Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/IfJPvOf0XehWtPfh7FNlMygpEmw.roa
File: IfJPvOf0XehWtPfh7FNlMygpEmw.roa (raw, json)
Hash identifier: ZHy8huf+unjMaL6UqmMud4x5D7J8N9+zyqpU6bdRLT8=
Subject key identifier: 21:F2:4F:BC:E7:F4:5D:E8:56:B4:F7:E1:EC:53:65:33:28:29:12:6C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 570B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/IfJPvOf0XehWtPfh7FNlMygpEmw.roa
Signing time: Tue 14 May 2024 15:24:10 +0000
ROA not before: Tue 14 May 2024 15:24:10 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22283 (0x570b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 14 15:24:10 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=21F24FBCE7F45DE856B4F7E1EC5365332829126C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:52:00:fd:ad:62:c2:4f:be:bc:53:1c:70:d4:
a6:b6:51:6f:09:30:a1:b9:51:f8:9a:59:d4:41:7c:
80:26:2f:a3:f8:c5:2f:2f:64:f6:b0:5f:d5:60:74:
54:3e:24:bb:f9:56:9d:56:c8:82:1a:34:4f:eb:97:
56:72:04:87:9c:35:d0:79:ca:19:5a:8a:31:c8:8b:
3e:09:bd:02:aa:59:29:9e:c4:e5:a1:d1:81:93:40:
dc:87:52:be:38:1b:de:2c:80:a1:cd:fd:ed:5b:1b:
49:80:42:df:b3:2a:11:e0:b4:4a:57:af:c0:e0:44:
4e:0c:bd:e2:be:d7:8b:25:f0:2f:c7:8b:84:f8:aa:
24:6b:9b:c7:41:d3:22:57:73:1c:ad:cc:61:83:80:
95:1d:8e:50:6c:80:dd:a6:56:5b:8b:6c:7e:a4:cd:
ca:d1:37:ff:32:45:c0:f4:1c:b9:a1:41:bd:0b:b8:
b3:73:52:fe:e0:1f:18:7f:6b:6c:da:29:76:60:37:
ab:99:23:a2:0c:32:fe:92:1b:a9:8d:2c:a1:ee:21:
ac:5e:1f:b3:c2:f3:f1:1b:1d:fd:3f:36:ab:4d:82:
4a:66:64:13:0a:71:52:de:6c:e0:b3:0b:64:85:39:
da:fa:66:2b:cd:56:a9:89:a7:30:f0:b2:e2:bf:48:
9a:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:F2:4F:BC:E7:F4:5D:E8:56:B4:F7:E1:EC:53:65:33:28:29:12:6C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/IfJPvOf0XehWtPfh7FNlMygpEmw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
7e:ca:bb:59:d7:9f:ab:b9:d6:d9:4f:dc:56:23:db:76:af:e4:
a4:9f:08:83:1c:9c:8a:21:b1:21:59:76:5e:45:6a:08:97:d3:
72:3a:5b:00:e4:59:de:02:28:2b:43:26:6c:b2:8b:9d:4a:0f:
50:01:04:3b:3e:cf:af:9b:c1:0e:de:6d:25:90:70:05:24:93:
9f:0a:b3:18:73:aa:d6:33:3a:3d:b2:57:24:42:2d:8d:f2:ca:
fa:d6:d0:3a:91:a5:0a:7c:68:9f:ec:b2:b5:fd:9a:99:d3:48:
db:2c:9c:5b:f5:ea:79:33:ba:9b:3e:55:40:9d:2d:78:47:03:
79:2a:0f:4e:cb:80:dd:06:b0:c9:e5:62:38:de:4a:a8:d5:f5:
bc:2c:86:9d:f2:fb:09:d7:0a:4f:2a:0a:12:b5:ca:a4:48:bc:
4b:0d:bf:22:7b:9a:af:ff:35:0e:15:d9:f6:a3:54:f9:7c:c9:
37:fa:df:68:90:11:6c:eb:74:6b:0a:5f:c6:cc:ee:82:d8:d6:
60:4c:bc:58:8b:38:88:b2:90:dc:88:a3:db:e0:a6:9b:5d:9b:
e0:77:2b:43:a7:8a:5f:b8:da:61:e0:ca:87:2b:33:b5:de:43:
91:e6:77:af:95:c0:72:00:0b:e8:40:3d:a7:a1:aa:38:78:18:
1d:6a:e0:56
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICVwswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTQx
NTI0MTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDIxRjI0RkJDRTdGNDVE
RTg1NkI0RjdFMUVDNTM2NTMzMjgyOTEyNkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9UgD9rWLCT768Uxxw1Ka2UW8JMKG5UfiaWdRBfIAmL6P4xS8v
ZPawX9VgdFQ+JLv5Vp1WyIIaNE/rl1ZyBIecNdB5yhlaijHIiz4JvQKqWSmexOWh
0YGTQNyHUr44G94sgKHN/e1bG0mAQt+zKhHgtEpXr8DgRE4MveK+14sl8C/Hi4T4
qiRrm8dB0yJXcxytzGGDgJUdjlBsgN2mVluLbH6kzcrRN/8yRcD0HLmhQb0LuLNz
Uv7gHxh/a2zaKXZgN6uZI6IMMv6SG6mNLKHuIaxeH7PC8/EbHf0/NqtNgkpmZBMK
cVLebOCzC2SFOdr6ZivNVqmJpzDwsuK/SJrLAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUIfJPvOf0XehWtPfh7FNlMygpEmwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0lmSlB2T2YwWGVoV3RQ
Zmg3Rk5sTXlncEVtdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAH7Ku1nXn6u51tlP3FYj23av5KSfCIMc
nIohsSFZdl5FagiX03I6WwDkWd4CKCtDJmyyi51KD1ABBDs+z6+bwQ7ebSWQcAUk
k58KsxhzqtYzOj2yVyRCLY3yyvrW0DqRpQp8aJ/ssrX9mpnTSNssnFv16nkzups+
VUCdLXhHA3kqD07LgN0GsMnlYjjeSqjV9bwshp3y+wnXCk8qChK1yqRIvEsNvyJ7
mq//NQ4V2fajVPl8yTf632iQEWzrdGsKX8bM7oLY1mBMvFiLOIiykNyIo9vgpptd
m+B3K0Onil+42mHgyocrM7XeQ5Hmd6+VwHIAC+hAPaehqjh4GB1q4FY=
-----END CERTIFICATE-----
Generated at Sat May 17 23:49:37 2025 by rpki-client