Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/xga2r9vmlIYBr0I0jS1JxJj0KPU.roa
File: xga2r9vmlIYBr0I0jS1JxJj0KPU.roa (raw, json)
Hash identifier: xD1E9gZXXC1qH6jzePKuMfrnzO9EvUzYuYzZdUoiYIE=
Subject key identifier: C6:06:B6:AF:DB:E6:94:86:01:AF:42:34:8D:2D:49:C4:98:F4:28:F5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 44AF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xga2r9vmlIYBr0I0jS1JxJj0KPU.roa
Signing time: Sat 20 Apr 2024 03:53:05 +0000
ROA not before: Sat 20 Apr 2024 03:53:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17583 (0x44af)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 20 03:53:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C606B6AFDBE6948601AF42348D2D49C498F428F5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:c9:3a:4c:dc:8b:50:de:79:64:db:ce:48:2b:
91:d8:29:9d:a1:56:e4:0c:6e:9b:7a:d0:49:c7:1d:
ea:b5:ca:76:fd:95:00:4c:69:bf:82:18:89:19:35:
71:61:6d:66:46:8f:ce:d4:ef:ce:af:3e:d8:9e:4c:
f2:6f:ee:3d:2a:55:fd:57:f2:38:28:e7:d7:b3:a7:
13:35:9a:7d:52:19:15:82:86:e7:d9:79:00:07:ee:
1e:ca:95:d9:82:eb:71:82:0e:74:c0:93:3a:5e:36:
90:a8:7f:74:f3:50:9e:f5:d6:ab:04:6c:62:2b:b4:
9a:73:a8:42:42:14:03:8b:41:a2:25:d8:e1:a3:d3:
ef:d2:77:9b:72:39:9f:19:c7:02:d6:2a:44:af:11:
e3:71:f3:ab:5b:0a:e2:78:9f:b3:be:1a:8b:3b:1c:
a8:c4:03:09:55:53:00:64:6d:6a:16:b5:fe:07:00:
47:d7:6d:37:a3:b8:f9:4b:6b:99:04:78:c5:c4:2e:
6b:10:07:a9:c1:fd:2e:1b:27:5c:69:4a:24:79:20:
3a:f1:05:ff:ea:3b:50:e1:cc:5b:6c:94:4f:47:be:
07:e8:7c:07:e6:2a:a9:64:1c:95:b4:93:98:6d:73:
21:2a:09:6e:53:41:1a:51:23:4b:3a:98:66:e5:99:
dc:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:06:B6:AF:DB:E6:94:86:01:AF:42:34:8D:2D:49:C4:98:F4:28:F5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xga2r9vmlIYBr0I0jS1JxJj0KPU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
09:ac:b3:8a:d6:f1:56:c1:1b:5e:9b:58:35:86:32:81:70:b1:
6d:86:26:9a:20:0f:ef:ea:cd:80:11:a4:5f:32:fc:19:d7:5b:
d4:49:a2:00:be:6a:e2:be:22:f0:44:f8:01:64:26:fc:3b:1c:
03:93:c7:53:04:f7:80:dc:d0:95:f4:82:5d:c7:f6:1c:1b:9c:
d9:19:78:eb:c5:f5:42:ed:2d:d6:69:62:f6:36:b0:e1:0d:11:
f4:f1:10:66:84:a8:5e:ba:f5:49:b0:49:ba:18:41:95:fe:b8:
49:4a:ba:0f:30:79:de:f9:06:64:cb:de:f8:91:d4:d7:57:62:
f4:0f:8d:6c:03:c0:a4:7d:1b:d1:96:66:e8:97:f1:96:ee:4f:
b4:39:46:60:6c:f3:ca:46:9b:cc:3a:7f:b0:c3:3a:76:60:79:
79:ca:89:ec:61:2b:1c:27:9f:ce:c2:d5:26:97:d6:4b:f7:03:
28:82:4a:1b:a0:30:ec:93:02:fe:7f:28:d7:d2:d0:12:a7:76:
f8:82:a6:bc:04:6e:18:6c:db:a8:97:67:d1:c9:0e:1d:ca:31:
a4:aa:69:5b:f6:e5:0c:ba:f3:3c:66:c2:86:27:f2:bf:18:dd:
b7:98:d3:c8:fb:ce:fb:c6:5d:c3:7e:42:4a:61:4a:1f:9e:97:
f9:1c:0a:80
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICRK8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjAw
MzUzMDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEM2MDZCNkFGREJFNjk0
ODYwMUFGNDIzNDhEMkQ0OUM0OThGNDI4RjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFyTpM3ItQ3nlk285IK5HYKZ2hVuQMbpt60EnHHeq1ynb9lQBM
ab+CGIkZNXFhbWZGj87U786vPtieTPJv7j0qVf1X8jgo59ezpxM1mn1SGRWChufZ
eQAH7h7KldmC63GCDnTAkzpeNpCof3TzUJ711qsEbGIrtJpzqEJCFAOLQaIl2OGj
0+/Sd5tyOZ8ZxwLWKkSvEeNx86tbCuJ4n7O+Gos7HKjEAwlVUwBkbWoWtf4HAEfX
bTejuPlLa5kEeMXELmsQB6nB/S4bJ1xpSiR5IDrxBf/qO1DhzFtslE9HvgfofAfm
KqlkHJW0k5htcyEqCW5TQRpRI0s6mGblmdyJAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUxga2r9vmlIYBr0I0jS1JxJj0KPUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3hnYTJyOXZtbElZQnIw
STBqUzFKeEpqMEtQVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAAmss4rW8VbBG16bWDWGMoFwsW2GJpog
D+/qzYARpF8y/BnXW9RJogC+auK+IvBE+AFkJvw7HAOTx1ME94Dc0JX0gl3H9hwb
nNkZeOvF9ULtLdZpYvY2sOENEfTxEGaEqF669UmwSboYQZX+uElKug8wed75BmTL
3viR1NdXYvQPjWwDwKR9G9GWZuiX8ZbuT7Q5RmBs88pGm8w6f7DDOnZgeXnKiexh
Kxwnn87C1SaX1kv3AyiCShugMOyTAv5/KNfS0BKndviCprwEbhhs26iXZ9HJDh3K
MaSqaVv25Qy68zxmwoYn8r8Y3beY08j7zvvGXcN+QkphSh+el/kcCoA=
-----END CERTIFICATE-----
Generated at Sun Jun 22 08:13:28 2025 by rpki-client