Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/6cekwZmwZlIiKM94SQwmYbGHynI.roa
File: 6cekwZmwZlIiKM94SQwmYbGHynI.roa (raw, json)
Hash identifier: AB3nJTO8Ad+K3Fh9QDdLicGp5goSQKYSfZNN8WYALmM=
Subject key identifier: E9:C7:A4:C1:99:B0:66:52:22:28:CF:78:49:0C:26:61:B1:87:CA:72
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3B5F
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/6cekwZmwZlIiKM94SQwmYbGHynI.roa
Signing time: Sun 07 Apr 2024 17:52:33 +0000
ROA not before: Sun 07 Apr 2024 17:52:33 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15199 (0x3b5f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 7 17:52:33 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E9C7A4C199B066522228CF78490C2661B187CA72
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:f9:2a:8b:b3:06:22:db:1c:be:e9:67:6e:1a:
66:d4:39:b7:eb:e8:2f:70:0d:62:ab:1e:15:55:12:
0a:3c:7c:44:e3:e6:05:a5:2f:7f:8a:13:ef:86:77:
0f:4d:dc:af:49:7e:a7:20:9f:f5:49:d5:fb:1e:8c:
ca:35:3c:40:ca:fe:4a:5a:29:0f:b6:c8:c5:8c:1e:
ab:4f:f0:fc:23:bd:71:e4:d5:39:6f:df:82:97:b8:
18:19:6c:e3:64:ca:c3:53:1d:26:c7:37:34:74:a4:
81:57:4e:e6:48:3e:ff:41:3d:04:ef:19:cb:53:c3:
79:15:3c:85:a9:b0:c0:bc:f4:a3:0a:71:b0:0e:f7:
f8:98:76:9c:9a:cf:e0:59:50:9a:f4:dc:95:61:05:
17:1e:3d:ba:43:63:9c:5f:ba:a8:bf:fe:5d:fc:7e:
39:1e:fc:74:68:82:74:14:c2:c6:d7:e4:e8:37:7e:
97:75:b1:55:4b:97:ca:a1:b2:2f:f5:f4:99:71:71:
12:6b:97:ec:e0:4f:d6:65:6d:f5:2f:4c:b5:86:3b:
ce:68:be:03:96:5e:8c:15:8c:0b:52:a9:57:c0:c0:
4c:3d:a0:10:a1:81:a2:5f:3a:5b:80:6c:73:bd:bf:
da:2a:06:9b:65:6d:05:9d:08:77:25:09:c6:ec:43:
e2:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E9:C7:A4:C1:99:B0:66:52:22:28:CF:78:49:0C:26:61:B1:87:CA:72
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/6cekwZmwZlIiKM94SQwmYbGHynI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
96:0d:8c:39:5a:35:a9:ae:ba:a7:42:16:44:e8:96:9d:5e:19:
98:d3:c4:3b:79:09:c5:ef:ae:6c:be:43:c8:72:b5:49:3f:7f:
38:4b:1f:5f:6d:f0:17:1f:fc:29:75:98:8d:8a:a0:ee:0e:6e:
98:e5:2e:b5:96:11:7e:b1:ab:65:05:79:17:53:8b:61:32:d4:
48:44:58:96:82:5b:bc:d7:58:ca:84:db:80:08:5b:dc:ce:83:
c7:4b:98:2b:b8:f5:89:72:d3:bd:f8:43:1d:0e:b4:bf:f8:01:
68:a3:1e:d1:4f:84:e4:b1:a5:0c:f6:98:ce:d2:01:7f:1d:82:
a6:c5:d2:ac:c8:f0:c1:57:2b:25:6e:58:36:97:40:18:d2:49:
14:79:3e:7d:45:5a:20:71:4a:a9:1e:24:e3:fd:cb:35:da:8e:
12:57:11:b5:ce:92:f9:8c:a8:5b:d6:d8:11:4d:ad:41:6d:4a:
9c:a0:18:7f:8a:f8:6f:b9:c7:0c:9f:15:2c:13:6d:a2:35:c8:
93:0a:2c:6c:ff:96:c4:b6:5e:75:23:a8:18:ad:17:4b:52:4e:
51:60:00:72:21:7e:63:57:b8:d7:fe:f6:09:27:53:bc:cb:43:
32:48:1e:d4:c8:74:aa:b8:8d:75:3d:3e:5a:09:6a:1b:14:24:
06:5f:8a:bc
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICO18wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDcx
NzUyMzNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEU5QzdBNEMxOTlCMDY2
NTIyMjI4Q0Y3ODQ5MEMyNjYxQjE4N0NBNzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7+SqLswYi2xy+6WduGmbUObfr6C9wDWKrHhVVEgo8fETj5gWl
L3+KE++Gdw9N3K9Jfqcgn/VJ1fsejMo1PEDK/kpaKQ+2yMWMHqtP8PwjvXHk1Tlv
34KXuBgZbONkysNTHSbHNzR0pIFXTuZIPv9BPQTvGctTw3kVPIWpsMC89KMKcbAO
9/iYdpyaz+BZUJr03JVhBRcePbpDY5xfuqi//l38fjke/HRognQUwsbX5Og3fpd1
sVVLl8qhsi/19JlxcRJrl+zgT9ZlbfUvTLWGO85ovgOWXowVjAtSqVfAwEw9oBCh
gaJfOluAbHO9v9oqBptlbQWdCHclCcbsQ+KjAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU6cekwZmwZlIiKM94SQwmYbGHynIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzZjZWt3Wm13WmxJaUtN
OTRTUXdtWWJHSHluSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAJYNjDlaNamuuqdCFkTolp1eGZjTxDt5
CcXvrmy+Q8hytUk/fzhLH19t8Bcf/Cl1mI2KoO4ObpjlLrWWEX6xq2UFeRdTi2Ey
1EhEWJaCW7zXWMqE24AIW9zOg8dLmCu49Yly0734Qx0OtL/4AWijHtFPhOSxpQz2
mM7SAX8dgqbF0qzI8MFXKyVuWDaXQBjSSRR5Pn1FWiBxSqkeJOP9yzXajhJXEbXO
kvmMqFvW2BFNrUFtSpygGH+K+G+5xwyfFSwTbaI1yJMKLGz/lsS2XnUjqBitF0tS
TlFgAHIhfmNXuNf+9gknU7zLQzJIHtTIdKq4jXU9PloJahsUJAZfirw=
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:19:53 2025 by rpki-client