Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/2B5FNYJH6gHAHLysgQyl4eH4dOA.roa
File: 2B5FNYJH6gHAHLysgQyl4eH4dOA.roa (raw, json)
Hash identifier: JuprXcriHLcgSnvtTw4Q0K8R7crE4yeran2T64+d1Ww=
Subject key identifier: D8:1E:45:35:82:47:EA:01:C0:1C:BC:AC:81:0C:A5:E1:E1:F8:74:E0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 34C7
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2B5FNYJH6gHAHLysgQyl4eH4dOA.roa
Signing time: Fri 29 Mar 2024 22:52:06 +0000
ROA not before: Fri 29 Mar 2024 22:52:06 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13511 (0x34c7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 29 22:52:06 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D81E45358247EA01C01CBCAC810CA5E1E1F874E0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:81:2f:b5:a6:c5:89:bd:09:b8:03:01:cc:c3:
48:96:24:e8:db:97:05:02:ed:b7:d0:48:e6:73:6f:
9b:51:1b:2b:13:0f:62:99:34:7a:da:38:c9:4a:18:
98:75:41:ae:9e:c6:bf:62:2d:62:63:5c:84:d3:d4:
8c:24:f7:75:ff:0d:ce:5f:29:88:32:b5:da:ec:16:
c6:11:28:89:2d:a4:34:f1:44:9c:84:f2:0b:7d:22:
14:3b:c3:dd:25:10:6a:34:f2:0e:39:6e:00:6d:97:
3a:fa:ef:ef:f9:ea:60:8f:79:9e:0d:76:c4:68:b3:
23:0a:a7:cb:d5:e1:1d:97:53:01:75:6d:2e:95:0f:
b1:ab:d6:ee:25:c7:fc:72:d8:52:ec:b5:6e:85:b9:
0d:b6:93:0d:94:96:3b:35:49:a9:b7:e2:52:6e:e0:
22:4e:1b:e7:99:ca:a0:d2:15:0e:69:e6:5f:bd:61:
9b:cd:21:2b:c1:80:49:61:79:6d:5a:28:b4:25:eb:
34:05:58:d2:62:27:95:2f:c9:56:d5:fc:23:d4:e8:
58:8c:19:ec:8b:0d:7f:57:b0:af:c5:03:f6:bd:4f:
ac:b0:6b:9b:31:fe:33:b0:95:df:73:73:d7:52:a9:
05:83:42:b7:81:13:ab:f9:87:51:21:6a:3e:fc:09:
23:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:1E:45:35:82:47:EA:01:C0:1C:BC:AC:81:0C:A5:E1:E1:F8:74:E0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2B5FNYJH6gHAHLysgQyl4eH4dOA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
55:8e:c0:45:fa:1f:fd:72:b7:40:27:2d:f0:88:48:b2:29:7f:
79:4f:73:c2:76:17:14:51:65:af:f4:ad:e8:b5:35:93:df:f9:
e9:08:03:6b:94:a8:1e:25:84:a9:bf:05:71:94:a1:7f:6d:4a:
9d:92:ee:f4:25:72:f2:9c:48:39:a4:0f:c6:76:e4:bf:46:78:
48:41:35:84:d3:aa:48:1f:df:38:91:f5:bf:e2:46:86:80:54:
96:a7:e4:9d:d7:27:a9:ef:fc:35:72:af:56:8b:08:2b:ac:57:
68:2d:de:be:9b:c8:fb:3c:29:96:b8:b5:73:15:ad:7b:18:6d:
29:75:24:56:5d:09:1d:30:43:17:92:b5:6a:a0:aa:65:6a:1e:
16:34:40:41:f0:69:66:08:86:fd:52:71:03:49:01:d8:58:ad:
2f:e4:90:db:10:a6:5f:dc:60:f7:78:8c:8e:45:78:17:a4:50:
1f:3e:80:19:29:3a:c9:a1:94:7e:a9:c4:46:81:c7:3f:be:49:
49:42:88:67:f5:66:df:83:6d:57:a9:79:ac:74:1e:40:95:95:
43:3b:4e:0a:ad:79:0e:28:0e:22:45:b5:9b:5f:80:d5:9f:27:
5e:5b:65:eb:14:3a:7b:25:4f:5e:7a:8f:00:ce:ce:3b:48:01:
a8:31:4b:73
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICNMcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjky
MjUyMDZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQ4MUU0NTM1ODI0N0VB
MDFDMDFDQkNBQzgxMENBNUUxRTFGODc0RTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCigS+1psWJvQm4AwHMw0iWJOjblwUC7bfQSOZzb5tRGysTD2KZ
NHraOMlKGJh1Qa6exr9iLWJjXITT1Iwk93X/Dc5fKYgytdrsFsYRKIktpDTxRJyE
8gt9IhQ7w90lEGo08g45bgBtlzr67+/56mCPeZ4NdsRosyMKp8vV4R2XUwF1bS6V
D7Gr1u4lx/xy2FLstW6FuQ22kw2Uljs1Sam34lJu4CJOG+eZyqDSFQ5p5l+9YZvN
ISvBgElheW1aKLQl6zQFWNJiJ5UvyVbV/CPU6FiMGeyLDX9XsK/FA/a9T6ywa5sx
/jOwld9zc9dSqQWDQreBE6v5h1Ehaj78CSNXAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU2B5FNYJH6gHAHLysgQyl4eH4dOAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzJCNUZOWUpINmdIQUhM
eXNnUXlsNGVINGRPQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAFWOwEX6H/1yt0AnLfCISLIpf3lPc8J2
FxRRZa/0rei1NZPf+ekIA2uUqB4lhKm/BXGUoX9tSp2S7vQlcvKcSDmkD8Z25L9G
eEhBNYTTqkgf3ziR9b/iRoaAVJan5J3XJ6nv/DVyr1aLCCusV2gt3r6byPs8KZa4
tXMVrXsYbSl1JFZdCR0wQxeStWqgqmVqHhY0QEHwaWYIhv1ScQNJAdhYrS/kkNsQ
pl/cYPd4jI5FeBekUB8+gBkpOsmhlH6pxEaBxz++SUlCiGf1Zt+DbVepeax0HkCV
lUM7TgqteQ4oDiJFtZtfgNWfJ15bZesUOnslT156jwDOzjtIAagxS3M=
-----END CERTIFICATE-----
Generated at Sun May 18 04:50:05 2025 by rpki-client