Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/i07VZPnoWlesGNPEnMC0dfHlIAk.roa
File: i07VZPnoWlesGNPEnMC0dfHlIAk.roa (raw, json)
Hash identifier: Pi75C3MnLtBgnJngF5s7hOereueu95CpWF+aJpY2PQk=
Subject key identifier: 8B:4E:D5:64:F9:E8:5A:57:AC:18:D3:C4:9C:C0:B4:75:F1:E5:20:09
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 51E3
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/i07VZPnoWlesGNPEnMC0dfHlIAk.roa
Signing time: Tue 07 May 2024 18:23:53 +0000
ROA not before: Tue 07 May 2024 18:23:53 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20963 (0x51e3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 7 18:23:53 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8B4ED564F9E85A57AC18D3C49CC0B475F1E52009
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:a9:29:20:31:6a:3d:ce:7a:26:10:56:86:39:
03:11:9d:cf:41:b3:a1:c2:a4:e9:6e:9a:d6:12:32:
68:80:d4:f8:a1:64:01:cf:41:11:5a:86:ec:7d:02:
8a:30:5d:b0:5d:c8:13:cf:b7:52:38:ad:9e:48:c1:
ad:26:c7:22:a3:88:c8:65:89:cf:b8:5f:da:32:21:
73:12:03:70:89:bc:a7:a6:a6:3b:24:07:12:11:e2:
36:e1:34:28:40:11:ac:72:e9:96:55:66:e6:1a:6d:
6f:d9:25:14:8c:57:b9:27:45:87:fc:aa:d1:c0:10:
d5:15:15:01:43:2f:0f:13:06:2c:0e:68:d2:bc:e0:
b1:2e:33:21:ce:2f:3b:69:62:02:a0:d8:0a:cd:09:
83:f9:41:34:44:6c:65:f7:74:fb:57:a4:bf:39:c5:
33:80:65:3d:d2:2a:8a:0d:fc:1b:68:57:46:6b:c2:
dd:b1:ea:3e:68:f2:48:df:73:2f:01:3e:9a:69:3f:
58:69:79:05:2a:d1:b6:55:40:ec:4f:7e:fa:46:96:
dc:99:9e:3b:f9:5e:01:f4:be:f2:aa:f0:e1:7c:2f:
89:e4:a8:19:d3:1f:da:2f:71:63:e2:4d:e1:fa:67:
d9:2f:c0:61:46:9c:76:70:c5:e3:b3:e1:2c:f4:02:
2b:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:4E:D5:64:F9:E8:5A:57:AC:18:D3:C4:9C:C0:B4:75:F1:E5:20:09
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/i07VZPnoWlesGNPEnMC0dfHlIAk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
72:67:f9:cd:1b:f0:0b:77:de:c6:64:82:50:45:f2:b7:dc:3c:
c3:74:6d:b9:ec:a1:af:74:fd:4c:98:1c:8c:ff:d2:0c:45:cd:
91:04:56:a1:b6:14:fe:95:3e:0f:22:c8:39:68:57:c6:58:ee:
27:22:0f:e3:d6:d1:96:05:30:0b:a0:16:36:c2:2c:a1:c0:28:
25:17:c2:74:78:f4:22:ee:07:b5:ef:23:42:17:03:59:cc:08:
cd:b8:17:8b:ab:d2:b2:0e:ae:a4:27:b8:23:0b:12:66:47:8c:
09:e2:ae:36:d4:19:33:e9:10:ec:49:2d:2b:e0:66:fe:69:d8:
6e:57:2e:3f:b2:99:5b:ce:7d:b4:c3:d8:74:5a:65:5f:50:e2:
09:59:0f:04:85:92:cb:a9:ce:8c:1c:2c:d9:3d:11:0e:d9:e2:
31:9b:a5:7b:3f:c7:20:d3:02:22:5b:b0:60:71:e1:a7:83:10:
52:34:33:58:f1:01:a7:93:b1:30:ba:72:7c:38:12:b7:85:7e:
30:2d:f5:4b:ea:ce:3d:52:95:9c:be:d5:e8:f1:f9:d9:83:fd:
37:da:1c:24:08:24:f3:ab:8e:25:54:e5:71:fa:b0:b9:19:06:
c3:12:07:17:4f:3e:dc:5f:ab:b3:3f:f7:69:ae:bd:1a:e4:a8:
a5:a7:54:00
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICUeMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDcx
ODIzNTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhCNEVENTY0RjlFODVB
NTdBQzE4RDNDNDlDQzBCNDc1RjFFNTIwMDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCbqSkgMWo9znomEFaGOQMRnc9Bs6HCpOlumtYSMmiA1PihZAHP
QRFahux9AoowXbBdyBPPt1I4rZ5Iwa0mxyKjiMhlic+4X9oyIXMSA3CJvKempjsk
BxIR4jbhNChAEaxy6ZZVZuYabW/ZJRSMV7knRYf8qtHAENUVFQFDLw8TBiwOaNK8
4LEuMyHOLztpYgKg2ArNCYP5QTREbGX3dPtXpL85xTOAZT3SKooN/BtoV0Zrwt2x
6j5o8kjfcy8BPpppP1hpeQUq0bZVQOxPfvpGltyZnjv5XgH0vvKq8OF8L4nkqBnT
H9ovcWPiTeH6Z9kvwGFGnHZwxeOz4Sz0AisvAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUi07VZPnoWlesGNPEnMC0dfHlIAkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2kwN1ZaUG5vV2xlc0dO
UEVuTUMwZGZIbElBay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAHJn+c0b8At33sZkglBF8rfcPMN0bbns
oa90/UyYHIz/0gxFzZEEVqG2FP6VPg8iyDloV8ZY7iciD+PW0ZYFMAugFjbCLKHA
KCUXwnR49CLuB7XvI0IXA1nMCM24F4ur0rIOrqQnuCMLEmZHjAnirjbUGTPpEOxJ
LSvgZv5p2G5XLj+ymVvOfbTD2HRaZV9Q4glZDwSFksupzowcLNk9EQ7Z4jGbpXs/
xyDTAiJbsGBx4aeDEFI0M1jxAaeTsTC6cnw4EreFfjAt9Uvqzj1SlZy+1ejx+dmD
/TfaHCQIJPOrjiVU5XH6sLkZBsMSBxdPPtxfq7M/92muvRrkqKWnVAA=
-----END CERTIFICATE-----
Generated at Sun May 18 04:54:08 2025 by rpki-client