Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/_MMMbRH_yHH2xZj8oHhXS8-Osk4.roa
File: _MMMbRH_yHH2xZj8oHhXS8-Osk4.roa (raw, json)
Hash identifier: 4CNRE0FZbjOQffSfxROKY/Th0TC/5SdJKYuVcQxfk+k=
Subject key identifier: FC:C3:0C:6D:11:FF:C8:71:F6:C5:98:FC:A0:78:57:4B:CF:8E:B2:4E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3E8F
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_MMMbRH_yHH2xZj8oHhXS8-Osk4.roa
Signing time: Thu 11 Apr 2024 23:52:50 +0000
ROA not before: Thu 11 Apr 2024 23:52:50 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16015 (0x3e8f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 11 23:52:50 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=FCC30C6D11FFC871F6C598FCA078574BCF8EB24E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:7c:42:33:57:6e:c2:97:6b:9f:59:5a:43:0c:
3f:e6:92:37:f6:20:d5:76:79:62:16:4b:16:1f:1d:
ed:bc:9f:65:a6:8d:2a:28:71:e9:1c:73:11:22:9d:
a1:05:9b:e8:37:ef:7b:7e:39:17:e5:93:b7:fe:59:
01:a0:6c:a2:d7:1e:2a:1e:9c:08:0f:df:d7:0b:d7:
f5:d3:f1:dc:42:c7:79:f5:6e:24:1e:16:63:b3:e7:
76:6d:54:07:3f:94:fc:3a:5c:8c:20:13:c9:67:0a:
bd:c0:b5:2b:a9:c7:71:eb:4a:39:ed:a8:de:08:df:
0f:6d:83:f5:51:d8:2c:a6:94:48:44:ab:f1:22:58:
a8:6e:0b:bb:8c:73:8b:5f:2b:08:f5:0f:04:68:3b:
58:d8:50:70:04:9f:15:8d:99:7e:c1:23:c6:86:71:
c9:92:9b:c4:c6:d3:25:39:39:d3:df:59:99:54:36:
b4:b0:9e:27:82:48:9d:01:85:64:e2:c2:e9:a1:9f:
79:b3:53:95:e0:0f:2a:cd:b0:47:e9:8d:df:24:b9:
5d:b9:3b:88:b2:ca:32:e6:66:9a:a8:db:40:f6:41:
7b:6f:78:89:45:13:c2:1a:53:b0:f1:3e:e1:50:a7:
c9:6a:48:e5:96:03:66:b8:4f:f0:5a:b0:78:04:2b:
0d:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:C3:0C:6D:11:FF:C8:71:F6:C5:98:FC:A0:78:57:4B:CF:8E:B2:4E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_MMMbRH_yHH2xZj8oHhXS8-Osk4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
a2:ef:db:14:14:f4:bf:8f:1f:fd:af:df:6c:50:e9:6a:4b:51:
ec:43:a7:28:6d:f3:43:0b:eb:2e:64:f7:c7:2c:b6:05:22:24:
96:c1:34:8d:48:ef:96:a6:b4:c5:37:cf:cc:34:db:60:b7:dd:
eb:06:1f:5e:88:be:5f:d2:27:e3:0d:62:c9:cb:31:a0:6e:4c:
04:22:6b:fe:0f:b3:a7:a8:a0:60:eb:fb:c0:5c:3f:47:b3:eb:
5e:72:5d:d4:ef:40:e0:36:f1:9b:df:45:ae:b9:52:87:2a:ea:
1e:71:fc:c9:c7:f0:73:ea:d2:7b:e4:3b:86:0d:a1:b9:49:6a:
87:3c:a3:77:eb:79:36:fd:86:a6:84:e8:78:96:9e:be:d4:9b:
df:fa:68:bf:fe:51:0a:f3:16:f7:7a:0f:1f:73:4d:25:06:b8:
53:09:e0:2a:a2:f8:82:83:f9:03:3e:26:c3:b4:2c:81:fb:f7:
e7:86:b2:5a:e4:1e:ec:ad:2d:3e:c2:02:6f:1d:70:d7:ce:d1:
2d:9f:97:7d:00:83:47:f7:02:ae:3a:61:63:e3:0d:52:78:8a:
4c:07:93:43:0e:e9:62:39:ab:ac:5f:45:c9:d3:cb:75:e0:01:
f1:34:94:cc:2f:47:1f:e2:1c:4f:22:58:99:52:b3:1b:e9:4f:
52:bf:ac:f2
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICPo8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTEy
MzUyNTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEZDQzMwQzZEMTFGRkM4
NzFGNkM1OThGQ0EwNzg1NzRCQ0Y4RUIyNEUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJfEIzV27Cl2ufWVpDDD/mkjf2INV2eWIWSxYfHe28n2WmjSoo
cekccxEinaEFm+g373t+ORflk7f+WQGgbKLXHioenAgP39cL1/XT8dxCx3n1biQe
FmOz53ZtVAc/lPw6XIwgE8lnCr3AtSupx3HrSjntqN4I3w9tg/VR2CymlEhEq/Ei
WKhuC7uMc4tfKwj1DwRoO1jYUHAEnxWNmX7BI8aGccmSm8TG0yU5OdPfWZlUNrSw
nieCSJ0BhWTiwumhn3mzU5XgDyrNsEfpjd8kuV25O4iyyjLmZpqo20D2QXtveIlF
E8IaU7DxPuFQp8lqSOWWA2a4T/BasHgEKw3dAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU/MMMbRH/yHH2xZj8oHhXS8+Osk4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L19NTU1iUkhfeUhIMnha
ajhvSGhYUzgtT3NrNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAKLv2xQU9L+PH/2v32xQ6WpLUexDpyht
80ML6y5k98cstgUiJJbBNI1I75amtMU3z8w022C33esGH16Ivl/SJ+MNYsnLMaBu
TAQia/4Ps6eooGDr+8BcP0ez615yXdTvQOA28ZvfRa65Uocq6h5x/MnH8HPq0nvk
O4YNoblJaoc8o3freTb9hqaE6HiWnr7Um9/6aL/+UQrzFvd6Dx9zTSUGuFMJ4Cqi
+IKD+QM+JsO0LIH79+eGslrkHuytLT7CAm8dcNfO0S2fl30Ag0f3Aq46YWPjDVJ4
ikwHk0MO6WI5q6xfRcnTy3XgAfE0lMwvRx/iHE8iWJlSsxvpT1K/rPI=
-----END CERTIFICATE-----
Generated at Sat May 17 22:45:35 2025 by rpki-client