Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/IyGXNjekZHcUYp3zsN2Lp-KskKI.roa
File: IyGXNjekZHcUYp3zsN2Lp-KskKI.roa (raw, json)
Hash identifier: tZEKSTsoF39u0l4ffoxYwcoPqKWzCiCb7Lbf9k/QM3c=
Subject key identifier: 23:21:97:36:37:A4:64:77:14:62:9D:F3:B0:DD:8B:A7:E2:AC:90:A2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4323
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/IyGXNjekZHcUYp3zsN2Lp-KskKI.roa
Signing time: Thu 18 Apr 2024 02:22:58 +0000
ROA not before: Thu 18 Apr 2024 02:22:58 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17187 (0x4323)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 18 02:22:58 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=2321973637A4647714629DF3B0DD8BA7E2AC90A2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:66:93:c0:5c:85:41:77:91:79:34:72:56:33:
c2:97:31:2b:d6:53:56:71:c7:bc:25:6d:d6:8b:43:
8f:37:38:e1:31:98:c8:ca:ae:af:f0:f3:56:11:a6:
af:63:1b:8b:66:5d:de:24:2d:c4:1b:55:c0:74:6c:
0f:1f:2c:61:7a:63:38:e0:59:86:ca:f5:d1:1f:48:
4e:fe:23:86:6e:15:60:30:9f:cc:b0:90:2a:a1:d6:
fb:b2:1d:19:0e:0e:b9:d1:c3:4c:9c:fe:58:97:d8:
e9:bc:df:c2:ba:e3:a7:72:25:5c:62:e1:e9:b9:83:
17:43:41:1a:41:87:14:35:e9:a6:14:8a:80:0e:0d:
4c:9c:ae:3d:61:c5:bf:ed:00:95:d5:62:b1:69:fb:
31:cb:4d:f1:c9:c3:72:93:09:8d:9f:ff:ab:38:57:
9f:4b:a2:e7:24:77:48:06:2d:26:50:2c:05:f4:50:
30:52:33:33:4d:e4:4a:31:b1:7f:a9:6e:ba:0e:65:
93:e4:ea:42:44:34:c3:c4:81:32:13:83:31:b8:5b:
21:fc:9c:a1:65:42:8e:96:89:d1:42:26:48:d0:3f:
07:c9:ff:1b:49:6b:32:e7:56:ae:fa:56:24:1c:ce:
8e:55:c8:5b:c7:42:b0:c0:9d:af:73:a3:b9:25:e6:
5c:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:21:97:36:37:A4:64:77:14:62:9D:F3:B0:DD:8B:A7:E2:AC:90:A2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/IyGXNjekZHcUYp3zsN2Lp-KskKI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
0b:e4:23:ac:31:44:ff:68:a4:50:a1:cb:84:7c:b9:d3:98:67:
a0:80:87:92:6d:33:40:49:30:3b:6a:ce:2f:98:aa:59:9a:2d:
5f:4f:a2:14:5a:c5:ee:88:b7:7a:41:79:0a:0d:05:6b:99:6d:
af:a7:8b:03:e1:51:dc:af:e1:32:4f:74:0c:ca:a5:70:a5:85:
bf:0b:98:0e:bd:7d:64:cf:4a:84:63:17:a7:a4:7d:6b:ff:53:
48:46:88:e2:d3:e2:a8:42:3c:47:0d:ef:80:27:b5:50:7b:35:
d9:d2:be:1e:be:b1:ce:8a:78:65:25:f8:1e:0d:19:17:7a:b7:
2a:ca:04:a6:93:51:b6:ae:31:f7:12:69:33:47:ef:5b:19:2c:
2c:87:d3:7d:fd:1e:1f:90:c4:76:53:25:d2:08:64:03:49:49:
a1:6b:11:85:c5:f1:ab:ba:c7:11:ab:9d:90:8c:9a:7d:ef:34:
2d:60:5b:78:c1:ce:2c:0b:ae:bc:cb:6c:ba:51:36:e2:e9:c1:
b8:f4:c5:e7:c3:e4:44:68:14:2b:1f:2d:75:3c:35:8e:db:7e:
66:cb:b2:11:a6:a4:6f:40:fe:e8:c3:49:0e:18:7e:ae:25:e6:
4e:58:ab:d1:3d:ee:68:d6:3e:12:66:d3:27:67:bc:46:eb:6b:
64:ad:f4:fe
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQyMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTgw
MjIyNThaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDIzMjE5NzM2MzdBNDY0
NzcxNDYyOURGM0IwREQ4QkE3RTJBQzkwQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDUZpPAXIVBd5F5NHJWM8KXMSvWU1Zxx7wlbdaLQ483OOExmMjK
rq/w81YRpq9jG4tmXd4kLcQbVcB0bA8fLGF6YzjgWYbK9dEfSE7+I4ZuFWAwn8yw
kCqh1vuyHRkODrnRw0yc/liX2Om838K646dyJVxi4em5gxdDQRpBhxQ16aYUioAO
DUycrj1hxb/tAJXVYrFp+zHLTfHJw3KTCY2f/6s4V59Louckd0gGLSZQLAX0UDBS
MzNN5EoxsX+pbroOZZPk6kJENMPEgTITgzG4WyH8nKFlQo6WidFCJkjQPwfJ/xtJ
azLnVq76ViQczo5VyFvHQrDAna9zo7kl5lz5AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUIyGXNjekZHcUYp3zsN2Lp+KskKIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0l5R1hOamVrWkhjVVlw
M3pzTjJMcC1Lc2tLSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAAvkI6wxRP9opFChy4R8udOYZ6CAh5Jt
M0BJMDtqzi+YqlmaLV9PohRaxe6It3pBeQoNBWuZba+niwPhUdyv4TJPdAzKpXCl
hb8LmA69fWTPSoRjF6ekfWv/U0hGiOLT4qhCPEcN74AntVB7NdnSvh6+sc6KeGUl
+B4NGRd6tyrKBKaTUbauMfcSaTNH71sZLCyH0339Hh+QxHZTJdIIZANJSaFrEYXF
8au6xxGrnZCMmn3vNC1gW3jBziwLrrzLbLpRNuLpwbj0xefD5ERoFCsfLXU8NY7b
fmbLshGmpG9A/ujDSQ4Yfq4l5k5Yq9E97mjWPhJm0ydnvEbra2St9P4=
-----END CERTIFICATE-----
Generated at Sun Jun 22 12:14:13 2025 by rpki-client