Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/jj1cNCUf53zPsubdjIFvnfu5ygQ.roa
File: jj1cNCUf53zPsubdjIFvnfu5ygQ.roa (raw, json)
Hash identifier: UgmiYEIwPhhNTpef68NpsutKLDGrjKWDKN9P0xW2Dc0=
Subject key identifier: 8E:3D:5C:34:25:1F:E7:7C:CF:B2:E6:DD:8C:81:6F:9D:FB:B9:CA:04
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 492B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jj1cNCUf53zPsubdjIFvnfu5ygQ.roa
Signing time: Fri 26 Apr 2024 03:23:20 +0000
ROA not before: Fri 26 Apr 2024 03:23:20 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18731 (0x492b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 26 03:23:20 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8E3D5C34251FE77CCFB2E6DD8C816F9DFBB9CA04
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:84:00:c1:2d:3b:dc:c3:d8:47:3c:f3:ef:5d:
f1:f4:46:2e:c9:cc:f6:3c:09:a8:bd:50:29:6b:9c:
84:65:16:fb:89:9b:48:5c:d0:2c:81:f8:f1:89:02:
12:76:36:1b:a4:73:42:c6:01:ff:ff:a4:a1:43:63:
35:5c:8f:6a:0c:18:1d:48:c9:40:f3:3c:30:a8:aa:
10:38:8e:b9:59:c7:69:ae:fa:7b:36:7f:68:90:ea:
ee:b9:6d:ad:55:42:6f:16:8b:ea:93:83:85:76:9c:
0b:86:9f:6d:2c:bd:01:b4:37:d0:35:9c:f7:bd:5d:
fb:01:57:56:f3:31:34:3f:4b:46:ac:da:03:d4:bb:
53:c4:1b:32:a7:11:8c:3a:8c:98:e2:70:8d:7b:d1:
e3:a1:5d:db:94:b4:fa:f3:08:dc:4f:70:bd:e0:16:
9c:69:7e:db:3d:54:a7:40:ec:da:2a:46:85:65:30:
04:48:52:0c:d5:a9:90:62:37:02:94:fc:db:26:a7:
bd:aa:7e:de:47:96:77:e0:ef:e7:5e:17:43:59:6e:
dd:c4:96:54:46:fb:5a:75:d8:26:d3:93:05:4e:18:
46:27:d2:29:47:b2:98:8c:ac:66:b7:e5:21:49:ec:
6d:88:31:09:ff:40:d4:7b:35:70:9f:e8:dd:ce:1f:
e9:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:3D:5C:34:25:1F:E7:7C:CF:B2:E6:DD:8C:81:6F:9D:FB:B9:CA:04
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jj1cNCUf53zPsubdjIFvnfu5ygQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
9e:c0:7c:58:98:74:40:f8:c1:49:3a:a8:fc:21:69:30:07:7a:
79:08:ad:b4:56:64:eb:9a:c4:57:e1:55:f8:93:2d:25:2b:00:
99:81:3f:ca:fb:6b:cb:a0:ec:15:d8:91:1a:1a:1b:f5:aa:95:
9e:74:23:70:28:90:c6:e0:f6:2a:aa:a3:c7:12:4c:6c:24:16:
78:4b:77:de:81:19:e2:fb:53:08:cb:31:84:a1:dc:98:07:18:
d6:4d:43:8f:7c:6d:8d:e0:a8:44:dc:16:09:d3:a2:15:92:e1:
aa:68:a2:cc:0c:02:d8:bb:15:f2:e0:96:75:28:ab:71:6a:8d:
6e:a8:57:45:05:f2:95:2a:a2:52:94:fa:aa:2c:e8:60:89:12:
4b:17:f3:16:4b:03:35:93:fb:63:17:8b:a4:b4:3b:e6:4e:0a:
0c:3a:ea:fa:80:36:8a:b6:3e:a4:b7:ac:ea:85:5b:d3:7a:6c:
f9:3b:c6:3b:7a:e4:d8:56:4a:99:30:83:9d:96:b1:8c:6a:9d:
7c:bb:86:6e:22:51:31:57:f2:af:d7:be:a7:47:b6:d7:e0:0c:
04:49:37:00:b0:cb:e5:02:f5:a9:df:05:b9:ec:29:29:39:6c:
7c:3a:e2:83:da:7e:62:75:51:18:d9:5e:0c:96:53:57:b1:e4:
14:f8:08:9a
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICSSswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjYw
MzIzMjBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhFM0Q1QzM0MjUxRkU3
N0NDRkIyRTZERDhDODE2RjlERkJCOUNBMDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCmhADBLTvcw9hHPPPvXfH0Ri7JzPY8Cai9UClrnIRlFvuJm0hc
0CyB+PGJAhJ2Nhukc0LGAf//pKFDYzVcj2oMGB1IyUDzPDCoqhA4jrlZx2mu+ns2
f2iQ6u65ba1VQm8Wi+qTg4V2nAuGn20svQG0N9A1nPe9XfsBV1bzMTQ/S0as2gPU
u1PEGzKnEYw6jJjicI170eOhXduUtPrzCNxPcL3gFpxpfts9VKdA7NoqRoVlMARI
UgzVqZBiNwKU/Nsmp72qft5Hlnfg7+deF0NZbt3EllRG+1p12CbTkwVOGEYn0ilH
spiMrGa35SFJ7G2IMQn/QNR7NXCf6N3OH+l1AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUjj1cNCUf53zPsubdjIFvnfu5ygQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2pqMWNOQ1VmNTN6UHN1
YmRqSUZ2bmZ1NXlnUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAJ7AfFiYdED4wUk6qPwhaTAHenkIrbRW
ZOuaxFfhVfiTLSUrAJmBP8r7a8ug7BXYkRoaG/WqlZ50I3AokMbg9iqqo8cSTGwk
FnhLd96BGeL7UwjLMYSh3JgHGNZNQ498bY3gqETcFgnTohWS4apooswMAti7FfLg
lnUoq3FqjW6oV0UF8pUqolKU+qos6GCJEksX8xZLAzWT+2MXi6S0O+ZOCgw66vqA
Noq2PqS3rOqFW9N6bPk7xjt65NhWSpkwg52WsYxqnXy7hm4iUTFX8q/XvqdHttfg
DARJNwCwy+UC9anfBbnsKSk5bHw64oPafmJ1URjZXgyWU1ex5BT4CJo=
-----END CERTIFICATE-----
Generated at Sun May 18 09:25:17 2025 by rpki-client