Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/kky4UKeqwuPu1OKCI0JbBW_Wdz4.roa
File: kky4UKeqwuPu1OKCI0JbBW_Wdz4.roa (raw, json)
Hash identifier: nNcu1hZaO4kRqHoLDzjreeJGJVysLqMwR/TLVrI6j9c=
Subject key identifier: 92:4C:B8:50:A7:AA:C2:E3:EE:D4:E2:82:23:42:5B:05:6F:D6:77:3E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 33CF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/kky4UKeqwuPu1OKCI0JbBW_Wdz4.roa
Signing time: Thu 28 Mar 2024 15:52:03 +0000
ROA not before: Thu 28 Mar 2024 15:52:03 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13263 (0x33cf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 28 15:52:03 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=924CB850A7AAC2E3EED4E28223425B056FD6773E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:a2:2d:a2:2a:54:99:87:e7:10:d4:73:70:12:
99:a9:33:c8:3f:fa:92:65:7b:20:f8:bb:5f:37:eb:
8b:82:be:23:f5:c8:3e:67:cd:b6:e4:db:88:5b:b6:
b2:25:d7:01:40:d0:6d:3b:14:45:78:80:c4:9c:64:
ee:b3:34:5e:d2:d7:93:94:fd:cc:18:c0:0c:4e:ee:
dc:40:60:e9:63:8d:f4:3f:73:e2:0e:4d:ce:f5:a8:
ea:7b:15:3a:9f:54:60:5a:3f:a4:3a:a7:57:cd:e9:
2a:e6:98:eb:73:2a:97:06:c8:ba:3d:b1:36:df:cc:
ae:a6:6f:db:78:24:34:79:fa:7b:08:42:5f:54:d2:
4f:74:2d:e3:bb:55:05:11:fc:1f:0c:70:b4:21:9d:
59:e1:8e:4f:87:be:96:ba:06:b9:0b:b8:04:16:9f:
05:5e:5b:4c:c7:7e:b6:c9:9e:b1:83:37:b8:c2:66:
64:d0:bd:a5:94:a8:43:91:6d:60:b9:ed:9a:48:d8:
3c:fb:30:7b:27:80:ea:4b:97:96:2b:98:d4:40:ff:
da:79:96:56:a8:57:89:11:37:13:a7:1e:58:73:44:
ec:e1:89:34:91:a5:76:46:87:b8:25:00:3c:e7:36:
9f:39:b7:0e:d0:e7:2a:80:35:b0:27:e4:4a:2d:de:
37:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:4C:B8:50:A7:AA:C2:E3:EE:D4:E2:82:23:42:5B:05:6F:D6:77:3E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/kky4UKeqwuPu1OKCI0JbBW_Wdz4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
57:d5:e8:7a:43:70:5c:3f:6a:23:a1:cd:31:b6:14:da:65:01:
2f:d0:03:45:c8:fd:47:13:e5:90:87:12:29:24:8f:2e:d9:e1:
46:d5:40:10:fc:d6:ba:e2:b7:7b:83:49:21:90:18:03:7f:39:
55:14:5b:31:23:52:b3:8b:c7:49:3f:fb:38:ec:d6:42:ec:5d:
53:21:ac:7f:a5:ba:6d:23:21:e3:a4:f4:08:f4:f0:6b:7e:50:
08:7e:0c:1f:fd:6c:27:c4:51:f5:f4:fe:5e:2d:30:50:ca:d0:
96:b4:2e:30:69:0e:7b:18:ef:90:3b:72:da:ff:6b:03:3c:e0:
6a:b0:a8:ed:d7:ea:8a:1e:67:fd:cf:e5:b1:64:d9:35:a7:7c:
76:24:42:0c:7b:f3:99:d0:a9:73:f4:ee:5f:eb:c7:9d:84:74:
31:93:80:a9:c5:bf:aa:ca:d6:0c:b0:69:89:fa:fd:2f:01:cc:
f0:e8:20:3e:65:75:6b:10:33:40:87:2a:84:c3:06:93:b0:a9:
36:e3:53:b6:42:0d:0f:4a:a7:99:7e:cb:30:e9:f6:6d:98:e0:
70:fb:1c:29:a4:99:ea:46:9c:9d:3f:8c:1e:e0:8f:78:7c:6d:
1b:08:29:f6:86:bf:18:a1:81:14:a3:52:53:64:b3:b6:b1:77:
92:17:9e:a7
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICM88wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjgx
NTUyMDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDkyNENCODUwQTdBQUMy
RTNFRUQ0RTI4MjIzNDI1QjA1NkZENjc3M0UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCnoi2iKlSZh+cQ1HNwEpmpM8g/+pJleyD4u18364uCviP1yD5n
zbbk24hbtrIl1wFA0G07FEV4gMScZO6zNF7S15OU/cwYwAxO7txAYOljjfQ/c+IO
Tc71qOp7FTqfVGBaP6Q6p1fN6SrmmOtzKpcGyLo9sTbfzK6mb9t4JDR5+nsIQl9U
0k90LeO7VQUR/B8McLQhnVnhjk+Hvpa6BrkLuAQWnwVeW0zHfrbJnrGDN7jCZmTQ
vaWUqEORbWC57ZpI2Dz7MHsngOpLl5YrmNRA/9p5llaoV4kRNxOnHlhzROzhiTSR
pXZGh7glADznNp85tw7Q5yqANbAn5Eot3jcBAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUkky4UKeqwuPu1OKCI0JbBW/Wdz4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2treTRVS2Vxd3VQdTFP
S0NJMEpiQldfV2R6NC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAFfV6HpDcFw/aiOhzTG2FNplAS/QA0XI
/UcT5ZCHEikkjy7Z4UbVQBD81rrit3uDSSGQGAN/OVUUWzEjUrOLx0k/+zjs1kLs
XVMhrH+lum0jIeOk9Aj08Gt+UAh+DB/9bCfEUfX0/l4tMFDK0Ja0LjBpDnsY75A7
ctr/awM84GqwqO3X6ooeZ/3P5bFk2TWnfHYkQgx785nQqXP07l/rx52EdDGTgKnF
v6rK1gywaYn6/S8BzPDoID5ldWsQM0CHKoTDBpOwqTbjU7ZCDQ9Kp5l+yzDp9m2Y
4HD7HCmkmepGnJ0/jB7gj3h8bRsIKfaGvxihgRSjUlNks7axd5IXnqc=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:59:13 2025 by rpki-client