Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/BCSOkfcN30k0tkelpbNknx6u-rY.roa
File: BCSOkfcN30k0tkelpbNknx6u-rY.roa (raw, json)
Hash identifier: f7HPrYEnvyukjklf2AjqGJaqvrOpD2T+te5Tpj/9onA=
Subject key identifier: 04:24:8E:91:F7:0D:DF:49:34:B6:47:A5:A5:B3:64:9F:1E:AE:FA:B6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4A8B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/BCSOkfcN30k0tkelpbNknx6u-rY.roa
Signing time: Sat 27 Apr 2024 23:23:28 +0000
ROA not before: Sat 27 Apr 2024 23:23:28 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19083 (0x4a8b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 27 23:23:28 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=04248E91F70DDF4934B647A5A5B3649F1EAEFAB6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:54:fb:c6:88:da:83:05:28:01:64:8c:54:c3:
a4:99:16:1e:9a:17:73:6e:57:83:50:25:b4:a5:9e:
9c:93:86:eb:dd:5c:33:69:02:be:48:e4:f5:cb:3f:
8f:be:5a:52:9f:b7:8e:77:2c:3d:8d:96:85:84:c6:
20:1e:6b:c5:b3:94:55:f2:0d:e8:e3:2f:74:d0:13:
9f:d9:af:f8:e4:6d:59:d1:23:f4:99:e9:e5:93:9e:
5f:3e:f4:4e:fc:f6:56:75:3e:08:79:89:53:86:d3:
36:fd:b5:44:d6:d6:92:47:33:de:0e:3e:74:ef:a1:
06:f4:b7:02:b8:6e:c5:97:cc:24:7d:51:2d:fc:9b:
1c:c4:e0:a5:2c:89:94:ca:9e:a0:66:58:96:5a:2a:
46:97:e0:a3:19:d7:93:0c:09:b2:fc:f8:e3:cb:eb:
b6:c6:a0:6a:da:cc:1c:e9:de:f3:82:da:8d:a0:3e:
73:da:ab:82:1d:e9:cd:57:0f:c4:5d:09:df:a9:ed:
6a:75:7f:df:ed:08:06:d4:30:c7:af:c0:b7:20:7f:
5f:42:ea:df:ab:8a:17:ad:c3:61:73:5f:86:e9:1e:
24:88:ed:ae:f2:42:5d:05:62:77:a5:84:34:c3:43:
e1:40:5b:34:63:c8:42:90:bf:c6:a3:7e:f4:1e:c8:
70:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:24:8E:91:F7:0D:DF:49:34:B6:47:A5:A5:B3:64:9F:1E:AE:FA:B6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/BCSOkfcN30k0tkelpbNknx6u-rY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
42:51:f0:49:2b:94:6d:12:4b:1b:89:b8:18:c7:0e:0d:e6:42:
0f:e8:40:b8:b1:75:78:b0:98:73:35:47:68:3c:f4:f2:65:85:
8c:ce:37:15:23:4c:04:1c:f4:cf:a0:18:95:34:7c:7f:71:0a:
f5:ad:98:24:fc:4a:fb:df:31:13:9d:fd:2f:08:c3:3f:d7:d9:
d8:b0:77:64:6b:bb:71:5b:c3:2f:2c:cc:76:e2:7b:ae:79:b4:
40:aa:5a:27:05:45:c7:03:74:d4:e5:4b:9f:f6:90:34:46:09:
30:f5:e4:34:34:b3:79:2a:81:10:f1:db:ab:9f:5c:83:18:dd:
1c:e4:fd:e6:41:5d:59:56:f1:20:09:13:42:d5:10:97:b7:71:
4d:39:52:0b:d7:4f:48:68:64:d5:f7:54:ef:04:3b:e8:4f:37:
f4:37:a6:7a:da:73:50:9a:24:96:40:24:54:4f:ab:81:01:75:
da:1e:f6:e9:ed:49:67:79:c0:59:22:0d:93:44:c4:ff:e4:0c:
fb:37:17:62:3f:8c:58:99:1c:df:2a:6e:62:3a:11:c6:78:e0:
41:0e:31:1b:3f:b4:52:18:b1:c6:3e:19:e4:ec:80:91:75:67:
e6:2a:13:be:91:81:0e:03:3d:30:f9:5a:ae:79:67:b1:18:90:
19:99:04:05
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICSoswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjcy
MzIzMjhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDA0MjQ4RTkxRjcwRERG
NDkzNEI2NDdBNUE1QjM2NDlGMUVBRUZBQjYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCzVPvGiNqDBSgBZIxUw6SZFh6aF3NuV4NQJbSlnpyThuvdXDNp
Ar5I5PXLP4++WlKft453LD2NloWExiAea8WzlFXyDejjL3TQE5/Zr/jkbVnRI/SZ
6eWTnl8+9E789lZ1Pgh5iVOG0zb9tUTW1pJHM94OPnTvoQb0twK4bsWXzCR9US38
mxzE4KUsiZTKnqBmWJZaKkaX4KMZ15MMCbL8+OPL67bGoGrazBzp3vOC2o2gPnPa
q4Id6c1XD8RdCd+p7Wp1f9/tCAbUMMevwLcgf19C6t+rihetw2FzX4bpHiSI7a7y
Ql0FYnelhDTDQ+FAWzRjyEKQv8ajfvQeyHDxAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUBCSOkfcN30k0tkelpbNknx6u+rYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0JDU09rZmNOMzBrMHRr
ZWxwYk5rbng2dS1yWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAEJR8EkrlG0SSxuJuBjHDg3mQg/oQLix
dXiwmHM1R2g89PJlhYzONxUjTAQc9M+gGJU0fH9xCvWtmCT8SvvfMROd/S8Iwz/X
2diwd2Rru3Fbwy8szHbie655tECqWicFRccDdNTlS5/2kDRGCTD15DQ0s3kqgRDx
26ufXIMY3Rzk/eZBXVlW8SAJE0LVEJe3cU05UgvXT0hoZNX3VO8EO+hPN/Q3pnra
c1CaJJZAJFRPq4EBddoe9untSWd5wFkiDZNExP/kDPs3F2I/jFiZHN8qbmI6EcZ4
4EEOMRs/tFIYscY+GeTsgJF1Z+YqE76RgQ4DPTD5Wq55Z7EYkBmZBAU=
-----END CERTIFICATE-----
Generated at Sun May 18 09:09:34 2025 by rpki-client