Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/-WRhDcVo_2N9IkCP5t95qSvVOgo.roa
File: -WRhDcVo_2N9IkCP5t95qSvVOgo.roa (raw, json)
Hash identifier: QmYkbZlZvy0x38RzQXnUexDSFu/WXR5bgDkoEjAvXUs=
Subject key identifier: F9:64:61:0D:C5:68:FF:63:7D:22:40:8F:E6:DF:79:A9:2B:D5:3A:0A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 57E7
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-WRhDcVo_2N9IkCP5t95qSvVOgo.roa
Signing time: Wed 15 May 2024 18:54:22 +0000
ROA not before: Wed 15 May 2024 18:54:22 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22503 (0x57e7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 15 18:54:22 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=F964610DC568FF637D22408FE6DF79A92BD53A0A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:5c:6b:26:04:3e:02:d3:09:cf:b1:7e:a8:9b:
35:54:cb:8d:cd:4d:86:b3:65:ea:27:19:8d:82:3e:
40:5d:b8:9c:42:f7:2b:fd:34:54:45:0e:cc:1e:29:
e2:2d:a6:5c:54:61:4c:cb:b0:9c:49:b0:cf:ec:87:
cf:18:24:0b:cd:9d:fa:eb:4e:fb:c7:10:1d:16:4f:
15:55:f6:9f:0a:76:44:1d:41:70:13:e0:d6:9a:10:
2a:4e:e0:e4:ef:1a:57:e5:6b:1f:2d:a3:9a:13:25:
c6:04:6c:4f:b3:01:a8:c7:5c:c3:bf:c4:8b:08:eb:
58:7c:89:1b:b1:a6:c1:1b:a7:62:45:08:8e:aa:54:
da:bf:dd:5d:60:9f:7b:1a:5c:9e:b1:3f:87:f8:5c:
fe:5c:10:a8:84:2d:0f:35:bb:14:fc:d9:8d:8c:54:
8c:fe:13:de:9f:7c:0a:0f:a0:58:53:54:b9:63:df:
ac:3d:a3:32:7c:81:23:b5:3f:89:28:69:3e:0a:01:
9b:9f:ac:7e:16:e2:03:4b:17:b4:b4:c8:8d:02:ed:
76:24:89:a5:2c:b7:3c:28:4f:c3:0d:2b:ac:b3:ff:
23:79:8a:23:0f:72:60:80:43:f0:4c:f2:6f:13:92:
c6:b8:d9:df:95:25:96:f9:69:c9:dd:66:0a:db:cb:
a0:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:64:61:0D:C5:68:FF:63:7D:22:40:8F:E6:DF:79:A9:2B:D5:3A:0A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-WRhDcVo_2N9IkCP5t95qSvVOgo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
a7:a0:39:57:09:de:b1:0e:1a:77:57:73:08:0a:bc:98:55:d4:
93:ec:50:2e:58:71:c7:52:cf:78:21:4f:09:fe:66:9e:48:4f:
1b:51:10:c9:a0:6f:20:20:25:6a:b2:d6:29:d1:ab:25:a3:74:
3b:6d:a6:71:fc:f0:e0:84:d3:9c:3c:aa:12:2a:97:1c:c8:37:
ef:e0:d3:1d:a1:15:88:9e:63:44:da:0a:38:6a:3b:31:d8:d5:
b4:05:fd:e1:b5:41:c5:06:13:52:3a:33:7d:9c:4e:4f:e4:1a:
6b:3b:12:48:97:20:2f:14:e5:5e:37:b7:08:f3:e2:11:c2:10:
90:6f:cf:47:e4:dd:e5:1e:e7:c4:c5:04:73:5f:f1:ba:9f:b8:
ea:58:a1:32:55:cb:3d:b8:13:e1:84:9d:c4:2f:69:ee:c3:3d:
7c:78:10:a2:20:a0:34:8b:77:a2:ed:ce:85:a3:2d:5e:e8:53:
02:2d:d0:99:e0:3e:55:41:e7:fe:bf:31:0f:a1:80:6c:ad:45:
a3:75:e0:12:fb:55:4b:55:b9:cf:ac:ae:a8:a9:36:8e:50:eb:
90:49:30:ec:78:2c:e9:ba:df:01:0e:67:7d:d8:1c:fb:a4:1e:
79:7f:a9:4f:83:0f:ea:fe:ba:86:56:80:a5:a4:26:2b:cf:49:
85:14:5b:8e
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICV+cwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTUx
ODU0MjJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEY5NjQ2MTBEQzU2OEZG
NjM3RDIyNDA4RkU2REY3OUE5MkJENTNBMEEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJXGsmBD4C0wnPsX6omzVUy43NTYazZeonGY2CPkBduJxC9yv9
NFRFDsweKeItplxUYUzLsJxJsM/sh88YJAvNnfrrTvvHEB0WTxVV9p8KdkQdQXAT
4NaaECpO4OTvGlflax8to5oTJcYEbE+zAajHXMO/xIsI61h8iRuxpsEbp2JFCI6q
VNq/3V1gn3saXJ6xP4f4XP5cEKiELQ81uxT82Y2MVIz+E96ffAoPoFhTVLlj36w9
ozJ8gSO1P4koaT4KAZufrH4W4gNLF7S0yI0C7XYkiaUstzwoT8MNK6yz/yN5iiMP
cmCAQ/BM8m8Tksa42d+VJZb5acndZgrby6CxAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU+WRhDcVo/2N9IkCP5t95qSvVOgowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3Ly1XUmhEY1ZvXzJOOUlr
Q1A1dDk1cVN2Vk9nby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAKegOVcJ3rEOGndXcwgKvJhV1JPsUC5Y
ccdSz3ghTwn+Zp5ITxtREMmgbyAgJWqy1inRqyWjdDttpnH88OCE05w8qhIqlxzI
N+/g0x2hFYieY0TaCjhqOzHY1bQF/eG1QcUGE1I6M32cTk/kGms7EkiXIC8U5V43
twjz4hHCEJBvz0fk3eUe58TFBHNf8bqfuOpYoTJVyz24E+GEncQvae7DPXx4EKIg
oDSLd6LtzoWjLV7oUwIt0JngPlVB5/6/MQ+hgGytRaN14BL7VUtVuc+srqipNo5Q
65BJMOx4LOm63wEOZ33YHPukHnl/qU+DD+r+uoZWgKWkJivPSYUUW44=
-----END CERTIFICATE-----
Generated at Mon Apr 14 17:19:19 2025 by rpki-client