Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/SPmpBhrlWC0EB88slAy7XiviJj8.roa
File: SPmpBhrlWC0EB88slAy7XiviJj8.roa (raw, json)
Hash identifier: heo/YUqS/4/Vpp5yRUW8oTP0ZTy74hgzQ39no6Ngl6Q=
Subject key identifier: 48:F9:A9:06:1A:E5:58:2D:04:07:CF:2C:94:0C:BB:5E:2B:E2:26:3F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4DAF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/SPmpBhrlWC0EB88slAy7XiviJj8.roa
Signing time: Thu 02 May 2024 03:53:43 +0000
ROA not before: Thu 02 May 2024 03:53:43 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19887 (0x4daf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 2 03:53:43 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=48F9A9061AE5582D0407CF2C940CBB5E2BE2263F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:73:2f:ef:bb:da:42:a5:0a:6c:6a:00:e0:c1:
e6:d9:5c:e3:4b:ad:07:64:e8:01:7b:e9:1b:51:49:
3b:99:a2:6a:7b:49:44:83:c9:a5:2c:de:32:f0:7a:
e1:15:61:5c:3a:56:04:5c:a3:55:be:07:b3:5f:29:
e7:ab:e0:c2:97:0f:a4:f0:82:b1:36:a0:83:a0:3f:
0c:59:0a:39:0d:f7:e8:3f:e0:bc:0c:68:38:79:20:
af:05:f6:22:92:90:61:44:e7:10:70:af:b9:68:b7:
a1:16:55:b9:b1:ca:36:01:d1:12:03:b5:1f:2b:ab:
96:27:9d:1d:30:4c:0e:05:09:f8:d0:89:96:f6:f8:
13:00:eb:27:54:14:d6:dc:8a:22:2a:bc:a8:d3:5e:
4c:6c:9f:3a:ab:90:0b:63:a7:7f:9e:95:50:96:2e:
7c:ae:f8:f4:be:84:49:d6:57:a7:30:53:8f:e8:26:
1c:e9:10:14:00:e0:44:35:06:a7:85:47:db:a4:ea:
96:9c:29:7f:6c:f5:65:e8:21:f2:0c:eb:87:1b:6f:
db:eb:12:2b:bb:fb:b2:bc:78:e1:6d:c8:51:e5:43:
63:9c:27:c8:0c:16:a7:bd:e2:8d:45:2f:10:78:af:
c6:a0:ee:b6:01:1f:23:61:06:3e:ec:a4:aa:6c:e0:
86:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:F9:A9:06:1A:E5:58:2D:04:07:CF:2C:94:0C:BB:5E:2B:E2:26:3F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/SPmpBhrlWC0EB88slAy7XiviJj8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
a5:5d:1f:13:3a:98:ea:f6:ba:03:9d:5c:f3:9e:4e:e4:8c:36:
39:ea:b2:53:bc:ee:1a:56:96:46:57:bc:0f:61:4b:44:00:2e:
83:81:12:3f:54:73:87:43:8c:53:d4:9c:18:f5:ec:2d:da:b0:
4e:c4:59:3a:7b:ba:7f:1c:da:30:a9:00:3c:bb:92:9e:4e:c5:
dd:a1:48:70:63:bf:a1:03:2c:46:d5:d3:ed:58:a9:22:92:93:
65:b8:05:75:5b:5a:d1:51:be:92:52:e0:6c:b6:76:6e:6a:fd:
76:23:e3:d7:d3:3f:61:31:d4:72:66:e9:de:3c:8c:15:7c:5f:
a2:ce:73:c1:e3:e8:cd:b5:8a:0b:e1:05:17:a2:1d:b3:89:77:
1e:1c:b4:75:bc:9c:80:e9:2f:83:8e:ec:69:8b:e4:f1:ed:d2:
b6:f2:02:55:4a:a2:0c:3c:18:fc:fc:38:f6:e5:d1:9c:64:d9:
13:09:e4:66:25:4e:d0:4d:13:b3:1f:f9:cf:a1:51:86:dd:4e:
d6:03:f9:4e:d5:9e:ee:a3:e4:46:02:14:c7:c7:81:25:a1:2e:
cb:b7:e0:28:d0:82:af:d3:b3:52:41:58:7a:e7:55:2a:f5:c9:
96:d0:f0:06:94:8e:73:3c:91:2d:df:bd:42:50:e4:7b:34:de:
49:ca:e5:a0
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICTa8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDIw
MzUzNDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQ4RjlBOTA2MUFFNTU4
MkQwNDA3Q0YyQzk0MENCQjVFMkJFMjI2M0YwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOcy/vu9pCpQpsagDgwebZXONLrQdk6AF76RtRSTuZomp7SUSD
yaUs3jLweuEVYVw6VgRco1W+B7NfKeer4MKXD6TwgrE2oIOgPwxZCjkN9+g/4LwM
aDh5IK8F9iKSkGFE5xBwr7lot6EWVbmxyjYB0RIDtR8rq5YnnR0wTA4FCfjQiZb2
+BMA6ydUFNbciiIqvKjTXkxsnzqrkAtjp3+elVCWLnyu+PS+hEnWV6cwU4/oJhzp
EBQA4EQ1BqeFR9uk6pacKX9s9WXoIfIM64cbb9vrEiu7+7K8eOFtyFHlQ2OcJ8gM
Fqe94o1FLxB4r8ag7rYBHyNhBj7spKps4IbNAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUSPmpBhrlWC0EB88slAy7XiviJj8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1NQbXBCaHJsV0MwRUI4
OHNsQXk3WGl2aUpqOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAKVdHxM6mOr2ugOdXPOeTuSMNjnqslO8
7hpWlkZXvA9hS0QALoOBEj9Uc4dDjFPUnBj17C3asE7EWTp7un8c2jCpADy7kp5O
xd2hSHBjv6EDLEbV0+1YqSKSk2W4BXVbWtFRvpJS4Gy2dm5q/XYj49fTP2Ex1HJm
6d48jBV8X6LOc8Hj6M21igvhBReiHbOJdx4ctHW8nIDpL4OO7GmL5PHt0rbyAlVK
ogw8GPz8OPbl0Zxk2RMJ5GYlTtBNE7Mf+c+hUYbdTtYD+U7Vnu6j5EYCFMfHgSWh
Lsu34CjQgq/Ts1JBWHrnVSr1yZbQ8AaUjnM8kS3fvUJQ5Hs03knK5aA=
-----END CERTIFICATE-----
Generated at Sat May 17 21:29:12 2025 by rpki-client