Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/z1WI_t_hlLe4ybf3j1p1r32ffkQ.roa
File: z1WI_t_hlLe4ybf3j1p1r32ffkQ.roa (raw, json)
Hash identifier: 6J0TPGPQiQ6ZP88ZzjFNM9bs6ZUbB7diGL8Iq5feXiE=
Subject key identifier: CF:55:88:FE:DF:E1:94:B7:B8:C9:B7:F7:8F:5A:75:AF:7D:9F:7E:44
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4E2B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/z1WI_t_hlLe4ybf3j1p1r32ffkQ.roa
Signing time: Thu 02 May 2024 19:23:59 +0000
ROA not before: Thu 02 May 2024 19:23:59 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20011 (0x4e2b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 2 19:23:59 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=CF5588FEDFE194B7B8C9B7F78F5A75AF7D9F7E44
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:76:fd:5a:71:a3:ff:8c:a0:8e:f9:4e:d9:95:
eb:4d:73:6c:e9:5a:c8:b7:1d:3d:ea:3a:a9:b3:74:
a1:4a:d3:0c:6f:f2:0a:c6:ae:b1:0f:48:e2:f1:96:
46:1a:98:74:fe:86:93:57:8b:ca:6e:4a:4f:df:1a:
83:55:e3:ed:09:a8:4a:5e:c9:95:27:ef:13:ce:65:
7c:d6:be:b6:42:7a:91:bc:4d:8c:dd:4a:7c:a8:99:
78:82:7b:5a:99:6d:af:40:2d:07:46:f2:b7:7b:90:
52:52:c2:ba:b6:51:f8:49:a8:04:fa:bc:21:1a:db:
b7:5c:bb:c8:9a:55:7d:38:36:2f:32:a3:59:36:84:
16:56:5e:c6:a6:04:45:8c:be:18:93:b5:b3:26:9a:
ad:a8:92:65:15:4a:f8:e4:41:4f:9d:f0:30:c1:bb:
99:5a:03:25:29:8d:a8:e7:3d:c3:5c:ca:87:28:27:
ff:b9:d1:2f:23:71:6d:95:4b:95:44:8b:d8:92:44:
ef:82:ee:6f:72:e5:69:5f:6f:b5:46:52:98:48:cd:
70:65:d7:1d:2d:86:3f:4d:e5:77:e4:2c:4e:d9:0d:
fd:96:0e:ce:da:77:9c:52:b6:61:5d:5c:e9:39:ea:
35:47:b9:d6:43:f9:33:09:96:30:f4:3b:f0:fe:e4:
8f:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:55:88:FE:DF:E1:94:B7:B8:C9:B7:F7:8F:5A:75:AF:7D:9F:7E:44
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/z1WI_t_hlLe4ybf3j1p1r32ffkQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
69:a1:5d:20:04:9d:f6:64:e7:19:fa:66:15:67:ee:0e:dc:e6:
31:0c:10:be:be:bb:7c:9c:bb:56:be:a3:ac:03:bd:d9:cb:ab:
a4:ed:5a:38:01:73:e4:8a:93:20:de:f8:8c:35:06:9b:16:ad:
7c:9c:01:e5:2d:4c:ae:cd:ea:e9:9c:f1:58:69:7d:a3:c6:04:
5d:e9:eb:39:36:17:60:c4:e2:f7:47:24:78:46:08:ad:c9:73:
6c:3e:ca:ef:fd:fd:ae:7a:a7:42:4c:6b:d7:1a:bc:bb:47:5c:
1f:5e:19:e1:e6:60:b6:49:95:a2:f3:06:0c:12:72:6c:12:b7:
bd:3d:59:bf:1c:e9:c8:18:a5:09:9e:b7:68:8e:7a:ce:b2:5b:
67:5a:03:f0:5a:2d:ff:d1:65:e4:af:ee:83:37:bc:8f:9e:5f:
09:cd:4e:3b:b3:97:73:1d:b8:be:34:03:86:eb:37:fb:ec:eb:
75:1f:f5:36:88:f0:e0:50:08:a4:64:6d:03:cd:7c:c7:55:35:
63:18:42:8c:1e:fa:b1:0d:d6:5a:37:50:86:17:e9:4e:b3:8e:
69:8a:5b:6c:06:5d:77:17:36:e9:95:16:13:00:5d:76:ca:83:
b5:9a:5c:5e:c5:d7:f3:c1:82:11:cf:29:3e:40:ae:1a:7b:4d:
b5:a8:d5:35
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICTiswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDIx
OTIzNTlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKENGNTU4OEZFREZFMTk0
QjdCOEM5QjdGNzhGNUE3NUFGN0Q5RjdFNDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+dv1acaP/jKCO+U7ZletNc2zpWsi3HT3qOqmzdKFK0wxv8grG
rrEPSOLxlkYamHT+hpNXi8puSk/fGoNV4+0JqEpeyZUn7xPOZXzWvrZCepG8TYzd
SnyomXiCe1qZba9ALQdG8rd7kFJSwrq2UfhJqAT6vCEa27dcu8iaVX04Ni8yo1k2
hBZWXsamBEWMvhiTtbMmmq2okmUVSvjkQU+d8DDBu5laAyUpjajnPcNcyocoJ/+5
0S8jcW2VS5VEi9iSRO+C7m9y5Wlfb7VGUphIzXBl1x0thj9N5XfkLE7ZDf2WDs7a
d5xStmFdXOk56jVHudZD+TMJljD0O/D+5I/bAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUz1WI/t/hlLe4ybf3j1p1r32ffkQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3oxV0lfdF9obExlNHli
ZjNqMXAxcjMyZmZrUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAGmhXSAEnfZk5xn6ZhVn7g7c5jEMEL6+
u3ycu1a+o6wDvdnLq6TtWjgBc+SKkyDe+Iw1BpsWrXycAeUtTK7N6umc8VhpfaPG
BF3p6zk2F2DE4vdHJHhGCK3Jc2w+yu/9/a56p0JMa9cavLtHXB9eGeHmYLZJlaLz
BgwScmwSt709Wb8c6cgYpQmet2iOes6yW2daA/BaLf/RZeSv7oM3vI+eXwnNTjuz
l3MduL40A4brN/vs63Uf9TaI8OBQCKRkbQPNfMdVNWMYQowe+rEN1lo3UIYX6U6z
jmmKW2wGXXcXNumVFhMAXXbKg7WaXF7F1/PBghHPKT5Arhp7TbWo1TU=
-----END CERTIFICATE-----
Generated at Sun May 18 03:37:09 2025 by rpki-client