Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/xqDocI35y9F6hVatJ6_VVm3Hi3A.roa
File: xqDocI35y9F6hVatJ6_VVm3Hi3A.roa (raw, json)
Hash identifier: 1+inEsu8A8zQtiK84HSmVkLBI4TBwwI4qyFuZLVmy1s=
Subject key identifier: C6:A0:E8:70:8D:F9:CB:D1:7A:85:56:AD:27:AF:D5:56:6D:C7:8B:70
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3FDF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xqDocI35y9F6hVatJ6_VVm3Hi3A.roa
Signing time: Sat 13 Apr 2024 17:52:53 +0000
ROA not before: Sat 13 Apr 2024 17:52:53 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16351 (0x3fdf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 13 17:52:53 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C6A0E8708DF9CBD17A8556AD27AFD5566DC78B70
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:59:e8:69:2a:c5:79:81:7c:b0:fc:7a:75:08:
fe:37:3d:16:04:b1:b9:7d:c4:57:ae:96:07:4a:70:
ba:bf:65:21:55:e5:17:3c:7f:0c:ec:fa:d1:29:42:
6b:19:3c:96:7d:a7:37:1c:ce:bb:24:04:d4:17:97:
6a:c8:c6:1a:e8:a4:10:f0:98:6e:ff:35:e2:fd:b5:
34:d8:fe:71:86:54:c0:98:a8:ba:d2:41:8c:2d:38:
33:80:ee:78:1b:b2:28:be:c0:1f:50:9e:12:90:0c:
02:5f:4d:38:1c:a0:4d:57:bc:5b:5f:5f:42:df:d5:
d0:87:92:56:ae:fc:d0:30:d3:19:11:c2:57:40:c2:
8b:8f:b1:dc:9e:44:8b:d3:ce:72:b0:ad:f4:a8:82:
fa:08:b4:10:22:6e:ff:f9:e0:39:b2:8d:c4:08:84:
0b:c1:81:8d:1e:a8:bc:03:69:f5:92:22:94:ac:85:
9e:65:80:68:db:b6:c0:59:45:d3:bc:7d:d8:ad:15:
d6:e6:00:bb:69:ad:26:b9:29:83:8c:8c:34:b1:63:
26:1a:db:5d:e1:80:4d:0a:db:9e:af:bd:2c:86:c8:
15:49:b0:db:7a:65:63:b9:46:b6:5a:14:e0:e8:93:
70:44:58:8f:26:27:ab:a9:4b:e9:5d:45:cb:e8:7e:
92:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:A0:E8:70:8D:F9:CB:D1:7A:85:56:AD:27:AF:D5:56:6D:C7:8B:70
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xqDocI35y9F6hVatJ6_VVm3Hi3A.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
49:5c:9c:73:bc:ab:a5:0c:e0:87:d5:10:6f:5b:1d:a1:e9:a4:
c7:ac:0d:cb:b0:f3:0e:85:b8:35:49:51:b9:06:61:92:d6:71:
76:c3:34:ad:33:18:15:ba:98:4d:dc:f3:b6:13:90:fe:06:14:
91:00:d0:70:04:fb:bb:39:df:cb:f5:f1:5a:72:dd:6a:5b:4e:
ef:5a:66:bb:79:04:ba:03:26:36:f8:5b:e6:19:bc:69:ea:9d:
6d:0a:09:18:4d:56:9b:15:b7:2e:a6:5a:90:93:4d:8f:3c:35:
01:d7:be:62:b2:2e:86:cf:3d:c3:f0:98:fd:42:8c:9b:0c:a1:
73:79:8f:cc:01:fa:f6:81:51:29:d5:00:08:28:cd:78:7f:8a:
c7:47:9f:26:e8:91:0c:94:5b:82:55:7c:01:c0:db:a8:04:03:
3b:41:e9:5b:7a:3d:cf:d9:82:1d:ae:99:58:a4:f9:fd:0b:46:
b4:76:18:d5:ac:ca:27:31:5a:45:00:b6:42:5b:61:f8:3b:3d:
14:9a:3d:d1:bb:0a:19:3b:f1:e4:98:a0:7e:a1:e8:af:cf:3d:
fc:44:0d:5a:a1:07:0d:0b:52:e6:10:55:83:2a:d1:58:45:45:
8a:98:2c:e9:80:d8:13:4a:11:ef:90:44:c4:50:a2:b7:e9:db:
cc:9c:de:16
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICP98wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTMx
NzUyNTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEM2QTBFODcwOERGOUNC
RDE3QTg1NTZBRDI3QUZENTU2NkRDNzhCNzAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4WehpKsV5gXyw/Hp1CP43PRYEsbl9xFeulgdKcLq/ZSFV5Rc8
fwzs+tEpQmsZPJZ9pzcczrskBNQXl2rIxhropBDwmG7/NeL9tTTY/nGGVMCYqLrS
QYwtODOA7ngbsii+wB9QnhKQDAJfTTgcoE1XvFtfX0Lf1dCHklau/NAw0xkRwldA
wouPsdyeRIvTznKwrfSogvoItBAibv/54DmyjcQIhAvBgY0eqLwDafWSIpSshZ5l
gGjbtsBZRdO8fditFdbmALtprSa5KYOMjDSxYyYa213hgE0K256vvSyGyBVJsNt6
ZWO5RrZaFODok3BEWI8mJ6upS+ldRcvofpLdAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUxqDocI35y9F6hVatJ6/VVm3Hi3AwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3hxRG9jSTM1eTlGNmhW
YXRKNl9WVm0zSGkzQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAElcnHO8q6UM4IfVEG9bHaHppMesDcuw
8w6FuDVJUbkGYZLWcXbDNK0zGBW6mE3c87YTkP4GFJEA0HAE+7s538v18Vpy3Wpb
Tu9aZrt5BLoDJjb4W+YZvGnqnW0KCRhNVpsVty6mWpCTTY88NQHXvmKyLobPPcPw
mP1CjJsMoXN5j8wB+vaBUSnVAAgozXh/isdHnybokQyUW4JVfAHA26gEAztB6Vt6
Pc/Zgh2umVik+f0LRrR2GNWsyicxWkUAtkJbYfg7PRSaPdG7Chk78eSYoH6h6K/P
PfxEDVqhBw0LUuYQVYMq0VhFRYqYLOmA2BNKEe+QRMRQorfp28yc3hY=
-----END CERTIFICATE-----
Generated at Sat May 17 19:39:54 2025 by rpki-client