Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/PaPeaJbY8V5s8XLoEvme79XJZLk.roa
File: PaPeaJbY8V5s8XLoEvme79XJZLk.roa (raw, json)
Hash identifier: SUhSvwvnN1hLcN5rd2glWdBHIDEAbJxcQEf9d0gUxTQ=
Subject key identifier: 3D:A3:DE:68:96:D8:F1:5E:6C:F1:72:E8:12:F9:9E:EF:D5:C9:64:B9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 562B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PaPeaJbY8V5s8XLoEvme79XJZLk.roa
Signing time: Mon 13 May 2024 11:24:08 +0000
ROA not before: Mon 13 May 2024 11:24:08 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22059 (0x562b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 13 11:24:08 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3DA3DE6896D8F15E6CF172E812F99EEFD5C964B9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:e5:de:1a:bd:33:ca:5a:df:a6:88:93:de:00:
53:5f:d3:9a:ad:52:1a:62:09:6e:c4:70:84:e0:de:
76:72:8f:1c:48:0c:55:ff:af:da:8f:9f:cb:4b:6e:
49:28:4a:02:c2:ba:fe:2d:e8:a0:02:80:c7:32:76:
e1:8a:65:fe:f9:0d:97:f4:00:b2:37:10:78:1f:ab:
ea:73:d9:93:e1:1b:8c:ec:ab:9f:1d:36:f7:3e:61:
0a:98:5f:ee:35:3c:71:9e:37:d1:05:32:24:10:79:
54:6f:5c:e3:cf:5b:e2:b3:ee:a4:6b:79:2e:09:1b:
50:25:49:44:39:22:91:cb:ac:cc:e9:5a:45:2e:ba:
4b:b5:ec:ad:99:1c:7c:53:ff:e3:fa:58:0e:15:cd:
c4:49:b9:bf:90:64:c9:48:c7:01:db:36:99:36:1f:
86:c3:9a:cf:b4:54:09:85:39:66:80:26:1a:ee:ae:
40:92:2c:45:7a:0e:f1:b0:f7:cc:6d:95:a7:fa:a2:
8a:aa:fa:2d:da:b5:47:d1:c3:f2:0c:85:6f:42:4a:
e1:8d:3a:9c:1c:3a:f0:8b:98:23:31:ac:23:f3:ec:
c2:3e:3d:81:1c:15:b8:d1:ca:de:b2:5c:22:13:4b:
c0:dd:ea:da:f7:4c:56:b3:97:9e:8e:3b:c7:9b:f0:
1d:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:A3:DE:68:96:D8:F1:5E:6C:F1:72:E8:12:F9:9E:EF:D5:C9:64:B9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PaPeaJbY8V5s8XLoEvme79XJZLk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
2f:bf:1b:27:91:89:61:95:e8:34:cd:22:3c:14:c8:7e:f5:15:
3b:79:1c:73:c0:24:cd:2a:68:e1:07:54:ca:12:82:20:3f:c5:
5e:04:e0:7a:0c:82:b2:14:2b:ea:63:59:43:2c:ff:3e:ef:2c:
71:b8:c3:3e:73:b8:09:58:19:b4:13:65:67:c9:94:5e:a1:79:
d7:d5:93:1b:98:90:40:cf:47:88:92:aa:7e:e8:79:a8:13:7d:
2f:fa:8c:8e:c5:d9:5c:b9:fe:a4:75:be:61:e7:82:03:c8:5a:
87:25:b6:71:77:a8:72:46:7e:a9:a1:66:c3:68:39:ae:55:91:
ec:c3:66:71:57:be:64:65:48:26:e1:5f:5e:75:55:54:1b:97:
4b:f3:e3:cd:4c:e4:a4:47:7d:f4:43:c7:57:0d:4b:52:07:fc:
e2:3d:a2:5d:12:3d:d9:b3:a2:23:5b:7b:99:57:15:ed:17:a3:
64:67:35:97:52:cc:50:02:7e:fe:9a:b6:b6:6a:70:99:2e:87:
b8:ef:b8:13:b0:8a:e2:d3:21:cf:8e:4c:48:42:fd:63:c2:4c:
d7:c7:33:72:2b:24:64:db:82:1e:cd:ba:03:af:59:08:1f:be:
35:e4:11:44:7e:c1:de:24:90:27:2a:5c:10:fc:aa:ba:c7:53:
2f:5a:21:9e
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICViswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTMx
MTI0MDhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDNEQTNERTY4OTZEOEYx
NUU2Q0YxNzJFODEyRjk5RUVGRDVDOTY0QjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCt5d4avTPKWt+miJPeAFNf05qtUhpiCW7EcITg3nZyjxxIDFX/
r9qPn8tLbkkoSgLCuv4t6KACgMcyduGKZf75DZf0ALI3EHgfq+pz2ZPhG4zsq58d
Nvc+YQqYX+41PHGeN9EFMiQQeVRvXOPPW+Kz7qRreS4JG1AlSUQ5IpHLrMzpWkUu
uku17K2ZHHxT/+P6WA4VzcRJub+QZMlIxwHbNpk2H4bDms+0VAmFOWaAJhrurkCS
LEV6DvGw98xtlaf6ooqq+i3atUfRw/IMhW9CSuGNOpwcOvCLmCMxrCPz7MI+PYEc
FbjRyt6yXCITS8Dd6tr3TFazl56OO8eb8B2fAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUPaPeaJbY8V5s8XLoEvme79XJZLkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1BhUGVhSmJZOFY1czhY
TG9Fdm1lNzlYSlpMay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAC+/GyeRiWGV6DTNIjwUyH71FTt5HHPA
JM0qaOEHVMoSgiA/xV4E4HoMgrIUK+pjWUMs/z7vLHG4wz5zuAlYGbQTZWfJlF6h
edfVkxuYkEDPR4iSqn7oeagTfS/6jI7F2Vy5/qR1vmHnggPIWocltnF3qHJGfqmh
ZsNoOa5VkezDZnFXvmRlSCbhX151VVQbl0vz481M5KRHffRDx1cNS1IH/OI9ol0S
PdmzoiNbe5lXFe0Xo2RnNZdSzFACfv6atrZqcJkuh7jvuBOwiuLTIc+OTEhC/WPC
TNfHM3IrJGTbgh7NugOvWQgfvjXkEUR+wd4kkCcqXBD8qrrHUy9aIZ4=
-----END CERTIFICATE-----
Generated at Sat May 17 23:56:12 2025 by rpki-client