Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/2ICJKAAZnZqhPVHnvvq_gSnAwr0.roa
File: 2ICJKAAZnZqhPVHnvvq_gSnAwr0.roa (raw, json)
Hash identifier: tYWKmG/0sgx50GO0kn4EaL58BTG/ssUZqihedN/rmOg=
Subject key identifier: D8:80:89:28:00:19:9D:9A:A1:3D:51:E7:BE:FA:BF:81:29:C0:C2:BD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5457
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2ICJKAAZnZqhPVHnvvq_gSnAwr0.roa
Signing time: Sat 11 May 2024 00:54:02 +0000
ROA not before: Sat 11 May 2024 00:54:02 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21591 (0x5457)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 11 00:54:02 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D880892800199D9AA13D51E7BEFABF8129C0C2BD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:5f:dd:8c:a8:b9:4a:c7:c4:54:cd:35:ca:99:
17:91:bd:b8:fb:f7:40:74:db:18:af:75:d7:64:20:
eb:c0:72:c2:3c:b7:e0:0d:36:f1:81:16:d1:b7:05:
7d:fd:80:1e:8d:69:0f:ea:23:99:b9:f6:2b:be:2a:
af:0a:92:c2:15:6a:31:03:60:87:64:2e:be:e4:d0:
6c:80:94:09:e2:80:b9:64:6a:b5:8d:ee:70:3e:34:
26:0b:c7:7a:da:20:31:74:23:e8:e6:e6:f4:98:a6:
52:55:31:0e:57:78:28:fd:d8:71:e6:28:58:8f:d8:
ae:bf:71:99:36:d0:c5:19:1f:49:1a:2e:eb:79:c9:
31:cf:63:a6:cd:b4:8d:4e:52:2a:f6:3a:b2:7b:1c:
0c:aa:22:f4:6a:32:bd:92:2c:aa:bd:e9:32:8d:7b:
ae:28:97:35:db:60:7f:a5:66:30:27:77:ff:ff:bf:
45:6f:51:b3:cb:68:aa:f9:d7:a2:69:0a:8d:f8:ac:
4b:fd:b1:35:7e:c3:9a:e8:e1:b4:ee:5f:96:2e:08:
ac:52:25:40:1a:5a:92:00:dd:33:e5:1e:73:76:23:
03:10:3b:8d:fe:bc:44:55:8b:b0:03:e2:91:85:af:
8f:c6:9e:6a:9a:ad:fc:0a:82:c5:31:29:ef:b2:5f:
0f:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:80:89:28:00:19:9D:9A:A1:3D:51:E7:BE:FA:BF:81:29:C0:C2:BD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2ICJKAAZnZqhPVHnvvq_gSnAwr0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
11:5e:24:cd:42:58:06:ac:bf:02:80:26:ea:36:3f:b6:33:0d:
03:64:61:e7:89:b6:59:d3:54:eb:32:52:b7:14:ff:7b:3f:7b:
3b:52:fe:b3:73:74:d5:70:90:57:e7:63:c5:d6:60:19:31:4f:
87:fc:bb:73:1c:22:2c:77:0f:72:00:b8:44:15:fe:fe:62:57:
5e:67:cd:0e:3a:28:5c:e4:34:53:e3:09:fa:90:92:a4:9f:b6:
e3:a9:85:06:26:28:32:df:d8:07:b8:7a:ad:cd:94:04:e5:33:
b3:27:a1:44:2b:54:9c:b1:7d:13:ba:9d:94:69:6b:44:3e:70:
65:77:cf:14:73:0c:7a:0b:a7:6a:46:07:fc:39:04:2b:a0:64:
ec:b8:67:0f:55:ab:f2:17:95:eb:0e:5d:9e:4b:04:0c:6f:d2:
b3:fc:8f:3e:d6:b1:12:3f:3b:80:80:2b:60:75:4d:13:54:4e:
02:9a:06:52:86:f7:9c:bc:56:bf:1c:6c:f2:0b:b6:c6:5e:bb:
64:1c:e6:ff:c2:21:9e:b9:12:02:2d:37:aa:19:3e:18:f9:aa:
cb:5f:a6:f9:88:3e:fc:48:0f:23:5f:ba:b3:6a:31:45:b3:89:
28:b7:93:78:87:42:ae:07:a6:bb:c6:13:78:5e:04:88:32:80:
7b:67:02:5d
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICVFcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTEw
MDU0MDJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQ4ODA4OTI4MDAxOTlE
OUFBMTNENTFFN0JFRkFCRjgxMjlDMEMyQkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDbX92MqLlKx8RUzTXKmReRvbj790B02xivdddkIOvAcsI8t+AN
NvGBFtG3BX39gB6NaQ/qI5m59iu+Kq8KksIVajEDYIdkLr7k0GyAlAnigLlkarWN
7nA+NCYLx3raIDF0I+jm5vSYplJVMQ5XeCj92HHmKFiP2K6/cZk20MUZH0kaLut5
yTHPY6bNtI1OUir2OrJ7HAyqIvRqMr2SLKq96TKNe64olzXbYH+lZjAnd///v0Vv
UbPLaKr516JpCo34rEv9sTV+w5ro4bTuX5YuCKxSJUAaWpIA3TPlHnN2IwMQO43+
vERVi7AD4pGFr4/GnmqarfwKgsUxKe+yXw+nAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU2ICJKAAZnZqhPVHnvvq/gSnAwr0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzJJQ0pLQUFablpxaFBW
SG52dnFfZ1NuQXdyMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBABFeJM1CWAasvwKAJuo2P7YzDQNkYeeJ
tlnTVOsyUrcU/3s/eztS/rNzdNVwkFfnY8XWYBkxT4f8u3McIix3D3IAuEQV/v5i
V15nzQ46KFzkNFPjCfqQkqSftuOphQYmKDLf2Ae4eq3NlATlM7MnoUQrVJyxfRO6
nZRpa0Q+cGV3zxRzDHoLp2pGB/w5BCugZOy4Zw9Vq/IXlesOXZ5LBAxv0rP8jz7W
sRI/O4CAK2B1TRNUTgKaBlKG95y8Vr8cbPILtsZeu2Qc5v/CIZ65EgItN6oZPhj5
qstfpvmIPvxIDyNfurNqMUWziSi3k3iHQq4HprvGE3heBIgygHtnAl0=
-----END CERTIFICATE-----
Generated at Sat May 17 19:51:35 2025 by rpki-client