Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/GY74bm0JxkSG9v_h9kz0ZnTGeHw.roa
File: GY74bm0JxkSG9v_h9kz0ZnTGeHw.roa (raw, json)
Hash identifier: PRcxTmMv4OSZnBFlPH2Vl66acZzTdb+zMI/91G3SNC0=
Subject key identifier: 19:8E:F8:6E:6D:09:C6:44:86:F6:FF:E1:F6:4C:F4:66:74:C6:78:7C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4DBB
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/GY74bm0JxkSG9v_h9kz0ZnTGeHw.roa
Signing time: Thu 02 May 2024 05:23:42 +0000
ROA not before: Thu 02 May 2024 05:23:42 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19899 (0x4dbb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 2 05:23:42 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=198EF86E6D09C64486F6FFE1F64CF46674C6787C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:d3:bb:e8:e4:c5:c5:d5:2e:d3:86:c3:f7:b2:
86:39:c9:db:47:69:25:15:c3:4f:ec:8e:85:56:bb:
a0:90:10:fb:9a:e0:ab:e7:73:df:ae:68:64:5f:be:
08:bb:aa:02:6d:c7:f6:0e:79:28:4a:77:fe:05:3b:
f7:83:1d:d2:0e:df:91:36:5a:5d:e9:f3:7b:d8:6a:
f5:03:48:43:04:af:8e:9f:2e:6a:91:81:5d:0e:a1:
48:84:c4:b0:15:cb:47:40:00:9f:7d:ea:dd:c0:12:
df:cb:7d:1e:bd:3f:da:a6:6a:81:c5:c9:58:17:f4:
ed:81:84:66:e5:05:f4:b6:52:65:9e:0e:36:02:41:
26:8f:04:35:82:2d:c7:67:61:57:ac:d7:20:b1:69:
51:00:40:18:99:75:0e:81:a0:60:6d:58:49:56:04:
4d:a7:42:b2:7b:f1:1f:79:bf:bb:d5:79:ac:ca:7e:
0f:e9:32:5a:f2:12:eb:54:c0:33:cc:a9:ad:83:c8:
2d:27:11:13:1e:b9:b8:62:5a:74:e6:4f:3a:14:78:
0b:3c:ad:f2:b5:66:80:52:06:28:f7:24:44:f3:3e:
79:e2:fe:06:c2:a7:97:62:26:b0:6d:a3:4a:b8:1b:
dc:e5:52:b8:93:80:eb:3e:60:b4:dc:3c:32:8e:de:
4a:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:8E:F8:6E:6D:09:C6:44:86:F6:FF:E1:F6:4C:F4:66:74:C6:78:7C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/GY74bm0JxkSG9v_h9kz0ZnTGeHw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
0f:20:20:5e:5f:3d:16:e0:e5:bf:38:f4:c3:72:54:84:de:31:
01:5a:75:92:ce:65:39:4f:ae:4f:9a:42:6b:12:25:4d:9e:af:
5a:f5:bc:4f:e3:69:36:cf:73:b0:25:43:69:c6:b6:f0:83:52:
9f:12:12:d1:0e:6b:d8:24:dc:1f:1b:b2:b4:ba:36:32:82:d7:
53:44:83:3d:05:2c:01:74:8e:1e:de:72:8e:78:29:bf:6d:f8:
0a:41:7d:de:86:e5:a0:7c:02:6a:c5:fa:8e:7a:e5:24:7b:f6:
6d:0f:10:71:1d:a8:f5:e0:5f:12:b0:52:d6:ff:e6:59:55:d1:
12:84:33:b7:94:34:2f:da:03:e4:a2:be:4f:d3:80:42:ee:03:
d1:ec:92:36:b9:80:89:6a:9a:e3:6b:26:30:a1:a4:3b:fd:af:
e1:71:e7:cd:a5:e4:4e:c1:8a:90:3b:aa:22:bb:35:29:df:95:
95:c1:76:6e:3b:07:d3:52:eb:bd:2d:0e:1f:be:a2:6e:d7:16:
4d:67:fa:0f:8e:64:7d:88:a3:0a:4e:c4:d5:d1:de:5a:2f:10:
b2:71:a4:33:43:52:f2:d5:85:0f:09:d8:67:67:25:c2:f0:92:
0f:ed:3c:df:1e:b9:27:32:d3:c7:27:26:d2:d9:16:16:38:92:
c5:10:09:aa
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICTbswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDIw
NTIzNDJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDE5OEVGODZFNkQwOUM2
NDQ4NkY2RkZFMUY2NENGNDY2NzRDNjc4N0MwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC507vo5MXF1S7ThsP3soY5ydtHaSUVw0/sjoVWu6CQEPua4Kvn
c9+uaGRfvgi7qgJtx/YOeShKd/4FO/eDHdIO35E2Wl3p83vYavUDSEMEr46fLmqR
gV0OoUiExLAVy0dAAJ996t3AEt/LfR69P9qmaoHFyVgX9O2BhGblBfS2UmWeDjYC
QSaPBDWCLcdnYVes1yCxaVEAQBiZdQ6BoGBtWElWBE2nQrJ78R95v7vVeazKfg/p
MlryEutUwDPMqa2DyC0nERMeubhiWnTmTzoUeAs8rfK1ZoBSBij3JETzPnni/gbC
p5diJrBto0q4G9zlUriTgOs+YLTcPDKO3krhAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUGY74bm0JxkSG9v/h9kz0ZnTGeHwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0dZNzRibTBKeGtTRzl2
X2g5a3owWm5UR2VIdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAA8gIF5fPRbg5b849MNyVITeMQFadZLO
ZTlPrk+aQmsSJU2er1r1vE/jaTbPc7AlQ2nGtvCDUp8SEtEOa9gk3B8bsrS6NjKC
11NEgz0FLAF0jh7eco54Kb9t+ApBfd6G5aB8AmrF+o565SR79m0PEHEdqPXgXxKw
Utb/5llV0RKEM7eUNC/aA+Sivk/TgELuA9Hskja5gIlqmuNrJjChpDv9r+Fx582l
5E7BipA7qiK7NSnflZXBdm47B9NS670tDh++om7XFk1n+g+OZH2IowpOxNXR3lov
ELJxpDNDUvLVhQ8J2GdnJcLwkg/tPN8euScy08cnJtLZFhY4ksUQCao=
-----END CERTIFICATE-----
Generated at Sun May 18 09:10:24 2025 by rpki-client