Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/99P9hpC3ExmHPkAGTten5ooYey8.roa
File: 99P9hpC3ExmHPkAGTten5ooYey8.roa (raw, json)
Hash identifier: qJONP/8vlHhZPCRrXjvGnR51kyFbbUrB6SXJuDbTMsA=
Subject key identifier: F7:D3:FD:86:90:B7:13:19:87:3E:40:06:4E:D7:A7:E6:8A:18:7B:2F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 57FF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/99P9hpC3ExmHPkAGTten5ooYey8.roa
Signing time: Wed 15 May 2024 21:54:16 +0000
ROA not before: Wed 15 May 2024 21:54:16 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22527 (0x57ff)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 15 21:54:16 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=F7D3FD8690B71319873E40064ED7A7E68A187B2F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:5a:c3:7e:94:c7:3e:8d:cf:67:81:29:75:10:
44:39:fa:d3:8d:94:92:5d:c5:40:0b:a4:48:8c:5f:
40:57:93:5f:4c:12:79:ae:ef:3b:e8:07:1d:c0:aa:
b2:84:89:0b:d5:c9:c3:70:5b:b3:b8:d0:7e:dd:9e:
44:77:27:cc:7b:09:23:fc:29:ef:b3:dc:79:cb:b9:
ce:12:14:a3:e4:f5:63:d9:d2:82:f6:32:03:f2:56:
66:eb:5e:f2:46:ba:df:f7:c9:4f:fe:c5:6b:03:9b:
0d:42:5c:fb:55:65:70:b4:34:ad:f2:2c:13:86:5d:
ef:6f:61:d3:52:f2:ff:16:89:45:8d:b1:f5:77:1e:
3b:6e:7e:62:cb:67:1b:40:8b:b2:5a:65:9c:bd:3d:
cd:03:4f:2b:a5:cc:93:31:cd:59:d1:17:50:cf:9f:
ba:b1:80:ce:ac:71:b9:0f:4f:e5:a2:96:6d:7a:5a:
d4:b4:17:9b:66:75:e0:35:d9:2d:f1:15:f0:c2:ad:
ea:d5:2b:87:68:76:49:62:42:ed:ee:11:16:31:c6:
61:43:da:e3:3e:cf:f3:a6:dd:d2:6a:c5:d9:d4:ce:
20:67:bc:79:9b:79:57:e3:9f:9c:8d:01:6e:94:2d:
6b:eb:2e:79:a5:73:26:d7:05:88:c5:a5:4a:90:86:
fb:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:D3:FD:86:90:B7:13:19:87:3E:40:06:4E:D7:A7:E6:8A:18:7B:2F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/99P9hpC3ExmHPkAGTten5ooYey8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
a1:8a:f9:60:96:8f:4d:2d:78:11:1d:c3:c7:14:b1:41:23:95:
b9:e3:23:99:e0:59:43:ba:10:32:00:a3:83:a2:9c:e7:99:f5:
ad:89:8f:2a:77:3b:e9:c5:93:3d:77:8a:78:17:7d:68:ec:3f:
14:98:5f:84:c7:13:93:6e:db:76:04:68:05:02:e9:17:5e:10:
e1:d5:fd:ff:d2:10:18:b5:c8:25:46:b8:79:0d:c6:02:ef:9d:
e1:b3:51:c8:2b:d5:15:03:12:b1:9d:45:d0:63:9f:94:e3:f4:
11:a1:5b:12:ec:04:7b:1f:72:39:3c:17:aa:4a:cd:44:04:56:
a7:45:3c:f3:73:43:3a:f7:fd:c7:63:34:58:5f:d2:1b:6c:df:
19:7a:8a:af:ff:dc:db:72:70:5d:a1:11:ff:78:bb:c5:d5:35:
1d:ce:65:37:96:99:5a:ce:04:c7:16:b4:49:71:15:88:76:8a:
60:9f:33:31:be:ac:1b:50:b5:f1:13:68:81:aa:d4:3b:78:43:
b2:6d:94:2f:c1:43:f6:d4:f5:44:cc:42:08:49:0c:c0:ed:ed:
71:62:68:f8:11:8a:c0:1a:6a:a2:6a:21:05:32:53:cc:ba:38:
83:a2:d3:f3:9d:70:f6:04:1a:c5:d7:11:de:a4:1a:03:00:27:
9a:72:f2:1e
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICV/8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTUy
MTU0MTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEY3RDNGRDg2OTBCNzEz
MTk4NzNFNDAwNjRFRDdBN0U2OEExODdCMkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCsWsN+lMc+jc9ngSl1EEQ5+tONlJJdxUALpEiMX0BXk19MEnmu
7zvoBx3AqrKEiQvVycNwW7O40H7dnkR3J8x7CSP8Ke+z3HnLuc4SFKPk9WPZ0oL2
MgPyVmbrXvJGut/3yU/+xWsDmw1CXPtVZXC0NK3yLBOGXe9vYdNS8v8WiUWNsfV3
HjtufmLLZxtAi7JaZZy9Pc0DTyulzJMxzVnRF1DPn7qxgM6scbkPT+Wilm16WtS0
F5tmdeA12S3xFfDCrerVK4dodkliQu3uERYxxmFD2uM+z/Om3dJqxdnUziBnvHmb
eVfjn5yNAW6ULWvrLnmlcybXBYjFpUqQhvtDAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU99P9hpC3ExmHPkAGTten5ooYey8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3Lzk5UDlocEMzRXhtSFBr
QUdUdGVuNW9vWWV5OC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAKGK+WCWj00teBEdw8cUsUEjlbnjI5ng
WUO6EDIAo4OinOeZ9a2Jjyp3O+nFkz13ingXfWjsPxSYX4THE5Nu23YEaAUC6Rde
EOHV/f/SEBi1yCVGuHkNxgLvneGzUcgr1RUDErGdRdBjn5Tj9BGhWxLsBHsfcjk8
F6pKzUQEVqdFPPNzQzr3/cdjNFhf0hts3xl6iq//3NtycF2hEf94u8XVNR3OZTeW
mVrOBMcWtElxFYh2imCfMzG+rBtQtfETaIGq1Dt4Q7JtlC/BQ/bU9UTMQghJDMDt
7XFiaPgRisAaaqJqIQUyU8y6OIOi0/OdcPYEGsXXEd6kGgMAJ5py8h4=
-----END CERTIFICATE-----
Generated at Mon Apr 14 21:00:13 2025 by rpki-client