Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ii_CKua_H2lFF-bAC5JQNppTFg0.roa
File: ii_CKua_H2lFF-bAC5JQNppTFg0.roa (raw, json)
Hash identifier: SokLZJ9ZuFq2LSad1kx5291J0rxmLXzFh7HxaLBRxqw=
Subject key identifier: 8A:2F:C2:2A:E6:BF:1F:69:45:17:E6:C0:0B:92:50:36:9A:53:16:0D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 47BB
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ii_CKua_H2lFF-bAC5JQNppTFg0.roa
Signing time: Wed 24 Apr 2024 05:23:13 +0000
ROA not before: Wed 24 Apr 2024 05:23:13 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18363 (0x47bb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 24 05:23:13 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8A2FC22AE6BF1F694517E6C00B9250369A53160D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:3e:ea:55:b5:66:a9:62:f6:45:16:87:fe:51:
a4:9e:79:02:28:59:bb:59:38:97:a7:9a:65:fa:23:
95:75:ab:1d:38:48:c2:62:89:d3:e5:cf:9e:14:36:
93:ba:f2:79:f2:10:16:b2:dd:b6:6b:04:89:cb:56:
a6:02:3f:ec:78:94:32:24:ee:24:91:28:2a:a0:a0:
78:80:cc:dc:2a:de:19:45:07:73:97:cf:2e:9f:eb:
5b:16:86:db:ab:ac:d0:d4:6b:8c:6f:4d:37:94:4b:
36:36:a3:23:cc:95:ef:7b:16:5d:43:cb:14:b2:55:
1d:72:2a:9d:d3:38:5b:aa:61:03:d3:c5:3e:d5:fe:
2e:f1:82:ce:23:a9:c0:de:65:3c:d0:4b:ba:fa:2b:
f6:a6:6c:6f:e6:be:87:af:7b:b7:30:e3:e6:47:eb:
91:54:95:9e:52:96:97:81:a1:90:cc:3e:c0:a9:fc:
35:1f:ca:ca:b4:7e:0a:a4:71:12:06:08:ff:9b:94:
37:5c:32:68:1a:1c:43:44:f0:b9:ba:e7:25:b2:54:
0a:51:d9:c4:a3:fe:d2:2a:1f:d0:2f:b0:af:ca:b1:
99:da:19:44:e4:ed:08:8a:de:04:74:02:52:f3:f1:
48:34:53:7d:be:c5:00:6d:7d:32:94:02:be:1e:85:
6d:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:2F:C2:2A:E6:BF:1F:69:45:17:E6:C0:0B:92:50:36:9A:53:16:0D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ii_CKua_H2lFF-bAC5JQNppTFg0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
a3:79:18:1a:6a:3b:e0:f0:92:da:d4:cb:ed:16:43:dd:2f:cc:
41:37:8d:a9:53:17:cb:ce:98:01:94:ba:ca:16:f7:a6:db:bd:
ea:44:b4:20:9f:5e:72:49:f8:56:c4:ec:4f:0e:6b:60:5e:91:
c8:c8:8d:6d:f3:fe:6b:e0:07:1f:b3:f7:ad:75:ff:ff:00:60:
1d:b9:a1:27:92:28:66:ca:60:38:24:2c:ce:28:99:83:5c:ab:
d9:a2:90:20:d1:4e:d9:57:91:ee:53:98:95:33:50:d0:ec:b3:
0d:59:24:db:ac:08:f1:1a:4d:a9:b8:fe:70:e5:e5:3c:ae:21:
72:b1:07:a5:44:6c:93:2a:54:cb:9e:d9:ba:d1:81:1b:df:6a:
4a:02:c4:75:57:0f:58:3f:98:27:37:1a:c5:6f:5c:89:8e:45:
ec:69:3b:2b:74:34:f0:8b:91:8c:f8:4e:ad:39:7f:fa:45:53:
ba:0a:06:eb:c0:f8:40:d8:ec:c6:6e:e8:5a:33:f7:9e:76:8f:
09:76:ae:33:7c:c6:1c:29:24:be:75:85:65:03:78:2c:73:ac:
a0:b7:bf:25:c9:0d:91:80:39:7f:ca:8f:86:2b:32:ad:89:77:
42:93:b1:1c:d6:c3:17:4a:6a:33:bc:0e:9a:52:a7:12:10:f9:
1e:af:2b:c0
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICR7swDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjQw
NTIzMTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhBMkZDMjJBRTZCRjFG
Njk0NTE3RTZDMDBCOTI1MDM2OUE1MzE2MEQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCsPupVtWapYvZFFof+UaSeeQIoWbtZOJenmmX6I5V1qx04SMJi
idPlz54UNpO68nnyEBay3bZrBInLVqYCP+x4lDIk7iSRKCqgoHiAzNwq3hlFB3OX
zy6f61sWhturrNDUa4xvTTeUSzY2oyPMle97Fl1DyxSyVR1yKp3TOFuqYQPTxT7V
/i7xgs4jqcDeZTzQS7r6K/ambG/mvoeve7cw4+ZH65FUlZ5SlpeBoZDMPsCp/DUf
ysq0fgqkcRIGCP+blDdcMmgaHENE8Lm65yWyVApR2cSj/tIqH9AvsK/KsZnaGUTk
7QiK3gR0AlLz8Ug0U32+xQBtfTKUAr4ehW3jAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUii/CKua/H2lFF+bAC5JQNppTFg0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2lpX0NLdWFfSDJsRkYt
YkFDNUpRTnBwVEZnMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAKN5GBpqO+DwktrUy+0WQ90vzEE3jalT
F8vOmAGUusoW96bbvepEtCCfXnJJ+FbE7E8Oa2BekcjIjW3z/mvgBx+z9611//8A
YB25oSeSKGbKYDgkLM4omYNcq9mikCDRTtlXke5TmJUzUNDssw1ZJNusCPEaTam4
/nDl5TyuIXKxB6VEbJMqVMue2brRgRvfakoCxHVXD1g/mCc3GsVvXImORexpOyt0
NPCLkYz4Tq05f/pFU7oKBuvA+EDY7MZu6Foz9552jwl2rjN8xhwpJL51hWUDeCxz
rKC3vyXJDZGAOX/Kj4YrMq2Jd0KTsRzWwxdKajO8DppSpxIQ+R6vK8A=
-----END CERTIFICATE-----
Generated at Sat Jun 21 07:56:55 2025 by rpki-client