Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ZX7DfCD9bixUhnCdFBtmkA5m6go.roa
File: ZX7DfCD9bixUhnCdFBtmkA5m6go.roa (raw, json)
Hash identifier: 1erFNB4tN3WzegrBK1yj9Pzb+isG0Sxfibm5ZU0HmwQ=
Subject key identifier: 65:7E:C3:7C:20:FD:6E:2C:54:86:70:9D:14:1B:66:90:0E:66:EA:0A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 40BF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZX7DfCD9bixUhnCdFBtmkA5m6go.roa
Signing time: Sun 14 Apr 2024 21:52:53 +0000
ROA not before: Sun 14 Apr 2024 21:52:53 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16575 (0x40bf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 14 21:52:53 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=657EC37C20FD6E2C5486709D141B66900E66EA0A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:82:ac:37:e1:e2:69:6e:e1:2c:bb:26:c5:b4:
c1:49:e6:2e:30:38:a4:b0:82:d2:70:34:b6:06:81:
ed:da:a1:e6:18:4e:3c:31:95:2f:09:1b:d0:4d:67:
00:1e:04:75:80:98:5b:12:0e:c6:1e:62:cc:35:85:
ba:99:a1:d3:b8:91:33:b1:a0:6a:08:86:a2:50:a7:
e0:1d:e2:01:0f:46:af:67:00:a8:05:49:7a:f8:e5:
18:d9:32:e9:06:bb:5f:61:08:26:04:d0:3a:4d:c0:
72:b3:ea:2e:5f:74:ec:7f:ca:ca:aa:51:d7:65:c4:
8b:bc:51:c2:a5:ab:58:80:59:31:c0:ea:9a:34:76:
07:c1:94:6a:02:b8:11:9d:09:41:52:10:b7:8f:e3:
08:74:3e:64:a0:0c:5c:20:a5:7d:50:66:35:72:4f:
e5:d1:8d:dc:85:d5:ef:93:1a:48:de:bb:96:21:f8:
59:ae:ac:f2:6a:c2:ab:f6:fe:8f:fe:d3:ed:31:33:
83:b3:42:be:41:75:59:9c:2b:d4:52:fa:cf:56:45:
c5:be:72:57:f6:37:7e:ed:42:c4:78:af:41:3d:67:
d8:24:b0:3d:4a:37:7a:1c:6c:f0:7f:ff:73:58:2d:
02:3b:82:e0:5f:62:18:8c:22:83:a2:cc:92:48:a5:
f9:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:7E:C3:7C:20:FD:6E:2C:54:86:70:9D:14:1B:66:90:0E:66:EA:0A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZX7DfCD9bixUhnCdFBtmkA5m6go.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
70:79:79:40:ce:18:69:6e:7a:73:3e:bc:9f:a7:cc:36:f3:75:
a4:fb:97:01:eb:3b:8e:5a:83:ba:0a:b0:5e:78:fc:b8:e8:52:
78:b7:d3:8f:89:cd:23:25:94:b0:30:91:a9:ee:a6:cb:2b:ed:
c4:71:44:bf:0a:3b:91:b4:47:cf:33:c6:cf:5c:9b:c2:51:04:
19:20:69:8c:b5:a6:bf:24:bb:14:93:dd:4d:26:c9:0c:94:2d:
fa:b5:82:cb:ee:70:9b:23:45:56:0e:4e:57:96:b3:5d:ad:d0:
e3:d7:84:9e:9e:88:d4:83:32:e5:c3:07:c1:1b:98:cd:ea:a9:
47:1a:6b:b7:61:d9:51:c4:83:42:78:ed:21:22:08:47:7c:ec:
9c:f8:e7:6e:9c:27:c2:7c:7b:6a:ca:e6:12:1e:ee:bc:12:6f:
ed:3e:81:f9:74:03:ce:42:60:a7:d8:9f:a6:e8:7b:44:cd:5e:
a9:ae:2c:e6:d9:6c:8b:a8:be:b5:b1:a4:ec:c6:3a:af:37:e4:
08:21:48:a5:00:13:3c:72:73:1d:e6:e8:b8:98:5a:6d:90:54:
1e:19:4a:7e:a9:ca:5d:05:5b:d9:ad:69:39:ac:d2:92:4c:f8:
63:08:a6:5d:c1:5d:92:55:4e:db:3f:42:16:46:7a:d7:25:11:
de:fe:42:b2
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQL8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTQy
MTUyNTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDY1N0VDMzdDMjBGRDZF
MkM1NDg2NzA5RDE0MUI2NjkwMEU2NkVBMEEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDWgqw34eJpbuEsuybFtMFJ5i4wOKSwgtJwNLYGge3aoeYYTjwx
lS8JG9BNZwAeBHWAmFsSDsYeYsw1hbqZodO4kTOxoGoIhqJQp+Ad4gEPRq9nAKgF
SXr45RjZMukGu19hCCYE0DpNwHKz6i5fdOx/ysqqUddlxIu8UcKlq1iAWTHA6po0
dgfBlGoCuBGdCUFSELeP4wh0PmSgDFwgpX1QZjVyT+XRjdyF1e+TGkjeu5Yh+Fmu
rPJqwqv2/o/+0+0xM4OzQr5BdVmcK9RS+s9WRcW+clf2N37tQsR4r0E9Z9gksD1K
N3ocbPB//3NYLQI7guBfYhiMIoOizJJIpfmHAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUZX7DfCD9bixUhnCdFBtmkA5m6gowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1pYN0RmQ0Q5Yml4VWhu
Q2RGQnRta0E1bTZnby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAHB5eUDOGGluenM+vJ+nzDbzdaT7lwHr
O45ag7oKsF54/LjoUni304+JzSMllLAwkanupssr7cRxRL8KO5G0R88zxs9cm8JR
BBkgaYy1pr8kuxST3U0myQyULfq1gsvucJsjRVYOTleWs12t0OPXhJ6eiNSDMuXD
B8EbmM3qqUcaa7dh2VHEg0J47SEiCEd87Jz4526cJ8J8e2rK5hIe7rwSb+0+gfl0
A85CYKfYn6boe0TNXqmuLObZbIuovrWxpOzGOq835AghSKUAEzxycx3m6LiYWm2Q
VB4ZSn6pyl0FW9mtaTms0pJM+GMIpl3BXZJVTts/QhZGetclEd7+QrI=
-----END CERTIFICATE-----
Generated at Sun Jun 22 00:31:52 2025 by rpki-client