Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/BsfpxiACTys02JA14t7w3dB9IwE.roa
File: BsfpxiACTys02JA14t7w3dB9IwE.roa (raw, json)
Hash identifier: HCS+CY8gi8z2Cs2VP7EmEIL4ALDeAIUGhho3Nr6XzwU=
Subject key identifier: 06:C7:E9:C6:20:02:4F:2B:34:D8:90:35:E2:DE:F0:DD:D0:7D:23:01
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4977
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/BsfpxiACTys02JA14t7w3dB9IwE.roa
Signing time: Fri 26 Apr 2024 12:53:20 +0000
ROA not before: Fri 26 Apr 2024 12:53:20 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18807 (0x4977)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 26 12:53:20 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=06C7E9C620024F2B34D89035E2DEF0DDD07D2301
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:82:1a:8d:11:bd:10:f9:47:04:77:98:db:4e:
0a:d2:9e:9d:bc:65:da:d6:0a:fd:81:c4:73:92:2b:
ae:11:10:c4:8a:46:ad:52:f0:a4:a8:21:01:29:1a:
0f:fb:e7:52:92:48:9e:ab:3c:63:be:8f:c9:95:ac:
71:86:fc:70:a7:9f:e6:22:ca:4d:ef:b1:d0:08:4a:
fe:c6:60:cd:f5:87:0d:44:78:92:38:49:3a:8e:1e:
12:7c:ac:13:a4:22:b9:da:21:88:63:48:6d:75:75:
80:1a:7d:b6:64:f8:de:4b:4e:1a:05:6a:5d:02:2f:
2b:00:41:b3:d5:b2:77:3c:02:5d:8b:eb:73:e2:e8:
b9:e2:7a:70:31:c9:82:bd:db:da:b7:ed:17:83:d1:
35:49:f2:20:a6:4f:dc:ac:a3:45:04:c5:b6:70:b7:
0e:fa:6f:02:48:16:c1:42:41:55:54:a4:7b:e2:66:
27:42:b0:84:7c:76:c0:df:ff:7d:8b:46:b7:68:ff:
52:88:83:8b:5c:bb:8d:bf:8a:f2:9b:fd:1c:52:14:
54:5a:a7:1d:72:3a:0f:5d:32:48:24:a1:26:90:00:
7c:c0:69:a9:f9:58:5f:38:1f:03:41:fa:68:e7:cb:
1c:fe:73:bd:12:56:0d:be:32:e9:73:58:4d:6c:e0:
8d:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:C7:E9:C6:20:02:4F:2B:34:D8:90:35:E2:DE:F0:DD:D0:7D:23:01
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/BsfpxiACTys02JA14t7w3dB9IwE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
86:c1:96:4f:ab:e0:c4:97:c0:3e:f6:0b:50:29:1c:96:a9:d7:
4a:31:af:54:44:3f:c0:71:03:ee:f5:5e:ad:cf:4c:76:a1:3f:
0b:2f:85:2d:0b:78:e6:48:76:25:d1:1d:74:d5:ff:35:bc:6c:
08:57:23:40:d4:d3:0d:0c:20:f8:5f:76:22:08:57:98:57:a4:
9d:d3:03:76:cc:00:9a:87:f9:a1:90:63:14:e8:b1:1c:4f:ae:
cc:77:f0:02:60:15:78:df:77:e1:95:72:c1:d5:30:53:2a:e9:
0b:61:46:55:f3:b3:54:01:ec:d4:29:7a:15:b5:ff:2e:99:82:
37:60:f0:e2:af:8b:7d:ef:47:4c:f2:f6:59:4a:fe:4c:25:c6:
68:8c:11:b2:4a:80:63:ce:33:af:4e:ba:e2:cf:d9:93:65:88:
ba:9c:cb:48:c9:9c:60:28:62:3f:86:76:d1:4f:21:c9:67:27:
72:86:90:e2:c6:c2:6a:14:e9:8f:f1:71:b1:bc:14:31:ff:f5:
89:48:e1:55:8a:40:e3:90:b0:a1:19:52:8b:ae:68:3b:39:4a:
42:a5:2e:4e:db:2c:26:28:69:a1:b7:0e:45:5d:c6:de:eb:39:
78:a4:8f:e0:9e:1f:98:5a:58:1a:7c:33:8e:e5:9b:ea:cd:b6:
5e:f5:38:6b
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICSXcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjYx
MjUzMjBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDA2QzdFOUM2MjAwMjRG
MkIzNEQ4OTAzNUUyREVGMERERDA3RDIzMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC5ghqNEb0Q+UcEd5jbTgrSnp28ZdrWCv2BxHOSK64REMSKRq1S
8KSoIQEpGg/751KSSJ6rPGO+j8mVrHGG/HCnn+Yiyk3vsdAISv7GYM31hw1EeJI4
STqOHhJ8rBOkIrnaIYhjSG11dYAafbZk+N5LThoFal0CLysAQbPVsnc8Al2L63Pi
6LnienAxyYK929q37ReD0TVJ8iCmT9yso0UExbZwtw76bwJIFsFCQVVUpHviZidC
sIR8dsDf/32LRrdo/1KIg4tcu42/ivKb/RxSFFRapx1yOg9dMkgkoSaQAHzAaan5
WF84HwNB+mjnyxz+c70SVg2+MulzWE1s4I09AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUBsfpxiACTys02JA14t7w3dB9IwEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0JzZnB4aUFDVHlzMDJK
QTE0dDd3M2RCOUl3RS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAIbBlk+r4MSXwD72C1ApHJap10oxr1RE
P8BxA+71Xq3PTHahPwsvhS0LeOZIdiXRHXTV/zW8bAhXI0DU0w0MIPhfdiIIV5hX
pJ3TA3bMAJqH+aGQYxTosRxPrsx38AJgFXjfd+GVcsHVMFMq6QthRlXzs1QB7NQp
ehW1/y6Zgjdg8OKvi33vR0zy9llK/kwlxmiMEbJKgGPOM69OuuLP2ZNliLqcy0jJ
nGAoYj+GdtFPIclnJ3KGkOLGwmoU6Y/xcbG8FDH/9YlI4VWKQOOQsKEZUouuaDs5
SkKlLk7bLCYoaaG3DkVdxt7rOXikj+CeH5haWBp8M47lm+rNtl71OGs=
-----END CERTIFICATE-----
Generated at Sat May 17 21:01:34 2025 by rpki-client