Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/nUZZEFgU7pqdembLlQ6uPovhkYw.roa
File: nUZZEFgU7pqdembLlQ6uPovhkYw.roa (raw, json)
Hash identifier: RXz7dW286rE9Moa9nDuxnX3FmSi2Ii2rfZTttddqTj0=
Subject key identifier: 9D:46:59:10:58:14:EE:9A:9D:7A:66:CB:95:0E:AE:3E:8B:E1:91:8C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 556F
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nUZZEFgU7pqdembLlQ6uPovhkYw.roa
Signing time: Sun 12 May 2024 11:54:13 +0000
ROA not before: Sun 12 May 2024 11:54:13 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21871 (0x556f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 12 11:54:13 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=9D4659105814EE9A9D7A66CB950EAE3E8BE1918C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:c3:f9:4c:ca:6c:47:fe:48:9b:e0:0f:54:9f:
52:88:f2:66:e3:ef:5a:d4:15:b3:c2:d8:db:7a:82:
3d:ca:b5:a4:5e:0e:02:27:68:16:9e:48:ae:7c:a9:
ba:5f:eb:39:b9:38:4f:b0:f0:22:14:e7:c7:a3:a1:
2b:9a:56:24:6c:4a:82:c7:75:05:41:12:4c:08:85:
d9:4d:a6:e9:0d:ae:62:a5:e0:d8:0c:24:9d:1f:a6:
89:87:3d:b2:30:c0:72:10:30:30:ee:fe:8c:03:28:
40:15:d2:4a:a2:07:39:25:a3:50:02:73:80:16:b1:
63:34:6b:92:12:b8:c2:d8:e1:9c:8e:44:56:53:93:
b9:51:0c:bd:72:97:89:37:3b:42:b6:ce:6d:00:5a:
f3:e1:4b:7f:43:2c:19:20:67:00:45:c9:09:65:a6:
94:66:a1:ce:ea:98:15:e0:3d:34:75:25:e5:6b:42:
7f:0e:b6:ce:0f:f0:df:ca:24:c9:da:17:e3:57:6d:
fb:05:2e:e5:d0:7a:16:71:b2:a3:f9:3c:37:04:b7:
0a:57:0c:4b:34:cf:38:cd:57:8f:0a:ae:07:86:60:
9a:95:cf:99:b8:d3:9d:9a:fb:31:67:df:bc:04:77:
11:9d:d7:91:25:44:4d:b7:d0:32:81:25:b8:37:8a:
24:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:46:59:10:58:14:EE:9A:9D:7A:66:CB:95:0E:AE:3E:8B:E1:91:8C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nUZZEFgU7pqdembLlQ6uPovhkYw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
24:14:0b:ac:87:29:bf:df:b9:66:e6:11:e6:7c:6c:17:04:46:
17:3d:43:59:de:79:4a:04:5e:00:51:42:ca:10:ea:15:47:26:
de:44:79:2e:aa:ac:c9:96:89:57:6b:96:a1:3a:a6:44:6e:72:
10:e6:86:c5:47:86:7d:68:91:31:ce:fc:41:05:f4:5f:4e:93:
1a:c3:23:f8:6e:8a:86:45:0d:42:0d:ce:4a:4a:2a:db:b3:20:
9f:19:52:06:ab:d1:45:15:12:28:94:28:7a:e0:50:b5:76:55:
f4:ac:e9:0d:b3:e3:1b:9d:e0:1b:6d:4b:11:c0:46:dd:f2:69:
25:85:91:c0:e3:d4:07:8d:6e:1b:76:44:d9:fe:a5:30:ca:0e:
ca:44:46:f2:06:56:8a:c6:03:ac:38:c3:04:4d:f0:ee:10:71:
56:9a:43:60:61:a7:82:dd:26:2a:65:8a:6d:d7:d5:50:49:b5:
73:a3:30:a6:fc:1c:2c:1c:50:3a:c9:7d:99:b7:6d:a7:25:bc:
59:5d:b5:24:b3:b4:cf:e0:18:cd:b3:c0:5a:59:6d:35:18:0c:
d9:4c:fc:4d:6c:51:4a:4a:5f:c5:75:c7:94:76:b2:4b:af:e0:
ea:49:cf:51:61:20:76:05:c1:26:17:64:c5:a7:69:f0:a6:22:
30:4b:f9:54
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICVW8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTIx
MTU0MTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDlENDY1OTEwNTgxNEVF
OUE5RDdBNjZDQjk1MEVBRTNFOEJFMTkxOEMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCxw/lMymxH/kib4A9Un1KI8mbj71rUFbPC2Nt6gj3KtaReDgIn
aBaeSK58qbpf6zm5OE+w8CIU58ejoSuaViRsSoLHdQVBEkwIhdlNpukNrmKl4NgM
JJ0fpomHPbIwwHIQMDDu/owDKEAV0kqiBzklo1ACc4AWsWM0a5ISuMLY4ZyORFZT
k7lRDL1yl4k3O0K2zm0AWvPhS39DLBkgZwBFyQllppRmoc7qmBXgPTR1JeVrQn8O
ts4P8N/KJMnaF+NXbfsFLuXQehZxsqP5PDcEtwpXDEs0zzjNV48KrgeGYJqVz5m4
052a+zFn37wEdxGd15ElRE230DKBJbg3iiTJAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUnUZZEFgU7pqdembLlQ6uPovhkYwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L25VWlpFRmdVN3BxZGVt
YkxsUTZ1UG92aGtZdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBACQUC6yHKb/fuWbmEeZ8bBcERhc9Q1ne
eUoEXgBRQsoQ6hVHJt5EeS6qrMmWiVdrlqE6pkRuchDmhsVHhn1okTHO/EEF9F9O
kxrDI/huioZFDUINzkpKKtuzIJ8ZUgar0UUVEiiUKHrgULV2VfSs6Q2z4xud4Btt
SxHARt3yaSWFkcDj1AeNbht2RNn+pTDKDspERvIGVorGA6w4wwRN8O4QcVaaQ2Bh
p4LdJiplim3X1VBJtXOjMKb8HCwcUDrJfZm3baclvFldtSSztM/gGM2zwFpZbTUY
DNlM/E1sUUpKX8V1x5R2skuv4OpJz1FhIHYFwSYXZMWnafCmIjBL+VQ=
-----END CERTIFICATE-----
Generated at Sat May 17 21:26:04 2025 by rpki-client