Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Sfn6jaus1z9wYO4lqT9n8uTLiY0.roa
File: Sfn6jaus1z9wYO4lqT9n8uTLiY0.roa (raw, json)
Hash identifier: chQKT5Xcxc1Mg4It7gDbdfiMIDs4uAOb8U1rVHdGbwk=
Subject key identifier: 49:F9:FA:8D:AB:AC:D7:3F:70:60:EE:25:A9:3F:67:F2:E4:CB:89:8D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3E13
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Sfn6jaus1z9wYO4lqT9n8uTLiY0.roa
Signing time: Thu 11 Apr 2024 08:22:47 +0000
ROA not before: Thu 11 Apr 2024 08:22:47 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15891 (0x3e13)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 11 08:22:47 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=49F9FA8DABACD73F7060EE25A93F67F2E4CB898D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:99:34:1e:8c:26:74:33:d8:7d:d4:50:d8:1a:
c5:14:58:fe:73:a4:51:be:a3:2f:07:f0:f7:d7:54:
14:4b:38:22:b5:11:ad:2d:00:63:c1:c7:3c:30:31:
97:50:37:68:ba:c0:9f:db:9f:55:f0:6d:a8:1e:87:
cd:e0:7f:a3:43:b8:f8:39:cb:83:0a:ed:c5:21:1d:
6d:31:b6:8a:a8:68:6f:01:84:f2:1b:37:92:8c:b0:
d9:f1:a6:eb:f3:1a:59:0f:28:e6:68:4d:90:69:5d:
1f:78:d8:7a:a1:18:aa:87:03:5e:4b:98:a2:8c:a5:
34:7c:b5:45:a3:c1:67:b5:29:59:7b:8c:db:5b:80:
34:63:29:cb:ee:78:7c:c0:3d:c3:b7:2d:8d:15:e5:
1f:1f:a0:4d:8b:9e:db:ab:5a:77:8e:7d:dd:91:37:
99:0d:c4:e6:d5:5d:d3:21:a6:96:bd:21:db:04:e5:
ed:9d:46:06:59:10:e8:46:31:f9:bc:d9:b6:35:b2:
ae:71:0a:ed:7e:0d:8e:ab:a9:6a:aa:83:50:77:8d:
12:be:ec:aa:c1:a7:bc:2d:4f:52:00:f0:12:08:be:
41:db:24:72:f8:88:49:ca:de:24:d7:7d:6d:c2:43:
9b:13:21:73:b6:cc:af:bb:8d:7b:e8:0b:12:b1:dc:
8d:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:F9:FA:8D:AB:AC:D7:3F:70:60:EE:25:A9:3F:67:F2:E4:CB:89:8D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Sfn6jaus1z9wYO4lqT9n8uTLiY0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
a0:c1:fd:56:47:50:5e:1b:3f:87:dd:aa:d6:4b:c9:a7:0f:79:
aa:45:5c:90:d7:8b:50:88:cb:4b:c3:76:1d:50:66:b0:81:87:
ea:37:82:0c:c6:48:5a:2c:35:1a:fd:0d:bb:2c:e2:dd:49:07:
ef:e3:df:10:4a:ba:cc:f1:6d:8b:fa:98:cc:29:39:d1:b2:b5:
7b:9a:59:b8:bf:81:0c:8e:9d:f0:8d:51:16:88:90:37:68:91:
b3:01:c6:4f:2a:dd:92:9c:a8:2b:cf:bd:e1:0b:56:ed:94:1a:
d6:ab:7e:35:50:b7:53:eb:5e:d3:5a:d9:49:20:3c:f0:08:a2:
20:03:ff:a5:2c:ea:66:6a:28:3e:d0:9c:01:d1:4b:b1:5a:ab:
fc:77:b2:bb:eb:a2:c2:d4:10:d0:54:75:c0:d2:3a:d9:16:bf:
67:4d:61:46:25:1d:bc:6f:82:66:8d:10:07:15:a9:8f:26:88:
e3:85:b6:26:77:2c:b3:c8:97:f8:13:29:6b:58:4f:ec:56:04:
dc:e4:fd:a1:82:cd:17:04:67:40:a1:7b:32:26:46:b0:26:14:
70:7f:57:19:86:e7:a0:27:d3:c4:e0:3f:50:21:2f:8f:5a:23:
19:43:1c:fb:21:a5:c3:a6:d5:6f:bf:a8:ac:4c:ec:80:1a:c9:
c7:bd:db:a4
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICPhMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTEw
ODIyNDdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQ5RjlGQThEQUJBQ0Q3
M0Y3MDYwRUUyNUE5M0Y2N0YyRTRDQjg5OEQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDBmTQejCZ0M9h91FDYGsUUWP5zpFG+oy8H8PfXVBRLOCK1Ea0t
AGPBxzwwMZdQN2i6wJ/bn1Xwbageh83gf6NDuPg5y4MK7cUhHW0xtoqoaG8BhPIb
N5KMsNnxpuvzGlkPKOZoTZBpXR942HqhGKqHA15LmKKMpTR8tUWjwWe1KVl7jNtb
gDRjKcvueHzAPcO3LY0V5R8foE2LnturWneOfd2RN5kNxObVXdMhppa9IdsE5e2d
RgZZEOhGMfm82bY1sq5xCu1+DY6rqWqqg1B3jRK+7KrBp7wtT1IA8BIIvkHbJHL4
iEnK3iTXfW3CQ5sTIXO2zK+7jXvoCxKx3I3jAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUSfn6jaus1z9wYO4lqT9n8uTLiY0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1NmbjZqYXVzMXo5d1lP
NGxxVDluOHVUTGlZMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAKDB/VZHUF4bP4fdqtZLyacPeapFXJDX
i1CIy0vDdh1QZrCBh+o3ggzGSFosNRr9Dbss4t1JB+/j3xBKuszxbYv6mMwpOdGy
tXuaWbi/gQyOnfCNURaIkDdokbMBxk8q3ZKcqCvPveELVu2UGtarfjVQt1PrXtNa
2UkgPPAIoiAD/6Us6mZqKD7QnAHRS7Faq/x3srvrosLUENBUdcDSOtkWv2dNYUYl
HbxvgmaNEAcVqY8miOOFtiZ3LLPIl/gTKWtYT+xWBNzk/aGCzRcEZ0ChezImRrAm
FHB/VxmG56An08TgP1AhL49aIxlDHPshpcOm1W+/qKxM7IAayce926Q=
-----END CERTIFICATE-----
Generated at Sat May 17 23:50:43 2025 by rpki-client