Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/UuhJ8QTwpnW6VudqhpRCrKD3-nc.roa
File: UuhJ8QTwpnW6VudqhpRCrKD3-nc.roa (raw, json)
Hash identifier: 52mqUn/YjXR2nwQHx5qktY9U8BTMSeG4YIfzyW6zPAM=
Subject key identifier: 52:E8:49:F1:04:F0:A6:75:BA:56:E7:6A:86:94:42:AC:A0:F7:FA:77
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3E57
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/UuhJ8QTwpnW6VudqhpRCrKD3-nc.roa
Signing time: Thu 11 Apr 2024 16:52:47 +0000
ROA not before: Thu 11 Apr 2024 16:52:47 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15959 (0x3e57)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 11 16:52:47 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=52E849F104F0A675BA56E76A869442ACA0F7FA77
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:33:c9:fd:70:9f:7a:dc:be:bd:89:33:83:b8:
02:c3:9a:44:c8:5a:6d:8c:a8:5a:dd:36:e0:18:5b:
5d:1c:db:33:09:e6:98:54:2a:e4:4a:26:c2:3b:a3:
0c:17:b5:1e:6f:ee:6d:b9:09:cc:ee:77:ce:3f:c1:
25:df:8e:9c:20:66:4d:66:e4:83:d8:44:4f:5e:4b:
4f:07:d2:e1:6f:ef:56:7d:5b:08:c1:b2:4c:f7:a7:
c6:8f:3b:b0:3a:fb:ca:6e:3b:ae:7b:42:42:c0:c6:
3f:f2:36:b8:52:a9:f7:56:ba:78:df:04:72:91:04:
8e:62:d6:0a:4d:4d:4e:bb:b1:92:c1:d3:2d:c9:08:
b0:2b:a1:87:13:7c:64:7d:89:d9:d7:e2:e7:51:37:
1e:fb:7f:24:cd:bc:64:43:77:31:94:7e:1d:4b:c7:
28:7e:17:38:ef:bf:b7:12:82:71:dd:2b:b5:88:c7:
0c:c0:e1:d3:e1:c4:78:30:f7:37:66:b3:04:ef:62:
f3:bb:24:73:ca:e4:41:c9:79:6c:74:74:a6:8f:75:
8d:60:1a:be:f5:8b:da:36:ad:d7:b4:a6:ff:bc:68:
ee:50:5f:64:07:67:93:bb:2a:85:59:07:0a:33:b9:
cb:63:07:98:26:76:49:83:8f:41:73:c7:cc:92:2a:
a8:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:E8:49:F1:04:F0:A6:75:BA:56:E7:6A:86:94:42:AC:A0:F7:FA:77
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/UuhJ8QTwpnW6VudqhpRCrKD3-nc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
16:fb:c3:b8:7a:14:6d:33:e8:3e:fc:0b:c4:e8:3e:43:18:23:
f9:51:aa:ca:8d:2f:83:cd:d4:35:dc:2e:44:6c:74:d0:7c:a8:
85:16:39:ca:88:c8:b0:cd:83:f5:f0:67:e8:bc:ea:de:d4:40:
02:c7:81:70:90:fe:1a:0f:d2:60:08:00:61:b6:8f:18:07:d1:
95:70:b6:38:2e:12:7f:dd:7a:ee:84:54:29:3c:5e:4f:55:68:
44:ad:20:81:59:3f:4c:0d:63:94:e1:f7:f2:2e:2d:55:9c:7d:
77:0f:7b:c9:02:4b:89:6f:b5:e8:b9:c6:8f:1f:69:25:a7:37:
be:ad:6d:c5:80:52:f7:4f:7d:24:b8:ef:0f:0d:b9:43:8d:8c:
41:c1:de:d8:a1:64:60:cf:3e:4c:8c:19:28:53:03:d8:63:a2:
d6:2e:d3:bb:1a:2a:80:a4:f2:b2:22:12:8a:94:55:bc:56:41:
75:67:4a:02:a7:7b:5e:be:25:9a:39:6e:41:8c:17:be:8f:d7:
0a:9e:c6:04:bb:8d:60:ad:23:19:b7:3a:2e:9f:16:5a:76:1a:
cc:2d:5a:cb:ec:25:68:c6:13:1b:9a:33:f8:99:a3:0d:20:08:
6e:7e:c0:d9:81:75:35:22:a0:08:d0:5c:13:17:48:e9:64:67:
89:6d:c1:1e
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICPlcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTEx
NjUyNDdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDUyRTg0OUYxMDRGMEE2
NzVCQTU2RTc2QTg2OTQ0MkFDQTBGN0ZBNzcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC1M8n9cJ963L69iTODuALDmkTIWm2MqFrdNuAYW10c2zMJ5phU
KuRKJsI7owwXtR5v7m25Cczud84/wSXfjpwgZk1m5IPYRE9eS08H0uFv71Z9WwjB
skz3p8aPO7A6+8puO657QkLAxj/yNrhSqfdWunjfBHKRBI5i1gpNTU67sZLB0y3J
CLAroYcTfGR9idnX4udRNx77fyTNvGRDdzGUfh1Lxyh+Fzjvv7cSgnHdK7WIxwzA
4dPhxHgw9zdmswTvYvO7JHPK5EHJeWx0dKaPdY1gGr71i9o2rde0pv+8aO5QX2QH
Z5O7KoVZBwozuctjB5gmdkmDj0Fzx8ySKqj9AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUUuhJ8QTwpnW6VudqhpRCrKD3+ncwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1V1aEo4UVR3cG5XNlZ1
ZHFocFJDcktEMy1uYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBABb7w7h6FG0z6D78C8ToPkMYI/lRqsqN
L4PN1DXcLkRsdNB8qIUWOcqIyLDNg/XwZ+i86t7UQALHgXCQ/hoP0mAIAGG2jxgH
0ZVwtjguEn/deu6EVCk8Xk9VaEStIIFZP0wNY5Th9/IuLVWcfXcPe8kCS4lvtei5
xo8faSWnN76tbcWAUvdPfSS47w8NuUONjEHB3tihZGDPPkyMGShTA9hjotYu07sa
KoCk8rIiEoqUVbxWQXVnSgKne16+JZo5bkGMF76P1wqexgS7jWCtIxm3Oi6fFlp2
GswtWsvsJWjGExuaM/iZow0gCG5+wNmBdTUioAjQXBMXSOlkZ4ltwR4=
-----END CERTIFICATE-----
Generated at Sun Jun 22 13:51:20 2025 by rpki-client