Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ACq-b54bBmSe70BFgPRssY8QmK0.roa
File: ACq-b54bBmSe70BFgPRssY8QmK0.roa (raw, json)
Hash identifier: YF3kAnY3zocrX2mx27cJ7Jtp7YxZpYqKpp0a76KyQMU=
Subject key identifier: 00:2A:BE:6F:9E:1B:06:64:9E:EF:40:45:80:F4:6C:B1:8F:10:98:AD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 358B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ACq-b54bBmSe70BFgPRssY8QmK0.roa
Signing time: Sat 30 Mar 2024 23:22:09 +0000
ROA not before: Sat 30 Mar 2024 23:22:09 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13707 (0x358b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 30 23:22:09 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=002ABE6F9E1B06649EEF404580F46CB18F1098AD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:51:1a:54:bc:7d:ee:27:4e:cc:94:1d:b9:f8:
88:38:55:6e:51:a4:d6:20:ed:92:fc:ad:9a:dd:99:
de:70:dd:27:32:d3:2f:95:8e:dc:79:7b:a2:e0:83:
2b:01:38:4a:54:2e:9e:58:c8:c3:5c:e8:be:09:9b:
b0:b0:f0:09:6e:b1:d0:06:fb:08:82:33:02:84:41:
f9:9d:59:81:04:c9:11:de:e0:b1:6e:f2:50:18:43:
83:9f:3c:6f:b9:47:8f:25:d0:23:7b:68:79:3b:90:
c4:99:b3:71:c1:81:ff:dd:3a:cc:2e:37:47:f6:be:
4d:eb:ab:b7:cf:1b:c3:fc:4b:5d:1d:44:83:ae:6a:
d1:6b:49:86:cd:b1:17:fb:21:ed:02:a0:64:e2:c3:
bb:6e:9f:83:0b:4b:ae:28:db:80:2b:42:9e:d4:49:
90:87:5d:7b:44:9d:af:ab:f7:ef:0d:b6:79:8d:7e:
51:4f:0d:5c:a7:74:4b:95:fa:9a:19:be:25:b7:1f:
d2:d9:aa:db:30:e8:48:ef:1b:10:fd:c3:c8:40:19:
0b:15:de:ca:fa:87:b0:65:65:9f:db:03:16:06:fa:
7c:f2:c1:22:6d:ec:79:38:37:da:42:8b:83:f6:67:
07:19:a0:7f:25:a2:02:6c:6a:22:77:6d:29:65:8f:
ef:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:2A:BE:6F:9E:1B:06:64:9E:EF:40:45:80:F4:6C:B1:8F:10:98:AD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ACq-b54bBmSe70BFgPRssY8QmK0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
54:8e:b1:e8:c4:b0:77:f8:a9:96:f1:05:5b:4c:2b:01:46:05:
c2:f9:62:6e:63:90:b4:57:00:e9:bb:8e:0f:3e:c0:d8:7d:a3:
2c:0a:1b:72:a4:ca:c2:1a:ac:1d:ad:86:b8:8e:f5:50:da:d9:
d9:a4:d0:a3:86:ef:e7:b7:d8:70:9c:fd:f7:be:6f:b2:80:32:
2a:d5:b8:9f:ce:4d:b4:e8:63:0c:68:d9:0b:fe:14:f7:81:18:
05:42:84:7d:20:ad:aa:c4:4f:78:d2:aa:16:3a:3e:ac:76:74:
bc:76:f2:33:2b:57:9c:74:99:22:a8:5a:8a:46:a1:68:45:b4:
aa:99:4e:f1:7e:17:1d:97:a0:42:42:b2:1a:17:21:19:14:63:
00:1c:04:9a:f0:22:85:43:b8:ff:6f:98:1e:71:b2:74:a4:31:
79:b1:44:c7:d5:c4:d6:ee:31:a1:fa:49:43:68:4b:39:54:f7:
a8:14:25:d2:9a:ae:66:9a:65:cc:60:55:e9:48:47:40:1f:00:
58:2b:0d:9a:1c:ae:7b:a6:3d:1d:23:8f:86:9a:09:9c:41:06:
03:b4:38:21:93:11:34:19:77:3a:33:6d:fd:77:a3:fb:3d:24:
d6:67:6f:76:37:36:64:37:ff:25:92:a8:8a:35:fb:83:27:8e:
ac:b6:a9:45
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICNYswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzAy
MzIyMDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDAwMkFCRTZGOUUxQjA2
NjQ5RUVGNDA0NTgwRjQ2Q0IxOEYxMDk4QUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMURpUvH3uJ07MlB25+Ig4VW5RpNYg7ZL8rZrdmd5w3Scy0y+V
jtx5e6LggysBOEpULp5YyMNc6L4Jm7Cw8AlusdAG+wiCMwKEQfmdWYEEyRHe4LFu
8lAYQ4OfPG+5R48l0CN7aHk7kMSZs3HBgf/dOswuN0f2vk3rq7fPG8P8S10dRIOu
atFrSYbNsRf7Ie0CoGTiw7tun4MLS64o24ArQp7USZCHXXtEna+r9+8NtnmNflFP
DVyndEuV+poZviW3H9LZqtsw6EjvGxD9w8hAGQsV3sr6h7BlZZ/bAxYG+nzywSJt
7Hk4N9pCi4P2ZwcZoH8logJsaiJ3bSllj++vAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUACq+b54bBmSe70BFgPRssY8QmK0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0FDcS1iNTRiQm1TZTcw
QkZnUFJzc1k4UW1LMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAFSOsejEsHf4qZbxBVtMKwFGBcL5Ym5j
kLRXAOm7jg8+wNh9oywKG3KkysIarB2thriO9VDa2dmk0KOG7+e32HCc/fe+b7KA
MirVuJ/OTbToYwxo2Qv+FPeBGAVChH0grarET3jSqhY6Pqx2dLx28jMrV5x0mSKo
WopGoWhFtKqZTvF+Fx2XoEJCshoXIRkUYwAcBJrwIoVDuP9vmB5xsnSkMXmxRMfV
xNbuMaH6SUNoSzlU96gUJdKarmaaZcxgVelIR0AfAFgrDZocrnumPR0jj4aaCZxB
BgO0OCGTETQZdzozbf13o/s9JNZnb3Y3NmQ3/yWSqIo1+4Mnjqy2qUU=
-----END CERTIFICATE-----
Generated at Sat May 17 22:41:16 2025 by rpki-client