Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/eIkR2xdBWMPOLQZACGaOdBdKiN0.roa
File: eIkR2xdBWMPOLQZACGaOdBdKiN0.roa (raw, json)
Hash identifier: 3vGaoaMm31gOmVxixQ/TxyDaZ2LUXr0a1qxryPq1cNg=
Subject key identifier: 78:89:11:DB:17:41:58:C3:CE:2D:06:40:08:66:8E:74:17:4A:88:DD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4D2B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/eIkR2xdBWMPOLQZACGaOdBdKiN0.roa
Signing time: Wed 01 May 2024 11:23:38 +0000
ROA not before: Wed 01 May 2024 11:23:38 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19755 (0x4d2b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 1 11:23:38 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=788911DB174158C3CE2D064008668E74174A88DD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:16:b2:a2:c3:3c:84:67:7d:33:bd:54:d0:0c:
a2:60:41:76:ed:24:92:3d:30:d5:9c:1d:25:75:99:
bd:d8:cd:52:7d:66:5a:7a:4e:69:98:7e:6d:28:a2:
31:5e:df:70:04:dd:36:93:af:55:9e:8b:09:03:8f:
3f:3a:fb:2e:b1:03:b0:74:fc:31:b5:a1:4b:3d:9f:
12:4e:d9:a3:a9:b8:9c:52:ff:ba:55:4c:de:01:29:
ed:a5:17:fe:88:7b:05:21:ed:03:82:f9:39:ab:ae:
51:00:c9:8b:84:e1:4a:a3:25:86:0d:30:6d:b6:08:
54:9d:8d:90:c7:d9:aa:be:fc:21:35:56:c5:1b:b0:
ae:a2:4e:4f:c4:c8:8a:06:cc:17:7f:39:f4:d4:db:
d3:37:77:51:7a:00:a8:23:84:93:bf:ff:4c:c5:82:
94:b4:3e:f4:c8:b2:ed:3a:fb:a4:0a:05:b9:ff:b0:
81:63:25:f4:44:af:1f:07:ce:ca:d2:ab:e2:66:d8:
6b:3d:69:a3:5f:d6:d3:13:91:2c:2a:83:52:2c:6c:
c4:8c:c2:d0:21:80:35:41:3e:61:0b:e1:1c:19:92:
bd:a4:d9:8e:c8:d4:e5:42:2e:90:9e:9a:66:e4:6c:
13:a7:93:cc:c9:fc:a4:34:54:1a:96:ba:a8:ca:c4:
d5:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
78:89:11:DB:17:41:58:C3:CE:2D:06:40:08:66:8E:74:17:4A:88:DD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/eIkR2xdBWMPOLQZACGaOdBdKiN0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
9b:80:71:cf:85:5b:10:94:a3:fd:6a:ff:24:c9:0f:8b:2f:bf:
0f:98:58:8d:74:77:c7:0b:c4:c5:03:da:b7:68:6a:94:e6:d5:
2a:9e:9c:ae:98:4d:c0:4d:aa:db:9b:74:3b:8a:cc:19:de:f0:
93:69:f2:3c:19:40:7d:63:32:86:46:d4:77:3e:55:0b:73:df:
c7:ec:2d:4f:01:c2:7c:78:e8:0d:97:db:a3:9f:fb:b2:3a:0f:
f8:ef:4a:28:81:a4:c4:dd:65:94:f6:72:8f:d7:9e:79:c4:b6:
fb:a5:00:cd:2d:a0:e7:4f:8c:48:05:39:aa:95:3a:90:18:a1:
6f:7a:a9:a3:60:34:dc:28:bb:07:c4:6b:b1:0c:ae:91:65:1f:
9b:67:76:fa:0b:22:eb:69:50:9c:1c:f4:f3:3c:b3:0d:7d:c2:
4d:07:0f:a5:1f:f3:c6:49:c6:21:cb:71:3e:1c:ed:10:67:21:
0d:08:e4:d0:7c:5f:b5:0d:02:66:6b:d6:c4:8d:f8:b6:79:a3:
88:b6:11:c9:93:47:1c:73:d2:32:7c:24:b3:55:ec:db:85:37:
4b:9c:f3:73:c8:de:aa:ac:e2:7c:85:81:b9:ff:90:95:81:71:
5f:f0:25:44:24:c9:01:5f:fa:85:51:5d:57:a9:d5:62:d8:3b:
10:49:88:c8
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICTSswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDEx
MTIzMzhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDc4ODkxMURCMTc0MTU4
QzNDRTJEMDY0MDA4NjY4RTc0MTc0QTg4REQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOFrKiwzyEZ30zvVTQDKJgQXbtJJI9MNWcHSV1mb3YzVJ9Zlp6
TmmYfm0oojFe33AE3TaTr1WeiwkDjz86+y6xA7B0/DG1oUs9nxJO2aOpuJxS/7pV
TN4BKe2lF/6IewUh7QOC+TmrrlEAyYuE4UqjJYYNMG22CFSdjZDH2aq+/CE1VsUb
sK6iTk/EyIoGzBd/OfTU29M3d1F6AKgjhJO//0zFgpS0PvTIsu06+6QKBbn/sIFj
JfRErx8HzsrSq+Jm2Gs9aaNf1tMTkSwqg1IsbMSMwtAhgDVBPmEL4RwZkr2k2Y7I
1OVCLpCemmbkbBOnk8zJ/KQ0VBqWuqjKxNUhAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUeIkR2xdBWMPOLQZACGaOdBdKiN0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2VJa1IyeGRCV01QT0xR
WkFDR2FPZEJkS2lOMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAJuAcc+FWxCUo/1q/yTJD4svvw+YWI10
d8cLxMUD2rdoapTm1SqenK6YTcBNqtubdDuKzBne8JNp8jwZQH1jMoZG1Hc+VQtz
38fsLU8Bwnx46A2X26Of+7I6D/jvSiiBpMTdZZT2co/XnnnEtvulAM0toOdPjEgF
OaqVOpAYoW96qaNgNNwouwfEa7EMrpFlH5tndvoLIutpUJwc9PM8sw19wk0HD6Uf
88ZJxiHLcT4c7RBnIQ0I5NB8X7UNAmZr1sSN+LZ5o4i2EcmTRxxz0jJ8JLNV7NuF
N0uc83PI3qqs4nyFgbn/kJWBcV/wJUQkyQFf+oVRXVep1WLYOxBJiMg=
-----END CERTIFICATE-----
Generated at Sat May 17 22:39:24 2025 by rpki-client