Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/2j_no2bzV-hZH_VFWy-m4B0rtRo.roa
File: 2j_no2bzV-hZH_VFWy-m4B0rtRo.roa (raw, json)
Hash identifier: 8Zx1+RYaVkQ8ZlVs7Sj93NA9lRwEnpoMbbvn+tjZ8Uk=
Subject key identifier: DA:3F:E7:A3:66:F3:57:E8:59:1F:F5:45:5B:2F:A6:E0:1D:2B:B5:1A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 33B7
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2j_no2bzV-hZH_VFWy-m4B0rtRo.roa
Signing time: Thu 28 Mar 2024 12:52:04 +0000
ROA not before: Thu 28 Mar 2024 12:52:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13239 (0x33b7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 28 12:52:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=DA3FE7A366F357E8591FF5455B2FA6E01D2BB51A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:82:94:b9:04:c5:7d:e6:92:6c:90:80:d4:df:
1f:20:98:7c:9b:51:17:28:c8:08:81:82:d4:64:9e:
e5:b9:ee:f7:10:a4:40:f0:21:07:a2:31:35:7e:d4:
ea:38:ff:36:2b:f7:d1:f9:2b:6c:b8:cc:2c:a2:01:
99:9a:4e:c7:3a:71:bd:2f:62:95:38:3f:cb:c7:5d:
2d:85:59:4d:40:69:de:c1:0c:bf:4f:88:63:25:35:
1e:c7:1b:f9:c1:82:21:e7:5d:7f:95:cc:3e:00:7a:
f5:77:0d:7b:fc:a0:f9:3e:88:bc:c8:39:98:5c:fc:
fa:92:e6:45:45:75:ef:fb:90:6e:6a:7f:dd:23:dd:
c3:5b:c8:76:c7:07:4f:19:5e:ba:9d:d5:25:a0:a5:
67:c5:cb:5a:bf:73:4d:f0:0b:6f:fd:8c:be:45:bd:
3d:1e:c9:ee:a5:0c:ea:c1:12:05:72:46:1c:aa:73:
c9:55:47:ce:fc:75:67:40:25:67:96:de:ea:88:ee:
31:59:af:91:93:92:03:2d:7f:5d:6e:e3:d4:f4:21:
43:da:cc:dc:14:63:86:c2:c0:aa:8c:8d:d0:42:fc:
dd:56:84:ef:9c:00:06:83:bc:d2:bc:de:bc:6a:49:
9f:cc:58:79:23:d7:1c:32:be:60:9c:d7:92:f4:43:
32:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:3F:E7:A3:66:F3:57:E8:59:1F:F5:45:5B:2F:A6:E0:1D:2B:B5:1A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2j_no2bzV-hZH_VFWy-m4B0rtRo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
5d:48:3e:8c:db:42:17:79:f7:30:0b:c3:ad:d5:d9:bf:3e:9e:
d6:f8:c0:37:4b:7e:93:ba:13:44:ad:6c:70:9b:d1:73:9a:d5:
c5:b5:54:12:65:5a:db:be:6b:81:85:bc:86:be:90:12:60:33:
1f:f9:5d:0a:31:98:b9:81:f3:ba:93:f7:b9:22:f4:88:ba:70:
61:33:ed:da:e6:19:2c:4a:c7:4f:e3:10:60:a3:64:29:8d:2c:
1a:b2:54:0e:41:d7:70:b4:d4:95:36:93:de:51:44:53:b2:41:
43:af:9d:ae:fc:e6:af:5d:8b:66:8b:4c:c5:a0:9b:43:da:2f:
94:50:34:99:8a:b6:14:eb:50:13:de:75:b6:49:cf:c9:f4:d0:
b3:74:85:0a:40:a7:34:c9:81:32:39:18:3e:34:2d:45:4d:81:
7b:32:b8:39:66:76:69:70:a3:4e:32:5b:a2:80:08:3e:92:04:
1b:fc:3c:fc:35:ed:2b:a4:7e:7f:22:e7:31:02:74:07:51:80:
ef:37:b5:3a:b1:0d:f6:3b:36:c7:c4:6f:da:7c:c9:93:c8:79:
c9:6e:38:f0:25:d1:7f:b3:94:fb:27:bf:2f:ba:ac:70:1a:c4:
8e:b2:df:c4:05:76:8c:71:1e:13:d5:24:b1:9b:7e:72:03:a6:
f3:84:ac:68
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICM7cwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjgx
MjUyMDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKERBM0ZFN0EzNjZGMzU3
RTg1OTFGRjU0NTVCMkZBNkUwMUQyQkI1MUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDNgpS5BMV95pJskIDU3x8gmHybURcoyAiBgtRknuW57vcQpEDw
IQeiMTV+1Oo4/zYr99H5K2y4zCyiAZmaTsc6cb0vYpU4P8vHXS2FWU1Aad7BDL9P
iGMlNR7HG/nBgiHnXX+VzD4AevV3DXv8oPk+iLzIOZhc/PqS5kVFde/7kG5qf90j
3cNbyHbHB08ZXrqd1SWgpWfFy1q/c03wC2/9jL5FvT0eye6lDOrBEgVyRhyqc8lV
R878dWdAJWeW3uqI7jFZr5GTkgMtf11u49T0IUPazNwUY4bCwKqMjdBC/N1WhO+c
AAaDvNK83rxqSZ/MWHkj1xwyvmCc15L0QzLlAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU2j/no2bzV+hZH/VFWy+m4B0rtRowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzJqX25vMmJ6Vi1oWkhf
VkZXeS1tNEIwcnRSby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAF1IPozbQhd59zALw63V2b8+ntb4wDdL
fpO6E0StbHCb0XOa1cW1VBJlWtu+a4GFvIa+kBJgMx/5XQoxmLmB87qT97ki9Ii6
cGEz7drmGSxKx0/jEGCjZCmNLBqyVA5B13C01JU2k95RRFOyQUOvna785q9di2aL
TMWgm0PaL5RQNJmKthTrUBPedbZJz8n00LN0hQpApzTJgTI5GD40LUVNgXsyuDlm
dmlwo04yW6KACD6SBBv8PPw17Sukfn8i5zECdAdRgO83tTqxDfY7NsfEb9p8yZPI
ecluOPAl0X+zlPsnvy+6rHAaxI6y38QFdoxxHhPVJLGbfnIDpvOErGg=
-----END CERTIFICATE-----
Generated at Sat May 17 22:37:06 2025 by rpki-client