Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/XQm2bvH2drOt0_uCR-2DmVPJx_Y.roa
File: XQm2bvH2drOt0_uCR-2DmVPJx_Y.roa (raw, json)
Hash identifier: HcfGqlwg3KaWaYMplw+e27d1e+wJuKLV7T3y3cUTaiM=
Subject key identifier: 5D:09:B6:6E:F1:F6:76:B3:AD:D3:FB:82:47:ED:83:99:53:C9:C7:F6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 487B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XQm2bvH2drOt0_uCR-2DmVPJx_Y.roa
Signing time: Thu 25 Apr 2024 05:23:21 +0000
ROA not before: Thu 25 Apr 2024 05:23:21 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18555 (0x487b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 25 05:23:21 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5D09B66EF1F676B3ADD3FB8247ED839953C9C7F6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:28:17:eb:03:39:cc:ab:c8:72:de:1b:ac:8d:
1c:e5:f8:ef:14:94:48:d6:bc:6c:95:75:de:16:1b:
4b:89:84:ab:f5:0b:f1:5d:b2:9a:23:0c:7b:29:5c:
3c:4b:ba:11:d3:fe:a7:87:99:69:ca:54:9e:c1:f8:
f4:d1:ba:03:5a:5a:25:ae:ce:0c:96:b8:c2:2e:e4:
ed:48:94:02:f5:94:c2:2a:b1:e9:3f:17:5b:1c:59:
00:23:81:f4:e7:04:dc:ee:64:95:0d:74:71:16:53:
be:be:73:25:5b:ea:ec:9c:8b:15:a9:45:94:68:98:
cc:7b:9f:29:42:bc:a8:ae:e5:60:f9:99:3b:ce:ed:
6a:a0:0e:f4:7f:69:a0:7b:46:4e:f2:b5:c3:fd:08:
3b:bc:5b:c5:6c:0e:f7:c2:75:a5:fe:76:d1:20:f3:
89:0b:ba:ad:41:3c:a7:98:f6:b1:2b:76:cf:a3:29:
08:cf:e4:65:fc:91:36:b5:01:cd:94:1c:22:10:89:
22:a8:a9:a1:86:ae:89:eb:36:78:98:4e:ac:e4:e8:
94:d7:61:a1:ef:66:3a:20:f3:e1:e1:84:a8:d1:53:
46:ff:38:cc:bd:44:cf:f0:d8:36:b2:34:be:cc:ca:
c1:4a:16:d2:60:21:96:11:94:d3:d7:3d:1e:c8:11:
a3:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:09:B6:6E:F1:F6:76:B3:AD:D3:FB:82:47:ED:83:99:53:C9:C7:F6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XQm2bvH2drOt0_uCR-2DmVPJx_Y.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
3a:6b:7c:a2:dc:ae:fa:e6:cb:02:13:00:cd:5a:2d:f7:77:62:
4b:c7:f5:56:12:dd:51:9a:a6:73:67:1d:ec:f1:15:f6:b8:05:
71:06:01:cc:2d:11:9b:e2:68:b5:3e:e4:65:38:56:12:a3:2c:
ec:ec:da:f8:08:25:45:07:27:69:aa:2c:14:ec:18:b9:2c:94:
95:5e:8d:4b:24:13:c4:19:65:3d:8b:5e:44:ab:5e:3c:f7:8c:
c7:ad:ed:c3:f5:f5:07:82:c3:7b:5b:12:ef:7a:36:23:e1:d1:
e2:d9:e4:34:18:38:06:38:f6:49:97:57:34:f0:21:d1:df:ab:
9c:46:3f:00:0a:9e:26:d6:a8:bb:cd:2e:91:06:ed:d6:53:75:
c4:0c:cd:9e:e3:40:67:de:42:18:1a:30:f9:f9:81:4f:d1:26:
75:63:2f:eb:15:0b:b8:4c:88:79:d1:66:a4:36:02:8d:f3:00:
b5:4a:29:eb:9b:29:7c:76:b1:6c:4d:85:09:ad:2a:db:e2:4e:
be:86:9b:14:91:b7:58:15:6d:a1:a9:9b:f5:71:0a:29:05:4b:
89:f0:62:9f:62:4d:22:18:8b:3f:24:4e:92:e2:df:e7:e7:e1:
38:1d:3c:16:07:bd:2e:bd:5a:2a:7f:8c:b5:29:3e:36:94:d3:
54:01:14:88
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICSHswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjUw
NTIzMjFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDVEMDlCNjZFRjFGNjc2
QjNBREQzRkI4MjQ3RUQ4Mzk5NTNDOUM3RjYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCtKBfrAznMq8hy3husjRzl+O8UlEjWvGyVdd4WG0uJhKv1C/Fd
spojDHspXDxLuhHT/qeHmWnKVJ7B+PTRugNaWiWuzgyWuMIu5O1IlAL1lMIqsek/
F1scWQAjgfTnBNzuZJUNdHEWU76+cyVb6uycixWpRZRomMx7nylCvKiu5WD5mTvO
7WqgDvR/aaB7Rk7ytcP9CDu8W8VsDvfCdaX+dtEg84kLuq1BPKeY9rErds+jKQjP
5GX8kTa1Ac2UHCIQiSKoqaGGronrNniYTqzk6JTXYaHvZjog8+HhhKjRU0b/OMy9
RM/w2DayNL7MysFKFtJgIZYRlNPXPR7IEaPzAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUXQm2bvH2drOt0/uCR+2DmVPJx/YwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1hRbTJidkgyZHJPdDBf
dUNSLTJEbVZQSnhfWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBADprfKLcrvrmywITAM1aLfd3YkvH9VYS
3VGapnNnHezxFfa4BXEGAcwtEZviaLU+5GU4VhKjLOzs2vgIJUUHJ2mqLBTsGLks
lJVejUskE8QZZT2LXkSrXjz3jMet7cP19QeCw3tbEu96NiPh0eLZ5DQYOAY49kmX
VzTwIdHfq5xGPwAKnibWqLvNLpEG7dZTdcQMzZ7jQGfeQhgaMPn5gU/RJnVjL+sV
C7hMiHnRZqQ2Ao3zALVKKeubKXx2sWxNhQmtKtviTr6GmxSRt1gVbaGpm/VxCikF
S4nwYp9iTSIYiz8kTpLi3+fn4TgdPBYHvS69Wip/jLUpPjaU01QBFIg=
-----END CERTIFICATE-----
Generated at Fri Jun 20 12:57:38 2025 by rpki-client