Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/YKN9SeNWkrCLqUwfu9ofWxxNQ-o.roa
File: YKN9SeNWkrCLqUwfu9ofWxxNQ-o.roa (raw, json)
Hash identifier: sBGGXm2djYGR46VCLvouk0++MEvUcyHekD+gacei+7s=
Subject key identifier: 60:A3:7D:49:E3:56:92:B0:8B:A9:4C:1F:BB:DA:1F:5B:1C:4D:43:EA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3E17
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YKN9SeNWkrCLqUwfu9ofWxxNQ-o.roa
Signing time: Thu 11 Apr 2024 08:52:45 +0000
ROA not before: Thu 11 Apr 2024 08:52:45 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15895 (0x3e17)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 11 08:52:45 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=60A37D49E35692B08BA94C1FBBDA1F5B1C4D43EA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:a7:c5:8a:c2:b8:3a:c0:5b:6d:52:68:22:b8:
a0:9d:71:61:a6:30:9f:32:d0:6d:65:40:62:d5:f1:
4d:a3:07:b3:7a:cd:97:08:e8:f6:6a:ad:46:16:ab:
ae:9c:86:bf:c9:96:12:77:4f:92:50:77:d4:f0:28:
33:96:b0:ae:44:2e:65:25:75:9d:3a:12:9e:fc:8d:
92:1d:38:95:24:44:2d:ce:85:da:07:7f:7b:92:28:
da:5f:ee:b5:4c:00:11:34:4c:a8:03:99:1d:4d:66:
b9:90:93:e4:64:6f:04:30:e2:7a:d4:a1:ad:3b:24:
8a:4c:84:37:0b:b2:1c:6e:5b:fb:c1:0a:f7:7c:16:
f0:a8:aa:72:ac:34:2e:98:50:f0:86:b8:c8:96:06:
cc:d9:fb:c3:20:4a:86:e6:d4:e6:42:29:e1:fa:54:
85:e0:76:db:b7:f0:b2:b7:a9:c7:04:b0:af:d5:00:
cd:c9:da:2f:cd:e3:79:f3:c3:64:04:f2:96:91:f1:
72:b0:f2:b1:8e:82:7e:fa:e9:8d:06:1e:19:02:9d:
2e:b3:f8:24:9b:91:20:df:e4:05:df:cb:ad:e5:d0:
85:3f:89:44:b0:ac:80:60:63:59:24:f3:27:dc:2e:
49:b7:a7:f3:fd:ee:a8:68:03:a9:3f:e5:72:36:aa:
ba:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:A3:7D:49:E3:56:92:B0:8B:A9:4C:1F:BB:DA:1F:5B:1C:4D:43:EA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YKN9SeNWkrCLqUwfu9ofWxxNQ-o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
2c:2a:ea:ae:32:52:ff:7c:69:24:45:c4:96:94:bd:34:ae:2f:
c3:af:b8:54:19:ed:04:25:a2:ac:a5:3d:ed:de:11:ca:f7:13:
d7:8d:0b:40:0a:23:ca:77:81:81:0b:c7:05:96:7e:cd:1e:00:
f9:51:93:b6:69:0e:88:57:06:24:7f:35:09:91:ff:92:84:28:
cf:cf:c3:4a:a1:c4:2c:8e:19:dc:3b:6f:bf:b5:78:d8:e2:35:
b2:f5:4a:16:6c:f6:ec:56:64:ea:18:59:ba:e3:ca:d6:7a:5c:
d1:98:e6:8d:90:46:f2:ef:2e:93:07:8d:6e:95:f7:4a:ef:22:
ee:96:b3:87:1f:54:83:8b:77:45:65:30:ac:11:41:02:36:3c:
c7:7e:7f:b8:47:7f:f0:48:55:ec:6d:9a:50:b2:54:f1:ca:f0:
ec:0f:32:b7:3d:48:c8:37:3b:ff:f3:ce:2b:12:21:de:78:a9:
22:32:bc:62:ee:be:97:51:50:f6:8a:35:45:a0:15:d9:d9:62:
2d:a3:4d:03:4c:72:51:d1:e3:21:fb:ef:8a:d8:b3:40:ee:74:
e6:11:00:ce:fa:a2:18:18:8e:84:d7:04:ef:64:af:a7:c2:28:
ce:f9:31:ec:96:51:68:51:04:b0:41:50:b0:f0:f3:c6:a5:c8:
a7:88:99:90
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICPhcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTEw
ODUyNDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDYwQTM3RDQ5RTM1Njky
QjA4QkE5NEMxRkJCREExRjVCMUM0RDQzRUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDGp8WKwrg6wFttUmgiuKCdcWGmMJ8y0G1lQGLV8U2jB7N6zZcI
6PZqrUYWq66chr/JlhJ3T5JQd9TwKDOWsK5ELmUldZ06Ep78jZIdOJUkRC3OhdoH
f3uSKNpf7rVMABE0TKgDmR1NZrmQk+RkbwQw4nrUoa07JIpMhDcLshxuW/vBCvd8
FvCoqnKsNC6YUPCGuMiWBszZ+8MgSobm1OZCKeH6VIXgdtu38LK3qccEsK/VAM3J
2i/N43nzw2QE8paR8XKw8rGOgn766Y0GHhkCnS6z+CSbkSDf5AXfy63l0IU/iUSw
rIBgY1kk8yfcLkm3p/P97qhoA6k/5XI2qronAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUYKN9SeNWkrCLqUwfu9ofWxxNQ+owHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1lLTjlTZU5Xa3JDTHFV
d2Z1OW9mV3h4TlEtby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBACwq6q4yUv98aSRFxJaUvTSuL8OvuFQZ
7QQloqylPe3eEcr3E9eNC0AKI8p3gYELxwWWfs0eAPlRk7ZpDohXBiR/NQmR/5KE
KM/Pw0qhxCyOGdw7b7+1eNjiNbL1ShZs9uxWZOoYWbrjytZ6XNGY5o2QRvLvLpMH
jW6V90rvIu6Ws4cfVIOLd0VlMKwRQQI2PMd+f7hHf/BIVextmlCyVPHK8OwPMrc9
SMg3O//zzisSId54qSIyvGLuvpdRUPaKNUWgFdnZYi2jTQNMclHR4yH774rYs0Du
dOYRAM76ohgYjoTXBO9kr6fCKM75MeyWUWhRBLBBULDw88alyKeImZA=
-----END CERTIFICATE-----
Generated at Sun Jun 22 00:22:19 2025 by rpki-client