Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/CXiOx1xsFFpjQbux7M1dYThppKo.roa
File: CXiOx1xsFFpjQbux7M1dYThppKo.roa (raw, json)
Hash identifier: Jq0dsxKsh0wFtzA774lj5xsdKvGW92lvoPktDQhZnUk=
Subject key identifier: 09:78:8E:C7:5C:6C:14:5A:63:41:BB:B1:EC:CD:5D:61:38:69:A4:AA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 403B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/CXiOx1xsFFpjQbux7M1dYThppKo.roa
Signing time: Sun 14 Apr 2024 05:22:56 +0000
ROA not before: Sun 14 Apr 2024 05:22:56 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16443 (0x403b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 14 05:22:56 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=09788EC75C6C145A6341BBB1ECCD5D613869A4AA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:e6:00:eb:9c:45:54:b4:05:54:17:ff:4d:fb:
c1:29:ad:f9:ae:0a:ce:0c:2c:43:2e:1d:98:8c:2b:
03:da:2e:c0:94:43:73:a6:06:85:9a:9b:99:45:18:
37:14:88:07:74:99:7a:6f:b9:4e:de:b3:05:de:89:
03:a7:43:5f:f3:6b:ed:b6:f2:a9:63:4e:8e:4f:89:
8b:ea:e8:0d:0a:3c:70:7b:e1:9f:f6:9f:a9:10:54:
cb:c8:f2:2d:9d:03:b0:a1:de:9f:7a:5b:e1:94:72:
cc:09:1c:1f:25:ca:a1:33:97:75:6a:63:35:af:72:
9e:45:c3:40:a8:f4:9b:45:af:73:c6:2e:b2:76:c5:
d8:ee:e3:40:fc:a4:25:12:2b:04:13:2c:a9:9b:f1:
a4:bf:13:61:2d:a9:4b:79:0e:58:e1:06:35:12:00:
7a:1f:d3:86:3a:a4:ad:0e:32:bd:82:f7:b9:56:04:
4b:5e:3d:10:05:5f:15:b6:b5:39:68:c3:f0:13:d9:
61:11:40:56:34:66:44:54:71:be:99:3b:c3:3c:41:
c5:e2:4e:26:1e:bc:02:b7:4b:0e:d2:ce:d1:b4:87:
bd:35:dc:ac:20:7a:0a:ec:c1:51:9f:c3:6b:40:37:
cc:a7:c3:70:45:95:84:e0:dc:e5:6b:a8:43:09:fc:
68:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:78:8E:C7:5C:6C:14:5A:63:41:BB:B1:EC:CD:5D:61:38:69:A4:AA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/CXiOx1xsFFpjQbux7M1dYThppKo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
7f:9e:1d:86:5a:f2:65:0e:d3:34:d8:c1:57:d8:8a:3a:8a:8f:
30:e1:ff:13:83:7c:2b:f8:2b:39:a4:ba:35:8b:67:a5:9b:2e:
b5:1e:3a:18:93:89:14:3e:2a:49:80:e9:cb:be:14:88:3f:3a:
80:c2:fc:4b:ff:68:08:79:fe:ab:09:99:ba:56:e8:5a:bb:06:
97:6e:1e:3a:6b:62:15:5a:04:91:4e:e8:a1:93:4e:a9:84:61:
b4:b5:56:5a:d7:cb:9e:61:fd:e8:ea:ed:e1:9b:e3:4f:23:86:
b8:a4:7e:5c:3b:c8:6f:4b:39:26:4e:81:f0:b7:c0:09:30:ba:
0e:7f:80:fc:81:b2:9e:1e:60:2d:c2:b3:aa:0f:e3:89:5d:54:
e4:e8:90:60:31:c3:d2:35:5f:82:fd:4f:40:69:81:6a:58:d4:
92:a7:03:65:ec:2c:c5:35:e0:42:26:78:31:01:e1:f5:82:06:
6f:5a:35:7e:e2:d7:5f:db:b6:58:c3:4d:ea:ea:01:da:1c:18:
ac:4e:a0:70:45:a7:f5:13:cd:a0:98:ad:f3:2d:b8:ba:23:00:
32:b6:7e:e6:c4:2f:47:d3:57:e5:5c:e5:e9:b9:4c:c2:b6:4d:
ac:39:b3:e5:1f:71:5b:e5:9a:d4:3d:c6:2a:98:a8:05:70:83:
fc:9d:27:c0
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQDswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTQw
NTIyNTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDA5Nzg4RUM3NUM2QzE0
NUE2MzQxQkJCMUVDQ0Q1RDYxMzg2OUE0QUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDH5gDrnEVUtAVUF/9N+8EprfmuCs4MLEMuHZiMKwPaLsCUQ3Om
BoWam5lFGDcUiAd0mXpvuU7eswXeiQOnQ1/za+228qljTo5PiYvq6A0KPHB74Z/2
n6kQVMvI8i2dA7Ch3p96W+GUcswJHB8lyqEzl3VqYzWvcp5Fw0Co9JtFr3PGLrJ2
xdju40D8pCUSKwQTLKmb8aS/E2EtqUt5DljhBjUSAHof04Y6pK0OMr2C97lWBEte
PRAFXxW2tTlow/AT2WERQFY0ZkRUcb6ZO8M8QcXiTiYevAK3Sw7SztG0h7013Kwg
egrswVGfw2tAN8ynw3BFlYTg3OVrqEMJ/Gh1AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUCXiOx1xsFFpjQbux7M1dYThppKowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0NYaU94MXhzRkZwalFi
dXg3TTFkWVRocHBLby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAH+eHYZa8mUO0zTYwVfYijqKjzDh/xOD
fCv4KzmkujWLZ6WbLrUeOhiTiRQ+KkmA6cu+FIg/OoDC/Ev/aAh5/qsJmbpW6Fq7
BpduHjprYhVaBJFO6KGTTqmEYbS1VlrXy55h/ejq7eGb408jhrikflw7yG9LOSZO
gfC3wAkwug5/gPyBsp4eYC3Cs6oP44ldVOTokGAxw9I1X4L9T0BpgWpY1JKnA2Xs
LMU14EImeDEB4fWCBm9aNX7i11/btljDTerqAdocGKxOoHBFp/UTzaCYrfMtuLoj
ADK2fubEL0fTV+Vc5em5TMK2Taw5s+UfcVvlmtQ9xiqYqAVwg/ydJ8A=
-----END CERTIFICATE-----
Generated at Sat Jun 21 03:31:03 2025 by rpki-client