Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/zZ3RLiFoVasfQev76HgaXI7EsIc.roa
File: zZ3RLiFoVasfQev76HgaXI7EsIc.roa (raw, json)
Hash identifier: nlXe2y+noLMLiMvvrkU4PMpEhUUbJmOBfubLAWl8Ddg=
Subject key identifier: CD:9D:D1:2E:21:68:55:AB:1F:41:EB:FB:E8:78:1A:5C:8E:C4:B0:87
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4CDF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zZ3RLiFoVasfQev76HgaXI7EsIc.roa
Signing time: Wed 01 May 2024 01:53:36 +0000
ROA not before: Wed 01 May 2024 01:53:36 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19679 (0x4cdf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 1 01:53:36 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=CD9DD12E216855AB1F41EBFBE8781A5C8EC4B087
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:f6:cd:16:d5:ca:1a:53:87:7d:b0:3f:72:0c:
13:f3:02:1b:3b:80:ce:23:cb:1a:6a:2e:3d:0e:75:
15:85:32:b8:22:1d:94:0e:8f:0e:0e:4b:89:e4:27:
0f:63:14:18:6d:05:4d:d3:82:67:f6:6e:00:7f:33:
31:b8:db:94:26:8e:b9:13:2e:29:51:49:bf:02:d2:
ee:95:8b:94:04:68:20:a7:ad:13:76:ff:4a:12:59:
76:8f:c6:25:e8:30:1b:d7:0d:00:44:9e:9a:d7:86:
91:ee:f8:8d:87:90:6a:4e:0c:c9:97:e5:82:da:32:
06:5d:16:8a:9c:39:3e:03:a7:f6:35:c1:b1:21:c2:
33:64:bd:e3:2f:76:c8:ea:77:c7:32:83:0c:b0:32:
15:9a:99:36:3f:a5:8e:83:4d:ab:14:aa:18:27:83:
39:80:c0:5d:2c:c0:d8:05:db:20:a2:e1:88:90:19:
7b:fb:42:c5:6c:c3:b9:43:e7:28:49:89:9c:fb:8c:
fd:f8:73:4b:f1:e7:e7:9f:76:c1:37:5c:c3:b2:d2:
b3:10:dd:ea:43:8b:be:fe:ef:9e:ba:9c:a1:81:0a:
65:cf:ca:d2:56:55:a5:9b:26:7f:ca:5a:41:ea:5f:
69:11:2d:31:90:1f:2c:d9:52:21:8b:9a:a2:d3:95:
43:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:9D:D1:2E:21:68:55:AB:1F:41:EB:FB:E8:78:1A:5C:8E:C4:B0:87
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zZ3RLiFoVasfQev76HgaXI7EsIc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
2e:cb:3e:1d:d6:05:d2:6b:14:35:0a:84:1f:61:91:30:3b:5d:
3f:00:35:b2:63:a4:89:19:6b:55:d9:e2:a4:78:d8:2f:8d:6f:
42:59:93:2f:0d:38:98:5f:27:f9:b2:82:43:26:ff:1e:0f:86:
2f:f5:7f:a1:d5:ae:1f:8d:13:01:31:ac:b5:92:03:de:51:4d:
04:36:56:13:b5:21:71:6e:04:f3:e0:fd:85:b4:81:4a:93:82:
91:bc:22:a3:3b:3e:e4:ba:0e:da:da:23:3a:4a:5e:73:a5:05:
dd:3f:9b:ee:6a:7b:23:4b:c5:c7:2c:69:9d:b0:6c:a0:44:8f:
1d:d5:f7:0d:c2:fc:23:58:4b:5b:d3:49:ba:7e:05:d1:be:0e:
48:fb:8a:c3:43:03:cf:43:b6:e8:d0:37:79:95:59:71:e5:f7:
e9:c6:44:fe:09:4b:6f:b2:3d:a0:91:87:11:06:de:cb:81:56:
99:b6:52:30:17:70:ce:d0:6b:e6:80:7f:89:7d:7f:9b:7b:77:
19:70:c8:45:21:dc:5c:c2:10:d9:91:a9:0c:46:0b:18:4a:74:
1d:88:1e:a5:e5:58:d1:08:e6:ad:5d:94:e4:5d:0d:7d:22:2d:
78:07:cd:b5:c0:7d:ca:35:f2:48:39:3a:5a:47:1b:f2:11:75:
8f:94:28:80
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICTN8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDEw
MTUzMzZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKENEOUREMTJFMjE2ODU1
QUIxRjQxRUJGQkU4NzgxQTVDOEVDNEIwODcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCm9s0W1coaU4d9sD9yDBPzAhs7gM4jyxpqLj0OdRWFMrgiHZQO
jw4OS4nkJw9jFBhtBU3Tgmf2bgB/MzG425QmjrkTLilRSb8C0u6Vi5QEaCCnrRN2
/0oSWXaPxiXoMBvXDQBEnprXhpHu+I2HkGpODMmX5YLaMgZdFoqcOT4Dp/Y1wbEh
wjNkveMvdsjqd8cygwywMhWamTY/pY6DTasUqhgngzmAwF0swNgF2yCi4YiQGXv7
QsVsw7lD5yhJiZz7jP34c0vx5+efdsE3XMOy0rMQ3epDi77+7566nKGBCmXPytJW
VaWbJn/KWkHqX2kRLTGQHyzZUiGLmqLTlUMDAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUzZ3RLiFoVasfQev76HgaXI7EsIcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3paM1JMaUZvVmFzZlFl
djc2SGdhWEk3RXNJYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAC7LPh3WBdJrFDUKhB9hkTA7XT8ANbJj
pIkZa1XZ4qR42C+Nb0JZky8NOJhfJ/mygkMm/x4Phi/1f6HVrh+NEwExrLWSA95R
TQQ2VhO1IXFuBPPg/YW0gUqTgpG8IqM7PuS6DtraIzpKXnOlBd0/m+5qeyNLxccs
aZ2wbKBEjx3V9w3C/CNYS1vTSbp+BdG+Dkj7isNDA89DtujQN3mVWXHl9+nGRP4J
S2+yPaCRhxEG3suBVpm2UjAXcM7Qa+aAf4l9f5t7dxlwyEUh3FzCENmRqQxGCxhK
dB2IHqXlWNEI5q1dlORdDX0iLXgHzbXAfco18kg5OlpHG/IRdY+UKIA=
-----END CERTIFICATE-----
Generated at Sat May 17 23:59:30 2025 by rpki-client