Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/CmWioKr24zZRQkFd0YfwNAF7oDI.roa
File: CmWioKr24zZRQkFd0YfwNAF7oDI.roa (raw, json)
Hash identifier: mlekAP1Bw0yJ+y5G83h7WA5zrd8fe870ZnOpn9EX+BU=
Subject key identifier: 0A:65:A2:A0:AA:F6:E3:36:51:42:41:5D:D1:87:F0:34:01:7B:A0:32
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 410B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/CmWioKr24zZRQkFd0YfwNAF7oDI.roa
Signing time: Mon 15 Apr 2024 07:22:54 +0000
ROA not before: Mon 15 Apr 2024 07:22:54 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16651 (0x410b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 07:22:54 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=0A65A2A0AAF6E3365142415DD187F034017BA032
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:f2:f2:7c:02:e4:dd:5a:39:a3:94:92:fe:80:
28:3c:0c:55:38:d9:51:22:c0:6d:65:92:3e:ea:4d:
26:f7:d4:f7:15:63:fd:0d:55:64:f7:0c:05:d4:68:
a3:56:31:0c:22:aa:8e:18:5f:c8:f7:f8:cf:55:2e:
05:d5:82:ee:24:f5:94:b9:eb:b1:bd:b4:5e:a9:cc:
98:2c:94:3c:7a:40:48:24:32:4f:72:77:2f:f9:59:
4c:54:4f:dd:84:c9:eb:dd:f0:e0:18:dd:49:d6:f5:
97:65:da:57:67:b3:fa:49:3f:ba:d6:de:c9:fe:9e:
56:89:65:3b:99:15:18:68:25:14:a6:bf:90:c8:73:
ef:42:b6:cc:28:a8:d4:a9:c3:28:d9:6c:a3:d7:d4:
f2:db:38:20:e2:cd:9a:55:4d:5a:d9:e6:41:7e:1e:
55:97:a4:ab:df:b8:8e:53:a1:10:cb:29:05:b2:d0:
c4:5b:48:c3:d6:f6:52:67:2c:f9:86:69:a8:4a:2b:
33:0f:f6:f0:68:a0:fb:6b:c1:3e:c6:de:57:2c:1a:
aa:93:5e:53:5c:1b:25:ae:5e:82:f8:b1:de:e5:0c:
25:8a:ad:20:f2:56:ac:e9:c9:f1:d5:fe:90:b4:e1:
63:1e:e3:e1:79:24:09:1e:87:dc:6b:2a:43:3e:38:
e8:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:65:A2:A0:AA:F6:E3:36:51:42:41:5D:D1:87:F0:34:01:7B:A0:32
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/CmWioKr24zZRQkFd0YfwNAF7oDI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
2b:7a:25:17:a1:ee:a1:5d:16:28:c1:e8:0d:b7:49:35:08:af:
6c:31:b1:0d:e2:8e:c5:45:4b:97:5a:a7:95:65:ad:33:8b:22:
a7:87:db:33:b2:82:08:61:1c:2b:f9:5a:9c:e2:95:ff:40:44:
33:bf:9e:17:78:0b:7b:55:24:f4:85:85:37:49:dc:99:7f:52:
5b:83:74:b5:99:30:3d:1d:8d:bb:bb:7b:8a:a0:55:79:26:ed:
e5:02:43:86:38:ab:75:63:56:50:ad:6c:60:3e:6f:78:97:ab:
9d:e6:8c:62:bf:af:ca:1d:93:60:ad:09:8a:ef:d4:a8:83:74:
51:54:57:57:69:ca:48:55:19:6a:54:6b:a6:37:de:f8:12:12:
30:03:36:d0:df:b5:55:da:c3:d7:57:dc:9e:13:75:11:e8:ac:
40:9c:b9:9f:25:95:19:3b:63:54:17:0f:cb:a8:c7:d0:fe:c5:
60:db:46:16:56:20:22:63:ed:b4:84:64:75:57:8f:ae:71:16:
79:d5:90:ec:94:22:2d:19:81:bc:92:e9:21:79:0d:18:c7:6b:
2c:83:79:40:3b:c6:51:2c:4c:fa:84:d8:92:e9:2f:42:27:5c:
b4:3b:5b:95:48:d1:3b:8b:01:20:82:c6:3d:66:08:4f:f2:af:
a8:d7:93:04
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQQswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUw
NzIyNTRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDBBNjVBMkEwQUFGNkUz
MzY1MTQyNDE1REQxODdGMDM0MDE3QkEwMzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDb8vJ8AuTdWjmjlJL+gCg8DFU42VEiwG1lkj7qTSb31PcVY/0N
VWT3DAXUaKNWMQwiqo4YX8j3+M9VLgXVgu4k9ZS567G9tF6pzJgslDx6QEgkMk9y
dy/5WUxUT92Eyevd8OAY3UnW9Zdl2ldns/pJP7rW3sn+nlaJZTuZFRhoJRSmv5DI
c+9CtswoqNSpwyjZbKPX1PLbOCDizZpVTVrZ5kF+HlWXpKvfuI5ToRDLKQWy0MRb
SMPW9lJnLPmGaahKKzMP9vBooPtrwT7G3lcsGqqTXlNcGyWuXoL4sd7lDCWKrSDy
VqzpyfHV/pC04WMe4+F5JAkeh9xrKkM+OOgVAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUCmWioKr24zZRQkFd0YfwNAF7oDIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0NtV2lvS3IyNHpaUlFr
RmQwWWZ3TkFGN29ESS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBACt6JReh7qFdFijB6A23STUIr2wxsQ3i
jsVFS5dap5VlrTOLIqeH2zOygghhHCv5Wpzilf9ARDO/nhd4C3tVJPSFhTdJ3Jl/
UluDdLWZMD0djbu7e4qgVXkm7eUCQ4Y4q3VjVlCtbGA+b3iXq53mjGK/r8odk2Ct
CYrv1KiDdFFUV1dpykhVGWpUa6Y33vgSEjADNtDftVXaw9dX3J4TdRHorECcuZ8l
lRk7Y1QXD8uox9D+xWDbRhZWICJj7bSEZHVXj65xFnnVkOyUIi0ZgbyS6SF5DRjH
ayyDeUA7xlEsTPqE2JLpL0InXLQ7W5VI0TuLASCCxj1mCE/yr6jXkwQ=
-----END CERTIFICATE-----
Generated at Fri Jun 20 08:03:31 2025 by rpki-client