Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/x257xrX2MzDXdp1UBykqUdpZsDw.roa
File: x257xrX2MzDXdp1UBykqUdpZsDw.roa (raw, json)
Hash identifier: Ia/cJMYwBHSZfN++elHPLrhlzi1y11Z7CSEjC4WO6GE=
Subject key identifier: C7:6E:7B:C6:B5:F6:33:30:D7:76:9D:54:07:29:2A:51:DA:59:B0:3C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 52BF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/x257xrX2MzDXdp1UBykqUdpZsDw.roa
Signing time: Wed 08 May 2024 21:53:57 +0000
ROA not before: Wed 08 May 2024 21:53:57 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21183 (0x52bf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 8 21:53:57 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C76E7BC6B5F63330D7769D5407292A51DA59B03C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:bd:76:6e:2b:4a:39:41:d7:e2:18:3a:90:57:
b7:21:63:e0:a0:50:b2:f0:a9:af:c6:c8:60:d1:85:
2a:57:d9:f4:70:ff:3f:4f:63:e9:96:64:fc:f9:ea:
ae:c6:21:cc:d8:01:95:c1:2f:96:a5:35:a3:b5:72:
18:a8:ff:71:7a:17:30:0d:e1:f0:df:bc:71:d4:41:
f9:71:9a:ee:e6:86:38:06:d5:4d:5d:89:25:9a:a7:
c3:a0:6e:46:90:f1:f8:b0:a7:6f:96:fd:f4:f3:2a:
fb:d8:e6:98:38:a1:fd:69:81:07:78:43:9e:26:09:
0e:88:a7:e0:02:45:f2:98:76:3a:b3:73:ea:c4:b7:
ba:f2:81:47:e6:9a:ca:c3:05:8c:e3:36:e7:f8:54:
6e:51:15:1a:67:84:ae:34:4c:43:81:9c:76:c9:6e:
5a:6a:4e:f9:18:7a:f5:9d:f6:3a:e8:02:c8:c1:85:
e3:d3:1f:4e:2a:d1:85:54:67:2b:e6:21:4a:7a:23:
e7:2c:bf:9b:f3:69:6d:d3:b0:74:2c:98:7c:48:cd:
9b:84:83:79:4b:90:dc:c0:85:e8:99:53:92:88:55:
2c:9e:58:ba:38:bf:80:99:9b:50:eb:f0:d9:3c:9a:
c3:4c:3b:74:67:28:ef:f0:de:6b:db:5f:66:bf:2b:
fa:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:6E:7B:C6:B5:F6:33:30:D7:76:9D:54:07:29:2A:51:DA:59:B0:3C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/x257xrX2MzDXdp1UBykqUdpZsDw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
72:dd:ba:a1:e8:9c:d5:d1:74:75:49:8c:e9:6b:22:02:bb:8f:
d3:91:0b:bb:43:75:2b:35:5a:49:27:a0:9f:67:09:4e:70:93:
ad:a9:ab:e0:b8:58:c9:18:9f:21:b7:44:2f:3b:36:88:e0:3a:
ed:4c:50:d2:c0:c0:96:99:56:9a:30:50:ea:b2:9a:b9:4b:16:
90:00:a5:63:b7:77:86:4a:2e:55:be:38:08:ca:a0:35:94:5f:
be:71:0c:af:21:83:3a:22:58:f3:a0:f3:43:63:4b:6f:cb:0b:
a8:62:ad:ca:67:67:42:4c:2a:00:71:a2:4c:da:47:74:30:85:
11:b8:65:b3:0a:eb:1d:47:f3:30:18:76:89:4d:b7:43:cc:70:
d8:d8:63:40:60:03:f1:1e:ee:64:f0:54:5e:78:9f:b7:62:b1:
10:30:55:06:93:89:93:15:cb:15:a8:0e:48:1d:26:97:a0:91:
6b:c8:63:81:c7:04:9a:14:3e:a5:1a:f3:74:ec:0f:ec:f7:2d:
74:c6:be:98:11:9b:f4:c9:f4:97:da:93:23:88:42:c5:e5:18:
04:d8:e9:78:b9:23:4a:61:f9:b2:b1:07:6f:00:13:74:30:0a:
2a:7f:c2:62:12:a2:26:62:5c:8f:57:3a:95:79:11:bc:d9:6c:
01:a8:f6:6b
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICUr8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDgy
MTUzNTdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEM3NkU3QkM2QjVGNjMz
MzBENzc2OUQ1NDA3MjkyQTUxREE1OUIwM0MwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDIvXZuK0o5QdfiGDqQV7chY+CgULLwqa/GyGDRhSpX2fRw/z9P
Y+mWZPz56q7GIczYAZXBL5alNaO1chio/3F6FzAN4fDfvHHUQflxmu7mhjgG1U1d
iSWap8OgbkaQ8fiwp2+W/fTzKvvY5pg4of1pgQd4Q54mCQ6Ip+ACRfKYdjqzc+rE
t7rygUfmmsrDBYzjNuf4VG5RFRpnhK40TEOBnHbJblpqTvkYevWd9jroAsjBhePT
H04q0YVUZyvmIUp6I+csv5vzaW3TsHQsmHxIzZuEg3lLkNzAheiZU5KIVSyeWLo4
v4CZm1Dr8Nk8msNMO3RnKO/w3mvbX2a/K/pVAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUx257xrX2MzDXdp1UBykqUdpZsDwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3gyNTd4clgyTXpEWGRw
MVVCeWtxVWRwWnNEdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAHLduqHonNXRdHVJjOlrIgK7j9ORC7tD
dSs1WkknoJ9nCU5wk62pq+C4WMkYnyG3RC87NojgOu1MUNLAwJaZVpowUOqymrlL
FpAApWO3d4ZKLlW+OAjKoDWUX75xDK8hgzoiWPOg80NjS2/LC6hircpnZ0JMKgBx
okzaR3QwhRG4ZbMK6x1H8zAYdolNt0PMcNjYY0BgA/Ee7mTwVF54n7disRAwVQaT
iZMVyxWoDkgdJpegkWvIY4HHBJoUPqUa83TsD+z3LXTGvpgRm/TJ9JfakyOIQsXl
GATY6Xi5I0ph+bKxB28AE3QwCip/wmISoiZiXI9XOpV5EbzZbAGo9ms=
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:54:02 2025 by rpki-client