Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/SYtrFMJKqGAI1FryC75NKGhO9tM.roa
File: SYtrFMJKqGAI1FryC75NKGhO9tM.roa (raw, json)
Hash identifier: CyTSdh3Y2sCTK+zIaeaiGd/ETdwKVCHuM6PIP+1lNa8=
Subject key identifier: 49:8B:6B:14:C2:4A:A8:60:08:D4:5A:F2:0B:BE:4D:28:68:4E:F6:D3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4077
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/SYtrFMJKqGAI1FryC75NKGhO9tM.roa
Signing time: Sun 14 Apr 2024 12:52:53 +0000
ROA not before: Sun 14 Apr 2024 12:52:53 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16503 (0x4077)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 14 12:52:53 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=498B6B14C24AA86008D45AF20BBE4D28684EF6D3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:c1:16:71:d3:6a:82:01:d6:87:e0:96:98:9d:
24:46:e9:2f:7b:2c:c9:39:6b:4a:24:92:8c:63:a0:
6f:16:6b:ae:07:0a:59:ce:96:21:53:b5:f4:39:24:
da:8a:3c:e9:d2:ac:a7:41:15:0b:8d:3c:35:71:dd:
e5:19:12:c3:9b:18:04:68:0c:49:72:b4:0a:7d:0e:
5a:d7:fe:4f:ea:4b:1b:72:1b:33:f4:58:7c:2e:f2:
5c:2f:c2:bc:a9:3d:40:2c:ec:1f:fb:c2:34:ac:f5:
e9:0a:47:e0:61:01:80:4c:47:b6:f4:f6:c0:f3:fe:
21:e5:c4:c0:fa:ae:20:60:2e:07:d5:8f:47:0e:1a:
ca:4a:7a:c9:3c:6c:52:06:ca:15:9a:3b:4a:9e:af:
77:98:27:0d:3f:46:72:9d:fc:d0:bd:26:7a:43:20:
f3:4b:bb:ff:70:27:ef:8a:8c:2a:7c:7d:70:8d:60:
84:cf:a4:64:60:ad:4b:dc:35:b4:3b:ec:e9:7c:95:
0a:6f:db:9f:69:cf:22:2a:97:08:41:92:b9:2f:bb:
d0:0f:9b:91:94:5d:81:86:11:6c:3b:9b:03:6a:c3:
e6:a9:02:5a:bb:a7:3d:2e:ae:d8:08:61:9b:6a:40:
f8:72:64:3f:bc:19:f3:c3:7f:f6:dc:cf:4b:32:f8:
9b:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:8B:6B:14:C2:4A:A8:60:08:D4:5A:F2:0B:BE:4D:28:68:4E:F6:D3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/SYtrFMJKqGAI1FryC75NKGhO9tM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
16:62:77:46:cd:6f:9a:e7:15:1f:bc:71:1f:09:28:46:b4:7b:
c5:32:46:1e:06:2f:be:4f:18:de:8f:bb:de:4c:0c:2f:35:59:
ca:e4:c8:00:3f:ef:22:45:c1:08:af:76:5e:90:86:69:26:4d:
8a:5d:df:ec:a4:25:1c:04:6b:e1:47:e0:4d:2a:70:c0:e8:51:
83:55:8c:36:f2:bc:25:30:55:7d:79:7d:4a:60:d7:15:4a:5e:
76:35:35:26:2d:f3:fc:d1:c0:83:9b:82:9d:c7:26:f5:36:0d:
e8:d7:9e:ce:9c:5d:fa:53:03:f4:08:f4:a3:b4:db:ce:62:9a:
46:20:f4:ac:ad:5b:58:fc:e3:84:9e:31:f0:85:f9:46:15:09:
82:69:37:bc:1d:6c:b5:26:ec:33:8f:40:76:9f:b4:78:39:a6:
24:c4:ca:a1:e1:d3:61:64:2b:2e:12:2a:82:d4:aa:9e:b4:16:
bb:39:40:57:ed:59:01:65:34:0d:a5:eb:b7:72:ee:f1:b1:37:
61:ce:b5:3a:6e:c1:a6:36:1c:9c:68:b4:db:15:e1:b2:72:ea:
37:5a:c1:ea:b6:1e:35:fd:41:82:19:0a:7c:85:ad:86:45:c4:
a0:c0:5a:52:3c:d2:7a:51:33:3d:6c:3e:29:d8:07:92:6b:4a:
31:8a:4b:7d
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQHcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTQx
MjUyNTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQ5OEI2QjE0QzI0QUE4
NjAwOEQ0NUFGMjBCQkU0RDI4Njg0RUY2RDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCbwRZx02qCAdaH4JaYnSRG6S97LMk5a0okkoxjoG8Wa64HClnO
liFTtfQ5JNqKPOnSrKdBFQuNPDVx3eUZEsObGARoDElytAp9DlrX/k/qSxtyGzP0
WHwu8lwvwrypPUAs7B/7wjSs9ekKR+BhAYBMR7b09sDz/iHlxMD6riBgLgfVj0cO
GspKesk8bFIGyhWaO0qer3eYJw0/RnKd/NC9JnpDIPNLu/9wJ++KjCp8fXCNYITP
pGRgrUvcNbQ77Ol8lQpv259pzyIqlwhBkrkvu9APm5GUXYGGEWw7mwNqw+apAlq7
pz0urtgIYZtqQPhyZD+8GfPDf/bcz0sy+JsFAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUSYtrFMJKqGAI1FryC75NKGhO9tMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1NZdHJGTUpLcUdBSTFG
cnlDNzVOS0doTzl0TS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBABZid0bNb5rnFR+8cR8JKEa0e8UyRh4G
L75PGN6Pu95MDC81WcrkyAA/7yJFwQivdl6QhmkmTYpd3+ykJRwEa+FH4E0qcMDo
UYNVjDbyvCUwVX15fUpg1xVKXnY1NSYt8/zRwIObgp3HJvU2DejXns6cXfpTA/QI
9KO0285imkYg9KytW1j844SeMfCF+UYVCYJpN7wdbLUm7DOPQHaftHg5piTEyqHh
02FkKy4SKoLUqp60Frs5QFftWQFlNA2l67dy7vGxN2HOtTpuwaY2HJxotNsV4bJy
6jdaweq2HjX9QYIZCnyFrYZFxKDAWlI80npRMz1sPinYB5JrSjGKS30=
-----END CERTIFICATE-----
Generated at Sat May 17 23:14:20 2025 by rpki-client