Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/fCms0-R4M5nSP_8NXo6p6G1i2yQ.roa
File: fCms0-R4M5nSP_8NXo6p6G1i2yQ.roa (raw, json)
Hash identifier: kkfGvfargdkmyceeEOOnlfFnD6bD1yZGip68x7e9cXM=
Subject key identifier: 7C:29:AC:D3:E4:78:33:99:D2:3F:FF:0D:5E:8E:A9:E8:6D:62:DB:24
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 57B7
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fCms0-R4M5nSP_8NXo6p6G1i2yQ.roa
Signing time: Wed 15 May 2024 12:54:36 +0000
ROA not before: Wed 15 May 2024 12:54:36 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22455 (0x57b7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 15 12:54:36 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=7C29ACD3E4783399D23FFF0D5E8EA9E86D62DB24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:d1:31:5c:e6:82:ec:b1:d8:24:d6:79:78:5b:
38:4a:9e:99:55:ed:a0:8a:41:12:0a:55:86:34:2c:
03:c5:7b:12:b0:7f:7c:63:7b:37:3e:fa:ea:66:32:
60:3b:25:fd:4e:5f:dc:d7:67:91:c1:76:e2:85:0b:
b2:66:a1:d3:ec:40:65:31:59:9e:2b:01:6a:27:a8:
68:c8:ca:e7:26:a6:15:3d:e2:e0:93:74:68:70:cb:
f2:1d:c9:40:31:4e:85:37:f3:9a:64:b9:35:d1:74:
1a:e5:d6:95:da:c0:05:f4:68:cc:93:fb:af:1f:aa:
40:bb:ba:94:85:5c:32:51:75:f4:9a:c9:42:8f:56:
f0:fb:c3:f5:9b:89:50:0e:bc:5e:f6:09:0d:2b:0b:
66:d8:50:5a:79:28:5b:ef:c1:8a:9c:e9:8a:c9:b8:
87:d8:e5:31:87:f7:3c:5f:80:eb:38:ad:4d:4c:1c:
d7:08:2e:57:15:0a:aa:ed:2c:e4:89:24:9f:ad:c6:
94:e1:6d:80:d9:8e:ae:e2:e8:03:ad:31:8e:c8:a2:
3e:f5:ae:0a:df:d7:85:01:1a:cc:f1:f2:99:76:d7:
90:88:b3:2c:e8:9c:10:71:65:98:fc:51:28:ff:4a:
0b:77:52:a2:5c:0a:a5:43:15:3d:1d:92:76:72:9f:
90:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:29:AC:D3:E4:78:33:99:D2:3F:FF:0D:5E:8E:A9:E8:6D:62:DB:24
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fCms0-R4M5nSP_8NXo6p6G1i2yQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
18:d1:e9:9d:05:19:cc:81:67:3e:ac:5d:74:c5:d3:09:e9:1c:
a7:cf:bf:4b:61:4b:47:9c:41:5d:07:ff:6c:21:ee:6c:99:6e:
33:ed:3f:b1:37:ec:6c:52:88:5c:a1:0e:8e:a1:c6:8c:eb:17:
d1:c4:c3:6f:50:6c:06:f7:7f:c8:7b:e2:46:b7:6f:c6:8c:00:
84:68:58:dc:17:70:1f:3b:ee:65:67:9b:1d:69:c5:58:d5:81:
80:eb:25:dc:b8:70:ee:fe:73:47:0d:2f:01:02:15:02:71:cf:
2b:de:87:18:e0:92:bc:b9:d2:8e:c9:70:8c:2d:f7:3e:a6:b0:
5b:fe:37:39:7a:fb:9f:c2:67:42:da:77:ae:8a:94:94:45:e9:
82:1d:f4:f7:be:01:70:3e:2b:2d:38:c4:7a:02:29:41:c4:6f:
fa:bf:4b:72:c3:c6:5a:f5:df:f8:52:30:3e:a9:08:dc:6b:dc:
1a:fb:06:7d:58:90:d1:cc:03:a3:a0:cb:f6:dc:16:ac:50:66:
6e:9e:33:a0:04:5d:fb:be:5d:ee:14:43:1c:76:49:dd:4a:3d:
e0:df:c4:d3:f3:a0:75:cf:e7:1a:95:21:56:61:b0:76:fe:f8:
48:66:61:17:bc:dc:f6:92:1f:19:00:31:00:77:56:19:d9:e6:
5b:01:ca:6c
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICV7cwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTUx
MjU0MzZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDdDMjlBQ0QzRTQ3ODMz
OTlEMjNGRkYwRDVFOEVBOUU4NkQ2MkRCMjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC30TFc5oLssdgk1nl4WzhKnplV7aCKQRIKVYY0LAPFexKwf3xj
ezc++upmMmA7Jf1OX9zXZ5HBduKFC7JmodPsQGUxWZ4rAWonqGjIyucmphU94uCT
dGhwy/IdyUAxToU385pkuTXRdBrl1pXawAX0aMyT+68fqkC7upSFXDJRdfSayUKP
VvD7w/WbiVAOvF72CQ0rC2bYUFp5KFvvwYqc6YrJuIfY5TGH9zxfgOs4rU1MHNcI
LlcVCqrtLOSJJJ+txpThbYDZjq7i6AOtMY7Ioj71rgrf14UBGszx8pl215CIsyzo
nBBxZZj8USj/Sgt3UqJcCqVDFT0dknZyn5BrAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUfCms0+R4M5nSP/8NXo6p6G1i2yQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2ZDbXMwLVI0TTVuU1Bf
OE5YbzZwNkcxaTJ5US5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBABjR6Z0FGcyBZz6sXXTF0wnpHKfPv0th
S0ecQV0H/2wh7myZbjPtP7E37GxSiFyhDo6hxozrF9HEw29QbAb3f8h74ka3b8aM
AIRoWNwXcB877mVnmx1pxVjVgYDrJdy4cO7+c0cNLwECFQJxzyvehxjgkry50o7J
cIwt9z6msFv+Nzl6+5/CZ0Lad66KlJRF6YId9Pe+AXA+Ky04xHoCKUHEb/q/S3LD
xlr13/hSMD6pCNxr3Br7Bn1YkNHMA6Ogy/bcFqxQZm6eM6AEXfu+Xe4UQxx2Sd1K
PeDfxNPzoHXP5xqVIVZhsHb++EhmYRe83PaSHxkAMQB3VhnZ5lsBymw=
-----END CERTIFICATE-----
Generated at Sat May 17 22:37:16 2025 by rpki-client