Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/g-QnMSE7EU6oGcFTTajPKQFz0d8.roa
File: g-QnMSE7EU6oGcFTTajPKQFz0d8.roa (raw, json)
Hash identifier: EDMLu1aB/vi0p0GO3Npx1ldoXGiqBL24lQIxkGeWQf0=
Subject key identifier: 83:E4:27:31:21:3B:11:4E:A8:19:C1:53:4D:A8:CF:29:01:73:D1:DF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 448B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/g-QnMSE7EU6oGcFTTajPKQFz0d8.roa
Signing time: Fri 19 Apr 2024 23:23:03 +0000
ROA not before: Fri 19 Apr 2024 23:23:03 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17547 (0x448b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 19 23:23:03 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=83E42731213B114EA819C1534DA8CF290173D1DF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:ab:12:42:f4:ff:af:0f:39:0d:0d:b3:06:96:
85:af:fb:c0:e8:fa:f7:93:5a:dc:2b:a2:e8:7f:57:
d1:ba:59:7c:23:b6:87:58:85:47:2c:df:68:e3:3c:
fa:99:dd:9b:e6:fc:dc:3b:25:50:65:63:8d:1c:b1:
fa:8d:50:70:13:89:bb:13:bf:77:63:e1:72:4b:d4:
d9:e2:8d:ce:a2:0e:59:2c:62:ed:54:a6:58:97:3a:
d1:ff:a7:71:8f:f0:ce:30:9e:a3:11:51:6c:b9:30:
09:e1:eb:16:a3:25:d7:f3:68:3d:de:33:e7:79:f0:
e9:c0:d7:9b:54:c7:84:3f:3b:c5:35:33:f9:68:e9:
ad:e2:e5:1d:be:9b:0e:ea:8a:38:1b:1e:c0:62:a1:
b4:7e:ba:00:12:91:aa:4a:ce:0f:37:53:27:bb:0f:
f9:8d:27:fd:c9:b2:36:19:09:63:2e:70:f7:bf:e2:
2e:74:12:d4:cd:e5:1a:29:7e:31:67:d6:e8:ad:fb:
3d:3c:cd:ff:a7:ea:e0:81:7f:05:9c:f1:06:85:d0:
82:26:19:27:8d:5d:aa:81:94:5d:28:15:a3:0b:08:
0e:12:c6:15:bc:dd:a2:44:6e:7e:f9:36:85:82:a6:
64:e6:e0:89:5b:5b:35:4f:29:91:04:77:46:cd:a5:
26:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:E4:27:31:21:3B:11:4E:A8:19:C1:53:4D:A8:CF:29:01:73:D1:DF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/g-QnMSE7EU6oGcFTTajPKQFz0d8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
a0:cc:14:3a:2c:76:af:d7:aa:51:fc:7c:d2:1c:12:83:68:cb:
27:40:ec:f2:ff:c4:37:a5:7c:9e:fd:0a:93:bb:6c:4a:37:1b:
fd:e1:af:23:72:77:18:a2:02:c1:b3:fc:57:6d:82:fe:47:52:
ce:8c:02:b2:44:f8:2e:08:96:e2:ad:b5:b5:b3:e3:fa:b0:1a:
6c:59:fb:bf:a2:19:34:4c:54:a1:94:fc:1a:0e:09:07:5f:34:
f4:59:fe:96:7c:47:4c:38:51:7d:74:e0:30:97:c0:e0:e3:4e:
41:3c:5d:27:4c:25:73:7d:83:59:f8:c8:76:80:bb:f9:26:e7:
a0:ec:06:40:1c:00:2b:0f:94:bc:3c:18:d0:7a:d3:b4:b3:c0:
30:29:58:00:c9:77:a8:09:45:5c:0c:75:fd:75:3e:ef:64:0a:
25:10:21:e0:c9:24:47:8b:4c:1f:d2:d6:24:b2:eb:30:8d:96:
ce:ba:8e:64:ab:e2:65:94:47:03:90:11:ed:b7:93:ff:2b:ba:
0b:8f:31:e9:05:87:42:a2:75:c9:06:41:c0:9d:23:8a:c5:d9:
c9:ae:62:15:7d:6d:f8:ff:df:8d:e0:3c:ad:ea:bc:ec:58:b3:
8e:45:39:99:b4:a4:12:c7:ce:35:cc:bc:fa:ab:ca:75:7b:11:
36:8e:01:23
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICRIswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTky
MzIzMDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDgzRTQyNzMxMjEzQjEx
NEVBODE5QzE1MzREQThDRjI5MDE3M0QxREYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCqqxJC9P+vDzkNDbMGloWv+8Do+veTWtwrouh/V9G6WXwjtodY
hUcs32jjPPqZ3Zvm/Nw7JVBlY40csfqNUHATibsTv3dj4XJL1Nnijc6iDlksYu1U
pliXOtH/p3GP8M4wnqMRUWy5MAnh6xajJdfzaD3eM+d58OnA15tUx4Q/O8U1M/lo
6a3i5R2+mw7qijgbHsBiobR+ugASkapKzg83Uye7D/mNJ/3JsjYZCWMucPe/4i50
EtTN5RopfjFn1uit+z08zf+n6uCBfwWc8QaF0IImGSeNXaqBlF0oFaMLCA4SxhW8
3aJEbn75NoWCpmTm4IlbWzVPKZEEd0bNpSbHAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUg+QnMSE7EU6oGcFTTajPKQFz0d8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2ctUW5NU0U3RVU2b0dj
RlRUYWpQS1FGejBkOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAKDMFDosdq/XqlH8fNIcEoNoyydA7PL/
xDelfJ79CpO7bEo3G/3hryNydxiiAsGz/Fdtgv5HUs6MArJE+C4IluKttbWz4/qw
GmxZ+7+iGTRMVKGU/BoOCQdfNPRZ/pZ8R0w4UX104DCXwODjTkE8XSdMJXN9g1n4
yHaAu/km56DsBkAcACsPlLw8GNB607SzwDApWADJd6gJRVwMdf11Pu9kCiUQIeDJ
JEeLTB/S1iSy6zCNls66jmSr4mWURwOQEe23k/8ruguPMekFh0KidckGQcCdI4rF
2cmuYhV9bfj/343gPK3qvOxYs45FOZm0pBLHzjXMvPqrynV7ETaOASM=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:52:46 2025 by rpki-client