Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ywQPqAS4rsPsPavUFtWiwvo3HFo.roa
File: ywQPqAS4rsPsPavUFtWiwvo3HFo.roa (raw, json)
Hash identifier: TZq1O5OoK8Ydtw4byqHQ+264VeZkBVAK1FVT8xGYmLc=
Subject key identifier: CB:04:0F:A8:04:B8:AE:C3:EC:3D:AB:D4:16:D5:A2:C2:FA:37:1C:5A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 432B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ywQPqAS4rsPsPavUFtWiwvo3HFo.roa
Signing time: Thu 18 Apr 2024 03:22:59 +0000
ROA not before: Thu 18 Apr 2024 03:22:59 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17195 (0x432b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 18 03:22:59 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=CB040FA804B8AEC3EC3DABD416D5A2C2FA371C5A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:70:14:d7:fd:e5:b8:34:42:aa:76:34:e4:cb:
29:d9:3e:f5:48:73:90:50:d5:c7:8b:f0:51:1a:ba:
26:1e:18:db:df:60:0d:d5:59:b9:32:d5:9f:e8:81:
b5:b5:a3:6f:5b:60:cf:c3:2b:f4:6c:13:95:e7:3a:
9b:bb:ee:bb:a8:67:c6:09:9d:b7:34:47:d0:1e:af:
cd:83:06:ad:51:42:1d:bf:03:a9:ad:73:d6:4f:ef:
11:b8:bd:3f:3b:19:bd:e2:05:2c:a2:6a:72:80:6f:
4e:cd:9e:4f:5b:d2:ee:6a:7f:59:cd:5d:6a:03:9b:
09:b1:d1:f3:00:f7:a1:6f:68:71:39:57:6f:e4:60:
c4:2d:66:ff:c5:e6:05:4e:96:69:ee:cf:a0:68:c9:
25:47:b4:39:f1:93:cb:18:7d:c9:db:79:c1:66:0f:
97:f2:75:d9:67:83:ea:e8:d5:3b:d2:d8:9d:5a:72:
8e:cf:53:67:0a:6e:9b:56:d2:78:94:52:b3:c5:88:
c0:c2:1e:f1:8b:f3:dd:05:db:ef:44:8c:0d:43:14:
79:d7:73:f3:17:a5:57:f2:42:49:e1:65:8d:10:6d:
c1:1c:9f:1d:7c:b6:78:ae:89:0a:c6:4b:c7:cc:4a:
4f:50:42:45:4e:14:f8:39:6d:12:7c:5e:81:b3:7f:
94:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:04:0F:A8:04:B8:AE:C3:EC:3D:AB:D4:16:D5:A2:C2:FA:37:1C:5A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ywQPqAS4rsPsPavUFtWiwvo3HFo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
0a:6c:96:c9:d0:55:3c:dd:37:da:9d:a5:1b:bd:98:45:d8:37:
5c:ca:34:4c:5a:64:e6:fa:b2:a8:c1:e3:42:00:b1:e8:75:54:
42:e8:1d:84:ec:96:f6:17:64:5b:05:82:b2:9c:0a:2f:a2:dc:
47:54:bd:eb:06:cf:e5:c1:00:fa:7b:06:2e:e7:fa:a8:85:7a:
55:1a:e6:5d:3b:e1:df:69:33:08:97:01:78:e0:2a:88:f4:71:
b0:47:3c:0c:ab:08:5c:e2:67:84:1b:b5:57:fb:8e:3f:e7:c1:
e2:64:46:36:e4:be:3c:6f:90:06:29:1e:20:1c:38:4c:ad:9e:
c3:14:5a:fb:ae:fe:ec:ca:1c:d3:c4:07:65:83:2e:7d:76:6f:
60:61:71:f8:8a:f9:e4:19:5d:e3:0d:12:37:d0:75:fa:f9:02:
f4:72:32:0a:e0:46:31:7e:17:e2:6a:0c:e9:f2:9b:50:0c:f1:
8e:0a:f0:31:95:ba:03:0b:54:00:6c:db:00:97:fa:5a:54:fe:
a8:48:75:4a:c2:53:4b:b7:8b:6a:76:45:4c:d2:5e:28:6a:1b:
55:78:58:aa:28:bf:25:a2:2f:02:2e:49:21:44:a8:e1:1c:f7:
0e:02:aa:de:f2:dc:ff:c0:db:e1:54:dc:06:b5:e8:a8:37:61:
4e:ab:ba:6f
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQyswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTgw
MzIyNTlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKENCMDQwRkE4MDRCOEFF
QzNFQzNEQUJENDE2RDVBMkMyRkEzNzFDNUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCgcBTX/eW4NEKqdjTkyynZPvVIc5BQ1ceL8FEauiYeGNvfYA3V
Wbky1Z/ogbW1o29bYM/DK/RsE5XnOpu77ruoZ8YJnbc0R9Aer82DBq1RQh2/A6mt
c9ZP7xG4vT87Gb3iBSyianKAb07Nnk9b0u5qf1nNXWoDmwmx0fMA96FvaHE5V2/k
YMQtZv/F5gVOlmnuz6BoySVHtDnxk8sYfcnbecFmD5fyddlng+ro1TvS2J1aco7P
U2cKbptW0niUUrPFiMDCHvGL890F2+9EjA1DFHnXc/MXpVfyQknhZY0QbcEcnx18
tniuiQrGS8fMSk9QQkVOFPg5bRJ8XoGzf5T3AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUywQPqAS4rsPsPavUFtWiwvo3HFowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3l3UVBxQVM0cnNQc1Bh
dlVGdFdpd3ZvM0hGby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAApslsnQVTzdN9qdpRu9mEXYN1zKNExa
ZOb6sqjB40IAseh1VELoHYTslvYXZFsFgrKcCi+i3EdUvesGz+XBAPp7Bi7n+qiF
elUa5l074d9pMwiXAXjgKoj0cbBHPAyrCFziZ4QbtVf7jj/nweJkRjbkvjxvkAYp
HiAcOEytnsMUWvuu/uzKHNPEB2WDLn12b2BhcfiK+eQZXeMNEjfQdfr5AvRyMgrg
RjF+F+JqDOnym1AM8Y4K8DGVugMLVABs2wCX+lpU/qhIdUrCU0u3i2p2RUzSXihq
G1V4WKoovyWiLwIuSSFEqOEc9w4Cqt7y3P/A2+FU3Aa16Kg3YU6rum8=
-----END CERTIFICATE-----
Generated at Sat Jun 21 13:39:46 2025 by rpki-client