Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/QF_taLpgsKK4lALleVHSW7pqGaQ.roa
File: QF_taLpgsKK4lALleVHSW7pqGaQ.roa (raw, json)
Hash identifier: 8jX/XispvDYia9A5bBwRTnEBiQheJIbqO/dk5D2PJZc=
Subject key identifier: 40:5F:ED:68:BA:60:B0:A2:B8:94:02:E5:79:51:D2:5B:BA:6A:19:A4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3FD3
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QF_taLpgsKK4lALleVHSW7pqGaQ.roa
Signing time: Sat 13 Apr 2024 16:22:49 +0000
ROA not before: Sat 13 Apr 2024 16:22:49 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16339 (0x3fd3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 13 16:22:49 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=405FED68BA60B0A2B89402E57951D25BBA6A19A4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:d5:f0:2f:e3:1d:c8:42:45:20:ee:65:af:42:
3d:74:39:cc:fa:98:db:de:6a:6d:28:15:d7:04:ce:
3b:b3:6e:b5:36:d3:dc:cb:3a:25:05:19:65:45:de:
b4:cf:4b:4d:11:2e:3b:12:1b:15:89:05:6d:75:dd:
22:3f:92:17:c8:e0:76:87:a7:3d:6d:4e:cb:bc:c8:
06:94:6a:6f:ad:d2:47:8e:31:78:f9:8f:f0:45:ea:
60:ca:1d:42:a7:c8:3c:03:7c:82:1b:10:e7:66:0a:
e0:be:c2:08:30:eb:6c:ad:d6:f1:39:26:70:61:df:
e9:41:b8:5f:ac:d9:b6:c9:51:3a:ff:51:41:8f:fb:
26:96:37:78:d8:7f:90:8f:86:6b:c8:10:a5:a7:ab:
c7:96:17:77:cf:c9:6b:aa:ca:08:18:02:cc:89:09:
7f:3c:1c:1c:cd:14:ab:2e:d7:af:49:ca:fe:33:e0:
64:fe:a6:4a:9c:db:3e:75:c6:96:2d:4f:ad:14:99:
4e:62:01:e8:b7:b3:89:6a:0a:80:e4:75:d7:34:d6:
20:1d:f0:12:fb:4a:e2:35:4a:0a:91:ff:bb:9d:75:
28:c7:2e:63:6c:52:90:20:4c:b8:42:dc:ba:99:5b:
10:9c:7e:d1:5f:92:13:51:08:0b:0c:55:0a:38:46:
6f:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:5F:ED:68:BA:60:B0:A2:B8:94:02:E5:79:51:D2:5B:BA:6A:19:A4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QF_taLpgsKK4lALleVHSW7pqGaQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
3e:63:25:1c:28:b0:75:43:02:d2:6f:48:4a:ae:a5:ab:c2:fc:
38:cb:03:ba:69:b0:24:9a:67:9c:3a:05:e8:ca:73:14:cc:bb:
3f:b9:6b:21:1f:a8:40:f9:32:18:1e:35:0c:31:b8:14:b6:79:
bf:ce:d4:7e:03:3b:e9:02:9a:c5:04:f9:2b:e9:40:d2:8c:a1:
38:13:de:e7:e7:0e:fa:59:1a:dc:93:b3:4b:e6:21:80:6f:12:
b9:90:78:91:2e:c3:af:66:bd:68:f7:78:ea:95:e7:a5:1b:a6:
35:1b:dd:0b:24:ea:e3:f2:0f:bd:1b:72:bf:07:bf:23:73:1f:
67:83:17:18:26:c7:f3:6d:41:00:26:2c:1d:67:b1:27:c4:bb:
35:ac:3c:9f:f6:cf:94:38:8f:cf:1f:3e:a6:a3:b4:a6:17:4c:
fb:bc:9d:80:e8:04:e6:19:a5:7b:ab:76:ce:f0:71:b0:e8:03:
d6:12:7d:d9:12:f5:b1:7b:2e:58:23:88:bf:f0:d3:97:f0:e3:
ad:c4:4b:e2:9e:2d:7c:73:8e:b4:75:cb:2f:7f:ae:aa:0d:c7:
08:88:40:57:23:f9:9f:b9:62:6e:1c:27:49:83:0f:7e:f8:4e:
dc:20:a8:96:3b:51:9f:3e:6a:c7:6c:da:08:b6:e8:15:f4:30:
d0:bd:08:35
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICP9MwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTMx
NjIyNDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQwNUZFRDY4QkE2MEIw
QTJCODk0MDJFNTc5NTFEMjVCQkE2QTE5QTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDY1fAv4x3IQkUg7mWvQj10Ocz6mNveam0oFdcEzjuzbrU209zL
OiUFGWVF3rTPS00RLjsSGxWJBW113SI/khfI4HaHpz1tTsu8yAaUam+t0keOMXj5
j/BF6mDKHUKnyDwDfIIbEOdmCuC+wggw62yt1vE5JnBh3+lBuF+s2bbJUTr/UUGP
+yaWN3jYf5CPhmvIEKWnq8eWF3fPyWuqyggYAsyJCX88HBzNFKsu169Jyv4z4GT+
pkqc2z51xpYtT60UmU5iAei3s4lqCoDkddc01iAd8BL7SuI1SgqR/7uddSjHLmNs
UpAgTLhC3LqZWxCcftFfkhNRCAsMVQo4Rm/tAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUQF/taLpgsKK4lALleVHSW7pqGaQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1FGX3RhTHBnc0tLNGxB
TGxlVkhTVzdwcUdhUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAD5jJRwosHVDAtJvSEqupavC/DjLA7pp
sCSaZ5w6BejKcxTMuz+5ayEfqED5MhgeNQwxuBS2eb/O1H4DO+kCmsUE+SvpQNKM
oTgT3ufnDvpZGtyTs0vmIYBvErmQeJEuw69mvWj3eOqV56UbpjUb3Qsk6uPyD70b
cr8HvyNzH2eDFxgmx/NtQQAmLB1nsSfEuzWsPJ/2z5Q4j88fPqajtKYXTPu8nYDo
BOYZpXurds7wcbDoA9YSfdkS9bF7LlgjiL/w05fw463ES+KeLXxzjrR1yy9/rqoN
xwiIQFcj+Z+5Ym4cJ0mDD374TtwgqJY7UZ8+asds2gi26BX0MNC9CDU=
-----END CERTIFICATE-----
Generated at Fri Jun 20 13:35:23 2025 by rpki-client