Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/kMPO7N-m2DVbSLprWBkULLx3d8Q.roa
File: kMPO7N-m2DVbSLprWBkULLx3d8Q.roa (raw, json)
Hash identifier: hbWNK8DrCW0nMdAB64x+50/ZK9AOZCQFczqNS2Xw0X4=
Subject key identifier: 90:C3:CE:EC:DF:A6:D8:35:5B:48:BA:6B:58:19:14:2C:BC:77:77:C4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3583
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/kMPO7N-m2DVbSLprWBkULLx3d8Q.roa
Signing time: Sat 30 Mar 2024 22:22:11 +0000
ROA not before: Sat 30 Mar 2024 22:22:11 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13699 (0x3583)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 30 22:22:11 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=90C3CEECDFA6D8355B48BA6B5819142CBC7777C4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:4d:6f:03:1e:ab:0b:6f:2a:f2:8a:66:f5:48:
05:26:d6:69:d7:eb:43:11:4a:7a:44:1c:21:1f:df:
44:3c:99:5a:48:2d:18:72:2b:fd:b4:d7:3d:41:94:
71:4b:3e:a0:6f:bd:c9:08:6a:69:02:7c:ea:1c:6f:
21:1d:37:b4:17:68:85:28:e5:be:67:10:f2:67:fc:
c7:54:e9:4e:09:7c:1e:ba:5a:47:0c:da:7b:42:b0:
87:42:0e:e6:2b:dd:f0:f6:b9:10:69:55:51:10:d4:
5e:70:1b:e2:51:41:bc:b2:b2:42:8c:2c:ee:d8:ee:
3a:dc:b8:8a:fa:3a:3c:4d:f3:10:91:ea:bd:88:68:
18:84:3a:2b:4d:a6:df:3e:8c:4c:32:b0:a1:fd:9f:
ce:22:83:49:fd:bc:b9:9d:64:af:38:8f:31:63:fb:
5d:e2:7c:a6:b8:e9:8a:0e:4b:6f:e8:e9:d2:40:20:
2c:2c:ea:fb:e3:f1:39:7c:30:6d:f6:2b:41:08:8c:
0e:46:3a:db:2b:4e:10:fc:40:b6:cb:47:25:3e:c5:
fa:09:78:f3:92:af:91:ee:bc:66:07:22:37:65:66:
cd:d7:cb:c0:36:f3:4f:03:a4:d9:22:ea:f8:2b:46:
27:c5:61:97:d3:ea:ad:a4:21:1f:d8:e4:98:bc:c0:
a6:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:C3:CE:EC:DF:A6:D8:35:5B:48:BA:6B:58:19:14:2C:BC:77:77:C4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/kMPO7N-m2DVbSLprWBkULLx3d8Q.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
66:f7:e5:41:30:03:8a:e3:6b:1c:d2:72:ef:70:8d:e6:95:2e:
96:bd:8c:5b:4c:df:a3:73:ef:fe:70:39:1b:7b:d5:93:a9:f8:
9d:cf:ec:be:f0:f4:9c:cb:b1:b2:35:72:e4:08:66:f8:74:56:
46:49:f8:7a:c0:1f:2e:67:84:83:e4:70:15:af:95:2a:92:36:
92:9d:c3:07:07:22:65:9b:7c:c8:5e:f0:9d:0e:14:bd:3f:2b:
ab:b6:f4:54:12:e5:24:4b:d5:ec:b1:ad:16:6f:9c:b9:5f:71:
ca:6a:01:64:91:91:06:70:ff:84:92:f3:24:41:78:78:95:a1:
73:98:36:88:35:1a:25:45:01:c0:21:b1:be:72:3a:dc:59:43:
93:e7:04:6f:77:e5:b5:d4:a8:0d:e9:7c:6d:c2:de:a2:a6:25:
ab:bb:f4:b6:1d:88:5f:5f:1e:0e:d7:3b:73:c7:3c:d2:47:29:
34:49:1e:2f:16:3a:1c:fc:91:69:d0:d3:cf:ba:ce:e3:e6:47:
3d:55:cb:be:22:37:91:52:59:69:86:85:51:5c:51:a5:26:4a:
66:5f:9b:31:54:8b:95:b8:bc:12:30:bf:7d:b0:2a:13:54:9b:
6f:7f:e1:4f:5f:b1:fe:44:b3:d9:74:d1:cc:67:23:f6:af:4c:
03:7b:33:72
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICNYMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzAy
MjIyMTFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDkwQzNDRUVDREZBNkQ4
MzU1QjQ4QkE2QjU4MTkxNDJDQkM3Nzc3QzQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDhTW8DHqsLbyryimb1SAUm1mnX60MRSnpEHCEf30Q8mVpILRhy
K/201z1BlHFLPqBvvckIamkCfOocbyEdN7QXaIUo5b5nEPJn/MdU6U4JfB66WkcM
2ntCsIdCDuYr3fD2uRBpVVEQ1F5wG+JRQbyyskKMLO7Y7jrcuIr6OjxN8xCR6r2I
aBiEOitNpt8+jEwysKH9n84ig0n9vLmdZK84jzFj+13ifKa46YoOS2/o6dJAICws
6vvj8Tl8MG32K0EIjA5GOtsrThD8QLbLRyU+xfoJePOSr5HuvGYHIjdlZs3Xy8A2
808DpNki6vgrRifFYZfT6q2kIR/Y5Ji8wKbXAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUkMPO7N+m2DVbSLprWBkULLx3d8QwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2tNUE83Ti1tMkRWYlNM
cHJXQmtVTEx4M2Q4US5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAGb35UEwA4rjaxzScu9wjeaVLpa9jFtM
36Nz7/5wORt71ZOp+J3P7L7w9JzLsbI1cuQIZvh0VkZJ+HrAHy5nhIPkcBWvlSqS
NpKdwwcHImWbfMhe8J0OFL0/K6u29FQS5SRL1eyxrRZvnLlfccpqAWSRkQZw/4SS
8yRBeHiVoXOYNog1GiVFAcAhsb5yOtxZQ5PnBG935bXUqA3pfG3C3qKmJau79LYd
iF9fHg7XO3PHPNJHKTRJHi8WOhz8kWnQ08+6zuPmRz1Vy74iN5FSWWmGhVFcUaUm
SmZfmzFUi5W4vBIwv32wKhNUm29/4U9fsf5Es9l00cxnI/avTAN7M3I=
-----END CERTIFICATE-----
Generated at Sun May 18 04:51:06 2025 by rpki-client