Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/q40i_Y8c00mYtrjllJSGML0GPrI.roa
File: q40i_Y8c00mYtrjllJSGML0GPrI.roa (raw, json)
Hash identifier: KMsu+TLVwyNGpDESSpCcnJUjAN9Crf6b+kWlnmAYboA=
Subject key identifier: AB:8D:22:FD:8F:1C:D3:49:98:B6:B8:E5:94:94:86:30:BD:06:3E:B2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 338B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/q40i_Y8c00mYtrjllJSGML0GPrI.roa
Signing time: Thu 28 Mar 2024 07:22:05 +0000
ROA not before: Thu 28 Mar 2024 07:22:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13195 (0x338b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 28 07:22:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=AB8D22FD8F1CD34998B6B8E594948630BD063EB2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:5c:d3:f6:34:06:81:96:1a:b1:d9:fe:ae:75:
6a:b6:20:79:a2:9a:f8:2c:7a:3b:de:19:92:37:7d:
f6:97:26:5b:dd:56:98:b3:c2:e6:bb:33:ea:bd:21:
ca:7f:30:3f:08:86:31:d3:1b:ee:7f:6f:43:c9:fa:
e6:97:c4:d6:1e:be:ef:3f:b1:15:f6:9c:03:ac:b3:
a0:20:f3:a0:2c:64:06:8b:f9:8b:25:67:d9:51:02:
ee:99:2e:94:04:55:07:45:77:d0:05:94:5f:f3:89:
52:69:b8:16:df:f8:ae:3d:76:08:51:ac:d4:bc:2b:
c0:e7:3b:6f:65:8f:af:a3:de:db:e2:f9:cb:2a:e3:
58:97:f2:c6:8f:ea:e2:c0:84:85:7e:7e:3a:52:6f:
5d:32:d0:26:0d:06:3a:99:ea:68:16:c8:66:9a:97:
e4:a3:02:9b:f7:46:df:43:98:c7:ed:f3:55:5a:ca:
23:a0:c7:7f:d4:f3:a8:69:72:7a:4b:17:86:46:be:
b1:9a:cf:19:68:b3:f9:fc:84:51:69:9d:68:ba:41:
d2:c1:78:98:36:7b:42:ed:aa:3a:e7:70:05:c2:fc:
92:f5:a6:3a:24:6e:df:42:73:9a:83:1b:1d:8f:0f:
ae:b5:3a:ad:df:69:89:cd:8f:9f:4b:c5:c5:ae:b6:
85:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:8D:22:FD:8F:1C:D3:49:98:B6:B8:E5:94:94:86:30:BD:06:3E:B2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/q40i_Y8c00mYtrjllJSGML0GPrI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
78:dd:93:d5:60:64:ff:92:28:ad:5d:8d:f7:c9:bf:ad:be:46:
f3:d1:31:23:c6:a7:a6:36:67:93:32:78:ac:7b:ce:25:71:e3:
01:93:c0:3b:1f:17:2b:6a:32:20:0e:1b:77:78:6b:26:f7:d4:
db:5c:d5:9c:c2:cd:d2:db:21:73:74:d3:b2:db:0f:c0:b2:f8:
bf:da:9b:21:36:2a:17:bb:77:08:cf:c6:d4:ab:2c:d6:ac:6b:
83:78:6f:38:c1:ec:de:91:bb:53:de:0c:a2:e5:0f:83:86:57:
1b:4b:cf:07:c4:0a:af:1b:31:12:e3:bf:81:fb:c4:16:02:e6:
71:9c:30:5c:e2:a2:22:22:80:5a:47:3b:d7:27:22:45:45:65:
d6:07:06:51:9d:fd:cc:af:0e:98:25:ac:08:8e:8b:34:48:42:
57:50:6f:ce:56:9a:27:e2:dc:39:07:b9:a7:86:81:29:9c:19:
d7:1f:f1:fe:c3:79:79:fe:90:ef:bd:39:66:a0:39:44:8f:b0:
2c:57:00:18:e3:b7:fa:22:fc:ec:c6:37:75:39:56:64:6e:11:
e6:3d:e1:50:43:65:73:65:95:61:e5:51:dd:e2:5b:13:38:d9:
a0:32:92:ab:8c:7a:64:55:29:25:2e:de:17:49:3d:2b:51:b5:
ab:0e:8a:ac
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICM4swDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjgw
NzIyMDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFCOEQyMkZEOEYxQ0Qz
NDk5OEI2QjhFNTk0OTQ4NjMwQkQwNjNFQjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKXNP2NAaBlhqx2f6udWq2IHmimvgsejveGZI3ffaXJlvdVpiz
wua7M+q9Icp/MD8IhjHTG+5/b0PJ+uaXxNYevu8/sRX2nAOss6Ag86AsZAaL+Ysl
Z9lRAu6ZLpQEVQdFd9AFlF/ziVJpuBbf+K49dghRrNS8K8DnO29lj6+j3tvi+csq
41iX8saP6uLAhIV+fjpSb10y0CYNBjqZ6mgWyGaal+SjApv3Rt9DmMft81VayiOg
x3/U86hpcnpLF4ZGvrGazxlos/n8hFFpnWi6QdLBeJg2e0LtqjrncAXC/JL1pjok
bt9Cc5qDGx2PD661Oq3faYnNj59LxcWutoWhAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUq40i/Y8c00mYtrjllJSGML0GPrIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3E0MGlfWThjMDBtWXRy
amxsSlNHTUwwR1BySS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAHjdk9VgZP+SKK1djffJv62+RvPRMSPG
p6Y2Z5MyeKx7ziVx4wGTwDsfFytqMiAOG3d4ayb31Ntc1ZzCzdLbIXN007LbD8Cy
+L/amyE2Khe7dwjPxtSrLNasa4N4bzjB7N6Ru1PeDKLlD4OGVxtLzwfECq8bMRLj
v4H7xBYC5nGcMFzioiIigFpHO9cnIkVFZdYHBlGd/cyvDpglrAiOizRIQldQb85W
mifi3DkHuaeGgSmcGdcf8f7DeXn+kO+9OWagOUSPsCxXABjjt/oi/OzGN3U5VmRu
EeY94VBDZXNllWHlUd3iWxM42aAykquMemRVKSUu3hdJPStRtasOiqw=
-----END CERTIFICATE-----
Generated at Fri Apr 18 03:38:43 2025 by rpki-client