Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/BmHzI4QZVwjI6HQz67qhXTtTcBY.roa
File: BmHzI4QZVwjI6HQz67qhXTtTcBY.roa (raw, json)
Hash identifier: g+MA5ViYJ9AMBc7x6xs7iTkn6i4cHxondGDbX9P0xIQ=
Subject key identifier: 06:61:F3:23:84:19:57:08:C8:E8:74:33:EB:BA:A1:5D:3B:53:70:16
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4B3B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/BmHzI4QZVwjI6HQz67qhXTtTcBY.roa
Signing time: Sun 28 Apr 2024 21:23:30 +0000
ROA not before: Sun 28 Apr 2024 21:23:30 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19259 (0x4b3b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 28 21:23:30 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=0661F32384195708C8E87433EBBAA15D3B537016
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:28:d5:17:18:59:f0:94:69:01:55:de:a8:b9:
e1:56:2e:95:c4:09:62:61:fe:4c:bd:e5:98:3d:39:
ea:f1:0f:61:e5:30:bf:86:80:48:5c:a9:7a:ce:31:
8e:d3:8d:b0:86:9f:c4:d5:8d:9b:c6:63:96:75:34:
8b:e2:af:9b:e3:8e:df:43:cc:37:b3:64:c5:7c:8d:
8b:a7:45:c7:25:46:60:f8:92:63:a1:ec:ea:0c:1a:
85:66:6f:96:f8:40:f9:0d:3f:c9:c4:25:38:2e:f8:
d2:8f:82:c0:77:66:2d:67:0a:24:8b:ca:5c:2d:4b:
a9:05:bd:c8:65:82:f1:ba:9f:a3:dd:70:f1:c7:a7:
59:f2:e3:a0:cd:70:9a:06:bc:f5:7f:08:8d:a0:aa:
c5:e7:6d:fe:b0:c4:56:21:50:a0:24:ef:cf:a0:91:
25:e1:72:05:8c:7b:cf:45:de:d3:af:4c:67:aa:37:
18:37:35:4f:da:83:df:f4:58:6b:4e:a5:f3:71:29:
ff:f9:be:98:f9:ff:76:a2:95:84:38:3e:1c:13:41:
75:9d:c2:d9:2c:b2:8a:f5:ec:fd:5d:fd:61:ba:77:
9d:f2:27:4a:e4:e0:d2:04:72:9d:7a:e5:e8:80:3a:
f6:2b:b4:1a:d1:59:be:30:c3:af:b9:09:71:0c:72:
39:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:61:F3:23:84:19:57:08:C8:E8:74:33:EB:BA:A1:5D:3B:53:70:16
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/BmHzI4QZVwjI6HQz67qhXTtTcBY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
75:f2:fd:ad:10:99:c1:b5:ef:00:83:73:9e:b8:02:55:d4:d0:
55:fa:cb:56:84:01:a6:bf:1a:b5:c8:5d:9d:95:65:c9:0d:14:
7a:49:f2:fb:b1:92:24:ba:50:fb:71:20:27:b3:18:ab:67:11:
12:de:3c:8f:9e:37:a4:03:44:ac:5d:87:79:84:71:1a:53:f8:
b4:9d:2e:b7:0f:8b:b2:b9:dc:a0:cc:f1:ed:10:86:d2:b3:3c:
df:ad:d0:d8:7e:1e:22:0d:8b:4d:04:c1:59:6f:c2:84:d2:e8:
d2:e7:f0:72:b0:9b:52:f3:23:b6:f4:58:1f:39:70:39:1e:78:
7c:c0:1c:47:39:80:08:fa:bd:eb:89:a2:94:b4:46:96:5b:b4:
bc:69:46:e0:28:b7:62:ac:dd:79:0e:7a:be:dd:28:7f:8a:67:
e6:4c:63:bc:c5:23:27:75:76:79:4e:45:79:49:0c:45:1b:57:
6a:47:fa:e4:fd:8f:01:d8:2f:50:97:d9:25:87:81:64:ce:f5:
13:3a:c4:88:76:4c:93:b3:36:70:35:bc:48:62:6a:16:11:7f:
26:cd:ce:0d:d2:4c:63:4a:63:d7:e9:81:3b:b6:96:50:ad:eb:
46:21:1e:4b:02:ce:83:8e:02:5b:1c:2a:7f:89:e0:f3:c1:d5:
a4:17:03:6a
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICSzswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjgy
MTIzMzBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDA2NjFGMzIzODQxOTU3
MDhDOEU4NzQzM0VCQkFBMTVEM0I1MzcwMTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDAKNUXGFnwlGkBVd6oueFWLpXECWJh/ky95Zg9OerxD2HlML+G
gEhcqXrOMY7TjbCGn8TVjZvGY5Z1NIvir5vjjt9DzDezZMV8jYunRcclRmD4kmOh
7OoMGoVmb5b4QPkNP8nEJTgu+NKPgsB3Zi1nCiSLylwtS6kFvchlgvG6n6PdcPHH
p1ny46DNcJoGvPV/CI2gqsXnbf6wxFYhUKAk78+gkSXhcgWMe89F3tOvTGeqNxg3
NU/ag9/0WGtOpfNxKf/5vpj5/3ailYQ4PhwTQXWdwtkssor17P1d/WG6d53yJ0rk
4NIEcp165eiAOvYrtBrRWb4ww6+5CXEMcjlrAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUBmHzI4QZVwjI6HQz67qhXTtTcBYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0JtSHpJNFFaVndqSTZI
UXo2N3FoWFR0VGNCWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAHXy/a0QmcG17wCDc564AlXU0FX6y1aE
Aaa/GrXIXZ2VZckNFHpJ8vuxkiS6UPtxICezGKtnERLePI+eN6QDRKxdh3mEcRpT
+LSdLrcPi7K53KDM8e0QhtKzPN+t0Nh+HiINi00EwVlvwoTS6NLn8HKwm1LzI7b0
WB85cDkeeHzAHEc5gAj6veuJopS0RpZbtLxpRuAot2Ks3XkOer7dKH+KZ+ZMY7zF
Iyd1dnlORXlJDEUbV2pH+uT9jwHYL1CX2SWHgWTO9RM6xIh2TJOzNnA1vEhiahYR
fybNzg3STGNKY9fpgTu2llCt60YhHksCzoOOAlscKn+J4PPB1aQXA2o=
-----END CERTIFICATE-----
Generated at Sun Jun 22 01:03:22 2025 by rpki-client