Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/9j9aAP_bX5k7ZmqKL1NgwoWddvg.roa
File: 9j9aAP_bX5k7ZmqKL1NgwoWddvg.roa (raw, json)
Hash identifier: 1nmFmAcGwQxcIC7ixZVmwSptCWWdGQLg/HZryVZ6dWI=
Subject key identifier: F6:3F:5A:00:FF:DB:5F:99:3B:66:6A:8A:2F:53:60:C2:85:9D:76:F8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 422B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/9j9aAP_bX5k7ZmqKL1NgwoWddvg.roa
Signing time: Tue 16 Apr 2024 19:22:58 +0000
ROA not before: Tue 16 Apr 2024 19:22:58 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16939 (0x422b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 16 19:22:58 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=F63F5A00FFDB5F993B666A8A2F5360C2859D76F8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:d1:20:4e:cb:46:97:67:ce:79:17:ef:5b:00:
37:2e:81:08:e9:4b:51:30:5c:36:cc:c7:42:b0:ee:
25:ed:72:a1:be:27:3d:3c:85:ad:42:a3:ca:2b:0d:
db:c3:3c:29:b4:a4:22:b1:2b:c5:d4:fa:9c:49:04:
f3:60:66:e3:74:a2:92:10:fe:54:c7:df:65:a2:45:
54:2f:ea:cf:15:37:a8:f8:b1:25:a9:89:e9:38:7c:
5b:e3:77:81:0f:6f:44:14:3e:a4:56:23:46:85:36:
94:ca:62:99:2b:cc:3e:b0:30:29:a4:26:85:69:9e:
63:e9:66:31:13:f2:9d:d2:4c:5c:f1:5c:77:4e:a2:
4f:02:1e:b3:3e:19:0b:80:f1:c2:06:6e:a0:bd:0d:
08:14:f4:fd:c2:3b:6e:ae:b6:c9:ae:80:cf:f8:9e:
e8:46:66:52:d9:08:ce:c7:22:86:dc:6c:74:43:17:
5b:36:e7:41:c8:87:84:b6:69:14:67:4b:f7:bb:cf:
f6:33:84:83:d2:c3:77:76:53:42:34:b9:71:d2:c4:
f3:41:e9:81:51:86:2b:71:9a:1b:77:3e:69:e7:26:
60:a5:fc:ad:04:11:9a:c2:d6:be:37:d4:e9:a5:e1:
82:76:8e:87:cf:32:33:0e:e1:ff:cd:95:3d:b2:e7:
61:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:3F:5A:00:FF:DB:5F:99:3B:66:6A:8A:2F:53:60:C2:85:9D:76:F8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/9j9aAP_bX5k7ZmqKL1NgwoWddvg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
62:23:db:0a:ce:67:8c:f0:da:f9:f4:98:f0:82:13:37:4d:0a:
03:bf:e9:9c:6c:fd:34:e2:9e:87:d6:61:22:32:1e:25:d5:45:
be:07:34:91:3c:15:7b:f1:d2:e5:90:c3:e3:22:08:52:9b:ea:
bf:5e:f0:3e:c0:c4:b8:1c:23:42:ad:9a:ad:99:49:bd:89:4f:
03:f5:5d:d2:8c:c2:6d:54:ab:67:43:0c:03:d0:e2:ad:56:99:
47:63:5b:61:40:a7:a1:e6:58:f5:5e:49:cd:25:3a:b2:87:82:
fb:38:95:52:91:ce:ac:66:a8:3f:65:12:3f:6c:47:28:08:14:
46:d9:db:c3:48:d6:68:92:1c:08:82:fd:d7:ab:aa:fb:0a:0d:
50:41:6e:5e:0a:6f:ff:e1:67:51:c6:cd:af:e9:35:69:4a:e3:
5c:b6:ac:35:33:a6:2f:a8:e6:4d:d5:9d:22:1c:da:85:6a:a7:
09:55:d7:7d:dd:3f:b8:b7:05:fe:e7:04:e2:e9:ce:60:80:24:
7c:82:7f:cd:25:bf:f2:0f:4e:6f:00:29:e0:5f:c5:b7:eb:32:
c5:e9:40:b4:f8:d7:85:83:bf:de:89:a3:21:c3:1e:32:54:4e:
f7:c4:45:fa:e8:2c:40:53:01:0a:e7:3a:29:a0:96:43:95:a2:
6c:1d:30:3c
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQiswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTYx
OTIyNThaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEY2M0Y1QTAwRkZEQjVG
OTkzQjY2NkE4QTJGNTM2MEMyODU5RDc2RjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDO0SBOy0aXZ855F+9bADcugQjpS1EwXDbMx0Kw7iXtcqG+Jz08
ha1Co8orDdvDPCm0pCKxK8XU+pxJBPNgZuN0opIQ/lTH32WiRVQv6s8VN6j4sSWp
iek4fFvjd4EPb0QUPqRWI0aFNpTKYpkrzD6wMCmkJoVpnmPpZjET8p3STFzxXHdO
ok8CHrM+GQuA8cIGbqC9DQgU9P3CO26utsmugM/4nuhGZlLZCM7HIobcbHRDF1s2
50HIh4S2aRRnS/e7z/YzhIPSw3d2U0I0uXHSxPNB6YFRhitxmht3PmnnJmCl/K0E
EZrC1r431Oml4YJ2jofPMjMO4f/NlT2y52GFAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU9j9aAP/bX5k7ZmqKL1NgwoWddvgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzlqOWFBUF9iWDVrN1pt
cUtMMU5nd29XZGR2Zy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAGIj2wrOZ4zw2vn0mPCCEzdNCgO/6Zxs
/TTinofWYSIyHiXVRb4HNJE8FXvx0uWQw+MiCFKb6r9e8D7AxLgcI0Ktmq2ZSb2J
TwP1XdKMwm1Uq2dDDAPQ4q1WmUdjW2FAp6HmWPVeSc0lOrKHgvs4lVKRzqxmqD9l
Ej9sRygIFEbZ28NI1miSHAiC/derqvsKDVBBbl4Kb//hZ1HGza/pNWlK41y2rDUz
pi+o5k3VnSIc2oVqpwlV133dP7i3Bf7nBOLpzmCAJHyCf80lv/IPTm8AKeBfxbfr
MsXpQLT414WDv96JoyHDHjJUTvfERfroLEBTAQrnOimglkOVomwdMDw=
-----END CERTIFICATE-----
Generated at Sat May 17 23:51:43 2025 by rpki-client