Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/YDvsSScxPhdFMSEzEgYS2eYNa4o.roa
File: YDvsSScxPhdFMSEzEgYS2eYNa4o.roa (raw, json)
Hash identifier: vsEygVMl6IWcDm76Od5VsuQ9dV/YdPIhHEGBKntvNh0=
Subject key identifier: 60:3B:EC:49:27:31:3E:17:45:31:21:33:12:06:12:D9:E6:0D:6B:8A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 37B3
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YDvsSScxPhdFMSEzEgYS2eYNa4o.roa
Signing time: Tue 02 Apr 2024 20:22:16 +0000
ROA not before: Tue 02 Apr 2024 20:22:16 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14259 (0x37b3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 2 20:22:16 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=603BEC4927313E1745312133120612D9E60D6B8A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:b6:8a:35:13:55:98:97:af:26:51:f0:b5:33:
3b:59:88:ce:99:49:71:78:fb:4b:a4:9f:f9:c7:23:
64:aa:7b:ee:28:39:93:49:9a:33:95:a6:fb:9a:b2:
63:a8:96:e0:cd:03:75:9b:91:6f:be:95:8c:2f:e1:
87:78:87:97:1e:28:2d:54:2b:51:b3:5d:19:84:e2:
9e:74:56:5a:32:09:c6:dc:32:3d:5b:f7:40:53:7f:
68:d5:e2:ed:7c:d9:14:c0:a7:b0:22:ec:81:df:92:
14:74:7c:fe:a3:2e:78:38:6c:61:fb:4d:e2:47:fb:
4a:42:4f:df:a2:dd:e7:9a:e1:37:11:20:59:09:02:
69:39:cb:4c:f4:3c:39:39:35:aa:ce:f3:58:c8:96:
00:1a:eb:13:c8:18:71:a0:ff:3c:96:0f:44:36:12:
ec:a3:01:68:97:92:79:6c:c3:bb:68:ac:57:dd:8b:
51:37:d2:82:f7:83:ca:5f:ad:b0:6c:1e:ab:45:8a:
ce:44:92:b2:10:2e:7c:5f:80:10:4c:82:b6:ad:47:
04:90:4c:29:eb:12:e7:8a:d6:95:2b:68:7e:78:e5:
5e:d5:c9:3e:d2:b4:a7:1c:5f:2a:b8:88:b3:0d:1e:
70:32:9c:f7:87:93:95:14:7e:a5:f5:55:9b:3a:91:
9a:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:3B:EC:49:27:31:3E:17:45:31:21:33:12:06:12:D9:E6:0D:6B:8A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YDvsSScxPhdFMSEzEgYS2eYNa4o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
2e:fe:7c:8f:2f:52:12:a2:3b:00:38:b0:92:23:8d:c3:7b:f5:
ac:9e:57:30:6e:0c:ab:70:12:a3:c4:9e:e0:10:b5:43:0d:df:
d2:fc:dd:84:9a:62:36:7e:db:b1:03:6d:2d:c1:e0:99:c0:a7:
c5:12:ec:bf:ca:86:32:5a:a8:e8:47:49:55:b4:6b:7e:0a:c9:
7d:6b:6d:15:51:4c:a8:18:12:10:86:33:06:56:fc:39:0a:21:
03:24:c9:b7:89:35:85:c0:00:fe:62:2b:d4:ab:dc:e0:44:86:
0f:e5:55:1c:3a:50:ad:31:40:1d:01:ee:7a:73:b8:1d:b8:c4:
96:7c:7e:67:7d:2f:e3:dd:ae:6b:9d:40:64:6f:27:2d:b6:68:
a5:71:c0:1e:f0:d6:a9:29:73:01:02:73:99:0b:d5:53:78:bb:
6a:bc:84:0f:b0:e4:33:c4:c6:76:11:44:b9:67:b0:c8:02:27:
51:e6:73:e3:46:a2:ac:a2:df:68:a9:a2:5d:1f:1f:20:67:58:
6c:fa:dd:06:9e:61:66:9d:07:21:c9:94:2b:26:c4:6a:f2:ed:
c8:da:99:5d:93:37:31:7e:61:cc:2e:f8:6d:f9:2b:2c:59:86:
31:25:be:4a:8c:9e:0c:bd:92:fb:ed:35:86:3b:4c:79:f0:80:
bc:81:8e:1c
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICN7MwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDIy
MDIyMTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDYwM0JFQzQ5MjczMTNF
MTc0NTMxMjEzMzEyMDYxMkQ5RTYwRDZCOEEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCztoo1E1WYl68mUfC1MztZiM6ZSXF4+0ukn/nHI2Sqe+4oOZNJ
mjOVpvuasmOoluDNA3WbkW++lYwv4Yd4h5ceKC1UK1GzXRmE4p50VloyCcbcMj1b
90BTf2jV4u182RTAp7Ai7IHfkhR0fP6jLng4bGH7TeJH+0pCT9+i3eea4TcRIFkJ
Amk5y0z0PDk5NarO81jIlgAa6xPIGHGg/zyWD0Q2EuyjAWiXknlsw7torFfdi1E3
0oL3g8pfrbBsHqtFis5EkrIQLnxfgBBMgratRwSQTCnrEueK1pUraH545V7VyT7S
tKccXyq4iLMNHnAynPeHk5UUfqX1VZs6kZoZAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUYDvsSScxPhdFMSEzEgYS2eYNa4owHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1lEdnNTU2N4UGhkRk1T
RXpFZ1lTMmVZTmE0by5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAC7+fI8vUhKiOwA4sJIjjcN79ayeVzBu
DKtwEqPEnuAQtUMN39L83YSaYjZ+27EDbS3B4JnAp8US7L/KhjJaqOhHSVW0a34K
yX1rbRVRTKgYEhCGMwZW/DkKIQMkybeJNYXAAP5iK9Sr3OBEhg/lVRw6UK0xQB0B
7npzuB24xJZ8fmd9L+PdrmudQGRvJy22aKVxwB7w1qkpcwECc5kL1VN4u2q8hA+w
5DPExnYRRLlnsMgCJ1Hmc+NGoqyi32ipol0fHyBnWGz63QaeYWadByHJlCsmxGry
7cjamV2TNzF+Ycwu+G35KyxZhjElvkqMngy9kvvtNYY7THnwgLyBjhw=
-----END CERTIFICATE-----
Generated at Sun May 18 04:52:06 2025 by rpki-client