Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Ro-TCY_IYtgVCCaB4j67Hdoz6OQ.roa
File: Ro-TCY_IYtgVCCaB4j67Hdoz6OQ.roa (raw, json)
Hash identifier: rbgktUP1e9mbZaph5gnVHALBzpgpsNvjjyF7an+hPGc=
Subject key identifier: 46:8F:93:09:8F:C8:62:D8:15:08:26:81:E2:3E:BB:1D:DA:33:E8:E4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 439B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Ro-TCY_IYtgVCCaB4j67Hdoz6OQ.roa
Signing time: Thu 18 Apr 2024 17:23:01 +0000
ROA not before: Thu 18 Apr 2024 17:23:01 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17307 (0x439b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 18 17:23:01 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=468F93098FC862D815082681E23EBB1DDA33E8E4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:67:e6:af:70:16:1f:d8:33:1e:01:55:df:f8:
23:7b:f7:03:12:9d:ef:06:7e:5e:0e:2b:36:34:79:
f9:6d:7b:9a:ff:da:8d:1c:63:85:53:29:af:86:45:
10:c0:5e:74:98:2a:85:73:c3:17:50:77:78:b9:ea:
56:a0:ee:8d:1e:a7:39:36:6a:81:c8:69:dd:47:8b:
91:ce:ea:b5:a8:24:f1:67:22:9f:33:51:1c:25:9b:
87:3f:ef:7d:f3:d3:7d:b8:0b:96:7a:44:81:d1:4a:
e2:5c:3b:9b:31:8f:2d:db:83:0a:68:92:b8:50:e8:
06:e4:ab:c6:c2:ba:e4:e0:72:66:37:ea:77:91:7d:
bd:d8:21:8f:11:78:27:a3:1f:c8:53:d9:05:b0:dc:
69:45:ce:d2:8d:80:7a:ca:e9:70:3b:60:43:7a:8f:
4b:ef:10:e7:ec:a9:61:3e:f3:a5:4a:5a:bc:11:b6:
a6:b7:f8:59:54:fa:30:46:da:50:96:5a:fc:60:0b:
78:85:10:19:78:59:77:e6:46:29:df:39:1f:87:dd:
87:03:7e:80:6c:d2:f5:f5:ad:5d:6c:aa:c1:ee:47:
5f:da:a9:59:21:07:bc:3d:5f:94:cc:d5:16:59:cc:
a3:f2:1b:50:f4:47:98:73:cd:3b:46:14:57:d3:d7:
96:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:8F:93:09:8F:C8:62:D8:15:08:26:81:E2:3E:BB:1D:DA:33:E8:E4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Ro-TCY_IYtgVCCaB4j67Hdoz6OQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
ac:f2:8d:8d:6c:1d:18:37:52:25:02:0e:5b:58:84:cf:0f:e3:
8c:04:74:d4:8a:59:a7:5b:0e:76:fe:35:23:37:1a:cd:7c:1f:
ae:15:5b:08:25:73:79:76:1f:28:60:1b:74:89:9b:78:27:7c:
3f:b4:5f:5f:74:a8:4a:54:9b:d3:af:18:17:67:e4:70:38:49:
7a:39:74:14:2c:4e:0d:24:a6:29:59:1e:c0:3e:42:d3:c6:f3:
19:a9:27:1b:75:24:b4:b1:3d:19:4c:97:e1:4a:2a:e4:c7:29:
e3:9c:43:36:c5:3c:cd:9b:9f:2e:91:2b:e9:39:07:29:1f:b5:
16:18:b3:17:cd:74:f8:91:25:f6:06:89:71:96:65:7c:bb:de:
82:23:45:9b:22:1d:35:0d:ba:40:26:4d:b7:eb:fd:ab:fd:94:
fb:89:e8:c6:f8:f0:08:b1:65:95:cd:ba:f4:d3:fd:a9:d8:f4:
20:e2:c8:f4:77:55:7f:40:19:89:eb:02:25:13:bf:1d:13:6c:
0f:d9:81:c2:00:95:51:e5:3e:c6:8c:12:c1:16:ec:c3:54:22:
8f:31:d0:e0:e7:b2:7c:78:f1:c1:c7:db:10:65:0a:7b:8b:8a:
15:d5:69:3c:02:e7:82:52:99:e6:32:9a:49:5c:e7:d4:77:32:
3b:f1:84:72
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQ5swDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTgx
NzIzMDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQ2OEY5MzA5OEZDODYy
RDgxNTA4MjY4MUUyM0VCQjFEREEzM0U4RTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCsZ+avcBYf2DMeAVXf+CN79wMSne8Gfl4OKzY0eflte5r/2o0c
Y4VTKa+GRRDAXnSYKoVzwxdQd3i56lag7o0epzk2aoHIad1Hi5HO6rWoJPFnIp8z
URwlm4c/733z0324C5Z6RIHRSuJcO5sxjy3bgwpokrhQ6Abkq8bCuuTgcmY36neR
fb3YIY8ReCejH8hT2QWw3GlFztKNgHrK6XA7YEN6j0vvEOfsqWE+86VKWrwRtqa3
+FlU+jBG2lCWWvxgC3iFEBl4WXfmRinfOR+H3YcDfoBs0vX1rV1sqsHuR1/aqVkh
B7w9X5TM1RZZzKPyG1D0R5hzzTtGFFfT15ZnAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQURo+TCY/IYtgVCCaB4j67Hdoz6OQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1JvLVRDWV9JWXRnVkND
YUI0ajY3SGRvejZPUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAKzyjY1sHRg3UiUCDltYhM8P44wEdNSK
WadbDnb+NSM3Gs18H64VWwglc3l2HyhgG3SJm3gnfD+0X190qEpUm9OvGBdn5HA4
SXo5dBQsTg0kpilZHsA+QtPG8xmpJxt1JLSxPRlMl+FKKuTHKeOcQzbFPM2bny6R
K+k5BykftRYYsxfNdPiRJfYGiXGWZXy73oIjRZsiHTUNukAmTbfr/av9lPuJ6Mb4
8AixZZXNuvTT/anY9CDiyPR3VX9AGYnrAiUTvx0TbA/ZgcIAlVHlPsaMEsEW7MNU
Io8x0ODnsnx48cHH2xBlCnuLihXVaTwC54JSmeYymklc59R3MjvxhHI=
-----END CERTIFICATE-----
Generated at Sun May 18 01:49:07 2025 by rpki-client