Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/X3efwESR-9P8TvVLaMuzYw7BYjQ.roa
File: X3efwESR-9P8TvVLaMuzYw7BYjQ.roa (raw, json)
Hash identifier: qZYnzKwzhl7Lj+BKAyhlgzoKCV2P+iDKG5dAvVJfyxM=
Subject key identifier: 5F:77:9F:C0:44:91:FB:D3:FC:4E:F5:4B:68:CB:B3:63:0E:C1:62:34
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 55EF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/X3efwESR-9P8TvVLaMuzYw7BYjQ.roa
Signing time: Mon 13 May 2024 03:54:26 +0000
ROA not before: Mon 13 May 2024 03:54:26 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21999 (0x55ef)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 13 03:54:26 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5F779FC04491FBD3FC4EF54B68CBB3630EC16234
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:39:e1:53:47:94:f9:29:e7:61:c6:2b:fd:48:
15:90:b5:63:20:e3:9b:55:29:c7:f2:0f:c0:74:9e:
e1:d7:99:9b:13:ce:95:c7:0e:79:14:40:a8:0c:29:
a6:9b:ba:87:b1:f5:73:83:68:6d:65:a5:61:2d:d8:
77:2e:f8:73:09:65:f7:45:10:fb:b4:82:d7:47:da:
0b:40:23:3d:c6:32:27:01:5e:cf:93:ee:0c:72:8e:
a4:f2:5d:44:ee:78:75:f4:d8:4b:0a:f4:a0:85:cc:
62:45:76:40:7a:3c:84:63:4f:95:ef:cb:44:84:2a:
42:90:ca:bb:70:e7:5d:c9:1d:45:f3:f0:72:68:9c:
93:5e:96:19:52:f9:88:df:5c:3c:22:9c:72:64:be:
ea:0b:7c:5a:c8:e6:19:80:95:d0:bd:82:8c:36:4e:
56:de:90:f0:52:c2:6a:ca:4b:f8:ad:cc:e8:b8:c1:
73:09:d4:fe:36:08:ae:30:4d:91:ea:15:d7:51:ae:
7e:7a:0e:ed:a3:65:38:56:1c:64:5e:7c:f1:34:1a:
4b:d9:45:ac:82:46:1e:1b:fd:e1:a9:06:6a:e8:42:
8f:0d:14:ce:42:e4:a4:4d:db:2b:d6:cc:0f:74:d1:
a3:c2:f5:b6:4f:a6:fb:4c:b1:e1:c3:9a:1b:30:6d:
12:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:77:9F:C0:44:91:FB:D3:FC:4E:F5:4B:68:CB:B3:63:0E:C1:62:34
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/X3efwESR-9P8TvVLaMuzYw7BYjQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
19:8e:a5:1b:cf:00:79:e3:c9:1c:4d:01:f1:61:7d:65:57:3d:
2c:2f:92:00:0e:45:f8:95:92:ea:47:6c:d0:ae:4a:44:84:22:
65:b9:7b:7f:ca:1d:dc:44:8b:44:7a:08:07:03:80:6f:01:ea:
05:d9:52:9a:75:58:30:81:e1:d9:3b:a6:eb:32:c6:38:5d:b4:
ef:dc:b8:fa:2c:49:27:47:aa:9d:28:f1:ad:4a:85:45:33:0d:
0d:59:89:46:57:52:a4:2c:13:15:24:21:fc:92:64:56:c7:ea:
c8:7e:53:3f:bc:3a:50:f6:ed:5b:db:f1:af:49:20:f0:00:1e:
8b:1b:84:3b:96:86:33:e7:72:3d:fa:c2:6b:ba:5f:43:22:9a:
62:73:65:3d:22:83:08:4a:41:29:41:64:2d:08:a6:d4:fd:30:
dd:db:3a:06:0f:77:82:26:85:b6:cb:26:ec:a2:5a:d1:04:16:
2b:03:57:72:90:c7:40:e6:6b:ae:68:31:91:ac:34:9f:2f:76:
2d:dc:d0:6f:80:ee:51:d1:96:21:45:86:57:c2:03:34:80:2d:
4f:a6:5e:27:a8:26:bb:f1:22:b3:86:d9:4a:19:d3:9a:c6:f9:
04:8b:5b:c5:b4:38:8e:38:99:6d:56:27:9f:ff:00:8d:06:c0:
c9:31:c6:90
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICVe8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTMw
MzU0MjZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDVGNzc5RkMwNDQ5MUZC
RDNGQzRFRjU0QjY4Q0JCMzYzMEVDMTYyMzQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCcOeFTR5T5Kedhxiv9SBWQtWMg45tVKcfyD8B0nuHXmZsTzpXH
DnkUQKgMKaabuoex9XODaG1lpWEt2Hcu+HMJZfdFEPu0gtdH2gtAIz3GMicBXs+T
7gxyjqTyXUTueHX02EsK9KCFzGJFdkB6PIRjT5Xvy0SEKkKQyrtw513JHUXz8HJo
nJNelhlS+YjfXDwinHJkvuoLfFrI5hmAldC9gow2TlbekPBSwmrKS/itzOi4wXMJ
1P42CK4wTZHqFddRrn56Du2jZThWHGRefPE0GkvZRayCRh4b/eGpBmroQo8NFM5C
5KRN2yvWzA900aPC9bZPpvtMseHDmhswbRINAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUX3efwESR+9P8TvVLaMuzYw7BYjQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1gzZWZ3RVNSLTlQOFR2
VkxhTXV6WXc3QllqUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBABmOpRvPAHnjyRxNAfFhfWVXPSwvkgAO
RfiVkupHbNCuSkSEImW5e3/KHdxEi0R6CAcDgG8B6gXZUpp1WDCB4dk7pusyxjhd
tO/cuPosSSdHqp0o8a1KhUUzDQ1ZiUZXUqQsExUkIfySZFbH6sh+Uz+8OlD27Vvb
8a9JIPAAHosbhDuWhjPncj36wmu6X0MimmJzZT0igwhKQSlBZC0IptT9MN3bOgYP
d4ImhbbLJuyiWtEEFisDV3KQx0Dma65oMZGsNJ8vdi3c0G+A7lHRliFFhlfCAzSA
LU+mXieoJrvxIrOG2UoZ05rG+QSLW8W0OI44mW1WJ5//AI0GwMkxxpA=
-----END CERTIFICATE-----
Generated at Sat May 17 21:29:15 2025 by rpki-client