Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/zNjBn-KpvC9G8GExxYI4XHruaeI.roa
File: zNjBn-KpvC9G8GExxYI4XHruaeI.roa (raw, json)
Hash identifier: b+nEwkGmynGEkgxc+T+kHJN3A0TjOOdC13GBfEt34HU=
Subject key identifier: CC:D8:C1:9F:E2:A9:BC:2F:46:F0:61:31:C5:82:38:5C:7A:EE:69:E2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4CBB
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zNjBn-KpvC9G8GExxYI4XHruaeI.roa
Signing time: Tue 30 Apr 2024 21:23:50 +0000
ROA not before: Tue 30 Apr 2024 21:23:50 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19643 (0x4cbb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 30 21:23:50 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=CCD8C19FE2A9BC2F46F06131C582385C7AEE69E2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:4b:a3:3d:85:ec:c9:16:4b:7f:b6:1b:8a:ba:
7b:e1:dc:5b:80:60:f3:73:de:70:b2:94:c7:bb:be:
39:c8:af:f9:f7:ec:64:79:e6:1b:a5:8e:4d:2c:c9:
f0:b1:c4:ad:fa:cb:f4:bd:db:e4:6e:83:61:60:68:
9c:a7:29:bd:61:f8:c8:a1:8e:1f:42:9c:da:e3:76:
09:76:db:7d:f6:a0:04:93:37:6d:fa:6c:22:91:36:
01:82:2e:17:66:fe:83:d3:52:be:6f:a9:e3:f9:f6:
95:43:20:5e:3f:de:42:4d:04:1b:cc:43:bf:4d:bf:
b3:58:f0:05:39:af:99:88:8b:a9:2e:17:37:99:d0:
81:d9:0f:15:3d:61:18:a2:37:1e:98:31:0a:2e:27:
1d:73:77:81:62:b8:80:e0:83:ab:0c:c7:b5:56:c4:
6f:62:54:54:73:0d:84:83:eb:ed:4d:26:5a:bf:42:
a9:f8:97:c1:81:49:a0:35:01:0a:b8:01:99:cc:c0:
d7:ff:3a:73:99:a3:48:a9:83:8a:0d:83:c3:07:d1:
0f:a7:c2:a5:b0:4f:f6:83:66:bc:06:0e:1b:78:48:
fd:70:84:ae:c8:d7:6a:f0:31:07:d0:5b:e9:7c:07:
73:c4:1e:f1:f8:dc:88:be:34:89:e8:92:42:f2:78:
c5:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:D8:C1:9F:E2:A9:BC:2F:46:F0:61:31:C5:82:38:5C:7A:EE:69:E2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zNjBn-KpvC9G8GExxYI4XHruaeI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
ba:8d:e2:41:62:2f:17:0c:10:ab:b6:5d:a7:6e:59:07:82:b3:
b6:ae:72:51:7b:8c:e8:5e:60:fc:6a:cb:94:3a:11:84:1d:82:
23:d1:3d:d0:26:4b:23:25:92:d1:23:0a:69:69:c5:43:4c:1a:
9e:21:91:14:42:9a:78:f4:cb:67:77:62:39:5e:51:a2:bd:e5:
ae:b2:9a:ea:5e:3b:92:c6:be:df:b0:84:c4:1c:e4:00:21:5f:
3d:ee:25:50:61:3f:a0:d3:b2:fc:dd:c8:18:9c:5e:8a:87:c5:
01:28:5c:a7:20:de:58:54:ad:ff:12:73:4e:18:f7:e4:b4:2c:
35:92:72:4b:e7:d4:ee:fc:24:1b:ee:35:06:71:cf:90:a1:1a:
29:91:1b:ea:ee:8d:9b:98:47:f9:29:88:1c:57:20:ea:a6:0a:
fe:9c:aa:a0:ed:74:df:9a:1e:19:02:d1:04:b5:8e:44:e8:15:
07:d6:d9:3c:3a:2c:0a:d8:fa:33:c3:cd:91:89:08:0b:4e:46:
c3:a1:ed:a8:cc:9d:22:8e:04:57:49:a2:13:18:87:a6:fc:fb:
02:3d:ce:a2:51:a3:3a:1e:aa:71:e7:b5:46:b8:d2:ed:3a:db:
26:7c:84:13:6d:c4:3c:b8:0c:c7:ca:27:59:ce:5d:5c:84:97:
41:43:ff:25
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICTLswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MzAy
MTIzNTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKENDRDhDMTlGRTJBOUJD
MkY0NkYwNjEzMUM1ODIzODVDN0FFRTY5RTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC5S6M9hezJFkt/thuKunvh3FuAYPNz3nCylMe7vjnIr/n37GR5
5huljk0syfCxxK36y/S92+Rug2FgaJynKb1h+Mihjh9CnNrjdgl22332oASTN236
bCKRNgGCLhdm/oPTUr5vqeP59pVDIF4/3kJNBBvMQ79Nv7NY8AU5r5mIi6kuFzeZ
0IHZDxU9YRiiNx6YMQouJx1zd4FiuIDgg6sMx7VWxG9iVFRzDYSD6+1NJlq/Qqn4
l8GBSaA1AQq4AZnMwNf/OnOZo0ipg4oNg8MH0Q+nwqWwT/aDZrwGDht4SP1whK7I
12rwMQfQW+l8B3PEHvH43Ii+NInokkLyeMVFAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUzNjBn+KpvC9G8GExxYI4XHruaeIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3pOakJuLUtwdkM5RzhH
RXh4WUk0WEhydWFlSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBALqN4kFiLxcMEKu2XaduWQeCs7auclF7
jOheYPxqy5Q6EYQdgiPRPdAmSyMlktEjCmlpxUNMGp4hkRRCmnj0y2d3YjleUaK9
5a6ymupeO5LGvt+whMQc5AAhXz3uJVBhP6DTsvzdyBicXoqHxQEoXKcg3lhUrf8S
c04Y9+S0LDWSckvn1O78JBvuNQZxz5ChGimRG+rujZuYR/kpiBxXIOqmCv6cqqDt
dN+aHhkC0QS1jkToFQfW2Tw6LArY+jPDzZGJCAtORsOh7ajMnSKOBFdJohMYh6b8
+wI9zqJRozoeqnHntUa40u062yZ8hBNtxDy4DMfKJ1nOXVyEl0FD/yU=
-----END CERTIFICATE-----
Generated at Sat May 17 19:42:09 2025 by rpki-client