Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/bpg5s2kQXcIGi1cpvpvHWLJPTbg.roa
File: bpg5s2kQXcIGi1cpvpvHWLJPTbg.roa (raw, json)
Hash identifier: maoFsEiXzaVXenzeAgcMfesziKzyFceU2eLrVx1WhRQ=
Subject key identifier: 6E:98:39:B3:69:10:5D:C2:06:8B:57:29:BE:9B:C7:58:B2:4F:4D:B8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 35CB
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/bpg5s2kQXcIGi1cpvpvHWLJPTbg.roa
Signing time: Sun 31 Mar 2024 07:22:38 +0000
ROA not before: Sun 31 Mar 2024 07:22:38 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13771 (0x35cb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 31 07:22:38 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=6E9839B369105DC2068B5729BE9BC758B24F4DB8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:fa:8b:f8:2d:f2:4d:8f:2d:05:41:31:a9:34:
b1:61:5c:cd:6f:f4:a9:2a:3c:63:69:f7:1d:c5:8b:
58:9d:1c:3d:61:63:2e:c8:e9:ef:8e:89:76:38:a5:
9b:65:55:8f:87:fa:78:4d:a7:d4:9f:b4:2f:f0:fc:
1b:0c:03:0f:cb:97:a4:54:77:a9:37:17:23:fb:dc:
88:2d:ba:4d:7a:df:03:e9:69:22:a4:17:71:6b:7d:
c8:4d:78:5b:46:15:43:d1:a9:44:09:73:1f:c4:44:
f8:02:a3:b7:b9:a4:1e:ab:9d:c8:d2:b3:ba:29:3e:
4b:b1:c8:51:3d:ee:8e:be:ea:92:07:fa:8f:d1:8e:
e1:9c:86:a6:de:2f:fa:ab:39:ac:fb:55:37:d2:37:
d4:75:c0:4f:4f:6b:e6:cf:98:30:88:7f:d8:b9:cd:
68:35:4d:86:cd:a5:07:6d:6c:a0:c7:9f:bc:bf:9b:
54:27:58:e2:bc:ba:b2:60:26:15:3d:51:15:35:16:
a0:76:b1:09:23:5c:ac:b9:fa:48:05:d6:5a:15:3c:
4b:ee:71:f7:0d:e9:cd:19:3f:2a:e3:22:f2:09:fd:
c7:65:8f:11:7c:34:78:54:f9:0e:f2:ff:a6:d3:a7:
ac:18:39:3b:e4:78:04:dd:78:49:40:10:66:f2:14:
87:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:98:39:B3:69:10:5D:C2:06:8B:57:29:BE:9B:C7:58:B2:4F:4D:B8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/bpg5s2kQXcIGi1cpvpvHWLJPTbg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
0c:be:55:00:4c:8d:91:43:17:de:40:59:f0:0c:13:a6:a7:36:
51:21:4d:8e:63:a5:90:28:45:37:4e:06:3e:c0:74:86:ec:39:
66:e6:56:89:d1:81:78:45:8e:64:75:c0:96:10:76:c7:16:2b:
7d:79:68:84:15:ec:5e:06:0a:aa:e5:3c:d0:be:4d:5b:bf:1c:
71:aa:cb:5f:30:5d:28:f3:0a:d8:81:f3:70:42:58:bb:a7:3d:
91:5d:1a:88:14:60:f3:29:c1:ce:8c:83:1e:04:97:62:a5:83:
7d:88:96:bb:55:ae:41:42:0d:5a:bd:98:d1:e6:88:f4:b9:e7:
9c:fb:ab:f2:99:71:f6:7d:39:01:7f:ef:fd:3c:d0:8d:4c:45:
ec:51:4f:23:52:84:8c:5c:b9:32:2d:cb:56:7d:49:03:16:72:
cd:5a:63:e2:88:a2:1d:40:17:61:86:3f:74:ac:3a:31:ad:d6:
bc:a9:c3:c2:51:2b:d8:34:00:4c:5b:1a:82:38:a6:da:2b:06:
0a:63:29:e6:23:68:eb:67:d5:bc:58:1a:11:2d:c4:c7:bc:5e:
d8:ed:1c:17:0b:b8:b5:e2:55:6d:1b:6b:10:8a:36:52:11:b3:
cc:1e:50:bf:7a:d5:8a:08:b4:17:fa:7c:52:bc:38:99:92:53:
22:0b:d3:c6
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICNcswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzEw
NzIyMzhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDZFOTgzOUIzNjkxMDVE
QzIwNjhCNTcyOUJFOUJDNzU4QjI0RjREQjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCq+ov4LfJNjy0FQTGpNLFhXM1v9KkqPGNp9x3Fi1idHD1hYy7I
6e+OiXY4pZtlVY+H+nhNp9SftC/w/BsMAw/Ll6RUd6k3FyP73Igtuk163wPpaSKk
F3FrfchNeFtGFUPRqUQJcx/ERPgCo7e5pB6rncjSs7opPkuxyFE97o6+6pIH+o/R
juGchqbeL/qrOaz7VTfSN9R1wE9Pa+bPmDCIf9i5zWg1TYbNpQdtbKDHn7y/m1Qn
WOK8urJgJhU9URU1FqB2sQkjXKy5+kgF1loVPEvucfcN6c0ZPyrjIvIJ/cdljxF8
NHhU+Q7y/6bTp6wYOTvkeATdeElAEGbyFIcbAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUbpg5s2kQXcIGi1cpvpvHWLJPTbgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2JwZzVzMmtRWGNJR2kx
Y3B2cHZIV0xKUFRiZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAAy+VQBMjZFDF95AWfAME6anNlEhTY5j
pZAoRTdOBj7AdIbsOWbmVonRgXhFjmR1wJYQdscWK315aIQV7F4GCqrlPNC+TVu/
HHGqy18wXSjzCtiB83BCWLunPZFdGogUYPMpwc6Mgx4El2Klg32IlrtVrkFCDVq9
mNHmiPS555z7q/KZcfZ9OQF/7/080I1MRexRTyNShIxcuTIty1Z9SQMWcs1aY+KI
oh1AF2GGP3SsOjGt1rypw8JRK9g0AExbGoI4ptorBgpjKeYjaOtn1bxYGhEtxMe8
XtjtHBcLuLXiVW0baxCKNlIRs8weUL961YoItBf6fFK8OJmSUyIL08Y=
-----END CERTIFICATE-----
Generated at Sat May 17 22:50:09 2025 by rpki-client