Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/3vmJgv1nF3gP-J4EOj49HwcYLf0.roa
File: 3vmJgv1nF3gP-J4EOj49HwcYLf0.roa (raw, json)
Hash identifier: bJWivjhkz15Pz4zp4Sf+AgfVielTeUubrylH5x7JHto=
Subject key identifier: DE:F9:89:82:FD:67:17:78:0F:F8:9E:04:3A:3E:3D:1F:07:18:2D:FD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 574B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3vmJgv1nF3gP-J4EOj49HwcYLf0.roa
Signing time: Tue 14 May 2024 23:24:11 +0000
ROA not before: Tue 14 May 2024 23:24:11 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22347 (0x574b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 14 23:24:11 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=DEF98982FD6717780FF89E043A3E3D1F07182DFD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:11:e8:59:a6:53:28:9e:80:ec:de:ba:7c:90:
d4:ca:df:aa:81:e5:ef:ba:ba:5c:cc:9a:0d:89:0d:
1d:c1:03:e8:a9:4d:71:8c:6f:c7:3d:b5:ee:7c:dc:
57:c2:13:89:1c:2e:d3:28:79:f7:82:8d:3a:4f:59:
c4:69:2d:79:ad:d0:48:4d:db:b3:44:1e:f8:0a:8c:
2a:04:1d:aa:a7:a3:fb:8a:18:7e:76:76:3b:f0:4b:
0e:aa:13:2c:e4:1f:db:af:72:8a:20:6c:0d:d7:e3:
f5:e7:58:0d:e0:3d:b7:87:e1:d5:b2:a9:62:a2:98:
bc:ca:c8:8a:f0:c6:b4:c6:4f:76:1b:e6:c5:91:b7:
3b:57:1e:83:1a:da:ae:2a:33:09:4a:a9:ee:46:bc:
ee:3f:fa:21:86:3a:3d:94:5c:28:59:db:f4:fb:6d:
b7:d6:31:fa:bc:bb:78:89:ec:13:45:d8:e3:fd:55:
bf:df:8f:16:de:36:15:a2:5c:02:46:29:8d:c2:c1:
f3:48:72:d4:35:5c:a1:b6:38:c3:17:14:51:df:2f:
5e:53:af:3e:20:cc:9f:d3:cb:2d:c5:04:9b:a7:29:
4a:57:89:db:b7:77:33:66:91:ea:07:23:bf:d1:6f:
cf:d2:cc:4a:3d:26:e0:ca:5d:c5:d2:21:ed:bf:63:
8f:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:F9:89:82:FD:67:17:78:0F:F8:9E:04:3A:3E:3D:1F:07:18:2D:FD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3vmJgv1nF3gP-J4EOj49HwcYLf0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
23:fc:1e:ee:c3:00:ea:46:ef:8d:71:a6:ce:85:68:e1:40:c1:
94:2d:6e:be:9d:6e:90:1d:ee:ed:6e:23:ec:3a:e2:56:25:15:
d9:40:2d:25:3c:23:95:02:48:e0:b5:85:7c:a0:34:d9:e7:f7:
b0:5b:8f:f6:2a:c3:53:3f:2f:9b:b9:60:7b:d1:5d:d7:1e:0e:
d3:0f:00:01:83:ea:92:f0:c6:99:28:21:03:5d:24:95:0f:79:
7a:98:08:91:e5:7a:b8:49:a8:6b:d4:1e:6b:40:0f:3f:1e:4a:
d8:5f:f9:25:d9:19:73:5f:1c:da:c2:2c:53:47:ff:d7:3b:b8:
bb:25:21:06:cc:62:5c:ba:c9:cf:fd:34:b4:29:1f:2e:92:9d:
89:71:9f:23:16:c0:a2:67:6e:db:4c:d7:07:48:3c:34:9d:6f:
11:61:95:7e:df:03:52:53:92:ea:9c:9a:3a:42:bf:fd:32:86:
dd:0b:e1:50:5a:b8:fc:27:71:83:08:0b:3b:57:53:94:7a:76:
fa:42:b1:db:87:4c:d6:7f:a5:58:9c:f3:1f:51:26:dc:6f:71:
65:43:61:47:fd:c1:b5:36:05:0b:d8:15:48:aa:4c:d9:72:3d:
04:16:91:c0:a1:c5:1a:68:70:b2:a5:a2:b9:95:2b:27:37:6d:
17:6a:4b:75
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICV0swDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTQy
MzI0MTFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKERFRjk4OTgyRkQ2NzE3
NzgwRkY4OUUwNDNBM0UzRDFGMDcxODJERkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJEehZplMonoDs3rp8kNTK36qB5e+6ulzMmg2JDR3BA+ipTXGM
b8c9te583FfCE4kcLtMoefeCjTpPWcRpLXmt0EhN27NEHvgKjCoEHaqno/uKGH52
djvwSw6qEyzkH9uvcoogbA3X4/XnWA3gPbeH4dWyqWKimLzKyIrwxrTGT3Yb5sWR
tztXHoMa2q4qMwlKqe5GvO4/+iGGOj2UXChZ2/T7bbfWMfq8u3iJ7BNF2OP9Vb/f
jxbeNhWiXAJGKY3CwfNIctQ1XKG2OMMXFFHfL15Trz4gzJ/Tyy3FBJunKUpXidu3
dzNmkeoHI7/Rb8/SzEo9JuDKXcXSIe2/Y4+HAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU3vmJgv1nF3gP+J4EOj49HwcYLf0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzN2bUpndjFuRjNnUC1K
NEVPajQ5SHdjWUxmMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBACP8Hu7DAOpG741xps6FaOFAwZQtbr6d
bpAd7u1uI+w64lYlFdlALSU8I5UCSOC1hXygNNnn97Bbj/Yqw1M/L5u5YHvRXdce
DtMPAAGD6pLwxpkoIQNdJJUPeXqYCJHlerhJqGvUHmtADz8eSthf+SXZGXNfHNrC
LFNH/9c7uLslIQbMYly6yc/9NLQpHy6SnYlxnyMWwKJnbttM1wdIPDSdbxFhlX7f
A1JTkuqcmjpCv/0yht0L4VBauPwncYMICztXU5R6dvpCsduHTNZ/pVic8x9RJtxv
cWVDYUf9wbU2BQvYFUiqTNlyPQQWkcChxRpocLKlormVKyc3bRdqS3U=
-----END CERTIFICATE-----
Generated at Sat Jun 21 14:24:08 2025 by rpki-client