Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/QxOdOQ-1fQV3FWqSV-lD7SsxXbs.roa
File: QxOdOQ-1fQV3FWqSV-lD7SsxXbs.roa (raw, json)
Hash identifier: 5GYbvH1VZsypRT8m7kgpFE6QeczMwZaQazq/ny5MkaE=
Subject key identifier: 43:13:9D:39:0F:B5:7D:05:77:15:6A:92:57:E9:43:ED:2B:31:5D:BB
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4453
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QxOdOQ-1fQV3FWqSV-lD7SsxXbs.roa
Signing time: Fri 19 Apr 2024 16:23:01 +0000
ROA not before: Fri 19 Apr 2024 16:23:01 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17491 (0x4453)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 19 16:23:01 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=43139D390FB57D0577156A9257E943ED2B315DBB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:69:bf:97:fb:25:87:a9:1d:a3:ef:d6:68:3a:
5d:20:8f:df:dd:91:c3:fa:7e:50:80:31:e4:5c:9c:
80:3b:e5:10:37:fd:e6:89:df:66:42:10:48:6d:a6:
25:13:60:db:51:fb:e0:35:24:f6:f2:7b:c8:a2:b7:
56:97:d6:0b:65:4a:43:93:6f:43:13:5a:bd:a1:da:
7a:ca:4b:f9:d6:cb:35:2f:ea:01:52:c4:c2:97:1a:
01:43:e9:9a:08:8e:47:85:38:1a:ff:fb:82:69:fb:
36:88:b5:2e:e0:fa:62:58:75:66:e7:ba:f7:be:61:
52:9e:69:0f:ad:38:01:de:f5:a2:d2:57:a4:1d:3f:
3b:b5:dc:76:db:c0:cc:c9:a5:2f:39:e3:d9:fd:e2:
6d:c1:95:99:f7:ac:20:4f:1a:31:1b:e0:74:47:6c:
97:06:21:38:58:5b:ba:07:f4:43:95:ef:a7:6e:2a:
30:96:e4:55:55:5c:f9:48:44:79:6e:dd:5b:59:30:
89:11:8e:66:c3:0d:02:8e:87:0b:32:f8:ff:e6:c5:
0f:61:1e:56:7f:b1:58:e0:82:16:ab:28:50:45:66:
59:f9:bc:f7:84:d8:a6:84:59:8f:30:fa:ac:02:7a:
cb:1b:e2:46:7f:29:49:5c:e5:c6:1c:da:55:a2:66:
be:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:13:9D:39:0F:B5:7D:05:77:15:6A:92:57:E9:43:ED:2B:31:5D:BB
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QxOdOQ-1fQV3FWqSV-lD7SsxXbs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
93:8c:13:82:27:39:53:30:2a:30:4b:dd:f6:ce:e5:0e:f2:93:
bf:51:de:b8:8c:49:6c:34:37:ad:29:8b:59:87:a6:fb:06:af:
4b:17:f0:57:13:cd:6f:56:91:0c:c9:4d:be:55:9f:7a:fb:9d:
f7:46:19:27:4e:7b:36:ab:11:81:22:f2:db:bd:09:a9:54:b0:
af:71:b5:09:46:fe:f9:dc:57:3d:a3:66:f4:ee:de:ce:fc:69:
8c:33:0f:f1:86:0b:5c:97:9c:d3:7a:da:3f:11:11:30:00:c3:
56:b0:1a:d7:59:a4:e2:5c:93:7c:44:d9:e8:b1:4b:e6:b5:cc:
55:b3:93:85:4c:01:d4:1f:bc:f5:d2:c1:7a:cc:a5:93:b2:1b:
61:51:76:63:4b:d0:b6:f2:b7:4c:f2:83:87:c5:3d:91:94:1a:
36:be:25:5f:c7:91:b6:17:25:a0:02:23:75:44:2f:da:33:5e:
93:8b:f2:c4:d0:78:01:98:0f:64:e0:39:c1:07:ae:c0:ad:d4:
74:a8:9a:ca:80:2b:8e:05:06:71:f4:12:78:1e:52:83:c0:4a:
06:d1:de:e0:75:2a:b4:ee:5b:ba:78:78:1e:c4:80:88:ec:73:
24:e4:41:25:f2:d4:f4:c4:e2:49:74:da:3b:13:06:ce:75:fc:
86:b0:4a:18
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICRFMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTkx
NjIzMDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQzMTM5RDM5MEZCNTdE
MDU3NzE1NkE5MjU3RTk0M0VEMkIzMTVEQkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCoab+X+yWHqR2j79ZoOl0gj9/dkcP6flCAMeRcnIA75RA3/eaJ
32ZCEEhtpiUTYNtR++A1JPbye8iit1aX1gtlSkOTb0MTWr2h2nrKS/nWyzUv6gFS
xMKXGgFD6ZoIjkeFOBr/+4Jp+zaItS7g+mJYdWbnuve+YVKeaQ+tOAHe9aLSV6Qd
Pzu13HbbwMzJpS8549n94m3BlZn3rCBPGjEb4HRHbJcGIThYW7oH9EOV76duKjCW
5FVVXPlIRHlu3VtZMIkRjmbDDQKOhwsy+P/mxQ9hHlZ/sVjggharKFBFZln5vPeE
2KaEWY8w+qwCessb4kZ/KUlc5cYc2lWiZr7rAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUQxOdOQ+1fQV3FWqSV+lD7SsxXbswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1F4T2RPUS0xZlFWM0ZX
cVNWLWxEN1NzeFhicy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAJOME4InOVMwKjBL3fbO5Q7yk79R3riM
SWw0N60pi1mHpvsGr0sX8FcTzW9WkQzJTb5Vn3r7nfdGGSdOezarEYEi8tu9CalU
sK9xtQlG/vncVz2jZvTu3s78aYwzD/GGC1yXnNN62j8RETAAw1awGtdZpOJck3xE
2eixS+a1zFWzk4VMAdQfvPXSwXrMpZOyG2FRdmNL0Lbyt0zyg4fFPZGUGja+JV/H
kbYXJaACI3VEL9ozXpOL8sTQeAGYD2TgOcEHrsCt1HSomsqAK44FBnH0EngeUoPA
SgbR3uB1KrTuW7p4eB7EgIjscyTkQSXy1PTE4kl02jsTBs51/IawShg=
-----END CERTIFICATE-----
Generated at Sun Jun 22 08:22:42 2025 by rpki-client