Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/s0m9PWqA879RCmMqvN19gI8AHJ4.roa
File: s0m9PWqA879RCmMqvN19gI8AHJ4.roa (raw, json)
Hash identifier: 2N4tgmHQuCNhziZR+8ejPU0jr1Rqi3QjrIOaZ9b2kAc=
Subject key identifier: B3:49:BD:3D:6A:80:F3:BF:51:0A:63:2A:BC:DD:7D:80:8F:00:1C:9E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 53FB
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/s0m9PWqA879RCmMqvN19gI8AHJ4.roa
Signing time: Fri 10 May 2024 13:24:00 +0000
ROA not before: Fri 10 May 2024 13:24:00 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21499 (0x53fb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 10 13:24:00 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B349BD3D6A80F3BF510A632ABCDD7D808F001C9E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:2b:ae:18:cb:1a:f3:be:d9:13:74:1d:5f:d8:
f7:ed:82:ae:2d:82:6c:8a:32:9b:a1:6a:4a:e6:bd:
16:b7:1a:6f:6f:5d:f3:fc:93:87:9b:3b:d0:8b:11:
7d:00:2c:d9:19:2b:d9:12:bf:b3:01:55:39:74:cc:
d4:f8:b0:c3:49:79:ea:ef:a5:3b:40:ef:dc:86:13:
62:53:2e:bd:89:d0:e1:3d:38:9a:e7:c4:ad:50:c4:
61:1f:91:3a:65:29:7b:1b:2b:f0:35:0a:81:4b:04:
50:fa:c2:95:34:8f:c7:54:97:28:0f:9c:b7:0c:59:
45:30:99:72:ae:65:f1:54:3a:78:b5:8f:48:f7:d0:
a2:2d:4c:ae:9e:6c:0f:76:9b:e7:e7:89:ae:19:73:
08:c6:78:38:6e:1a:17:bd:47:1d:a0:6c:b8:1d:4e:
03:38:aa:eb:63:ba:a3:a0:5b:fd:8c:bd:3b:a5:3a:
8e:58:a5:33:59:4c:4c:78:0c:4d:96:2e:12:9a:a1:
d3:49:47:e5:03:18:22:97:36:aa:42:2f:69:0a:50:
cd:b6:6c:a7:11:3f:65:5a:44:ae:8b:b3:db:f9:3e:
3c:0f:d8:07:96:89:7f:9d:1f:d6:4e:7c:17:2b:6c:
2f:17:94:7a:3a:0d:76:02:a2:6b:57:e2:51:1a:43:
87:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:49:BD:3D:6A:80:F3:BF:51:0A:63:2A:BC:DD:7D:80:8F:00:1C:9E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/s0m9PWqA879RCmMqvN19gI8AHJ4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
3a:d8:bf:0f:87:b5:0b:13:3d:9c:b3:6c:02:54:3e:88:e2:a9:
38:35:5b:f4:d1:69:be:a7:cd:80:5e:d1:e9:df:d2:3d:8b:0a:
9a:78:f4:76:d5:04:6c:08:b6:b4:ab:59:6a:91:37:68:52:61:
eb:69:e8:42:d3:39:69:2b:2f:c4:4e:6b:f9:16:bd:b6:c5:d3:
6d:7e:30:77:2e:aa:74:82:c3:61:29:8e:23:1b:7d:37:14:fb:
36:32:ce:32:b4:be:dc:45:89:fd:45:31:10:d9:2f:7e:2f:9b:
8c:52:72:91:b7:cd:f6:42:1c:12:e7:f2:e2:d0:19:cd:68:71:
d9:2f:f9:dd:a1:f3:d3:da:4a:56:11:f7:c3:8c:a2:51:4e:89:
47:82:dc:2b:b9:21:85:3f:ee:55:a8:d1:34:dd:b3:96:47:37:
0b:af:59:26:c9:52:e4:39:62:aa:19:0f:02:06:48:36:c2:c7:
62:4b:62:cc:99:19:30:7c:a1:d8:b5:05:34:07:77:1b:df:ef:
09:80:ea:a0:24:8c:cb:02:35:0a:46:5e:2e:10:9d:f5:ec:3f:
a6:cd:33:54:09:97:7a:92:0d:17:d0:aa:e5:95:b0:d2:3a:41:
22:0d:f0:a8:9b:6c:e3:a4:4c:c8:7a:f2:62:30:64:3d:64:f7:
5a:37:77:d2
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICU/swDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTAx
MzI0MDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEIzNDlCRDNENkE4MEYz
QkY1MTBBNjMyQUJDREQ3RDgwOEYwMDFDOUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCjK64YyxrzvtkTdB1f2Pftgq4tgmyKMpuhakrmvRa3Gm9vXfP8
k4ebO9CLEX0ALNkZK9kSv7MBVTl0zNT4sMNJeervpTtA79yGE2JTLr2J0OE9OJrn
xK1QxGEfkTplKXsbK/A1CoFLBFD6wpU0j8dUlygPnLcMWUUwmXKuZfFUOni1j0j3
0KItTK6ebA92m+fnia4ZcwjGeDhuGhe9Rx2gbLgdTgM4qutjuqOgW/2MvTulOo5Y
pTNZTEx4DE2WLhKaodNJR+UDGCKXNqpCL2kKUM22bKcRP2VaRK6Ls9v5PjwP2AeW
iX+dH9ZOfBcrbC8XlHo6DXYComtX4lEaQ4c9AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUs0m9PWqA879RCmMqvN19gI8AHJ4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3MwbTlQV3FBODc5UkNt
TXF2TjE5Z0k4QUhKNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBADrYvw+HtQsTPZyzbAJUPojiqTg1W/TR
ab6nzYBe0enf0j2LCpp49HbVBGwItrSrWWqRN2hSYetp6ELTOWkrL8ROa/kWvbbF
021+MHcuqnSCw2EpjiMbfTcU+zYyzjK0vtxFif1FMRDZL34vm4xScpG3zfZCHBLn
8uLQGc1ocdkv+d2h89PaSlYR98OMolFOiUeC3Cu5IYU/7lWo0TTds5ZHNwuvWSbJ
UuQ5YqoZDwIGSDbCx2JLYsyZGTB8odi1BTQHdxvf7wmA6qAkjMsCNQpGXi4QnfXs
P6bNM1QJl3qSDRfQquWVsNI6QSIN8KibbOOkTMh68mIwZD1k91o3d9I=
-----END CERTIFICATE-----
Generated at Mon Apr 14 22:22:30 2025 by rpki-client