Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ZO-FJHV7YVTVvtX0ghmNb3b0vAQ.roa
File: ZO-FJHV7YVTVvtX0ghmNb3b0vAQ.roa (raw, json)
Hash identifier: EUH+E4oel2cDHk4I0KejcD3dH2rvDmkqvD0ryXlMC+s=
Subject key identifier: 64:EF:85:24:75:7B:61:54:D5:BE:D5:F4:82:19:8D:6F:76:F4:BC:04
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4AB7
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZO-FJHV7YVTVvtX0ghmNb3b0vAQ.roa
Signing time: Sun 28 Apr 2024 04:53:26 +0000
ROA not before: Sun 28 Apr 2024 04:53:26 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19127 (0x4ab7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 28 04:53:26 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=64EF8524757B6154D5BED5F482198D6F76F4BC04
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:af:8e:99:ee:a2:50:37:d7:d0:e1:13:34:8f:
3e:1d:9e:77:d3:9f:72:94:e0:4d:aa:80:35:d2:66:
29:d8:2c:eb:6d:db:35:2f:de:72:29:87:a7:ae:6f:
98:36:97:ce:fc:0a:82:ef:a8:22:b9:15:7e:ba:26:
e2:88:bb:20:f6:2e:d8:d8:8b:14:8f:be:1c:eb:c1:
8c:16:d8:8e:1c:db:dc:6f:e1:09:fa:8d:0a:97:a4:
ca:3f:c3:dc:66:62:2f:8c:a4:f3:1d:ca:9a:e5:70:
43:2d:54:ca:48:fe:f6:c7:5e:1b:54:4c:0b:00:b9:
84:40:21:19:cc:89:67:2a:3b:86:13:9f:e8:a3:83:
c5:e0:e2:4b:f2:c6:45:92:8c:99:1c:d9:41:7b:2f:
c7:dc:e8:6d:2e:1f:a0:2e:41:57:aa:b0:a3:74:71:
70:28:aa:bf:da:0d:ca:99:b5:af:3e:74:ae:d7:c9:
59:65:3e:b2:e6:48:dd:19:6c:2d:35:4d:4e:01:ad:
36:39:ee:ef:8e:ff:e4:83:ef:06:ba:d9:e3:0f:fb:
f4:3a:9d:4d:0e:2f:ff:38:87:cf:b5:a3:be:7d:77:
bb:ad:27:58:e5:4b:d2:60:6a:d4:74:94:e6:bc:4b:
73:5b:e8:30:1a:82:18:04:09:65:bd:37:85:c4:0e:
c0:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:EF:85:24:75:7B:61:54:D5:BE:D5:F4:82:19:8D:6F:76:F4:BC:04
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZO-FJHV7YVTVvtX0ghmNb3b0vAQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
93:31:27:87:44:c0:cf:bd:f3:d1:f4:0b:dc:6e:55:c9:e4:f2:
67:7c:a4:3d:e7:ff:0c:a1:72:a7:bd:58:df:63:a9:07:aa:1e:
40:06:5f:65:a4:50:6a:ed:05:74:15:f3:8c:b3:f5:5a:39:8b:
94:6c:00:8e:b8:01:21:71:9f:b3:15:74:a5:0e:ed:18:84:33:
37:19:f8:cb:1f:0e:b2:7b:a2:ff:f1:b4:e0:cf:02:9a:35:8a:
5a:41:7e:42:9a:40:f6:19:8e:24:12:33:ac:0a:e4:7b:f1:01:
8f:ff:7e:4b:08:30:25:6d:ab:1a:15:87:20:3d:29:b1:8c:32:
c2:7b:ec:ce:f3:81:72:40:84:30:1e:d0:55:6f:a0:d5:61:9d:
49:72:e0:77:ca:c0:90:e7:66:72:15:d3:fa:f3:8f:d8:aa:a5:
72:aa:bd:15:4d:49:e1:50:36:31:c5:2d:c2:7b:4a:b3:e8:97:
d1:1a:fa:ee:c8:89:a2:4d:26:ad:d4:ef:94:71:86:28:0d:52:
b2:3b:bc:20:af:0b:65:6b:f4:7b:4a:56:5a:e2:34:cb:8f:8e:
9d:77:52:bf:3f:f2:3e:ff:80:73:f6:a7:09:61:d3:4d:62:fb:
0c:3c:69:b6:45:3a:98:93:43:f6:80:d5:ca:d3:c0:28:88:69:
3c:3b:cb:b8
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICSrcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjgw
NDUzMjZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDY0RUY4NTI0NzU3QjYx
NTRENUJFRDVGNDgyMTk4RDZGNzZGNEJDMDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDqr46Z7qJQN9fQ4RM0jz4dnnfTn3KU4E2qgDXSZinYLOtt2zUv
3nIph6eub5g2l878CoLvqCK5FX66JuKIuyD2LtjYixSPvhzrwYwW2I4c29xv4Qn6
jQqXpMo/w9xmYi+MpPMdyprlcEMtVMpI/vbHXhtUTAsAuYRAIRnMiWcqO4YTn+ij
g8Xg4kvyxkWSjJkc2UF7L8fc6G0uH6AuQVeqsKN0cXAoqr/aDcqZta8+dK7XyVll
PrLmSN0ZbC01TU4BrTY57u+O/+SD7wa62eMP+/Q6nU0OL/84h8+1o759d7utJ1jl
S9JgatR0lOa8S3Nb6DAaghgECWW9N4XEDsAZAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUZO+FJHV7YVTVvtX0ghmNb3b0vAQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1pPLUZKSFY3WVZUVnZ0
WDBnaG1OYjNiMHZBUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAJMxJ4dEwM+989H0C9xuVcnk8md8pD3n
/wyhcqe9WN9jqQeqHkAGX2WkUGrtBXQV84yz9Vo5i5RsAI64ASFxn7MVdKUO7RiE
MzcZ+MsfDrJ7ov/xtODPApo1ilpBfkKaQPYZjiQSM6wK5HvxAY//fksIMCVtqxoV
hyA9KbGMMsJ77M7zgXJAhDAe0FVvoNVhnUly4HfKwJDnZnIV0/rzj9iqpXKqvRVN
SeFQNjHFLcJ7SrPol9Ea+u7IiaJNJq3U75RxhigNUrI7vCCvC2Vr9HtKVlriNMuP
jp13Ur8/8j7/gHP2pwlh001i+ww8abZFOpiTQ/aA1crTwCiIaTw7y7g=
-----END CERTIFICATE-----
Generated at Mon Apr 14 17:36:03 2025 by rpki-client