Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/QtP4ydWzOVpWd6In3-HOPqmgSJY.roa
File: QtP4ydWzOVpWd6In3-HOPqmgSJY.roa (raw, json)
Hash identifier: sJW5HAWdgfP+Dm2yolI9KWaDKMC09MhynNO9K6c5vp0=
Subject key identifier: 42:D3:F8:C9:D5:B3:39:5A:56:77:A2:27:DF:E1:CE:3E:A9:A0:48:96
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5283
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QtP4ydWzOVpWd6In3-HOPqmgSJY.roa
Signing time: Wed 08 May 2024 14:23:57 +0000
ROA not before: Wed 08 May 2024 14:23:57 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21123 (0x5283)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 8 14:23:57 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=42D3F8C9D5B3395A5677A227DFE1CE3EA9A04896
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:c2:0e:3b:6a:24:61:75:da:43:b9:e6:8a:17:
41:a7:6d:46:25:84:dd:aa:7e:d1:4b:99:af:bd:7d:
f1:8b:de:c3:38:80:44:cc:e0:f8:66:8a:e9:21:1e:
d1:53:66:8d:40:cf:4a:8f:b6:35:59:0d:90:fe:b1:
5a:0d:33:2d:db:09:12:b4:1b:b3:ad:e7:33:d2:cd:
90:5c:ae:7a:61:89:5a:ba:8a:00:10:18:81:f6:8f:
a3:ef:67:6a:2d:c7:61:fd:71:5d:6b:4e:ae:37:25:
61:3f:c7:cf:07:cf:81:ec:52:47:d0:b9:1f:f2:03:
7e:1d:d9:ff:57:7c:5f:de:4b:b1:df:1d:ad:70:ac:
78:02:0c:cf:0c:13:58:48:84:a7:ac:08:df:d2:82:
61:06:7a:bc:8c:ef:5e:3b:6d:bc:72:c2:92:df:84:
1e:f1:bd:d8:1e:c9:d0:5b:95:ad:61:3a:4b:9d:c2:
31:88:9a:95:7f:76:10:f0:d1:ad:b6:a0:ef:69:86:
03:1e:e5:a3:d7:75:74:bb:5c:c2:90:1c:87:7e:e8:
b8:01:5d:61:3a:d5:74:d8:7c:bb:73:23:46:81:d8:
6b:e3:3b:02:17:7b:d0:26:e6:a1:4f:a8:c3:36:48:
cd:ed:00:d7:ed:b5:6a:50:85:ce:df:bf:0e:0a:72:
7f:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:D3:F8:C9:D5:B3:39:5A:56:77:A2:27:DF:E1:CE:3E:A9:A0:48:96
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QtP4ydWzOVpWd6In3-HOPqmgSJY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
68:ff:8f:da:16:8d:23:d1:fc:76:bb:5d:6d:31:94:92:1b:b8:
7a:2e:4c:62:c2:5d:c9:4c:28:21:09:76:84:c8:47:83:50:d8:
39:a1:24:51:1e:fe:2d:15:03:1b:3b:02:ee:6a:52:57:6a:ac:
0c:c3:d7:06:37:83:1e:cd:71:58:60:47:08:bf:1e:ba:a0:51:
42:28:ba:04:15:90:fc:64:95:d9:bd:72:7f:c3:31:b3:c5:21:
8a:5c:d0:10:ed:5e:8d:4c:20:48:e4:c2:cc:89:1e:2e:e4:1a:
65:31:48:23:1f:37:ef:50:3d:6c:6c:90:72:11:79:1e:c6:e1:
e4:24:37:ce:68:84:6d:13:0b:d8:df:35:49:6d:15:57:c9:f8:
60:75:c4:70:02:6d:18:92:fd:92:57:a0:37:fb:09:d3:80:59:
5f:76:bb:b3:42:8d:c9:c7:2f:a0:2b:2c:88:58:05:2b:d4:e5:
a4:8a:b4:84:35:8e:8c:6f:fa:58:e1:54:42:b5:73:15:3f:cb:
d2:50:34:6c:05:8e:69:e3:a8:b0:ce:ae:6f:be:2d:13:56:dc:
94:3c:14:60:5f:5a:51:4e:0e:55:03:04:b5:c1:fc:d8:4b:14:
45:b0:af:c0:54:bd:4c:82:1e:d6:63:74:1f:4d:0e:45:c2:42:
29:12:9b:ad
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICUoMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDgx
NDIzNTdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQyRDNGOEM5RDVCMzM5
NUE1Njc3QTIyN0RGRTFDRTNFQTlBMDQ4OTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2wg47aiRhddpDueaKF0GnbUYlhN2qftFLma+9ffGL3sM4gETM
4PhmiukhHtFTZo1Az0qPtjVZDZD+sVoNMy3bCRK0G7Ot5zPSzZBcrnphiVq6igAQ
GIH2j6PvZ2otx2H9cV1rTq43JWE/x88Hz4HsUkfQuR/yA34d2f9XfF/eS7HfHa1w
rHgCDM8ME1hIhKesCN/SgmEGeryM7147bbxywpLfhB7xvdgeydBbla1hOkudwjGI
mpV/dhDw0a22oO9phgMe5aPXdXS7XMKQHId+6LgBXWE61XTYfLtzI0aB2GvjOwIX
e9Am5qFPqMM2SM3tANfttWpQhc7fvw4Kcn9/AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUQtP4ydWzOVpWd6In3+HOPqmgSJYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1F0UDR5ZFd6T1ZwV2Q2
SW4zLUhPUHFtZ1NKWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAGj/j9oWjSPR/Ha7XW0xlJIbuHouTGLC
XclMKCEJdoTIR4NQ2DmhJFEe/i0VAxs7Au5qUldqrAzD1wY3gx7NcVhgRwi/Hrqg
UUIougQVkPxkldm9cn/DMbPFIYpc0BDtXo1MIEjkwsyJHi7kGmUxSCMfN+9QPWxs
kHIReR7G4eQkN85ohG0TC9jfNUltFVfJ+GB1xHACbRiS/ZJXoDf7CdOAWV92u7NC
jcnHL6ArLIhYBSvU5aSKtIQ1joxv+ljhVEK1cxU/y9JQNGwFjmnjqLDOrm++LRNW
3JQ8FGBfWlFODlUDBLXB/NhLFEWwr8BUvUyCHtZjdB9NDkXCQikSm60=
-----END CERTIFICATE-----
Generated at Sat May 17 19:42:10 2025 by rpki-client