Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/kZT2nqzM2twk16zEOixnBegubgA.roa
File: kZT2nqzM2twk16zEOixnBegubgA.roa (raw, json)
Hash identifier: zLspwNKw8Iwu+RIwzc6/41vo5sc+YSsPXHIjyB1y2rg=
Subject key identifier: 91:94:F6:9E:AC:CC:DA:DC:24:D7:AC:C4:3A:2C:67:05:E8:2E:6E:00
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 48F7
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/kZT2nqzM2twk16zEOixnBegubgA.roa
Signing time: Thu 25 Apr 2024 20:53:20 +0000
ROA not before: Thu 25 Apr 2024 20:53:20 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18679 (0x48f7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 25 20:53:20 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=9194F69EACCCDADC24D7ACC43A2C6705E82E6E00
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f8:a4:e2:35:67:18:d0:99:d9:b4:69:98:6b:3a:
8b:fc:d5:08:b9:bb:fc:44:08:5a:85:d5:ed:6e:1c:
76:28:0c:74:88:4b:c2:49:9a:8b:25:05:01:67:96:
41:4e:39:f6:78:c3:07:4c:da:10:7e:df:cc:ca:63:
5d:d3:ed:16:1e:36:35:c2:42:3c:b1:93:04:ae:08:
48:27:14:2e:54:fc:ed:f6:42:1e:84:9d:8a:90:4d:
59:95:7f:79:db:55:c8:0f:b3:71:51:a7:11:44:e2:
91:b4:aa:e8:df:bb:13:c8:df:8c:d9:d6:bd:e0:b7:
6c:01:f4:f8:a6:39:7a:b6:bf:95:02:aa:82:74:a5:
86:28:82:71:be:a7:c0:fe:36:08:62:1c:87:ce:52:
7b:b5:de:e2:45:d7:fd:c3:1a:57:46:1e:cd:c5:1c:
b1:f0:26:f6:fa:3a:d2:e4:fe:f6:90:02:48:9d:84:
b9:5f:cc:aa:1d:ee:4a:f5:bf:0e:f0:f0:cd:35:e6:
74:8b:63:e8:45:05:6e:b1:e1:20:99:78:c3:f6:5a:
5c:8d:be:10:e2:84:f1:c4:de:0f:1d:dc:45:35:67:
b2:5c:8b:34:a4:9f:fa:dd:ec:91:d1:7c:29:7d:b0:
11:56:0d:d5:0b:bd:1e:94:8c:fa:22:5e:5a:62:c5:
15:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:94:F6:9E:AC:CC:DA:DC:24:D7:AC:C4:3A:2C:67:05:E8:2E:6E:00
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/kZT2nqzM2twk16zEOixnBegubgA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
3c:5b:d1:40:3a:42:ca:4d:ac:c1:9b:6c:07:3d:af:fc:94:5d:
51:b6:68:b9:b5:8d:34:e9:f9:25:8c:55:d5:1b:d4:79:25:c8:
ff:bb:04:cd:54:b7:45:8c:dd:4b:2c:99:ef:80:d9:b6:6a:49:
d1:b4:bb:65:6d:09:44:f9:7d:7f:ce:5f:d5:f5:e3:a7:3d:19:
5b:a1:13:77:aa:34:28:10:ec:67:b5:29:b3:a6:10:a3:ca:f2:
c4:09:41:90:fe:48:a9:2b:10:f9:fc:65:63:61:93:29:c7:35:
b0:35:ea:ae:f4:be:c1:5e:22:52:15:96:8e:4d:d6:dd:fd:3c:
13:aa:05:ba:99:68:23:3c:30:bc:22:22:e5:5e:bd:69:ca:b2:
3f:19:55:d4:62:d3:4e:2c:85:2f:03:8b:74:cc:7b:1c:03:9e:
76:11:64:20:09:e8:16:96:b9:3f:3f:51:6a:e6:a1:1a:85:7d:
93:62:70:ac:63:bb:8b:d4:62:41:ed:e6:c1:1d:93:8e:0f:c1:
82:8a:26:b6:6c:73:f3:47:e9:98:8c:b3:cb:61:37:14:5e:de:
8f:f8:8d:bf:17:bf:f2:13:79:00:5c:7a:f8:88:6b:d1:af:5a:
e9:2b:f7:c8:5e:55:63:92:3d:5f:88:31:72:82:d8:72:7c:d1:
5b:0c:8d:0d
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICSPcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjUy
MDUzMjBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDkxOTRGNjlFQUNDQ0RB
REMyNEQ3QUNDNDNBMkM2NzA1RTgyRTZFMDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD4pOI1ZxjQmdm0aZhrOov81Qi5u/xECFqF1e1uHHYoDHSIS8JJ
moslBQFnlkFOOfZ4wwdM2hB+38zKY13T7RYeNjXCQjyxkwSuCEgnFC5U/O32Qh6E
nYqQTVmVf3nbVcgPs3FRpxFE4pG0qujfuxPI34zZ1r3gt2wB9PimOXq2v5UCqoJ0
pYYognG+p8D+NghiHIfOUnu13uJF1/3DGldGHs3FHLHwJvb6OtLk/vaQAkidhLlf
zKod7kr1vw7w8M015nSLY+hFBW6x4SCZeMP2WlyNvhDihPHE3g8d3EU1Z7JcizSk
n/rd7JHRfCl9sBFWDdULvR6UjPoiXlpixRUXAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUkZT2nqzM2twk16zEOixnBegubgAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2taVDJucXpNMnR3azE2
ekVPaXhuQmVndWJnQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBADxb0UA6QspNrMGbbAc9r/yUXVG2aLm1
jTTp+SWMVdUb1HklyP+7BM1Ut0WM3Ussme+A2bZqSdG0u2VtCUT5fX/OX9X146c9
GVuhE3eqNCgQ7Ge1KbOmEKPK8sQJQZD+SKkrEPn8ZWNhkynHNbA16q70vsFeIlIV
lo5N1t39PBOqBbqZaCM8MLwiIuVevWnKsj8ZVdRi004shS8Di3TMexwDnnYRZCAJ
6BaWuT8/UWrmoRqFfZNicKxju4vUYkHt5sEdk44PwYKKJrZsc/NH6ZiMs8thNxRe
3o/4jb8Xv/ITeQBceviIa9GvWukr98heVWOSPV+IMXKC2HJ80VsMjQ0=
-----END CERTIFICATE-----
Generated at Sun May 18 01:54:55 2025 by rpki-client