Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/SRcSUgn3LgF2z1YmG_MKZAq-slY.roa
File: SRcSUgn3LgF2z1YmG_MKZAq-slY.roa (raw, json)
Hash identifier: CiWZiKZnhwsnzHxx8NOU5enBGA8bJSgWy1VVxeyXo2M=
Subject key identifier: 49:17:12:52:09:F7:2E:01:76:CF:56:26:1B:F3:0A:64:0A:BE:B2:56
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3ECB
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/SRcSUgn3LgF2z1YmG_MKZAq-slY.roa
Signing time: Fri 12 Apr 2024 07:22:48 +0000
ROA not before: Fri 12 Apr 2024 07:22:48 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16075 (0x3ecb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 12 07:22:48 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=4917125209F72E0176CF56261BF30A640ABEB256
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:5d:a1:ce:08:02:7e:ba:91:65:c4:7a:ae:9c:
be:5a:c8:56:41:41:53:6f:ec:d2:a5:26:b6:82:f2:
9d:6c:e5:ee:34:20:73:71:1a:53:f1:ea:34:e0:e7:
b2:4c:68:58:e1:30:23:c1:06:80:fa:89:82:ea:e2:
40:d1:69:66:f0:1d:62:0a:e3:59:39:78:ff:c5:2d:
04:3c:0b:4b:1d:3d:dd:7b:a4:17:32:94:5f:c5:ab:
0c:3e:19:fa:d4:25:39:b3:97:a9:cf:6a:c2:e9:2d:
e7:2e:0e:dd:55:d5:47:b4:cf:0b:ca:5b:7b:b6:ba:
f8:ad:2c:71:10:1b:13:5f:4d:91:b1:77:9f:e3:a1:
9d:51:ef:68:93:56:fc:9d:59:b7:25:cd:d2:b5:7f:
83:36:b4:df:8c:21:5c:d1:88:b5:6c:0f:80:16:b1:
86:44:25:0a:f3:8a:9a:d7:c1:ab:ef:30:c8:5f:ad:
49:eb:85:11:7c:e4:49:6b:67:d1:e3:70:aa:7d:30:
47:39:a5:78:e1:6c:99:ac:5f:0e:a0:05:15:b4:82:
de:72:83:2c:c9:14:0b:0a:cd:1e:78:01:c1:9b:20:
29:e7:14:f9:78:be:c3:50:c9:5d:8c:e3:72:ee:cf:
00:00:e1:eb:fc:25:6f:dd:b3:05:1f:e6:85:8e:a7:
5b:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:17:12:52:09:F7:2E:01:76:CF:56:26:1B:F3:0A:64:0A:BE:B2:56
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/SRcSUgn3LgF2z1YmG_MKZAq-slY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
38:3c:be:a7:38:4a:a7:05:b2:47:e8:aa:61:ab:dc:27:f2:5a:
13:a5:6f:85:92:75:37:44:0b:16:c4:e9:47:36:d6:0c:cd:a5:
98:6c:34:d3:56:93:25:dc:89:0e:5c:79:4c:77:c8:38:1e:8e:
79:34:72:30:6a:43:c6:d0:bc:a1:ca:98:81:34:a5:dd:62:95:
a7:a7:2c:71:55:f2:e4:54:f5:ea:2f:be:c4:01:4a:e6:70:19:
3c:9f:1a:b3:6a:4a:e8:41:fd:33:98:86:36:bc:0f:d1:37:33:
24:0b:6c:34:bc:ed:99:ad:20:8b:bd:b1:ba:da:46:62:d3:31:
0b:b6:2d:64:a9:fe:27:bb:17:72:93:a6:e6:58:e6:d1:f8:46:
ee:de:99:4b:48:73:e6:5b:d2:ec:7d:30:db:76:68:b0:09:d8:
3c:39:c9:ef:78:f1:37:de:c1:bf:c3:60:10:09:e1:60:24:56:
ad:ed:ba:57:fd:e1:9a:d9:f1:a3:a0:b4:97:e1:80:f7:ac:f1:
44:e0:7a:0a:25:32:87:50:17:31:62:63:76:b6:d2:19:74:a3:
c9:f7:f7:8b:11:fd:1e:5e:05:d6:cb:3a:0b:e5:38:68:24:92:
87:06:3b:eb:a3:a6:a2:0b:65:01:49:63:d8:c6:97:c7:ad:f5:
56:a8:20:f2
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICPsswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTIw
NzIyNDhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQ5MTcxMjUyMDlGNzJF
MDE3NkNGNTYyNjFCRjMwQTY0MEFCRUIyNTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMXaHOCAJ+upFlxHqunL5ayFZBQVNv7NKlJraC8p1s5e40IHNx
GlPx6jTg57JMaFjhMCPBBoD6iYLq4kDRaWbwHWIK41k5eP/FLQQ8C0sdPd17pBcy
lF/Fqww+GfrUJTmzl6nPasLpLecuDt1V1Ue0zwvKW3u2uvitLHEQGxNfTZGxd5/j
oZ1R72iTVvydWbclzdK1f4M2tN+MIVzRiLVsD4AWsYZEJQrziprXwavvMMhfrUnr
hRF85ElrZ9HjcKp9MEc5pXjhbJmsXw6gBRW0gt5ygyzJFAsKzR54AcGbICnnFPl4
vsNQyV2M43LuzwAA4ev8JW/dswUf5oWOp1sNAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUSRcSUgn3LgF2z1YmG/MKZAq+slYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1NSY1NVZ24zTGdGMnox
WW1HX01LWkFxLXNsWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBADg8vqc4SqcFskfoqmGr3CfyWhOlb4WS
dTdECxbE6Uc21gzNpZhsNNNWkyXciQ5ceUx3yDgejnk0cjBqQ8bQvKHKmIE0pd1i
laenLHFV8uRU9eovvsQBSuZwGTyfGrNqSuhB/TOYhja8D9E3MyQLbDS87ZmtIIu9
sbraRmLTMQu2LWSp/ie7F3KTpuZY5tH4Ru7emUtIc+Zb0ux9MNt2aLAJ2Dw5ye94
8Tfewb/DYBAJ4WAkVq3tulf94ZrZ8aOgtJfhgPes8UTgegolModQFzFiY3a20hl0
o8n394sR/R5eBdbLOgvlOGgkkocGO+ujpqILZQFJY9jGl8et9VaoIPI=
-----END CERTIFICATE-----
Generated at Sun May 18 19:22:54 2025 by rpki-client