Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/XzrR78MB6urmm6068eXbo2kyT3I.roa
File: XzrR78MB6urmm6068eXbo2kyT3I.roa (raw, json)
Hash identifier: 8tWqRKXLT4kgrVCDodtJHW5YKOdEmGrW9s7oL4mAiHo=
Subject key identifier: 5F:3A:D1:EF:C3:01:EA:EA:E6:9B:AD:3A:F1:E5:DB:A3:69:32:4F:72
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5297
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XzrR78MB6urmm6068eXbo2kyT3I.roa
Signing time: Wed 08 May 2024 16:53:59 +0000
ROA not before: Wed 08 May 2024 16:53:59 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21143 (0x5297)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 8 16:53:59 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5F3AD1EFC301EAEAE69BAD3AF1E5DBA369324F72
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:a3:e0:18:49:2e:c5:c9:7e:0a:92:29:52:79:
ba:95:f5:3a:17:64:b5:8a:72:7c:7e:d8:d7:7d:40:
42:35:63:a4:38:38:05:c2:65:3e:40:3a:a6:bd:fc:
64:b7:2b:98:6b:66:04:df:32:6c:dc:d6:52:88:e3:
f2:ea:d7:2f:c9:92:a9:32:d4:af:17:70:20:84:f8:
b9:1f:69:1a:fb:49:62:00:31:da:7f:1b:02:b6:ab:
1c:c6:50:07:5e:c9:3b:87:f0:f8:44:be:90:81:0a:
03:ba:9d:61:bd:b5:5a:6c:a6:c9:43:d8:bc:ff:1d:
4a:aa:d7:61:f6:a5:8e:70:25:8e:b6:f2:ad:a3:34:
b6:5f:c9:0b:24:6e:c4:1f:bc:9a:0f:44:37:02:88:
2c:96:5a:0c:e4:ce:a7:8b:5c:d4:48:fe:7f:3e:b3:
6b:52:1b:c3:da:a3:f3:58:b6:8e:dd:ad:fd:c6:bd:
4c:5c:3f:7c:3f:69:c4:3b:2f:29:58:0d:8e:80:80:
f0:ab:cc:e8:46:23:84:87:16:b4:8b:02:91:53:73:
76:d6:9d:0d:82:23:22:7d:d0:58:64:ed:b1:16:3b:
74:86:c6:e2:30:f2:c3:d6:03:6a:f3:8f:04:92:93:
69:14:a5:cc:f0:7a:f5:f9:55:8e:b5:15:da:a6:31:
4c:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:3A:D1:EF:C3:01:EA:EA:E6:9B:AD:3A:F1:E5:DB:A3:69:32:4F:72
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XzrR78MB6urmm6068eXbo2kyT3I.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
ab:be:f3:6c:f4:14:46:48:2d:bc:bc:fb:fa:f7:d5:4a:47:1f:
eb:d5:19:c3:48:f3:a8:5b:30:be:cc:46:fc:af:2b:18:34:34:
d6:2a:1e:fa:f7:aa:70:eb:e6:6e:68:f0:cc:c6:36:19:67:ee:
aa:9b:c8:ef:c8:6a:b9:cf:28:85:94:c2:11:9d:ac:a1:de:81:
06:18:ef:06:ae:35:5b:f4:13:96:0e:9d:60:4a:5c:da:f2:7e:
a6:f1:a3:24:bc:3a:86:65:e6:64:db:06:aa:be:26:e5:29:54:
6c:75:1c:76:3b:15:28:58:29:2a:d0:98:82:b5:cb:42:eb:73:
7b:84:91:00:46:c2:fc:cf:51:ce:e8:0c:48:67:36:60:9e:53:
8a:ac:92:f7:9e:94:98:86:c9:ea:b9:f9:f1:1c:2e:25:a6:fb:
db:bf:34:1b:2b:18:95:07:2f:b9:4a:0e:4f:a8:8f:ff:45:bf:
46:c6:df:ed:56:15:06:44:41:c1:a2:d0:5b:6f:e9:4c:b5:37:
78:c3:d7:f2:fc:7d:73:5a:9c:07:30:4e:98:01:b5:8c:41:f1:
30:e0:1d:57:1f:e5:22:6e:62:3f:65:d4:9b:e5:d0:bf:48:8f:
ff:f4:17:a5:95:a8:8a:fe:00:b3:b8:cb:a9:e1:be:40:78:4c:
a2:74:0a:d9
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICUpcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDgx
NjUzNTlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDVGM0FEMUVGQzMwMUVB
RUFFNjlCQUQzQUYxRTVEQkEzNjkzMjRGNzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCko+AYSS7FyX4KkilSebqV9ToXZLWKcnx+2Nd9QEI1Y6Q4OAXC
ZT5AOqa9/GS3K5hrZgTfMmzc1lKI4/Lq1y/Jkqky1K8XcCCE+LkfaRr7SWIAMdp/
GwK2qxzGUAdeyTuH8PhEvpCBCgO6nWG9tVpspslD2Lz/HUqq12H2pY5wJY628q2j
NLZfyQskbsQfvJoPRDcCiCyWWgzkzqeLXNRI/n8+s2tSG8Pao/NYto7drf3GvUxc
P3w/acQ7LylYDY6AgPCrzOhGI4SHFrSLApFTc3bWnQ2CIyJ90Fhk7bEWO3SGxuIw
8sPWA2rzjwSSk2kUpczwevX5VY61FdqmMUynAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUXzrR78MB6urmm6068eXbo2kyT3IwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1h6clI3OE1CNnVybW02
MDY4ZVhibzJreVQzSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAKu+82z0FEZILby8+/r31UpHH+vVGcNI
86hbML7MRvyvKxg0NNYqHvr3qnDr5m5o8MzGNhln7qqbyO/IarnPKIWUwhGdrKHe
gQYY7wauNVv0E5YOnWBKXNryfqbxoyS8OoZl5mTbBqq+JuUpVGx1HHY7FShYKSrQ
mIK1y0Lrc3uEkQBGwvzPUc7oDEhnNmCeU4qskveelJiGyeq5+fEcLiWm+9u/NBsr
GJUHL7lKDk+oj/9Fv0bG3+1WFQZEQcGi0Ftv6Uy1N3jD1/L8fXNanAcwTpgBtYxB
8TDgHVcf5SJuYj9l1Jvl0L9Ij//0F6WVqIr+ALO4y6nhvkB4TKJ0Ctk=
-----END CERTIFICATE-----
Generated at Sat May 17 21:28:09 2025 by rpki-client