Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/bcyH7kuxWZlvbkV1BSvY1h2DB34.roa
File: bcyH7kuxWZlvbkV1BSvY1h2DB34.roa (raw, json)
Hash identifier: Ozlbiuq48vMtJOibfpelVLrfuiKi7nn68eBd46q7I5g=
Subject key identifier: 6D:CC:87:EE:4B:B1:59:99:6F:6E:45:75:05:2B:D8:D6:1D:83:07:7E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 51C3
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/bcyH7kuxWZlvbkV1BSvY1h2DB34.roa
Signing time: Tue 07 May 2024 14:24:05 +0000
ROA not before: Tue 07 May 2024 14:24:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20931 (0x51c3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 7 14:24:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=6DCC87EE4BB159996F6E4575052BD8D61D83077E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:0f:70:39:5f:3a:75:47:f4:44:42:9c:f5:ba:
bc:69:2e:94:41:8e:ef:ec:7f:49:0f:f7:8b:72:28:
28:ca:64:66:1d:b9:7f:5f:d6:9d:c4:4e:c9:dc:34:
a7:f5:4f:0e:ad:ed:db:da:7d:22:5c:9c:25:cf:b6:
9f:96:fc:e7:34:99:de:c0:ea:97:04:2c:14:e3:e4:
c6:da:f1:e1:ce:e1:73:cf:35:13:2b:e6:72:69:29:
dc:d4:95:8d:e9:7a:43:d2:95:ed:de:68:1f:bb:0e:
e5:71:63:30:84:fe:9c:06:50:61:6b:bd:5c:5f:56:
29:29:1c:ac:c6:15:1a:33:e2:da:12:f0:70:33:a6:
fb:d7:d2:1e:c8:8e:05:22:9f:c6:08:85:a6:10:ca:
4c:b5:d9:cf:53:19:7c:a0:d7:2d:59:e2:77:bb:1c:
06:d7:d5:86:a9:8a:85:0d:f1:af:b2:ef:3c:ef:92:
99:20:42:8d:dc:72:ba:4c:f5:d4:56:c6:f0:6b:3d:
00:d6:70:08:f4:5a:61:3e:7e:71:f0:d6:13:56:6b:
fd:f9:ef:c6:cf:4f:3a:a0:2d:e7:95:4f:45:33:8f:
ac:2b:d5:3d:c2:f6:62:43:36:08:bb:3c:5f:fd:03:
d3:4f:47:55:49:e4:c8:1d:9b:02:c7:fd:31:fd:5a:
39:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:CC:87:EE:4B:B1:59:99:6F:6E:45:75:05:2B:D8:D6:1D:83:07:7E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/bcyH7kuxWZlvbkV1BSvY1h2DB34.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
4c:ed:b9:05:99:68:6c:6c:41:88:b9:5d:eb:6a:31:79:62:13:
77:3f:9d:c0:7a:c4:b2:57:98:36:6f:76:8f:d5:db:2c:e7:fe:
bb:d7:cc:d6:8d:13:4d:1b:fb:19:32:f5:f0:39:b1:c6:8e:6f:
16:a6:f9:53:53:f6:d3:db:a9:7b:b8:6d:01:2a:c9:64:cb:75:
22:9c:5d:3a:9a:37:56:23:c2:6b:20:04:85:a0:c8:19:c2:9d:
1c:23:42:ea:de:f8:fb:69:e1:08:fb:af:dc:a7:de:24:79:3b:
b0:36:76:b9:50:13:ce:06:5b:b4:59:f7:df:1f:85:c6:e5:6c:
ed:7d:a6:1a:a5:1c:29:7c:d9:45:24:4b:04:5f:19:8f:d8:e3:
51:20:3e:8e:ae:69:47:48:54:42:80:61:07:0b:b2:d2:e0:3b:
50:44:94:70:c8:27:55:0a:f1:1b:42:d5:67:65:28:ba:32:60:
b9:cd:49:69:46:90:2b:88:39:35:df:e6:f4:91:1a:41:cc:0f:
54:3f:5d:d0:4a:d7:59:26:6a:5c:7c:a7:87:d9:76:e0:c4:e1:
e9:a4:13:cd:f1:16:2d:ad:1c:42:bc:ee:2f:34:f5:37:5c:8a:
e0:c2:77:e5:46:6a:77:c8:e0:db:81:3e:69:ef:ef:00:92:ef:
df:28:75:6d
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICUcMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDcx
NDI0MDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDZEQ0M4N0VFNEJCMTU5
OTk2RjZFNDU3NTA1MkJEOEQ2MUQ4MzA3N0UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCVD3A5Xzp1R/REQpz1urxpLpRBju/sf0kP94tyKCjKZGYduX9f
1p3ETsncNKf1Tw6t7dvafSJcnCXPtp+W/Oc0md7A6pcELBTj5Mba8eHO4XPPNRMr
5nJpKdzUlY3pekPSle3eaB+7DuVxYzCE/pwGUGFrvVxfVikpHKzGFRoz4toS8HAz
pvvX0h7IjgUin8YIhaYQyky12c9TGXyg1y1Z4ne7HAbX1YapioUN8a+y7zzvkpkg
Qo3ccrpM9dRWxvBrPQDWcAj0WmE+fnHw1hNWa/3578bPTzqgLeeVT0Uzj6wr1T3C
9mJDNgi7PF/9A9NPR1VJ5MgdmwLH/TH9Wjk7AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUbcyH7kuxWZlvbkV1BSvY1h2DB34wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2JjeUg3a3V4V1psdmJr
VjFCU3ZZMWgyREIzNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAEztuQWZaGxsQYi5XetqMXliE3c/ncB6
xLJXmDZvdo/V2yzn/rvXzNaNE00b+xky9fA5scaObxam+VNT9tPbqXu4bQEqyWTL
dSKcXTqaN1YjwmsgBIWgyBnCnRwjQure+Ptp4Qj7r9yn3iR5O7A2drlQE84GW7RZ
998fhcblbO19phqlHCl82UUkSwRfGY/Y41EgPo6uaUdIVEKAYQcLstLgO1BElHDI
J1UK8RtC1WdlKLoyYLnNSWlGkCuIOTXf5vSRGkHMD1Q/XdBK11kmalx8p4fZduDE
4emkE83xFi2tHEK87i809TdciuDCd+VGanfI4NuBPmnv7wCS798odW0=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:40:12 2025 by rpki-client