Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/QPUNhxuMF6JzbQaTZ98GAl1mP_o.roa
File: QPUNhxuMF6JzbQaTZ98GAl1mP_o.roa (raw, json)
Hash identifier: ug7Yoq6HPCOk5Bp3Pm3vLxRJ2sD82nvlfxhfkQFrRW0=
Subject key identifier: 40:F5:0D:87:1B:8C:17:A2:73:6D:06:93:67:DF:06:02:5D:66:3F:FA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 52AF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QPUNhxuMF6JzbQaTZ98GAl1mP_o.roa
Signing time: Wed 08 May 2024 19:54:09 +0000
ROA not before: Wed 08 May 2024 19:54:09 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21167 (0x52af)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 8 19:54:09 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=40F50D871B8C17A2736D069367DF06025D663FFA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:21:07:e9:c6:6e:04:f0:6d:4f:b5:db:e0:d8:
51:84:ff:f2:50:89:b1:f0:c0:3a:37:1c:64:d9:06:
cb:e5:1e:2e:d1:d8:af:99:37:fe:ed:f3:02:3a:93:
72:fd:d4:97:ce:96:83:30:ed:13:43:90:88:6c:41:
87:9c:e0:99:da:6e:a8:26:4f:1f:11:e2:a8:4a:57:
25:c5:61:02:42:d5:fc:89:2d:14:2f:61:0c:c9:07:
d1:f9:8b:ec:a5:e1:4e:11:4e:e4:59:d9:c8:36:80:
e1:00:6f:09:0c:ed:7f:4d:21:0b:86:1b:cc:f9:35:
6a:64:b8:a3:c6:3d:7b:93:fa:e5:71:01:15:4e:51:
bd:6c:88:0a:b5:14:bd:af:55:4e:30:ce:d6:be:7b:
73:f0:4e:08:4d:ac:93:ea:3c:f5:4e:1e:06:a6:8d:
03:b9:7e:77:ba:dd:56:71:7e:61:83:34:8b:ce:8e:
c0:07:7c:0a:62:18:34:d5:0e:4b:fe:dd:18:99:9f:
76:90:5f:6e:22:1c:10:b4:62:41:1d:85:eb:5e:f7:
f4:d7:01:df:df:5e:e7:45:9d:cd:f0:68:88:fe:fd:
cc:05:c6:8c:16:58:2e:12:32:0c:84:a7:28:08:e3:
83:9c:58:35:73:40:59:e5:04:c7:98:85:70:bc:8f:
c6:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:F5:0D:87:1B:8C:17:A2:73:6D:06:93:67:DF:06:02:5D:66:3F:FA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QPUNhxuMF6JzbQaTZ98GAl1mP_o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
7c:a9:2a:f5:88:e6:87:c1:7b:4e:e3:61:36:2a:e7:b4:cb:03:
b8:b1:a5:70:3b:b9:e7:e1:ad:23:05:0c:c2:e1:ad:26:ba:54:
94:84:b9:ed:80:09:ac:5e:27:7b:82:43:43:b3:4b:19:d6:6b:
43:36:a1:21:9c:d6:3a:b6:24:4e:c7:07:ae:45:44:c9:7f:c8:
d8:5b:5f:c7:b0:0c:91:3b:cc:cb:48:1f:c2:8b:54:e7:32:b1:
e0:d1:ca:b9:3b:0b:46:51:72:a0:17:2b:7d:10:4b:e5:7c:72:
2e:a6:ff:61:75:84:c5:a5:69:34:3e:a9:bf:13:31:d4:51:bc:
b1:69:63:fa:34:ca:93:72:65:22:2b:d5:ef:85:33:73:38:4d:
45:62:62:fc:e0:01:1f:f0:39:16:1e:e5:cf:a1:9e:c9:d6:f7:
5f:51:c5:2c:95:b9:34:eb:ce:2c:cd:a0:03:da:4c:92:ea:96:
3a:d0:be:5f:45:24:42:86:fb:52:84:ba:c8:9d:22:58:e4:86:
e0:68:51:37:59:62:cc:66:67:36:36:6c:b0:e0:b2:fb:f2:6c:
28:ae:5e:33:36:8e:3f:72:3a:1d:dd:81:17:42:1d:4d:a3:21:
6c:c4:bb:48:8f:e4:bc:ad:e2:f0:e7:cd:40:93:81:b8:2a:d2:
ea:75:b3:55
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICUq8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDgx
OTU0MDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQwRjUwRDg3MUI4QzE3
QTI3MzZEMDY5MzY3REYwNjAyNUQ2NjNGRkEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDZIQfpxm4E8G1Ptdvg2FGE//JQibHwwDo3HGTZBsvlHi7R2K+Z
N/7t8wI6k3L91JfOloMw7RNDkIhsQYec4JnabqgmTx8R4qhKVyXFYQJC1fyJLRQv
YQzJB9H5i+yl4U4RTuRZ2cg2gOEAbwkM7X9NIQuGG8z5NWpkuKPGPXuT+uVxARVO
Ub1siAq1FL2vVU4wzta+e3PwTghNrJPqPPVOHgamjQO5fne63VZxfmGDNIvOjsAH
fApiGDTVDkv+3RiZn3aQX24iHBC0YkEdhete9/TXAd/fXudFnc3waIj+/cwFxowW
WC4SMgyEpygI44OcWDVzQFnlBMeYhXC8j8aDAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUQPUNhxuMF6JzbQaTZ98GAl1mP/owHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1FQVU5oeHVNRjZKemJR
YVRaOThHQWwxbVBfby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAHypKvWI5ofBe07jYTYq57TLA7ixpXA7
uefhrSMFDMLhrSa6VJSEue2ACaxeJ3uCQ0OzSxnWa0M2oSGc1jq2JE7HB65FRMl/
yNhbX8ewDJE7zMtIH8KLVOcyseDRyrk7C0ZRcqAXK30QS+V8ci6m/2F1hMWlaTQ+
qb8TMdRRvLFpY/o0ypNyZSIr1e+FM3M4TUViYvzgAR/wORYe5c+hnsnW919RxSyV
uTTrzizNoAPaTJLqljrQvl9FJEKG+1KEusidIljkhuBoUTdZYsxmZzY2bLDgsvvy
bCiuXjM2jj9yOh3dgRdCHU2jIWzEu0iP5Lyt4vDnzUCTgbgq0up1s1U=
-----END CERTIFICATE-----
Generated at Mon Apr 14 18:47:37 2025 by rpki-client