Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/0kyY7Vol0IVdtP-Kj8Y08LNjeIM.roa
File: 0kyY7Vol0IVdtP-Kj8Y08LNjeIM.roa (raw, json)
Hash identifier: 82ETkv30PjGr5Pe2oLGRUWrG0lpB3QdvfS7TCRVrRaQ=
Subject key identifier: D2:4C:98:ED:5A:25:D0:85:5D:B4:FF:8A:8F:C6:34:F0:B3:63:78:83
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4D6F
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0kyY7Vol0IVdtP-Kj8Y08LNjeIM.roa
Signing time: Wed 01 May 2024 19:53:39 +0000
ROA not before: Wed 01 May 2024 19:53:39 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19823 (0x4d6f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 1 19:53:39 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D24C98ED5A25D0855DB4FF8A8FC634F0B3637883
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:83:e4:0d:59:6e:57:1d:dd:2d:a4:f7:a4:48:
e7:f9:57:4e:dc:77:89:25:da:49:5b:a5:a7:63:3f:
19:cc:e8:5c:96:bd:91:0e:56:f9:ff:cc:e8:93:eb:
6f:2b:81:6f:ef:8a:2a:9f:85:30:0e:ce:c6:60:bb:
31:68:04:63:50:bf:28:1c:c4:39:64:cf:bd:3c:89:
9b:6e:5a:e7:51:65:0a:e4:9a:11:13:64:bc:c8:61:
d4:87:e9:83:f1:de:25:43:85:7f:b8:64:8d:8a:8a:
93:2a:5b:09:6a:57:0a:9c:8c:0d:3d:6e:22:af:82:
6e:a1:7b:78:f7:69:7a:75:34:77:22:58:77:4a:f2:
a1:dd:6a:d4:12:75:17:5d:d8:da:eb:2e:2f:05:41:
38:2d:73:97:8c:64:ca:39:db:70:20:61:db:c6:79:
ed:d1:d5:9a:0a:b9:47:52:e2:41:b9:8c:07:21:c5:
69:7c:73:8b:ce:cf:4d:d9:0c:6e:ff:69:92:6c:26:
ac:c9:8f:58:b0:70:7d:d1:42:3c:0e:a9:e8:5a:e1:
0e:38:db:89:ab:46:c0:1e:8a:b6:81:51:c3:96:4b:
ba:13:dd:7f:f8:30:36:1e:79:ff:a8:0d:d0:d0:45:
17:90:3d:84:ec:9b:3a:d9:b8:29:b6:f8:cc:a7:87:
36:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:4C:98:ED:5A:25:D0:85:5D:B4:FF:8A:8F:C6:34:F0:B3:63:78:83
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0kyY7Vol0IVdtP-Kj8Y08LNjeIM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
0b:96:c6:c3:de:23:c4:f8:67:c9:7f:b5:46:3b:9e:46:00:44:
5a:ee:9f:87:bc:67:8e:94:ae:4c:68:94:72:7b:1d:6f:c0:c4:
b3:a4:cf:bb:5a:4b:bf:84:9f:5c:7a:b0:e8:be:2b:c3:4c:72:
59:50:c3:54:c9:80:4c:79:b7:fa:a2:e5:43:bf:c8:51:79:ba:
a7:77:4a:02:78:74:67:0e:26:05:bf:5c:af:48:ba:d3:b1:27:
12:41:51:5c:bb:6f:85:22:74:df:41:63:37:f9:6f:94:dc:87:
24:5a:cd:9b:27:6d:da:dd:69:71:87:e3:23:d3:8b:75:d8:8a:
77:fb:0b:c7:47:98:26:18:9c:eb:c7:da:ec:9b:51:b0:f5:4c:
07:06:62:0c:85:93:ed:0d:4a:cb:88:46:9a:42:94:6d:be:19:
05:0e:78:75:ad:d9:7b:20:7e:5a:6a:75:b0:9b:c7:35:fc:7b:
4e:44:59:85:53:65:cc:69:d8:16:3d:2f:1a:7f:b1:d4:5a:fc:
71:a0:39:9f:4e:f1:5c:55:f0:c1:97:0f:75:ec:33:00:16:25:
b6:bf:e6:08:06:e6:30:ff:2c:03:f9:68:e1:c8:fe:e8:4a:89:
78:27:14:45:61:2f:fe:28:35:b4:45:2c:7a:6e:24:d0:44:e4:
18:15:f1:03
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICTW8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDEx
OTUzMzlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQyNEM5OEVENUEyNUQw
ODU1REI0RkY4QThGQzYzNEYwQjM2Mzc4ODMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCqg+QNWW5XHd0tpPekSOf5V07cd4kl2klbpadjPxnM6FyWvZEO
Vvn/zOiT628rgW/viiqfhTAOzsZguzFoBGNQvygcxDlkz708iZtuWudRZQrkmhET
ZLzIYdSH6YPx3iVDhX+4ZI2KipMqWwlqVwqcjA09biKvgm6he3j3aXp1NHciWHdK
8qHdatQSdRdd2NrrLi8FQTgtc5eMZMo523AgYdvGee3R1ZoKuUdS4kG5jAchxWl8
c4vOz03ZDG7/aZJsJqzJj1iwcH3RQjwOqeha4Q4424mrRsAeiraBUcOWS7oT3X/4
MDYeef+oDdDQRReQPYTsmzrZuCm2+MynhzY/AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU0kyY7Vol0IVdtP+Kj8Y08LNjeIMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzBreVk3Vm9sMElWZHRQ
LUtqOFkwOExOamVJTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAAuWxsPeI8T4Z8l/tUY7nkYARFrun4e8
Z46UrkxolHJ7HW/AxLOkz7taS7+En1x6sOi+K8NMcllQw1TJgEx5t/qi5UO/yFF5
uqd3SgJ4dGcOJgW/XK9IutOxJxJBUVy7b4UidN9BYzf5b5TchyRazZsnbdrdaXGH
4yPTi3XYinf7C8dHmCYYnOvH2uybUbD1TAcGYgyFk+0NSsuIRppClG2+GQUOeHWt
2XsgflpqdbCbxzX8e05EWYVTZcxp2BY9Lxp/sdRa/HGgOZ9O8VxV8MGXD3XsMwAW
Jba/5ggG5jD/LAP5aOHI/uhKiXgnFEVhL/4oNbRFLHpuJNBE5BgV8QM=
-----END CERTIFICATE-----
Generated at Sat May 17 23:56:25 2025 by rpki-client