Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/I2x77ziBrtWrufII3KXUa6ogieM.roa
File: I2x77ziBrtWrufII3KXUa6ogieM.roa (raw, json)
Hash identifier: qE7mBIYzs6yRLWIfE3ylmHf0FsAnC+ktSIy5FLxkE7E=
Subject key identifier: 23:6C:7B:EF:38:81:AE:D5:AB:B9:F2:08:DC:A5:D4:6B:AA:20:89:E3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 47BF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/I2x77ziBrtWrufII3KXUa6ogieM.roa
Signing time: Wed 24 Apr 2024 05:53:13 +0000
ROA not before: Wed 24 Apr 2024 05:53:13 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18367 (0x47bf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 24 05:53:13 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=236C7BEF3881AED5ABB9F208DCA5D46BAA2089E3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:2d:80:94:85:4e:7f:e1:56:86:2b:33:52:76:
e4:13:32:d3:07:5c:e7:5d:d0:8b:f3:6a:e0:59:df:
c9:4a:80:eb:4f:cf:5d:44:19:e9:7f:c2:a7:b6:6b:
78:e1:cc:f5:2d:0f:e2:38:a8:1d:47:1c:8f:f2:1b:
1f:5d:73:de:ab:26:08:da:a4:f4:b3:5e:3e:c4:4f:
d3:f6:f5:76:3e:69:a8:6f:a5:95:5b:c0:c5:2f:23:
17:19:0d:05:38:5b:a6:7d:bd:ff:76:48:ab:45:41:
c9:fd:ec:1b:80:0f:3f:97:f0:b1:10:0a:05:9c:22:
47:7f:3a:5e:24:93:51:e4:71:ca:86:d0:38:54:97:
9d:79:14:9e:9b:4a:19:7f:cd:09:01:c9:16:58:06:
d4:91:26:81:b5:aa:06:6e:ee:6c:ab:f8:fa:bc:c6:
91:bb:24:05:3e:0a:36:29:27:10:02:0c:36:b3:4b:
a5:1b:55:a8:11:fd:23:c9:57:2c:58:5a:df:20:2f:
6b:73:96:e1:92:dd:8e:af:16:40:18:75:4f:9e:6e:
2b:d5:38:a9:4f:2c:eb:d2:c1:b9:24:1d:78:0a:41:
90:53:00:ea:d2:56:bf:59:18:ee:8e:97:05:3b:76:
93:17:03:15:6d:b0:84:a1:7b:a9:ee:6d:71:38:3c:
d9:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:6C:7B:EF:38:81:AE:D5:AB:B9:F2:08:DC:A5:D4:6B:AA:20:89:E3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/I2x77ziBrtWrufII3KXUa6ogieM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
19:f9:e1:b8:d2:76:c2:f8:44:5d:ad:d0:df:ac:da:c9:b0:26:
d3:1e:f3:ba:c5:bc:76:de:a6:7d:ee:4a:a3:c0:1e:e3:b1:42:
a3:17:fa:52:5f:ff:0d:71:53:fe:6a:9b:2d:df:65:89:e1:96:
1f:db:40:54:bb:db:e9:f1:9b:b7:22:6d:c5:83:31:c1:71:12:
77:3e:7d:2d:de:3a:12:56:ba:fa:23:cc:5c:86:d6:eb:8b:17:
3a:44:d8:0b:bf:ee:fa:26:37:ff:08:af:66:30:e8:fa:35:ec:
0c:ba:96:13:f9:cb:0b:5c:d5:77:e8:38:3b:47:a4:2a:bd:e9:
a1:53:6b:09:a7:7e:be:54:3d:2a:92:5a:f2:9e:a5:00:63:54:
f7:0d:25:75:f6:9b:4b:3b:05:34:05:9f:59:bb:b1:09:17:a7:
ca:f4:02:1b:09:c1:05:32:87:f2:bd:2f:c4:13:c1:59:c6:0d:
ac:fc:3c:e9:bc:ac:20:1b:97:05:76:b0:9a:5b:08:6c:ef:8b:
d8:04:e2:c8:51:46:20:38:f3:d2:c3:74:de:3e:cb:c9:65:6f:
5b:e6:7d:56:29:27:77:b0:a3:72:86:ea:4e:19:57:87:75:9b:
39:92:32:82:82:13:46:83:ad:94:1b:a2:cc:23:c3:c2:68:bd:
41:9d:c3:fe
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICR78wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjQw
NTUzMTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDIzNkM3QkVGMzg4MUFF
RDVBQkI5RjIwOERDQTVENDZCQUEyMDg5RTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCmLYCUhU5/4VaGKzNSduQTMtMHXOdd0IvzauBZ38lKgOtPz11E
Gel/wqe2a3jhzPUtD+I4qB1HHI/yGx9dc96rJgjapPSzXj7ET9P29XY+aahvpZVb
wMUvIxcZDQU4W6Z9vf92SKtFQcn97BuADz+X8LEQCgWcIkd/Ol4kk1HkccqG0DhU
l515FJ6bShl/zQkByRZYBtSRJoG1qgZu7myr+Pq8xpG7JAU+CjYpJxACDDazS6Ub
VagR/SPJVyxYWt8gL2tzluGS3Y6vFkAYdU+ebivVOKlPLOvSwbkkHXgKQZBTAOrS
Vr9ZGO6OlwU7dpMXAxVtsIShe6nubXE4PNm7AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUI2x77ziBrtWrufII3KXUa6ogieMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0kyeDc3emlCcnRXcnVm
SUkzS1hVYTZvZ2llTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBABn54bjSdsL4RF2t0N+s2smwJtMe87rF
vHbepn3uSqPAHuOxQqMX+lJf/w1xU/5qmy3fZYnhlh/bQFS72+nxm7cibcWDMcFx
Enc+fS3eOhJWuvojzFyG1uuLFzpE2Au/7vomN/8Ir2Yw6Po17Ay6lhP5ywtc1Xfo
ODtHpCq96aFTawmnfr5UPSqSWvKepQBjVPcNJXX2m0s7BTQFn1m7sQkXp8r0AhsJ
wQUyh/K9L8QTwVnGDaz8POm8rCAblwV2sJpbCGzvi9gE4shRRiA489LDdN4+y8ll
b1vmfVYpJ3ewo3KG6k4ZV4d1mzmSMoKCE0aDrZQboswjw8JovUGdw/4=
-----END CERTIFICATE-----
Generated at Sat May 17 22:39:21 2025 by rpki-client