Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/DHczdPs9gAl_gEAn4g-dmeMAv5E.roa
File: DHczdPs9gAl_gEAn4g-dmeMAv5E.roa (raw, json)
Hash identifier: YBnYbmYgmC+Lj+7dLB3mynbKr2seY+Jf3i5mutlYkaQ=
Subject key identifier: 0C:77:33:74:FB:3D:80:09:7F:80:40:27:E2:0F:9D:99:E3:00:BF:91
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4167
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DHczdPs9gAl_gEAn4g-dmeMAv5E.roa
Signing time: Mon 15 Apr 2024 18:52:58 +0000
ROA not before: Mon 15 Apr 2024 18:52:58 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16743 (0x4167)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 18:52:58 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=0C773374FB3D80097F804027E20F9D99E300BF91
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:f9:8a:87:61:c7:2a:3a:93:3b:20:09:0d:c4:
70:32:6a:73:c9:d3:c0:6f:cc:3a:ed:14:cb:61:ce:
18:5e:7b:ce:c7:41:7b:98:df:92:dc:1d:3e:cf:a0:
29:6c:e8:54:45:89:ac:cb:87:0e:d6:f4:5f:16:c2:
1b:b3:5f:a2:28:4a:cc:6d:34:a0:03:08:b1:d0:60:
92:00:27:9c:91:c0:24:58:e9:5e:da:43:9b:8c:3f:
cf:8c:1a:12:cb:7b:57:fd:3a:8b:0f:c8:a1:3a:e9:
34:07:a1:ea:36:14:e8:09:57:da:f5:76:25:68:8f:
c1:0c:6b:b7:32:45:4b:56:04:76:7b:89:78:50:75:
6c:03:d0:69:53:7b:3a:57:ea:9b:78:02:02:7c:47:
52:96:65:5e:3b:07:76:a0:aa:f5:b4:bf:3f:f2:78:
78:ab:82:54:b7:63:18:da:38:cb:39:47:9f:6f:ae:
ab:2d:20:1c:24:31:58:a0:46:21:41:62:8a:81:e7:
70:e4:8b:87:94:ec:22:f3:24:b5:79:af:d2:a2:e1:
2f:b0:85:cd:fb:51:54:e5:21:fc:e9:42:07:be:40:
8f:84:be:6f:09:02:59:b4:33:b9:33:ef:22:1b:b2:
17:2e:c5:46:f2:76:fe:64:38:75:40:67:07:d2:6c:
8a:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:77:33:74:FB:3D:80:09:7F:80:40:27:E2:0F:9D:99:E3:00:BF:91
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DHczdPs9gAl_gEAn4g-dmeMAv5E.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
15:4d:a6:01:45:a9:4c:5e:60:04:5d:a3:28:5c:00:20:83:f3:
c6:46:01:c6:e8:d8:3a:98:b3:9c:ea:16:b6:0a:dc:1a:8e:5a:
a2:e6:28:d6:1b:32:88:93:6d:37:b5:e8:47:36:18:82:42:61:
cc:3a:35:c1:64:7c:ae:d7:e5:90:c8:66:39:5c:63:fc:d5:47:
d1:f4:76:57:7b:4c:25:d3:8e:1c:d9:10:f3:34:db:73:39:1e:
7c:b5:38:8b:37:4b:47:33:d4:14:e0:86:49:08:a7:74:69:5a:
5d:01:d0:59:9c:91:09:00:4d:ca:9e:5b:2f:7b:f6:de:dc:8c:
31:db:8b:05:7d:ff:52:3a:8d:dc:52:2f:8a:91:aa:ee:79:77:
03:d1:a1:2e:88:9b:b5:06:43:ea:41:3e:90:15:bc:1c:01:00:
9a:c2:18:d0:e5:30:77:4a:c8:96:03:c4:7b:bc:9e:ea:d8:ac:
a9:ce:de:79:49:24:67:5a:d5:41:28:85:44:3a:e2:64:4b:54:
3b:d5:3f:4e:df:c2:b2:05:a1:bf:b5:1c:34:a8:74:bd:92:d3:
93:de:81:1e:e3:47:5a:ff:c7:a2:58:a5:b8:02:b9:3a:c7:87:
91:a7:15:9b:2b:f1:8e:99:30:c4:36:8b:a3:a0:a5:84:0c:46:
ec:24:33:5b
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQWcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUx
ODUyNThaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDBDNzczMzc0RkIzRDgw
MDk3RjgwNDAyN0UyMEY5RDk5RTMwMEJGOTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDT+YqHYccqOpM7IAkNxHAyanPJ08BvzDrtFMthzhhee87HQXuY
35LcHT7PoCls6FRFiazLhw7W9F8WwhuzX6IoSsxtNKADCLHQYJIAJ5yRwCRY6V7a
Q5uMP8+MGhLLe1f9OosPyKE66TQHoeo2FOgJV9r1diVoj8EMa7cyRUtWBHZ7iXhQ
dWwD0GlTezpX6pt4AgJ8R1KWZV47B3agqvW0vz/yeHirglS3YxjaOMs5R59vrqst
IBwkMVigRiFBYoqB53Dki4eU7CLzJLV5r9Ki4S+whc37UVTlIfzpQge+QI+Evm8J
Alm0M7kz7yIbshcuxUbydv5kOHVAZwfSbIofAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUDHczdPs9gAl/gEAn4g+dmeMAv5EwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0RIY3pkUHM5Z0FsX2dF
QW40Zy1kbWVNQXY1RS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBABVNpgFFqUxeYARdoyhcACCD88ZGAcbo
2DqYs5zqFrYK3BqOWqLmKNYbMoiTbTe16Ec2GIJCYcw6NcFkfK7X5ZDIZjlcY/zV
R9H0dld7TCXTjhzZEPM023M5Hny1OIs3S0cz1BTghkkIp3RpWl0B0FmckQkATcqe
Wy979t7cjDHbiwV9/1I6jdxSL4qRqu55dwPRoS6Im7UGQ+pBPpAVvBwBAJrCGNDl
MHdKyJYDxHu8nurYrKnO3nlJJGda1UEohUQ64mRLVDvVP07fwrIFob+1HDSodL2S
05PegR7jR1r/x6JYpbgCuTrHh5GnFZsr8Y6ZMMQ2i6OgpYQMRuwkM1s=
-----END CERTIFICATE-----
Generated at Sun Jun 22 13:31:02 2025 by rpki-client