Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/xVu_sasFplnnMAh12kIWmdQXTZU.roa
File: xVu_sasFplnnMAh12kIWmdQXTZU.roa (raw, json)
Hash identifier: 773/b06j/N+mfgbdFY9Jwjpthu0vrp2bRgFZ2prQ4K4=
Subject key identifier: C5:5B:BF:B1:AB:05:A6:59:E7:30:08:75:DA:42:16:99:D4:17:4D:95
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3A73
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xVu_sasFplnnMAh12kIWmdQXTZU.roa
Signing time: Sat 06 Apr 2024 12:22:30 +0000
ROA not before: Sat 06 Apr 2024 12:22:30 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14963 (0x3a73)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 6 12:22:30 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C55BBFB1AB05A659E7300875DA421699D4174D95
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:58:5c:79:dc:cf:a0:42:37:5d:2d:da:3d:56:
f1:2f:4b:2f:c5:37:eb:7e:d1:96:1f:06:38:d3:e0:
a1:82:6f:5e:c4:11:6a:30:0a:64:90:ea:62:37:01:
47:a6:f9:60:fd:df:7c:16:3a:0a:17:0d:33:f8:ef:
d4:78:53:74:25:61:69:c0:a3:02:c3:d4:ab:ae:6b:
e1:44:02:1f:74:e5:2e:c7:37:86:c6:f2:48:4f:5f:
81:9c:39:fb:4a:a2:c3:18:a9:3d:0e:b8:51:96:bf:
ed:9b:6b:b2:ea:99:d5:8b:b4:f5:2e:4e:a0:4a:59:
0a:cf:c4:a8:a8:c7:ee:1d:99:d7:45:d0:9e:c5:c8:
e1:47:f7:46:13:4e:45:7f:65:32:34:cc:b8:37:1c:
35:e0:30:a7:bd:f0:c9:ac:9f:0a:6b:fe:78:1e:0d:
2f:ae:40:9a:2b:e0:74:2b:26:6e:e4:19:c9:c9:f3:
b2:ad:57:dd:ba:87:a3:56:cb:46:20:9f:79:03:43:
e7:c7:0d:4d:83:68:77:5b:0e:f2:75:b9:ee:93:b4:
59:6f:f7:21:62:2c:a5:9d:62:64:8a:b7:a7:48:66:
73:da:4b:d5:e8:4f:8c:89:8f:ae:df:27:47:ee:dd:
80:44:60:84:a8:b0:52:ff:d9:7e:74:70:e0:70:56:
9b:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:5B:BF:B1:AB:05:A6:59:E7:30:08:75:DA:42:16:99:D4:17:4D:95
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xVu_sasFplnnMAh12kIWmdQXTZU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
29:54:25:24:9d:aa:8b:6d:cd:6b:ea:41:3c:e8:bc:ce:ce:76:
6e:04:34:bd:46:f1:79:9d:16:cd:80:d0:c0:55:9d:a3:93:da:
2d:7e:d0:d0:2e:9e:fa:d3:4c:19:00:60:a1:9a:27:29:b3:2b:
78:b6:a6:83:83:69:6c:c0:d6:de:d3:d0:8d:62:b2:9e:ab:92:
05:01:bd:64:3c:fb:ad:b2:4c:0c:b4:d4:e4:f1:c4:8a:c4:96:
10:01:e4:28:3e:f2:30:c9:3b:94:fc:ad:39:92:39:17:c2:f3:
06:73:96:ba:24:60:d7:7a:71:57:5c:06:12:47:b2:6d:28:77:
00:08:21:71:4d:7f:95:62:1e:ab:8f:5c:b9:97:75:37:4b:cf:
90:c3:b5:80:d0:ea:0d:c7:1c:de:fe:a3:ba:2b:db:34:1a:26:
b2:d4:9e:e1:47:3f:c1:a9:7a:42:51:07:bb:18:8e:94:b8:be:
2a:5b:41:5f:60:c7:00:a0:71:3c:bc:d2:b7:98:3c:86:d8:c8:
f5:b7:0a:09:e7:1d:9b:8e:57:26:0b:0a:da:98:d5:13:7d:c4:
c5:bf:e1:19:84:63:17:8e:93:d0:39:4b:65:a6:96:ef:d8:65:
91:d2:cf:9d:bd:f6:a8:0a:37:6a:76:b4:ed:d6:63:60:c8:a3:
4f:63:94:47
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICOnMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDYx
MjIyMzBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEM1NUJCRkIxQUIwNUE2
NTlFNzMwMDg3NURBNDIxNjk5RDQxNzREOTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDvWFx53M+gQjddLdo9VvEvSy/FN+t+0ZYfBjjT4KGCb17EEWow
CmSQ6mI3AUem+WD933wWOgoXDTP479R4U3QlYWnAowLD1Kuua+FEAh905S7HN4bG
8khPX4GcOftKosMYqT0OuFGWv+2ba7LqmdWLtPUuTqBKWQrPxKiox+4dmddF0J7F
yOFH90YTTkV/ZTI0zLg3HDXgMKe98Mmsnwpr/ngeDS+uQJor4HQrJm7kGcnJ87Kt
V926h6NWy0Ygn3kDQ+fHDU2DaHdbDvJ1ue6TtFlv9yFiLKWdYmSKt6dIZnPaS9Xo
T4yJj67fJ0fu3YBEYISosFL/2X50cOBwVpuDAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUxVu/sasFplnnMAh12kIWmdQXTZUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3hWdV9zYXNGcGxubk1B
aDEya0lXbWRRWFRaVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAClUJSSdqottzWvqQTzovM7Odm4ENL1G
8XmdFs2A0MBVnaOT2i1+0NAunvrTTBkAYKGaJymzK3i2poODaWzA1t7T0I1isp6r
kgUBvWQ8+62yTAy01OTxxIrElhAB5Cg+8jDJO5T8rTmSORfC8wZzlrokYNd6cVdc
BhJHsm0odwAIIXFNf5ViHquPXLmXdTdLz5DDtYDQ6g3HHN7+o7or2zQaJrLUnuFH
P8GpekJRB7sYjpS4vipbQV9gxwCgcTy80reYPIbYyPW3CgnnHZuOVyYLCtqY1RN9
xMW/4RmEYxeOk9A5S2Wmlu/YZZHSz5299qgKN2p2tO3WY2DIo09jlEc=
-----END CERTIFICATE-----
Generated at Fri Jun 20 14:46:40 2025 by rpki-client