Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/xznOr7YYASESEeimhnkPlx8shZI.roa
File: xznOr7YYASESEeimhnkPlx8shZI.roa (raw, json)
Hash identifier: X3K/zLaW+92yKip/Uh24Zu0pyQAdFBiubzh9EqzK8Bs=
Subject key identifier: C7:39:CE:AF:B6:18:01:21:12:11:E8:A6:86:79:0F:97:1F:2C:85:92
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3E93
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xznOr7YYASESEeimhnkPlx8shZI.roa
Signing time: Fri 12 Apr 2024 00:23:15 +0000
ROA not before: Fri 12 Apr 2024 00:23:15 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16019 (0x3e93)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 12 00:23:15 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C739CEAFB61801211211E8A686790F971F2C8592
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:dc:5f:87:0d:d1:45:24:44:4f:73:ce:52:7b:
f8:4b:40:3f:ee:3d:87:e7:36:5c:0a:2a:45:95:9a:
32:88:05:33:0b:cb:15:b6:03:ea:3e:ee:b3:64:7d:
a9:8a:ba:25:71:eb:12:5c:4c:7d:8e:df:76:6a:05:
65:d0:6b:bb:09:a0:97:e5:bd:62:a2:ca:df:8c:12:
0d:85:fd:fc:76:e7:51:3c:db:5e:88:af:20:db:7d:
95:88:00:67:4a:23:69:9d:5e:ae:9a:93:39:cc:ad:
61:32:4e:0a:9a:98:5c:13:df:93:60:1f:1f:24:a1:
ad:ad:f9:75:01:82:9e:44:8e:a1:5b:7e:77:6c:74:
0e:63:cb:50:31:17:30:db:a3:62:57:24:68:a4:61:
da:58:fb:5f:1b:1e:a8:a5:be:5b:3c:95:d0:09:86:
32:c9:4e:34:b5:dd:37:20:e7:31:35:50:77:0a:02:
76:c9:78:8e:59:0d:95:22:d7:dd:f9:cc:9a:49:06:
2f:5d:d0:f3:9a:25:c3:14:0a:2a:6f:40:4c:22:81:
d7:d0:40:c1:57:63:ef:99:3c:0b:f3:ee:d7:15:95:
e9:4b:85:a6:8c:f5:91:a7:02:6a:9e:a5:62:13:cb:
33:a4:d9:19:ff:7c:27:e0:03:fb:8b:d0:c6:6d:ed:
d7:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:39:CE:AF:B6:18:01:21:12:11:E8:A6:86:79:0F:97:1F:2C:85:92
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xznOr7YYASESEeimhnkPlx8shZI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
0e:0f:b8:e6:85:57:47:80:f0:d4:07:45:d0:9a:62:f6:22:c4:
51:f9:5a:a9:83:d7:26:62:78:4b:d2:90:48:c2:96:a9:20:bd:
6d:c7:26:51:dd:7b:7c:c6:c7:fc:8a:b4:d0:fa:db:b1:f6:6b:
73:97:bb:f5:a3:7e:12:33:0e:24:06:03:0c:4b:2f:37:79:4b:
ad:7e:ba:b1:ac:33:58:58:5b:14:e9:89:49:ee:0b:c9:d1:58:
ee:5b:06:75:6b:24:13:54:07:c1:87:40:ac:13:10:16:ae:4b:
4f:72:7c:de:cd:a3:83:5f:45:e3:0f:b3:01:3d:c5:8d:1c:3d:
68:dd:b2:20:de:6a:5d:79:10:5b:96:73:32:85:c6:01:52:dc:
79:52:34:32:f7:a5:57:e9:e4:4f:ad:39:4b:9e:05:81:e8:47:
fa:7f:04:3a:0b:8d:f9:eb:d2:14:9d:4e:82:6e:d8:04:a2:e0:
f7:81:e5:99:95:56:d9:3b:4f:d4:7d:e8:98:75:75:88:65:f1:
fb:99:48:d6:e0:f1:4a:6b:b1:2e:0a:05:0a:16:b0:95:0e:7b:
79:40:d8:4d:b3:44:d2:e0:15:d6:a2:c7:b8:4d:c2:24:91:f1:
89:5e:1f:0b:21:e0:7e:dc:c5:c1:fa:af:b4:5b:2f:1a:21:e1:
d9:0a:bc:31
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICPpMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTIw
MDIzMTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEM3MzlDRUFGQjYxODAx
MjExMjExRThBNjg2NzkwRjk3MUYyQzg1OTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDt3F+HDdFFJERPc85Se/hLQD/uPYfnNlwKKkWVmjKIBTMLyxW2
A+o+7rNkfamKuiVx6xJcTH2O33ZqBWXQa7sJoJflvWKiyt+MEg2F/fx251E8216I
ryDbfZWIAGdKI2mdXq6akznMrWEyTgqamFwT35NgHx8koa2t+XUBgp5EjqFbfnds
dA5jy1AxFzDbo2JXJGikYdpY+18bHqilvls8ldAJhjLJTjS13Tcg5zE1UHcKAnbJ
eI5ZDZUi1935zJpJBi9d0POaJcMUCipvQEwigdfQQMFXY++ZPAvz7tcVlelLhaaM
9ZGnAmqepWITyzOk2Rn/fCfgA/uL0MZt7dc9AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUxznOr7YYASESEeimhnkPlx8shZIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3h6bk9yN1lZQVNFU0Vl
aW1obmtQbHg4c2haSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAA4PuOaFV0eA8NQHRdCaYvYixFH5WqmD
1yZieEvSkEjClqkgvW3HJlHde3zGx/yKtND627H2a3OXu/WjfhIzDiQGAwxLLzd5
S61+urGsM1hYWxTpiUnuC8nRWO5bBnVrJBNUB8GHQKwTEBauS09yfN7No4NfReMP
swE9xY0cPWjdsiDeal15EFuWczKFxgFS3HlSNDL3pVfp5E+tOUueBYHoR/p/BDoL
jfnr0hSdToJu2ASi4PeB5ZmVVtk7T9R96Jh1dYhl8fuZSNbg8UprsS4KBQoWsJUO
e3lA2E2zRNLgFdaix7hNwiSR8YleHwsh4H7cxcH6r7RbLxoh4dkKvDE=
-----END CERTIFICATE-----
Generated at Sat Jun 21 15:08:23 2025 by rpki-client