Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/72TlWeE3MwVoJ-zONaLdul3L99M.roa
File: 72TlWeE3MwVoJ-zONaLdul3L99M.roa (raw, json)
Hash identifier: MjZPxtPkdsdvEI8p0oJkcnb6lmqYzKvfjl1+XvGl2sw=
Subject key identifier: EF:64:E5:59:E1:37:33:05:68:27:EC:CE:35:A2:DD:BA:5D:CB:F7:D3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 414B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/72TlWeE3MwVoJ-zONaLdul3L99M.roa
Signing time: Mon 15 Apr 2024 15:23:02 +0000
ROA not before: Mon 15 Apr 2024 15:23:02 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16715 (0x414b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 15:23:02 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=EF64E559E13733056827ECCE35A2DDBA5DCBF7D3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:fa:03:e0:bc:d5:81:62:2d:de:91:ce:7e:0c:
02:19:ae:bc:00:7f:b8:60:f4:2c:02:10:86:65:9a:
70:20:34:d6:c0:fe:29:ea:a1:a7:1a:7a:79:7b:7b:
86:a9:02:2e:8b:9d:de:b5:a3:82:3a:76:72:01:0c:
e0:ab:fc:83:66:e0:60:52:a9:1c:b9:fa:a4:35:23:
fe:78:38:96:b3:07:89:ae:ee:ea:71:4f:f4:c2:f1:
81:6e:94:9c:ee:cb:a0:bf:6f:48:48:44:31:bd:1e:
af:65:2e:5b:ee:07:65:b2:23:bb:7e:62:64:b9:b1:
c2:e2:f1:c6:5f:81:11:3e:b1:64:3f:b3:e1:97:12:
19:57:45:b2:c8:21:ff:6d:f7:38:6a:c3:af:7c:ae:
a5:1d:af:99:7b:3f:5d:40:d5:2f:c5:c5:99:c6:92:
50:0f:22:ab:57:4d:0f:41:c5:ac:f1:e6:ca:85:d5:
42:b0:c4:f2:89:c1:4c:d6:b2:0a:09:9e:6b:48:44:
87:08:69:a3:60:59:10:54:57:69:b2:b8:c4:b9:c0:
75:61:32:4d:d4:74:6c:b0:08:10:7b:a9:24:75:ff:
bd:29:c9:d1:3f:3d:a9:28:23:ad:58:b8:46:36:18:
9f:c6:1f:32:1c:ed:fa:32:f3:6a:c2:f0:5f:29:3a:
de:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:64:E5:59:E1:37:33:05:68:27:EC:CE:35:A2:DD:BA:5D:CB:F7:D3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/72TlWeE3MwVoJ-zONaLdul3L99M.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
78:53:3c:e5:27:96:30:06:d9:18:e6:83:75:0f:a1:6d:f5:b7:
3b:e5:c2:f4:38:a7:9e:df:2b:d0:f5:bf:a2:17:5b:88:fb:4e:
42:ba:59:cb:92:4e:35:65:ba:40:4c:ef:e3:ae:e1:ee:0d:06:
b4:46:6c:39:ef:b8:82:5a:78:c3:ca:ee:c2:9e:5f:f2:69:47:
c0:df:62:8f:07:68:e1:19:fc:07:f2:0b:23:ec:37:ea:77:ea:
40:56:77:51:0c:0b:6a:3e:9b:17:70:cf:54:63:ce:29:d8:73:
29:88:13:fd:13:66:cf:1b:d0:04:a9:8f:cd:0f:30:de:eb:ef:
f8:14:dc:a0:2f:4e:34:58:bc:4b:ac:ed:81:28:08:49:31:48:
df:b9:58:f7:43:4d:d6:72:cc:a2:23:e4:12:8b:37:e3:f6:ed:
99:70:10:a3:85:8c:88:f5:e8:c7:a1:c0:17:46:b8:2f:1e:5d:
9f:8c:31:5f:1b:ee:dd:22:68:97:bf:21:e6:95:07:8f:75:75:
83:02:67:9f:5f:5a:d4:17:8b:14:4f:80:8d:3d:ba:b5:e1:f6:
9f:97:7e:7d:54:09:bd:d4:3b:fa:b6:99:e8:98:cc:60:3d:16:
0f:94:7b:fc:b7:b3:c5:f9:26:f9:ca:c6:b5:17:ad:51:38:33:
1b:28:68:d0
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQUswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUx
NTIzMDJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEVGNjRFNTU5RTEzNzMz
MDU2ODI3RUNDRTM1QTJEREJBNURDQkY3RDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6+gPgvNWBYi3ekc5+DAIZrrwAf7hg9CwCEIZlmnAgNNbA/inq
oacaenl7e4apAi6Lnd61o4I6dnIBDOCr/INm4GBSqRy5+qQ1I/54OJazB4mu7upx
T/TC8YFulJzuy6C/b0hIRDG9Hq9lLlvuB2WyI7t+YmS5scLi8cZfgRE+sWQ/s+GX
EhlXRbLIIf9t9zhqw698rqUdr5l7P11A1S/FxZnGklAPIqtXTQ9Bxazx5sqF1UKw
xPKJwUzWsgoJnmtIRIcIaaNgWRBUV2myuMS5wHVhMk3UdGywCBB7qSR1/70pydE/
PakoI61YuEY2GJ/GHzIc7foy82rC8F8pOt7tAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU72TlWeE3MwVoJ+zONaLdul3L99MwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzcyVGxXZUUzTXdWb0ot
ek9OYUxkdWwzTDk5TS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAHhTPOUnljAG2Rjmg3UPoW31tzvlwvQ4
p57fK9D1v6IXW4j7TkK6WcuSTjVlukBM7+Ou4e4NBrRGbDnvuIJaeMPK7sKeX/Jp
R8DfYo8HaOEZ/AfyCyPsN+p36kBWd1EMC2o+mxdwz1RjzinYcymIE/0TZs8b0ASp
j80PMN7r7/gU3KAvTjRYvEus7YEoCEkxSN+5WPdDTdZyzKIj5BKLN+P27ZlwEKOF
jIj16MehwBdGuC8eXZ+MMV8b7t0iaJe/IeaVB491dYMCZ59fWtQXixRPgI09urXh
9p+Xfn1UCb3UO/q2meiYzGA9Fg+Ue/y3s8X5JvnKxrUXrVE4MxsoaNA=
-----END CERTIFICATE-----
Generated at Sat Jun 21 21:20:17 2025 by rpki-client