Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/QY3fFdGXYwW-dVMw85NOa6MvR3U.roa
File: QY3fFdGXYwW-dVMw85NOa6MvR3U.roa (raw, json)
Hash identifier: spJFNeSFJlfJg1c6LGVP7vyOF+xRTaV1aSIYpveJ3JQ=
Subject key identifier: 41:8D:DF:15:D1:97:63:05:BE:75:53:30:F3:93:4E:6B:A3:2F:47:75
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 41DF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QY3fFdGXYwW-dVMw85NOa6MvR3U.roa
Signing time: Tue 16 Apr 2024 09:52:59 +0000
ROA not before: Tue 16 Apr 2024 09:52:59 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16863 (0x41df)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 16 09:52:59 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=418DDF15D1976305BE755330F3934E6BA32F4775
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:3e:a5:96:6d:35:71:67:7a:39:e4:5a:68:a1:
51:74:6c:16:2b:e4:f7:82:6d:dd:ff:c4:9e:20:e5:
1a:92:58:ea:0e:e9:45:55:25:70:6a:b8:e6:98:34:
18:91:e5:de:59:ec:64:87:1c:20:b5:aa:30:68:7f:
86:18:84:e9:1f:a8:b3:44:d9:84:57:9c:ae:63:1f:
2b:f7:5d:19:4e:fc:c4:29:06:a2:7b:96:b2:4e:21:
69:37:68:a3:2b:51:8e:1a:c5:1f:b2:3d:7a:ad:e4:
05:8b:3b:ed:47:54:d8:77:53:d0:92:ef:73:21:88:
5f:b9:db:3c:3a:0a:12:fc:da:82:07:6c:b2:10:92:
6a:c6:2a:49:a0:94:81:87:da:5f:28:6d:6c:92:ba:
90:89:01:67:d2:2d:df:f2:64:cc:25:60:ba:09:8f:
f7:e5:39:ed:75:3a:ff:22:6a:1d:52:7a:41:c9:82:
ed:63:49:90:fb:a8:3b:61:4a:78:5f:28:f9:63:85:
4c:89:e9:e7:86:82:fe:8c:9a:c1:eb:74:d4:7e:54:
36:df:a1:49:49:d6:84:b9:ed:e8:d4:d3:10:e5:2f:
56:08:7a:38:b2:eb:f2:ff:3f:b2:e3:dc:5f:f3:6a:
48:a1:59:b1:ae:86:97:b0:a8:9c:f0:7f:a1:d4:e1:
da:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:8D:DF:15:D1:97:63:05:BE:75:53:30:F3:93:4E:6B:A3:2F:47:75
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QY3fFdGXYwW-dVMw85NOa6MvR3U.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
76:b9:97:20:9a:5a:cb:5f:e3:a3:37:e0:46:5d:ca:b9:24:78:
30:4b:b3:12:c0:7d:79:85:b3:9e:90:b2:2e:c5:4a:71:22:f0:
07:14:83:5e:80:bc:34:d6:63:15:61:97:f0:ff:bf:cc:53:c4:
08:54:2f:9e:92:78:ec:17:b1:3a:d1:5f:af:a1:c7:95:68:ed:
8e:62:5a:a2:a6:6c:c4:c0:83:bf:83:57:d0:09:23:77:aa:41:
3f:27:f6:6a:74:94:fc:63:79:90:1f:71:d9:62:97:d4:73:29:
fc:a0:c8:40:0b:f1:b6:ef:3f:8d:01:13:05:34:a3:32:ef:3f:
d3:5b:82:7e:ee:43:19:e0:73:ed:7c:ce:5f:8d:9d:e6:77:21:
e7:67:89:00:b6:de:ee:a7:12:b6:f5:8c:9a:91:ed:21:7d:60:
5e:5c:e1:ab:ac:13:6f:cb:5a:15:a4:b4:fe:5c:36:6b:a8:ba:
b9:cd:ff:39:f3:4c:56:14:09:ca:36:74:99:e2:72:32:5c:bc:
96:63:af:67:72:5e:17:03:bf:e9:94:3e:8c:39:84:6b:d9:e4:
a0:4d:72:8d:c4:77:e6:59:6a:2c:72:6f:02:be:e8:26:fe:d6:
4d:60:80:40:e0:82:2f:3e:b1:db:62:2b:54:87:73:91:a0:5c:
f5:6d:99:21
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQd8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTYw
OTUyNTlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQxOERERjE1RDE5NzYz
MDVCRTc1NTMzMEYzOTM0RTZCQTMyRjQ3NzUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFPqWWbTVxZ3o55FpooVF0bBYr5PeCbd3/xJ4g5RqSWOoO6UVV
JXBquOaYNBiR5d5Z7GSHHCC1qjBof4YYhOkfqLNE2YRXnK5jHyv3XRlO/MQpBqJ7
lrJOIWk3aKMrUY4axR+yPXqt5AWLO+1HVNh3U9CS73MhiF+52zw6ChL82oIHbLIQ
kmrGKkmglIGH2l8obWySupCJAWfSLd/yZMwlYLoJj/flOe11Ov8iah1SekHJgu1j
SZD7qDthSnhfKPljhUyJ6eeGgv6MmsHrdNR+VDbfoUlJ1oS57ejU0xDlL1YIejiy
6/L/P7Lj3F/zakihWbGuhpewqJzwf6HU4drdAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUQY3fFdGXYwW+dVMw85NOa6MvR3UwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1FZM2ZGZEdYWXdXLWRW
TXc4NU5PYTZNdlIzVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAHa5lyCaWstf46M34EZdyrkkeDBLsxLA
fXmFs56Qsi7FSnEi8AcUg16AvDTWYxVhl/D/v8xTxAhUL56SeOwXsTrRX6+hx5Vo
7Y5iWqKmbMTAg7+DV9AJI3eqQT8n9mp0lPxjeZAfcdlil9RzKfygyEAL8bbvP40B
EwU0ozLvP9Nbgn7uQxngc+18zl+NneZ3IedniQC23u6nErb1jJqR7SF9YF5c4aus
E2/LWhWktP5cNmuournN/znzTFYUCco2dJnicjJcvJZjr2dyXhcDv+mUPow5hGvZ
5KBNco3Ed+ZZaixybwK+6Cb+1k1ggEDggi8+sdtiK1SHc5GgXPVtmSE=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:36:54 2025 by rpki-client