Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/0xQaLNNrFoUuGb_e6Rxzu-BoE50.roa
File: 0xQaLNNrFoUuGb_e6Rxzu-BoE50.roa (raw, json)
Hash identifier: DV18pR8CDU7opX/qMEpCZtXdhB1EhKTcruqN8ZndYj0=
Subject key identifier: D3:14:1A:2C:D3:6B:16:85:2E:19:BF:DE:E9:1C:73:BB:E0:68:13:9D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3477
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0xQaLNNrFoUuGb_e6Rxzu-BoE50.roa
Signing time: Fri 29 Mar 2024 12:52:05 +0000
ROA not before: Fri 29 Mar 2024 12:52:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13431 (0x3477)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 29 12:52:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D3141A2CD36B16852E19BFDEE91C73BBE068139D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:a8:a0:58:e3:2e:26:f2:7a:79:a8:52:24:44:
ca:63:6d:56:10:b4:70:3b:76:20:96:02:9e:1d:c5:
44:06:e1:36:d1:80:c9:a0:ad:27:f2:8f:66:0b:fe:
66:a5:ed:40:52:55:f9:8f:d2:65:59:53:54:ca:3e:
64:93:53:44:aa:93:e5:7d:3e:d2:8d:8b:98:09:c6:
d8:ed:ed:25:dd:db:d0:50:04:3d:62:0f:32:0d:9c:
a2:8f:ac:35:db:bb:90:50:9f:b6:5a:3a:36:9a:b3:
d5:63:a5:b9:64:26:c8:d0:26:36:f9:b1:25:b1:67:
87:8c:4e:ee:9e:27:ee:ac:22:ec:b8:0c:09:2c:69:
58:70:ed:fa:44:30:be:8a:7c:f0:9d:f8:e9:2e:00:
da:cd:56:f0:fc:79:44:68:65:eb:25:82:6c:bc:59:
79:c7:33:c0:cd:41:22:01:92:b8:8e:69:01:d9:d4:
d4:23:47:d0:7b:97:a4:f0:a6:9a:7c:ab:d7:ae:f0:
b9:1f:24:cb:8f:31:26:80:49:c0:6e:79:83:9c:34:
c2:62:37:d0:f2:d6:20:9c:ef:52:19:c6:f6:34:17:
1e:1f:70:e3:a1:42:60:80:e7:67:2e:72:5a:c3:be:
2e:2e:3c:76:ea:7b:5e:2e:ba:1c:8e:33:ac:ac:a5:
44:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:14:1A:2C:D3:6B:16:85:2E:19:BF:DE:E9:1C:73:BB:E0:68:13:9D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0xQaLNNrFoUuGb_e6Rxzu-BoE50.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
71:07:db:a9:64:55:d7:8a:98:cc:c2:f1:1a:00:30:56:b2:9b:
3c:cd:1d:43:c5:07:ca:10:6b:4d:71:aa:df:91:56:bc:d5:e8:
ad:f2:f7:43:a7:e7:b5:b4:83:b7:c6:ba:e7:bb:8b:b4:57:d7:
38:fb:15:dc:0a:03:18:ae:b2:5d:2c:b9:89:21:59:ad:8e:43:
41:2a:9e:a2:03:01:1e:44:12:28:78:fb:b1:8d:a9:b1:8b:84:
32:48:33:99:3d:34:5f:bd:9f:05:4e:fa:63:f1:41:66:94:57:
20:c2:0b:cd:38:b2:c0:50:54:a8:78:20:b5:4e:25:21:86:ab:
35:1e:e7:a0:d6:9a:03:b7:b3:28:ab:53:1d:39:c0:5a:aa:bd:
35:9e:59:53:98:a4:ed:e0:ab:1d:cd:c7:6e:1b:34:62:88:37:
7b:cf:81:49:50:63:f9:37:80:6e:47:9b:03:95:40:91:ec:38:
28:ac:7c:50:ee:b4:bc:55:ee:cf:b7:8e:12:38:89:5a:86:b0:
4e:38:67:e6:ff:55:ea:09:2e:07:c2:6c:36:9c:29:e5:dd:de:
54:c0:c9:02:49:b7:01:b5:e1:89:1a:11:d0:be:aa:37:de:fe:
d6:ff:36:54:ed:48:04:91:50:68:50:b5:36:61:b4:bb:55:a4:
ee:97:8a:1a
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICNHcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjkx
MjUyMDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQzMTQxQTJDRDM2QjE2
ODUyRTE5QkZERUU5MUM3M0JCRTA2ODEzOUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCsqKBY4y4m8np5qFIkRMpjbVYQtHA7diCWAp4dxUQG4TbRgMmg
rSfyj2YL/mal7UBSVfmP0mVZU1TKPmSTU0Sqk+V9PtKNi5gJxtjt7SXd29BQBD1i
DzINnKKPrDXbu5BQn7ZaOjaas9VjpblkJsjQJjb5sSWxZ4eMTu6eJ+6sIuy4DAks
aVhw7fpEML6KfPCd+OkuANrNVvD8eURoZeslgmy8WXnHM8DNQSIBkriOaQHZ1NQj
R9B7l6Twppp8q9eu8LkfJMuPMSaAScBueYOcNMJiN9Dy1iCc71IZxvY0Fx4fcOOh
QmCA52cuclrDvi4uPHbqe14uuhyOM6yspUSDAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU0xQaLNNrFoUuGb/e6Rxzu+BoE50wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzB4UWFMTk5yRm9VdUdi
X2U2Unh6dS1Cb0U1MC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAHEH26lkVdeKmMzC8RoAMFaymzzNHUPF
B8oQa01xqt+RVrzV6K3y90On57W0g7fGuue7i7RX1zj7FdwKAxiusl0suYkhWa2O
Q0EqnqIDAR5EEih4+7GNqbGLhDJIM5k9NF+9nwVO+mPxQWaUVyDCC804ssBQVKh4
ILVOJSGGqzUe56DWmgO3syirUx05wFqqvTWeWVOYpO3gqx3Nx24bNGKIN3vPgUlQ
Y/k3gG5HmwOVQJHsOCisfFDutLxV7s+3jhI4iVqGsE44Z+b/VeoJLgfCbDacKeXd
3lTAyQJJtwG14YkaEdC+qjfe/tb/NlTtSASRUGhQtTZhtLtVpO6Xiho=
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:21:35 2025 by rpki-client