Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/YPR9i0SMwyxAXLBT2hanPq62rlc.roa
File: YPR9i0SMwyxAXLBT2hanPq62rlc.roa (raw, json)
Hash identifier: 11ibZypsli+PI1UxMstrNS2oxmEloz6R+1ISQgZtRCM=
Subject key identifier: 60:F4:7D:8B:44:8C:C3:2C:40:5C:B0:53:DA:16:A7:3E:AE:B6:AE:57
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4B63
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YPR9i0SMwyxAXLBT2hanPq62rlc.roa
Signing time: Mon 29 Apr 2024 02:23:29 +0000
ROA not before: Mon 29 Apr 2024 02:23:29 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19299 (0x4b63)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 29 02:23:29 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=60F47D8B448CC32C405CB053DA16A73EAEB6AE57
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:2e:88:62:94:a0:87:03:db:9f:3b:83:2c:10:
f0:c9:7f:16:ae:ca:67:44:d7:0e:35:83:e1:51:8c:
9a:95:4c:ff:99:e3:b5:15:bc:7c:b8:a1:27:b2:6f:
9e:57:d6:f6:2a:a1:9c:17:93:f3:14:63:5c:4a:7b:
96:e6:30:55:ed:a6:27:18:78:34:30:81:c2:94:28:
1f:cd:28:61:74:4f:02:8b:73:7f:e0:e9:89:0d:ef:
80:78:7d:6c:f7:05:00:b2:95:c8:43:4f:8c:2c:44:
3b:76:dc:2f:ab:2b:de:53:a7:71:9e:bd:61:7d:1c:
76:57:27:67:de:58:44:d3:53:b4:d5:fc:38:d6:df:
57:c2:82:4a:33:a8:a4:7f:5f:53:a9:89:b3:54:a2:
00:68:1e:1d:7d:e7:54:04:4f:08:25:eb:7e:8e:91:
20:22:1c:09:5c:eb:1b:74:76:6c:63:36:80:9c:a5:
fb:c9:7c:db:34:8f:2a:06:21:b7:bb:37:94:c4:f3:
40:c6:d0:c9:68:f7:5a:b2:e6:56:cb:c1:9b:80:e3:
f1:63:af:7b:6f:ac:e8:29:38:30:cc:6c:f0:b3:3d:
04:98:6a:ed:47:08:4d:03:cc:0b:13:73:44:a6:d3:
8b:74:d4:56:4d:c3:c8:ee:d8:8c:14:8e:f4:5c:b9:
bf:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:F4:7D:8B:44:8C:C3:2C:40:5C:B0:53:DA:16:A7:3E:AE:B6:AE:57
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YPR9i0SMwyxAXLBT2hanPq62rlc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
4b:17:cf:95:d0:6f:08:c7:c2:22:af:d9:2c:2e:a2:af:79:cc:
37:67:0a:f9:3f:5f:46:40:52:c3:29:e6:af:45:e7:ef:b2:d4:
f4:1a:f8:e4:26:41:b9:3f:a8:13:06:97:28:13:8e:d9:1e:1e:
05:64:98:5a:da:cb:fd:51:c5:9d:6e:14:79:99:51:78:ca:54:
9d:eb:58:f4:c0:54:48:57:94:99:88:7b:73:b1:4d:8b:cb:18:
a9:86:61:9a:de:d6:7e:44:8d:d8:c4:01:f2:2a:6d:d1:9e:3f:
f3:e0:b3:83:3a:4b:8f:7e:f2:44:f8:cc:94:67:6e:66:ae:ff:
ee:eb:16:d0:4b:6d:d8:a1:1f:57:aa:1a:fe:6f:a1:76:57:09:
b7:01:64:57:0f:fe:3a:d0:8a:88:91:63:82:6b:7a:3b:7a:aa:
0a:e3:8c:21:29:30:03:ee:fd:cd:34:d0:eb:d4:48:ac:39:f2:
a2:c9:fa:c3:ad:0f:42:6e:ae:be:3e:8f:92:05:80:cb:17:02:
2f:b0:ec:48:14:d8:1a:09:57:d5:43:3f:b1:68:17:ad:03:62:
e9:3d:05:3e:58:99:7e:39:81:11:ff:70:58:22:95:da:35:ef:
ea:42:d7:b3:90:a0:fe:15:fc:6f:cd:b8:66:74:5d:b8:62:cf:
30:06:40:f8
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICS2MwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjkw
MjIzMjlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDYwRjQ3RDhCNDQ4Q0Mz
MkM0MDVDQjA1M0RBMTZBNzNFQUVCNkFFNTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDoLohilKCHA9ufO4MsEPDJfxauymdE1w41g+FRjJqVTP+Z47UV
vHy4oSeyb55X1vYqoZwXk/MUY1xKe5bmMFXtpicYeDQwgcKUKB/NKGF0TwKLc3/g
6YkN74B4fWz3BQCylchDT4wsRDt23C+rK95Tp3GevWF9HHZXJ2feWETTU7TV/DjW
31fCgkozqKR/X1OpibNUogBoHh1951QETwgl636OkSAiHAlc6xt0dmxjNoCcpfvJ
fNs0jyoGIbe7N5TE80DG0Mlo91qy5lbLwZuA4/Fjr3tvrOgpODDMbPCzPQSYau1H
CE0DzAsTc0Sm04t01FZNw8ju2IwUjvRcub/LAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUYPR9i0SMwyxAXLBT2hanPq62rlcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1lQUjlpMFNNd3l4QVhM
QlQyaGFuUHE2MnJsYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAEsXz5XQbwjHwiKv2Swuoq95zDdnCvk/
X0ZAUsMp5q9F5++y1PQa+OQmQbk/qBMGlygTjtkeHgVkmFray/1RxZ1uFHmZUXjK
VJ3rWPTAVEhXlJmIe3OxTYvLGKmGYZre1n5EjdjEAfIqbdGeP/Pgs4M6S49+8kT4
zJRnbmau/+7rFtBLbdihH1eqGv5voXZXCbcBZFcP/jrQioiRY4Jrejt6qgrjjCEp
MAPu/c000OvUSKw58qLJ+sOtD0Jurr4+j5IFgMsXAi+w7EgU2BoJV9VDP7FoF60D
Yuk9BT5YmX45gRH/cFgildo17+pC17OQoP4V/G/NuGZ0XbhizzAGQPg=
-----END CERTIFICATE-----
Generated at Sat May 17 23:34:05 2025 by rpki-client