Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/XKzeJNgHjpoWutVq9n1XDKEDTko.roa
File: XKzeJNgHjpoWutVq9n1XDKEDTko.roa (raw, json)
Hash identifier: 7L3sGBibIkWNqm8tDkBIkCugxcKA+SVGXhSodypx9rw=
Subject key identifier: 5C:AC:DE:24:D8:07:8E:9A:16:BA:D5:6A:F6:7D:57:0C:A1:03:4E:4A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4A57
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XKzeJNgHjpoWutVq9n1XDKEDTko.roa
Signing time: Sat 27 Apr 2024 16:53:23 +0000
ROA not before: Sat 27 Apr 2024 16:53:23 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19031 (0x4a57)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 27 16:53:23 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5CACDE24D8078E9A16BAD56AF67D570CA1034E4A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:86:20:b9:60:63:fc:bb:61:59:0d:fe:22:0f:
11:83:e6:16:7a:d9:6b:8b:b0:d7:6a:f2:75:fe:f7:
5e:4c:b6:78:6e:00:ea:74:ee:7c:b7:90:8a:2d:92:
3b:f5:38:3d:42:02:20:33:d9:ce:e0:fa:e4:dc:5f:
0a:c8:fc:a3:7e:04:02:53:ce:01:2b:4a:49:f4:85:
59:65:4f:04:cf:fb:c6:94:28:77:9a:55:66:ee:0b:
55:d9:d3:15:35:78:ec:de:59:3a:26:0b:39:84:b6:
fe:f4:07:1e:e9:0b:98:63:69:12:cf:2a:a1:3c:48:
ae:d2:0b:22:af:e3:e8:07:7c:74:22:af:11:ce:cd:
bd:79:73:17:3e:3c:da:89:77:c6:b6:30:1b:18:fe:
73:a8:07:7d:d6:8c:07:36:16:28:43:8a:a6:2f:cd:
55:26:3d:44:60:c8:e5:e9:9c:72:13:80:4d:bc:81:
15:3d:81:90:e5:83:4f:c1:93:20:88:e9:4e:94:87:
12:c6:2e:f3:11:82:04:ef:55:73:31:d7:47:d3:c6:
19:d6:c9:28:fb:c1:be:f5:4e:6a:a4:4a:84:55:b2:
5d:a7:29:00:57:d5:2c:88:6a:d5:33:b6:5b:9e:06:
8f:d0:8a:48:18:46:5d:79:4c:ee:cc:3b:68:34:ca:
d2:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:AC:DE:24:D8:07:8E:9A:16:BA:D5:6A:F6:7D:57:0C:A1:03:4E:4A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XKzeJNgHjpoWutVq9n1XDKEDTko.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
08:22:4d:83:2b:bf:da:7c:a7:bb:8a:6e:2e:8f:ec:45:93:7e:
9e:64:8f:6c:91:58:53:d3:8d:16:1c:f6:9e:c9:e6:a6:ec:65:
c5:db:eb:5e:58:c7:48:94:df:a4:fd:52:21:2d:df:bd:bd:42:
49:bb:68:83:e4:7b:5d:1f:22:fb:fa:26:39:07:84:82:04:f5:
0c:6f:05:17:f9:61:28:63:52:d8:6e:9e:08:4f:fd:1d:f3:bc:
29:9f:f1:be:08:23:a1:34:fc:cc:f4:92:e0:96:ae:2d:51:99:
a4:07:a1:be:9d:b3:5a:74:1a:37:0e:91:7b:1d:0d:0a:9a:47:
64:fd:b1:24:5d:be:9e:b9:02:f4:86:3b:a2:ea:01:fe:31:9f:
e1:08:36:73:3b:43:46:99:0e:81:c7:ee:68:22:16:e2:3d:33:
c6:19:25:a2:ae:18:3c:11:d7:ec:1c:61:66:6a:49:85:86:72:
ce:a2:ad:eb:c2:8f:92:3c:07:c0:a6:a4:93:03:12:53:7c:0e:
32:2d:e5:d9:4e:53:84:d3:dd:80:21:2c:4c:a5:d3:0c:70:41:
06:ef:8e:c6:f8:fb:59:c3:70:36:7f:f0:d2:25:6f:8d:3d:08:
b0:f3:cd:47:ea:0b:1e:24:e2:49:17:30:4d:4b:7b:c6:4f:f2:
7b:26:7e:55
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICSlcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjcx
NjUzMjNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDVDQUNERTI0RDgwNzhF
OUExNkJBRDU2QUY2N0Q1NzBDQTEwMzRFNEEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDihiC5YGP8u2FZDf4iDxGD5hZ62WuLsNdq8nX+915MtnhuAOp0
7ny3kIotkjv1OD1CAiAz2c7g+uTcXwrI/KN+BAJTzgErSkn0hVllTwTP+8aUKHea
VWbuC1XZ0xU1eOzeWTomCzmEtv70Bx7pC5hjaRLPKqE8SK7SCyKv4+gHfHQirxHO
zb15cxc+PNqJd8a2MBsY/nOoB33WjAc2FihDiqYvzVUmPURgyOXpnHITgE28gRU9
gZDlg0/BkyCI6U6UhxLGLvMRggTvVXMx10fTxhnWySj7wb71TmqkSoRVsl2nKQBX
1SyIatUztlueBo/QikgYRl15TO7MO2g0ytIjAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUXKzeJNgHjpoWutVq9n1XDKEDTkowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1hLemVKTmdIanBvV3V0
VnE5bjFYREtFRFRrby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAAgiTYMrv9p8p7uKbi6P7EWTfp5kj2yR
WFPTjRYc9p7J5qbsZcXb615Yx0iU36T9UiEt3729Qkm7aIPke10fIvv6JjkHhIIE
9QxvBRf5YShjUthunghP/R3zvCmf8b4II6E0/Mz0kuCWri1RmaQHob6ds1p0GjcO
kXsdDQqaR2T9sSRdvp65AvSGO6LqAf4xn+EINnM7Q0aZDoHH7mgiFuI9M8YZJaKu
GDwR1+wcYWZqSYWGcs6irevCj5I8B8CmpJMDElN8DjIt5dlOU4TT3YAhLEyl0wxw
QQbvjsb4+1nDcDZ/8NIlb409CLDzzUfqCx4k4kkXME1Le8ZP8nsmflU=
-----END CERTIFICATE-----
Generated at Sat May 17 23:42:08 2025 by rpki-client