Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Vkys2ACTnNpJdMMKX2Swhb8tWkY.roa
File: Vkys2ACTnNpJdMMKX2Swhb8tWkY.roa (raw, json)
Hash identifier: 1dIppnFH/FCl5VKdFwn1sllBbSw2/oFnCTGOrw5w87U=
Subject key identifier: 56:4C:AC:D8:00:93:9C:DA:49:74:C3:0A:5F:64:B0:85:BF:2D:5A:46
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4553
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Vkys2ACTnNpJdMMKX2Swhb8tWkY.roa
Signing time: Sun 21 Apr 2024 00:23:06 +0000
ROA not before: Sun 21 Apr 2024 00:23:06 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17747 (0x4553)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 21 00:23:06 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=564CACD800939CDA4974C30A5F64B085BF2D5A46
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:2c:0b:e9:14:20:d2:96:e1:89:0d:6a:9e:8e:
65:b3:b3:7b:1c:32:7b:d8:ba:7d:f5:90:9f:64:09:
52:97:11:13:a4:9a:ae:c7:4e:c9:6a:e5:3f:99:14:
07:4c:73:f3:e4:0f:14:83:93:69:07:ed:60:ee:a2:
34:69:63:8a:e6:3e:8c:c9:85:63:03:2c:49:12:f0:
e2:85:5d:f0:2b:40:21:a1:b1:dd:cf:6e:6f:1a:cc:
82:12:99:a8:d0:2f:14:26:c4:17:e7:a6:4f:0e:93:
52:ac:09:08:bc:6b:13:90:dc:e4:78:26:9a:61:84:
5c:f4:03:dd:3d:a3:22:2d:53:a0:ba:4a:a5:95:6f:
38:c9:78:84:c8:6b:5e:e7:b7:46:13:1f:c3:40:08:
ff:32:b0:93:51:3a:e7:61:33:3b:f4:65:f6:0b:c4:
49:b3:28:f1:50:f4:3a:2c:8b:10:3b:61:58:05:4d:
80:70:f6:22:bd:cf:10:e4:19:d3:46:91:38:c0:b0:
e6:6e:f4:8d:79:38:32:b6:4f:95:89:e7:87:7f:71:
e0:a0:1c:20:ab:e3:19:f5:e6:51:07:e8:7f:6f:5e:
87:65:c2:44:ba:31:58:7d:fd:bc:87:04:1c:d7:35:
99:cd:0b:cd:ea:61:65:50:10:0c:6c:7a:4c:3c:11:
cd:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:4C:AC:D8:00:93:9C:DA:49:74:C3:0A:5F:64:B0:85:BF:2D:5A:46
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Vkys2ACTnNpJdMMKX2Swhb8tWkY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
b0:35:b6:63:b7:70:5d:a5:49:56:0c:03:89:64:ee:49:42:a8:
d5:b2:dc:a6:d5:52:6d:66:4d:3a:0e:9e:4e:16:9c:a2:f3:13:
65:92:4e:74:cb:84:6e:6e:51:20:65:4c:1a:7f:cd:a0:f5:96:
ea:a4:62:8e:93:a0:2b:6a:d9:f8:8f:5f:2a:82:b5:93:1e:91:
5a:ce:84:e2:50:80:67:17:be:11:7f:67:25:33:b5:bd:c0:2f:
f8:cd:c1:3d:0e:8d:60:30:ab:69:4e:58:8e:ae:9f:6a:17:df:
75:5f:33:8f:fb:91:02:94:6b:9e:9e:d3:43:3e:3e:22:00:c9:
83:06:61:c0:90:5b:fc:b8:54:38:eb:f4:ff:43:8f:fc:8d:0c:
87:35:9f:c0:17:ea:8c:b1:72:f9:ff:0e:62:76:b5:c9:5a:80:
b9:5d:8e:d9:c5:24:f8:ed:da:77:a3:f7:38:87:f3:ae:cf:10:
92:e7:f2:65:77:37:ff:29:c9:53:fb:ad:ca:50:e5:59:c4:a7:
2b:b8:ed:4a:95:da:87:bc:6e:aa:e3:09:de:1a:87:69:16:0e:
af:df:8c:f3:bb:81:32:6b:3a:d2:1c:7c:13:fd:6b:7a:4f:8e:
96:b5:0b:f2:f7:46:c2:91:78:08:09:0d:dd:72:ea:d6:05:da:
ba:eb:62:ef
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICRVMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjEw
MDIzMDZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDU2NENBQ0Q4MDA5MzlD
REE0OTc0QzMwQTVGNjRCMDg1QkYyRDVBNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDNLAvpFCDSluGJDWqejmWzs3scMnvYun31kJ9kCVKXEROkmq7H
Tslq5T+ZFAdMc/PkDxSDk2kH7WDuojRpY4rmPozJhWMDLEkS8OKFXfArQCGhsd3P
bm8azIISmajQLxQmxBfnpk8Ok1KsCQi8axOQ3OR4JpphhFz0A909oyItU6C6SqWV
bzjJeITIa17nt0YTH8NACP8ysJNROudhMzv0ZfYLxEmzKPFQ9DosixA7YVgFTYBw
9iK9zxDkGdNGkTjAsOZu9I15ODK2T5WJ54d/ceCgHCCr4xn15lEH6H9vXodlwkS6
MVh9/byHBBzXNZnNC83qYWVQEAxsekw8Ec2JAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUVkys2ACTnNpJdMMKX2Swhb8tWkYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1ZreXMyQUNUbk5wSmRN
TUtYMlN3aGI4dFdrWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBALA1tmO3cF2lSVYMA4lk7klCqNWy3KbV
Um1mTToOnk4WnKLzE2WSTnTLhG5uUSBlTBp/zaD1luqkYo6ToCtq2fiPXyqCtZMe
kVrOhOJQgGcXvhF/ZyUztb3AL/jNwT0OjWAwq2lOWI6un2oX33VfM4/7kQKUa56e
00M+PiIAyYMGYcCQW/y4VDjr9P9Dj/yNDIc1n8AX6oyxcvn/DmJ2tclagLldjtnF
JPjt2nej9ziH867PEJLn8mV3N/8pyVP7rcpQ5VnEpyu47UqV2oe8bqrjCd4ah2kW
Dq/fjPO7gTJrOtIcfBP9a3pPjpa1C/L3RsKReAgJDd1y6tYF2rrrYu8=
-----END CERTIFICATE-----
Generated at Sat Jun 21 07:07:47 2025 by rpki-client