Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ayZSB6o5IeRbvCaWcrs8JZQE_hQ.roa
File: ayZSB6o5IeRbvCaWcrs8JZQE_hQ.roa (raw, json)
Hash identifier: gfp7qp4MZVmTn0qH43Gh8g56KsF3LjKiMi3D3bXzoZg=
Subject key identifier: 6B:26:52:07:AA:39:21:E4:5B:BC:26:96:72:BB:3C:25:94:04:FE:14
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 438B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ayZSB6o5IeRbvCaWcrs8JZQE_hQ.roa
Signing time: Thu 18 Apr 2024 15:23:01 +0000
ROA not before: Thu 18 Apr 2024 15:23:01 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17291 (0x438b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 18 15:23:01 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=6B265207AA3921E45BBC269672BB3C259404FE14
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:46:3d:2b:b2:21:c2:37:30:9e:04:a9:44:01:
da:a9:aa:16:2a:ab:88:8c:e2:67:c0:16:85:7b:4d:
7e:2b:72:60:23:93:15:bd:bf:4b:1e:cc:8c:bc:53:
a4:fa:3b:5c:9c:ea:dd:3c:f1:64:c8:80:4f:4d:06:
3d:02:a3:e6:c3:20:2b:d4:d6:38:18:3e:f2:76:fd:
c1:79:65:9d:2e:00:6f:68:7a:f0:67:ac:25:74:c7:
76:c5:b2:9d:0d:5c:f7:fd:8d:89:8a:c1:74:7b:a1:
30:af:30:c9:7a:cd:e2:3d:01:fa:ee:50:e6:47:4b:
ed:77:4b:de:1b:a3:35:37:5d:c1:b0:da:70:29:23:
96:fa:19:c3:f9:29:da:eb:a6:ad:ab:bb:3f:39:88:
fb:a5:b3:1e:13:28:0e:45:ca:5e:21:c0:8d:fa:a3:
89:b1:bd:78:c9:c3:fa:be:6c:02:87:bc:88:28:83:
10:85:c7:e1:d0:26:02:76:d5:2d:f2:c1:1e:34:d8:
9e:e7:b9:bb:1b:9b:c3:a6:73:bb:f5:92:cb:4a:78:
1a:4f:16:e2:b8:cd:cc:c2:60:5a:f9:b7:64:08:20:
01:4c:7b:c1:02:f2:dd:45:e1:57:3b:d5:04:e3:63:
cc:e7:5f:f8:54:69:f0:c1:e8:d3:f3:36:2b:2e:1d:
b5:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:26:52:07:AA:39:21:E4:5B:BC:26:96:72:BB:3C:25:94:04:FE:14
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ayZSB6o5IeRbvCaWcrs8JZQE_hQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
96:e6:0e:35:98:ac:72:ef:43:92:0f:53:77:19:54:6b:ab:ae:
61:6c:c1:45:fc:59:4f:5b:32:8e:15:3a:0d:3f:0e:29:08:41:
11:18:3c:3e:d5:35:3a:79:33:51:68:4f:b1:1d:3f:9d:f1:99:
d4:e1:02:9a:ad:cb:ee:1f:de:bd:a3:97:2b:c1:af:29:67:40:
a4:c8:4d:40:29:1a:04:40:36:96:1c:ea:bd:7d:21:43:e1:81:
48:61:ff:7f:e5:bb:37:d8:9a:e4:92:d3:3d:52:c3:d7:b8:37:
25:e1:01:36:d8:b0:50:f6:29:e8:b1:ba:a7:91:a2:f6:d2:94:
db:d5:55:78:1a:d9:2e:12:ca:b8:6f:38:72:70:7a:67:5a:e2:
74:5a:b4:56:5d:e4:0f:de:25:65:85:e0:51:18:1a:8f:a6:90:
93:4f:b3:30:1c:d8:fe:f8:7b:e2:3c:de:0b:9b:8d:d1:8f:99:
0c:ce:da:42:e5:0d:8d:55:65:7c:a5:a2:71:ea:be:4a:1e:f3:
e0:91:bb:76:29:5d:a1:18:d6:bc:1a:a6:41:c2:b9:78:4e:93:
71:f2:11:6b:86:d4:3e:60:1d:8d:36:8b:ef:3b:5f:a9:ed:48:
04:16:aa:96:de:b5:07:8e:8c:c4:76:14:83:81:bb:ba:46:a6:
c5:de:53:82
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQ4swDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTgx
NTIzMDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDZCMjY1MjA3QUEzOTIx
RTQ1QkJDMjY5NjcyQkIzQzI1OTQwNEZFMTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDiRj0rsiHCNzCeBKlEAdqpqhYqq4iM4mfAFoV7TX4rcmAjkxW9
v0sezIy8U6T6O1yc6t088WTIgE9NBj0Co+bDICvU1jgYPvJ2/cF5ZZ0uAG9oevBn
rCV0x3bFsp0NXPf9jYmKwXR7oTCvMMl6zeI9AfruUOZHS+13S94bozU3XcGw2nAp
I5b6GcP5Kdrrpq2ruz85iPulsx4TKA5Fyl4hwI36o4mxvXjJw/q+bAKHvIgogxCF
x+HQJgJ21S3ywR402J7nubsbm8Omc7v1kstKeBpPFuK4zczCYFr5t2QIIAFMe8EC
8t1F4Vc71QTjY8znX/hUafDB6NPzNisuHbUVAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUayZSB6o5IeRbvCaWcrs8JZQE/hQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2F5WlNCNm81SWVSYnZD
YVdjcnM4SlpRRV9oUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAJbmDjWYrHLvQ5IPU3cZVGurrmFswUX8
WU9bMo4VOg0/DikIQREYPD7VNTp5M1FoT7EdP53xmdThApqty+4f3r2jlyvBryln
QKTITUApGgRANpYc6r19IUPhgUhh/3/luzfYmuSS0z1Sw9e4NyXhATbYsFD2Keix
uqeRovbSlNvVVXga2S4SyrhvOHJwemda4nRatFZd5A/eJWWF4FEYGo+mkJNPszAc
2P74e+I83gubjdGPmQzO2kLlDY1VZXylonHqvkoe8+CRu3YpXaEY1rwapkHCuXhO
k3HyEWuG1D5gHY02i+87X6ntSAQWqpbetQeOjMR2FIOBu7pGpsXeU4I=
-----END CERTIFICATE-----
Generated at Sun Jun 22 06:47:14 2025 by rpki-client