Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ugg_F3aojHIrQaHiN1Znhor3pqs.roa
File: ugg_F3aojHIrQaHiN1Znhor3pqs.roa (raw, json)
Hash identifier: oYsfpQpCjHaQDe7owGOBryW391COniNx0dohs1FHD0Y=
Subject key identifier: BA:08:3F:17:76:A8:8C:72:2B:41:A1:E2:37:56:67:86:8A:F7:A6:AB
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 32F3
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ugg_F3aojHIrQaHiN1Znhor3pqs.roa
Signing time: Wed 27 Mar 2024 12:22:10 +0000
ROA not before: Wed 27 Mar 2024 12:22:10 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13043 (0x32f3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 27 12:22:10 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=BA083F1776A88C722B41A1E2375667868AF7A6AB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:5e:46:a4:ff:b7:16:87:40:d3:81:91:1a:2d:
12:b4:ee:93:f2:e8:3a:94:e6:8b:8d:62:3c:57:4e:
57:af:31:41:ad:40:7e:75:ae:d1:39:01:22:dd:f9:
04:ff:96:7d:54:ba:97:07:da:28:da:49:9a:0b:23:
41:16:fb:0c:6a:25:14:83:d7:51:d9:d3:31:f6:f2:
59:fb:05:53:58:91:4d:9c:1d:f4:66:c8:94:41:3e:
c2:56:a9:47:d5:94:c4:24:77:8c:c2:11:8f:9e:eb:
94:d3:c3:53:3b:11:a8:10:b1:ba:09:d4:2b:75:52:
32:27:c2:4b:a3:a2:14:17:d3:25:bb:85:20:45:a1:
20:60:e5:74:96:c3:e6:8d:fd:95:5b:5d:f0:22:cb:
87:91:90:30:8b:75:42:7f:dc:28:cf:54:f6:ae:bc:
10:e0:52:3d:79:0d:c2:d4:86:82:15:06:63:14:84:
f5:a7:72:62:12:9d:f4:79:6e:35:ee:c2:c7:fa:22:
50:38:09:fa:5d:68:52:c7:4a:cb:00:23:f6:f4:7d:
0a:64:21:e2:7f:2c:80:d4:44:5a:1d:e1:ae:64:4c:
e1:c3:67:69:e9:79:f6:95:80:e2:6e:8c:a8:9d:78:
60:fc:24:45:9d:69:c1:a5:d4:97:d3:2d:31:21:b1:
14:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:08:3F:17:76:A8:8C:72:2B:41:A1:E2:37:56:67:86:8A:F7:A6:AB
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ugg_F3aojHIrQaHiN1Znhor3pqs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
a8:21:46:23:3e:16:50:a3:fb:9d:f3:c0:76:dc:66:81:5f:af:
b0:96:47:40:6e:f1:0b:7a:06:a5:48:73:d5:da:c7:68:09:3e:
e5:31:74:32:b6:8d:67:e7:e0:40:c6:f8:64:25:f9:1c:c3:8e:
f8:74:5d:39:d5:2d:b9:c5:09:e7:5f:bd:18:87:3a:19:b8:d8:
8b:d0:59:78:a5:54:b9:bb:80:9b:f6:b9:36:9b:13:44:30:1f:
7d:2d:28:28:e5:a9:1b:e9:c3:33:10:7b:69:de:db:bf:3e:f3:
57:97:05:a7:13:50:50:92:0b:f7:ae:fd:49:14:ea:89:d6:93:
ba:95:b8:65:03:af:65:a4:2a:c0:14:ad:2d:25:ff:21:51:32:
c4:ae:3f:96:9b:6a:17:74:d5:42:18:bf:39:af:68:5f:5d:3f:
3a:21:2f:de:3b:4d:41:b0:50:f0:6d:9d:86:1e:42:e8:eb:f3:
f9:1a:50:f2:5e:e9:c5:29:da:78:a1:d2:20:18:54:15:41:bb:
c3:28:bf:01:bf:12:f5:8d:09:a0:f9:f3:f1:a8:bb:27:a2:40:
e5:83:cd:b7:71:f0:bb:c2:89:04:c7:e1:46:8d:63:bd:87:3f:
b1:d9:06:76:ec:57:5e:ea:b8:15:0d:43:9c:f3:68:f4:2f:56:
07:01:8e:d4
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICMvMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjcx
MjIyMTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEJBMDgzRjE3NzZBODhD
NzIyQjQxQTFFMjM3NTY2Nzg2OEFGN0E2QUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC3Xkak/7cWh0DTgZEaLRK07pPy6DqU5ouNYjxXTlevMUGtQH51
rtE5ASLd+QT/ln1UupcH2ijaSZoLI0EW+wxqJRSD11HZ0zH28ln7BVNYkU2cHfRm
yJRBPsJWqUfVlMQkd4zCEY+e65TTw1M7EagQsboJ1Ct1UjInwkujohQX0yW7hSBF
oSBg5XSWw+aN/ZVbXfAiy4eRkDCLdUJ/3CjPVPauvBDgUj15DcLUhoIVBmMUhPWn
cmISnfR5bjXuwsf6IlA4CfpdaFLHSssAI/b0fQpkIeJ/LIDURFod4a5kTOHDZ2np
efaVgOJujKideGD8JEWdacGl1JfTLTEhsRTlAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUugg/F3aojHIrQaHiN1Znhor3pqswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3VnZ19GM2FvakhJclFh
SGlOMVpuaG9yM3Bxcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAKghRiM+FlCj+53zwHbcZoFfr7CWR0Bu
8Qt6BqVIc9Xax2gJPuUxdDK2jWfn4EDG+GQl+RzDjvh0XTnVLbnFCedfvRiHOhm4
2IvQWXilVLm7gJv2uTabE0QwH30tKCjlqRvpwzMQe2ne278+81eXBacTUFCSC/eu
/UkU6onWk7qVuGUDr2WkKsAUrS0l/yFRMsSuP5abahd01UIYvzmvaF9dPzohL947
TUGwUPBtnYYeQujr8/kaUPJe6cUp2nih0iAYVBVBu8MovwG/EvWNCaD58/Gouyei
QOWDzbdx8LvCiQTH4UaNY72HP7HZBnbsV17quBUNQ5zzaPQvVgcBjtQ=
-----END CERTIFICATE-----
Generated at Sat May 17 20:00:56 2025 by rpki-client