Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ncB5gyVB2zZqtJrbqCent1BKP8w.roa
File: ncB5gyVB2zZqtJrbqCent1BKP8w.roa (raw, json)
Hash identifier: XwoX1Mz8ge9X6AC82+vSB4UiSo8ZOY9sO6nkR8uIWEM=
Subject key identifier: 9D:C0:79:83:25:41:DB:36:6A:B4:9A:DB:A8:27:A7:B7:50:4A:3F:CC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 403F
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ncB5gyVB2zZqtJrbqCent1BKP8w.roa
Signing time: Sun 14 Apr 2024 05:52:55 +0000
ROA not before: Sun 14 Apr 2024 05:52:55 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16447 (0x403f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 14 05:52:55 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=9DC079832541DB366AB49ADBA827A7B7504A3FCC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:e1:c4:49:8f:3b:17:c5:27:89:9f:1b:ea:eb:
a8:e3:5c:34:14:d6:6f:36:5d:ea:7d:20:14:37:03:
6a:52:08:c4:92:87:29:b5:ab:ed:d6:a8:0e:89:57:
f0:8b:b9:17:ef:0f:b5:d7:bb:85:c8:21:e1:5c:e3:
0f:c9:ff:e8:7c:b3:fd:24:00:3b:44:fd:4c:aa:86:
9b:97:c6:fd:fa:dc:ce:a0:cd:15:a4:40:dc:68:aa:
df:4a:72:c2:a3:87:c0:2d:f8:c8:18:54:99:3b:0f:
d2:6c:e5:cd:14:0f:40:1a:bf:c3:5d:05:27:0f:7d:
e2:11:c4:2d:a1:54:96:00:75:2a:3c:94:6a:b0:ab:
0e:9b:c1:dd:c0:52:31:90:da:2b:8b:ba:bf:9b:c2:
42:87:55:d2:85:2b:d6:48:3d:6b:63:7c:ce:1e:8f:
6d:99:5c:d4:eb:c5:30:a5:8a:61:e8:40:50:f0:07:
57:2f:b9:22:6c:09:09:81:15:bb:8d:30:96:24:4e:
a4:29:7f:d3:71:f2:ee:a0:86:15:43:bf:e5:fa:77:
c9:05:2b:a4:ac:cb:53:46:0d:04:02:68:d2:f2:ec:
0c:27:06:7b:03:2e:4a:d6:f3:7a:a4:87:c4:7f:eb:
dd:07:fa:f1:cc:ed:ec:d5:f8:51:59:ca:1c:11:56:
e7:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:C0:79:83:25:41:DB:36:6A:B4:9A:DB:A8:27:A7:B7:50:4A:3F:CC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ncB5gyVB2zZqtJrbqCent1BKP8w.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
79:49:29:db:04:bf:7e:16:83:50:c4:3e:df:7f:b0:25:88:1c:
42:46:1a:42:54:9a:4c:ad:eb:89:46:7a:d3:30:f0:76:be:a0:
5a:87:ac:0d:5e:fd:1e:8c:9f:c6:9b:3f:5f:ee:b8:38:8c:eb:
e1:11:75:ce:52:20:22:31:ba:ef:19:bf:c2:b7:c1:a3:5a:ae:
15:52:c0:3f:8b:1d:51:c9:1a:d1:cb:3c:43:04:64:0f:73:b3:
f7:30:b5:93:a1:cf:59:d2:97:d9:18:c3:44:99:4d:b4:49:c6:
bd:f4:d4:e4:36:ed:55:52:41:eb:d8:51:9d:e0:5b:01:f3:db:
0c:66:34:72:ab:80:e6:9c:7e:25:c1:87:7e:f5:a9:c6:39:40:
e8:65:cc:5d:d0:ac:ab:c0:0e:04:90:04:76:23:46:6e:0c:34:
65:ae:82:c9:4c:e1:15:38:7b:5c:0b:21:c9:a3:67:8a:a2:5b:
68:e5:4b:19:e1:b6:8e:2d:c5:9d:47:d6:41:ef:2f:33:72:ff:
c5:da:70:94:61:80:8e:01:b6:c1:51:2c:fe:ac:39:bc:3a:11:
31:cf:21:34:6f:cd:1e:0d:a3:8b:40:8c:31:e2:5b:90:ab:c6:
7d:e4:ae:b7:a3:df:1c:b2:34:10:5b:d1:6d:78:60:6f:7d:6e:
aa:63:c8:65
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQD8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTQw
NTUyNTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDlEQzA3OTgzMjU0MURC
MzY2QUI0OUFEQkE4MjdBN0I3NTA0QTNGQ0MwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCw4cRJjzsXxSeJnxvq66jjXDQU1m82Xep9IBQ3A2pSCMSShym1
q+3WqA6JV/CLuRfvD7XXu4XIIeFc4w/J/+h8s/0kADtE/UyqhpuXxv363M6gzRWk
QNxoqt9KcsKjh8At+MgYVJk7D9Js5c0UD0Aav8NdBScPfeIRxC2hVJYAdSo8lGqw
qw6bwd3AUjGQ2iuLur+bwkKHVdKFK9ZIPWtjfM4ej22ZXNTrxTClimHoQFDwB1cv
uSJsCQmBFbuNMJYkTqQpf9Nx8u6ghhVDv+X6d8kFK6Ssy1NGDQQCaNLy7AwnBnsD
LkrW83qkh8R/690H+vHM7ezV+FFZyhwRVufBAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUncB5gyVB2zZqtJrbqCent1BKP8wwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L25jQjVneVZCMnpacXRK
cmJxQ2VudDFCS1A4dy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAHlJKdsEv34Wg1DEPt9/sCWIHEJGGkJU
mkyt64lGetMw8Ha+oFqHrA1e/R6Mn8abP1/uuDiM6+ERdc5SICIxuu8Zv8K3waNa
rhVSwD+LHVHJGtHLPEMEZA9zs/cwtZOhz1nSl9kYw0SZTbRJxr301OQ27VVSQevY
UZ3gWwHz2wxmNHKrgOacfiXBh371qcY5QOhlzF3QrKvADgSQBHYjRm4MNGWugslM
4RU4e1wLIcmjZ4qiW2jlSxnhto4txZ1H1kHvLzNy/8XacJRhgI4BtsFRLP6sObw6
ETHPITRvzR4No4tAjDHiW5Crxn3krrej3xyyNBBb0W14YG99bqpjyGU=
-----END CERTIFICATE-----
Generated at Sun May 18 02:06:29 2025 by rpki-client