Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/yPVaYzsVV7i8KFJXvDL15QSY_0I.roa
File: yPVaYzsVV7i8KFJXvDL15QSY_0I.roa (raw, json)
Hash identifier: 0fFj+MX6E0YCSTj3k7srr9B41Lz/liU1U+JhlD5x5zk=
Subject key identifier: C8:F5:5A:63:3B:15:57:B8:BC:28:52:57:BC:32:F5:E5:04:98:FF:42
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 453B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yPVaYzsVV7i8KFJXvDL15QSY_0I.roa
Signing time: Sat 20 Apr 2024 21:23:06 +0000
ROA not before: Sat 20 Apr 2024 21:23:06 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17723 (0x453b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 20 21:23:06 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C8F55A633B1557B8BC285257BC32F5E50498FF42
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:57:ef:04:e3:16:d8:d6:97:fe:7c:36:df:c5:
45:63:9d:df:85:15:9b:62:47:bd:05:dc:08:ab:80:
69:18:67:ca:2d:fa:f3:b4:1d:8b:08:06:35:07:8e:
2d:ab:20:e5:57:1c:66:0e:df:3c:cd:0f:93:09:ba:
79:4e:9e:0a:62:32:9a:54:fc:2d:c6:6a:ea:cc:c5:
b6:d7:5b:d2:0c:02:ad:05:07:a3:9a:28:ac:aa:69:
c5:19:b0:e5:cc:86:10:af:0b:a9:aa:38:2d:da:26:
bc:46:4e:cf:ea:e2:df:bb:81:3d:ac:22:6e:f6:50:
88:6c:43:68:fa:6c:e0:78:ec:e4:9d:fe:43:05:5d:
c6:70:c8:a7:86:21:8f:30:29:82:6e:5d:44:bf:e2:
72:71:5d:35:c0:88:c6:5f:36:90:23:f6:cf:77:e0:
03:c6:ac:eb:70:a1:12:5b:04:52:7b:92:d7:a0:8a:
cf:6d:64:e2:33:ac:f9:db:1e:7c:31:dc:0b:ae:27:
be:9c:92:c7:fb:8e:b2:39:da:7a:1c:30:01:fb:fe:
95:b1:02:9d:e3:ac:d3:72:ff:4d:97:3c:b3:58:f3:
ac:b9:e9:87:6a:26:66:8f:e2:dd:39:77:3c:44:60:
f6:f8:6e:b3:37:20:7d:51:7b:8a:d3:d1:57:dc:06:
6a:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:F5:5A:63:3B:15:57:B8:BC:28:52:57:BC:32:F5:E5:04:98:FF:42
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yPVaYzsVV7i8KFJXvDL15QSY_0I.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
a8:60:00:3d:41:26:43:1a:4d:cc:29:b2:4b:4a:19:b2:16:e6:
46:62:6c:f4:c4:f6:e0:24:e4:92:62:9c:17:81:13:28:d2:fe:
e3:4c:33:c6:1d:aa:86:42:cd:1f:1f:d5:31:49:84:3c:00:54:
2d:cc:b9:93:00:a9:de:3e:e0:69:89:60:5e:ed:e8:5a:b8:e4:
3e:84:d1:8b:f5:62:b3:41:84:e7:b9:8e:ac:76:99:76:b9:3c:
47:1d:32:5b:d7:2b:02:ad:32:c6:36:c5:77:ae:94:1a:35:cf:
e6:66:fa:fa:d9:f9:e8:50:0b:78:f0:59:b1:7a:be:82:21:1d:
c7:ed:55:c0:4a:b8:ba:b1:ec:5d:d2:c5:97:3b:2b:20:da:48:
62:e3:74:88:d1:b9:4b:d7:2c:6d:24:1e:69:e7:2b:52:92:86:
58:ef:63:27:84:1b:4f:ed:fb:dc:99:44:e6:49:59:02:74:22:
fe:dc:27:79:1b:f5:9c:51:39:a3:e7:2d:e4:e2:4e:e3:5f:20:
e0:be:5c:78:58:9f:a0:f7:42:22:a1:dd:0a:f5:c6:de:74:34:
bb:23:e8:c7:84:7d:b1:8b:85:81:d5:b6:71:ed:13:6e:b9:27:
a0:0f:8e:d6:53:8f:9a:a4:1c:cd:9a:a3:25:1b:0f:61:83:7f:
7a:1e:f9:05
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICRTswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjAy
MTIzMDZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEM4RjU1QTYzM0IxNTU3
QjhCQzI4NTI1N0JDMzJGNUU1MDQ5OEZGNDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCtV+8E4xbY1pf+fDbfxUVjnd+FFZtiR70F3AirgGkYZ8ot+vO0
HYsIBjUHji2rIOVXHGYO3zzND5MJunlOngpiMppU/C3GaurMxbbXW9IMAq0FB6Oa
KKyqacUZsOXMhhCvC6mqOC3aJrxGTs/q4t+7gT2sIm72UIhsQ2j6bOB47OSd/kMF
XcZwyKeGIY8wKYJuXUS/4nJxXTXAiMZfNpAj9s934APGrOtwoRJbBFJ7ktegis9t
ZOIzrPnbHnwx3AuuJ76cksf7jrI52nocMAH7/pWxAp3jrNNy/02XPLNY86y56Ydq
JmaP4t05dzxEYPb4brM3IH1Re4rT0VfcBmpNAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUyPVaYzsVV7i8KFJXvDL15QSY/0IwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3lQVmFZenNWVjdpOEtG
Slh2REwxNVFTWV8wSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAKhgAD1BJkMaTcwpsktKGbIW5kZibPTE
9uAk5JJinBeBEyjS/uNMM8YdqoZCzR8f1TFJhDwAVC3MuZMAqd4+4GmJYF7t6Fq4
5D6E0Yv1YrNBhOe5jqx2mXa5PEcdMlvXKwKtMsY2xXeulBo1z+Zm+vrZ+ehQC3jw
WbF6voIhHcftVcBKuLqx7F3SxZc7KyDaSGLjdIjRuUvXLG0kHmnnK1KShljvYyeE
G0/t+9yZROZJWQJ0Iv7cJ3kb9ZxROaPnLeTiTuNfIOC+XHhYn6D3QiKh3Qr1xt50
NLsj6MeEfbGLhYHVtnHtE265J6APjtZTj5qkHM2aoyUbD2GDf3oe+QU=
-----END CERTIFICATE-----
Generated at Sat May 17 23:14:30 2025 by rpki-client