Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Ty0ZGwvMU6vb_Pkv9AjUP7nZ0iY.roa
File: Ty0ZGwvMU6vb_Pkv9AjUP7nZ0iY.roa (raw, json)
Hash identifier: +oYXAOjbyDBghCgbkKrUG99lHCgAVBi1G2sLlp1YuPA=
Subject key identifier: 4F:2D:19:1B:0B:CC:53:AB:DB:FC:F9:2F:F4:08:D4:3F:B9:D9:D2:26
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3F1F
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Ty0ZGwvMU6vb_Pkv9AjUP7nZ0iY.roa
Signing time: Fri 12 Apr 2024 17:52:53 +0000
ROA not before: Fri 12 Apr 2024 17:52:53 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16159 (0x3f1f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 12 17:52:53 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=4F2D191B0BCC53ABDBFCF92FF408D43FB9D9D226
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:47:4d:c6:4a:dc:f8:4d:39:4d:01:67:b0:ab:
cf:d1:21:1e:7a:74:1f:7d:34:37:69:61:7e:56:c5:
cc:c0:58:33:44:7c:c4:2e:ae:3c:fe:c5:8d:d3:b6:
fe:61:04:fa:28:32:24:10:c8:ac:90:b3:86:d0:5d:
ad:9c:6b:9c:79:d2:a3:e7:6e:ef:f9:52:64:7e:2a:
a8:3a:ae:2c:cc:4c:73:a3:38:7c:bf:81:ab:8b:0b:
23:94:fd:9b:71:64:4c:d5:a4:a5:54:f9:34:b3:d3:
c9:14:62:fe:e2:aa:25:60:6e:e5:a1:b0:c9:fa:3f:
b7:7f:47:7c:ce:05:44:9c:1a:9f:bb:8d:56:88:40:
62:e0:b5:b1:d8:f6:fb:06:4f:f5:f0:d4:c0:67:f3:
3d:1a:b0:5b:5d:a1:e4:07:c3:f3:e6:74:e6:1a:18:
ad:4d:18:19:63:31:39:7a:b4:a8:5e:1b:10:a4:f2:
f2:23:56:a8:5e:c7:51:5b:85:9d:29:a2:94:8a:34:
0b:af:0f:99:e4:de:49:83:76:05:98:09:7a:82:71:
c8:d3:b9:66:ca:d3:9c:62:0f:da:7b:6c:84:67:e6:
bd:c2:3a:04:39:ab:10:22:68:23:c6:cf:95:8f:06:
f4:3c:1e:dd:35:ce:58:ee:6e:4b:cf:17:be:08:ce:
13:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:2D:19:1B:0B:CC:53:AB:DB:FC:F9:2F:F4:08:D4:3F:B9:D9:D2:26
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Ty0ZGwvMU6vb_Pkv9AjUP7nZ0iY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
57:68:3b:1d:9d:d0:04:c9:b0:ba:b0:b2:8f:7f:81:ad:f3:68:
7d:fc:11:3e:02:a8:96:63:81:c5:81:85:e8:a1:01:87:b1:8a:
59:d0:ba:7b:3f:c4:4b:fb:a0:4c:bc:81:41:9c:2d:cd:44:c4:
94:84:c1:6c:3d:d4:88:ef:5e:1b:96:3d:ce:d7:cf:2b:a8:8c:
09:b4:f6:f3:6b:7a:58:d2:f0:39:85:e8:78:39:05:7f:ed:a6:
5c:64:ce:f8:49:c1:24:5d:da:34:33:65:05:5b:68:ce:4c:46:
e2:c1:fd:d1:9f:d2:50:04:dc:18:ba:87:98:d4:5f:ca:09:26:
ae:ad:02:3f:12:49:4a:75:77:ec:39:c3:4e:e1:c8:45:d3:22:
da:51:46:b8:3d:0c:95:78:97:a7:04:73:4e:f0:22:67:a4:7a:
a3:a9:cf:8f:1c:89:b0:74:a6:57:c6:88:af:bc:05:c1:d4:c6:
ea:e3:0d:3e:4e:c6:36:07:42:3a:28:22:d7:66:7f:96:35:66:
01:15:81:d9:e9:66:de:7f:4a:d3:59:c7:ca:fb:a5:7f:36:ef:
7c:cd:3c:8a:06:24:b2:ae:d8:e2:ee:78:b8:8f:31:ac:e3:67:
90:ec:36:0f:fa:ed:70:e6:7e:99:60:04:fa:64:02:4b:b0:05:
3a:25:bb:1e
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICPx8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTIx
NzUyNTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDRGMkQxOTFCMEJDQzUz
QUJEQkZDRjkyRkY0MDhENDNGQjlEOUQyMjYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDeR03GStz4TTlNAWewq8/RIR56dB99NDdpYX5WxczAWDNEfMQu
rjz+xY3Ttv5hBPooMiQQyKyQs4bQXa2ca5x50qPnbu/5UmR+Kqg6rizMTHOjOHy/
gauLCyOU/ZtxZEzVpKVU+TSz08kUYv7iqiVgbuWhsMn6P7d/R3zOBUScGp+7jVaI
QGLgtbHY9vsGT/Xw1MBn8z0asFtdoeQHw/PmdOYaGK1NGBljMTl6tKheGxCk8vIj
Vqhex1FbhZ0popSKNAuvD5nk3kmDdgWYCXqCccjTuWbK05xiD9p7bIRn5r3COgQ5
qxAiaCPGz5WPBvQ8Ht01zljubkvPF74IzhOlAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUTy0ZGwvMU6vb/Pkv9AjUP7nZ0iYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1R5MFpHd3ZNVTZ2Yl9Q
a3Y5QWpVUDduWjBpWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAFdoOx2d0ATJsLqwso9/ga3zaH38ET4C
qJZjgcWBheihAYexilnQuns/xEv7oEy8gUGcLc1ExJSEwWw91IjvXhuWPc7Xzyuo
jAm09vNreljS8DmF6Hg5BX/tplxkzvhJwSRd2jQzZQVbaM5MRuLB/dGf0lAE3Bi6
h5jUX8oJJq6tAj8SSUp1d+w5w07hyEXTItpRRrg9DJV4l6cEc07wImekeqOpz48c
ibB0plfGiK+8BcHUxurjDT5OxjYHQjooItdmf5Y1ZgEVgdnpZt5/StNZx8r7pX82
73zNPIoGJLKu2OLueLiPMazjZ5DsNg/67XDmfplgBPpkAkuwBTolux4=
-----END CERTIFICATE-----
Generated at Sat May 17 19:42:33 2025 by rpki-client