMYSvteNU
5jczQeSz0oWRZqCAfhqiuvXXHhEAgBZVx7aSQPmO07xTC8AfdrftQki1ukTRiTk7
kTZVwx7XUER6u5a+s4q1ql0qxcHkPqHFU+cBAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU1eHZWYTUJ3aWzlqQtNqewENXeCAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzFlSFpXWVRVSjNhV3ps
cVF0TnFld0VOWGVDQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBABfR2leu4Dsl4Jmm5gwaxcYe1wKzXleq
D9hzvJqQBQuvIRcSC79rHBOEEupcCESH1QbMMQA0Np1npVXM4zZUcGRaLU3xBVUa
V3CJ/JVJZTMjQEP0d/XRvRXL5PUOqQXOQojI89e207ORU0TLDsRXt+04UA32ncW5
O16sh600li8sRhzhrAPFRC4tUCfQpUdTnVNxJJZ1TfPC0n2+I1OdBlIkoz3rdQVL
vuoj//D67tpPotFOXFyZavmRfgsclYRd2i4GsFkfkXl02ywhhYYqu+xhPgW0FI1L
7yBgYflxUOriDJIFX9T5CNT5NQ4TaE8h1ReIMBzW+l9Rk96ofbu4yCQ=
-----END CERTIFICATE-----
Generated at Sat May 17 22:40:07 2025 by rpki-client