Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/suI6ujNuEJh-aus6RYlzAuF14D0.roa
File: suI6ujNuEJh-aus6RYlzAuF14D0.roa (raw, json)
Hash identifier: gi0eL15jQDRbCEtqW3DqkaYt8gRQX41vQltsEjQnwY8=
Subject key identifier: B2:E2:3A:BA:33:6E:10:98:7E:6A:EB:3A:45:89:73:02:E1:75:E0:3D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 55E3
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/suI6ujNuEJh-aus6RYlzAuF14D0.roa
Signing time: Mon 13 May 2024 02:24:07 +0000
ROA not before: Mon 13 May 2024 02:24:07 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21987 (0x55e3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 13 02:24:07 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B2E23ABA336E10987E6AEB3A45897302E175E03D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:8a:ae:87:c1:4b:d6:25:2c:5b:27:0c:2b:77:
09:bf:45:48:f9:08:0c:68:8b:d7:d1:ea:12:97:12:
d5:08:9e:fb:98:47:04:55:f0:6e:1f:14:61:87:59:
18:a6:33:0e:3e:61:9e:eb:0c:75:05:49:19:0f:d3:
83:0b:e4:ac:3c:65:1c:dc:6c:58:9d:aa:39:36:6c:
91:04:fc:06:0f:4b:d0:65:60:73:60:68:50:ed:2d:
96:3d:be:4d:51:e7:ac:a8:49:9f:07:a9:3b:fa:f8:
fc:83:93:ba:46:08:b9:c5:2a:f1:e4:ce:5b:a1:30:
c2:4c:56:40:57:67:bf:94:a7:bb:dc:35:db:52:37:
01:d1:1e:e2:53:68:1f:6a:1c:c3:0b:af:57:99:70:
66:2b:10:cc:f7:84:34:d5:70:81:02:c4:05:0b:51:
f5:bf:b1:93:cd:17:8e:7a:4a:51:f7:3e:e9:29:94:
9c:37:6d:67:86:5e:50:aa:72:22:c4:f7:24:43:9a:
3a:af:c3:21:29:a6:ec:56:ae:6d:fb:a6:d2:db:b0:
37:79:7d:3b:b4:d5:29:fe:cd:61:fa:d8:cb:ac:6b:
f0:08:9d:99:64:a3:60:ca:fb:60:bb:2f:ed:80:c4:
4a:43:3a:ed:4d:41:db:a8:99:81:62:f7:43:33:dd:
76:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:E2:3A:BA:33:6E:10:98:7E:6A:EB:3A:45:89:73:02:E1:75:E0:3D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/suI6ujNuEJh-aus6RYlzAuF14D0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
84:4f:c5:ec:49:14:11:ed:38:fd:78:ca:47:89:25:07:80:16:
da:d2:b8:37:dc:97:e7:c7:e8:c5:cf:69:73:d0:54:97:f8:d5:
47:7b:12:52:74:e3:52:11:9d:71:ea:3d:4c:bb:7e:99:59:da:
fb:62:95:36:28:63:58:1b:4a:51:c5:48:81:af:81:78:52:90:
d1:cd:fe:31:9c:e5:ca:80:5f:09:79:c3:9b:7c:82:79:52:24:
af:67:8d:8a:2a:15:e9:99:06:15:32:c7:5b:3e:88:bc:3f:80:
64:22:fc:12:5e:c9:57:79:89:c4:17:26:8d:b8:a6:49:29:40:
d1:9d:9c:9f:3e:23:7e:39:43:2c:b8:b9:a4:70:49:f8:77:81:
06:d0:7b:5c:cc:19:da:06:13:57:94:94:06:83:9f:af:9e:f5:
a9:0b:1e:21:68:9d:55:7d:5e:11:b0:fc:11:92:31:ad:9e:83:
0c:0b:03:70:a2:9a:49:dd:e1:e5:0e:d0:a7:dc:33:62:51:15:
46:5a:7e:8a:dd:54:0a:95:ac:d2:12:52:cd:03:7e:dd:ce:85:
32:8a:70:e5:7e:2d:f4:f5:de:ef:94:bc:cb:7e:f4:55:df:23:
37:b9:b0:01:75:5c:48:bd:cd:61:80:f8:46:6a:d9:7d:47:4a:
fc:0b:c4:e9
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICVeMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTMw
MjI0MDdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEIyRTIzQUJBMzM2RTEw
OTg3RTZBRUIzQTQ1ODk3MzAyRTE3NUUwM0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDUiq6HwUvWJSxbJwwrdwm/RUj5CAxoi9fR6hKXEtUInvuYRwRV
8G4fFGGHWRimMw4+YZ7rDHUFSRkP04ML5Kw8ZRzcbFidqjk2bJEE/AYPS9BlYHNg
aFDtLZY9vk1R56yoSZ8HqTv6+PyDk7pGCLnFKvHkzluhMMJMVkBXZ7+Up7vcNdtS
NwHRHuJTaB9qHMMLr1eZcGYrEMz3hDTVcIECxAULUfW/sZPNF456SlH3PukplJw3
bWeGXlCqciLE9yRDmjqvwyEppuxWrm37ptLbsDd5fTu01Sn+zWH62Musa/AInZlk
o2DK+2C7L+2AxEpDOu1NQduomYFi90Mz3XZRAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUsuI6ujNuEJh+aus6RYlzAuF14D0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3N1STZ1ak51RUpoLWF1
czZSWWx6QXVGMTREMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAIRPxexJFBHtOP14ykeJJQeAFtrSuDfc
l+fH6MXPaXPQVJf41Ud7ElJ041IRnXHqPUy7fplZ2vtilTYoY1gbSlHFSIGvgXhS
kNHN/jGc5cqAXwl5w5t8gnlSJK9njYoqFemZBhUyx1s+iLw/gGQi/BJeyVd5icQX
Jo24pkkpQNGdnJ8+I345Qyy4uaRwSfh3gQbQe1zMGdoGE1eUlAaDn6+e9akLHiFo
nVV9XhGw/BGSMa2egwwLA3Cimknd4eUO0KfcM2JRFUZafordVAqVrNISUs0Dft3O
hTKKcOV+LfT13u+UvMt+9FXfIze5sAF1XEi9zWGA+EZq2X1HSvwLxOk=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:56:36 2025 by rpki-client