Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/X_m0zNHyICut41d-cYAelLRRbiw.roa
File: X_m0zNHyICut41d-cYAelLRRbiw.roa (raw, json)
Hash identifier: NRBA3NC2apZYsjH2C0XhYJIpbq7Hk2Hp68PZyQDn4kA=
Subject key identifier: 5F:F9:B4:CC:D1:F2:20:2B:AD:E3:57:7E:71:80:1E:94:B4:51:6E:2C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5423
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/X_m0zNHyICut41d-cYAelLRRbiw.roa
Signing time: Fri 10 May 2024 18:24:02 +0000
ROA not before: Fri 10 May 2024 18:24:02 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21539 (0x5423)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 10 18:24:02 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5FF9B4CCD1F2202BADE3577E71801E94B4516E2C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:9f:0a:d7:1c:10:f7:a2:11:0b:55:16:d9:e4:
3f:b2:3c:9d:57:1b:5c:c6:43:91:b9:42:92:d8:7c:
b8:6a:43:f6:89:87:b7:b0:ef:b1:ed:ec:42:ca:54:
84:5f:c5:44:6d:2f:3e:96:b1:fd:4b:78:4c:b2:60:
da:0f:7e:ca:cf:32:2f:41:34:bf:7d:c2:5f:69:04:
b1:82:9a:47:f4:6d:db:55:b2:40:f4:58:79:23:04:
6a:02:fd:4a:94:f2:c8:e4:7c:65:1a:f8:a4:aa:df:
34:c9:e2:dd:67:1a:38:b6:c3:1d:f0:91:ec:6c:dd:
b6:bc:cf:1b:c5:3e:e8:ed:6a:6b:fc:b0:05:37:42:
fc:2a:94:b2:a5:80:c1:2b:d2:da:b3:eb:6d:a5:06:
b3:8e:34:b9:1e:2a:57:b9:bd:4c:69:52:0a:33:29:
95:e2:71:ad:b7:d2:18:cf:df:1c:9d:53:13:75:42:
67:6a:3b:77:7d:07:5f:9c:d0:37:3c:36:c9:2a:0f:
15:8d:a5:a6:7e:78:9f:b8:16:58:8d:3c:69:48:82:
ef:49:b0:6b:ae:3d:15:b1:35:da:e2:ae:92:e5:02:
f7:d2:80:0c:a7:16:69:19:f0:18:e9:6b:8d:91:6f:
f7:ca:38:8e:46:87:29:09:1d:53:74:59:7c:2a:0b:
fd:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:F9:B4:CC:D1:F2:20:2B:AD:E3:57:7E:71:80:1E:94:B4:51:6E:2C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/X_m0zNHyICut41d-cYAelLRRbiw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
08:a3:2a:02:de:8e:d9:d1:17:db:15:a6:bd:41:0e:24:91:3f:
f0:8c:1f:6c:ac:ff:fd:34:69:ee:69:0c:3d:eb:36:f2:e2:f2:
f5:cc:8a:48:6c:fa:d7:44:5f:18:d0:49:b4:73:ac:a4:a5:11:
3b:e3:86:f9:6c:f0:60:d8:97:13:cc:51:c9:3d:9b:4e:f8:a7:
05:6d:87:b1:f2:0d:8d:ff:a0:53:9c:06:f2:90:ac:e7:cb:23:
8f:70:7b:7f:b6:f9:12:f3:ac:eb:37:e5:fa:4f:e8:54:98:b3:
46:93:a9:d2:35:5f:29:e5:7c:86:fb:dc:0b:fd:68:cc:47:f2:
fa:d3:ce:e7:14:e4:60:22:e1:f1:7e:cd:c1:67:17:65:79:df:
31:fd:93:64:9e:1e:3c:3b:3e:49:bf:a5:ed:3a:f1:dd:0e:2c:
9c:71:18:0d:1d:fc:57:06:02:94:f0:67:0a:83:24:af:02:b8:
54:af:da:a4:36:04:c3:a2:09:de:fc:e2:b6:10:85:0d:b2:cf:
94:29:88:13:e6:09:c6:de:1c:20:88:3f:1a:71:f2:0b:1c:e7:
4e:81:6d:c8:33:62:e1:f9:bf:2d:ef:92:3e:05:03:a7:a0:1d:
7e:69:5d:6d:35:57:dc:63:0e:bb:ee:92:a9:7b:8d:d7:52:23:
3f:38:88:bc
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICVCMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTAx
ODI0MDJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDVGRjlCNENDRDFGMjIw
MkJBREUzNTc3RTcxODAxRTk0QjQ1MTZFMkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDVnwrXHBD3ohELVRbZ5D+yPJ1XG1zGQ5G5QpLYfLhqQ/aJh7ew
77Ht7ELKVIRfxURtLz6Wsf1LeEyyYNoPfsrPMi9BNL99wl9pBLGCmkf0bdtVskD0
WHkjBGoC/UqU8sjkfGUa+KSq3zTJ4t1nGji2wx3wkexs3ba8zxvFPujtamv8sAU3
QvwqlLKlgMEr0tqz622lBrOONLkeKle5vUxpUgozKZXica230hjP3xydUxN1Qmdq
O3d9B1+c0Dc8NskqDxWNpaZ+eJ+4FliNPGlIgu9JsGuuPRWxNdrirpLlAvfSgAyn
FmkZ8Bjpa42Rb/fKOI5GhykJHVN0WXwqC/0LAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUX/m0zNHyICut41d+cYAelLRRbiwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1hfbTB6Tkh5SUN1dDQx
ZC1jWUFlbExSUmJpdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAAijKgLejtnRF9sVpr1BDiSRP/CMH2ys
//00ae5pDD3rNvLi8vXMikhs+tdEXxjQSbRzrKSlETvjhvls8GDYlxPMUck9m074
pwVth7HyDY3/oFOcBvKQrOfLI49we3+2+RLzrOs35fpP6FSYs0aTqdI1XynlfIb7
3Av9aMxH8vrTzucU5GAi4fF+zcFnF2V53zH9k2SeHjw7Pkm/pe068d0OLJxxGA0d
/FcGApTwZwqDJK8CuFSv2qQ2BMOiCd784rYQhQ2yz5QpiBPmCcbeHCCIPxpx8gsc
506BbcgzYuH5vy3vkj4FA6egHX5pXW01V9xjDrvukql7jddSIz84iLw=
-----END CERTIFICATE-----
Generated at Sat May 17 19:38:47 2025 by rpki-client