Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/SQBDlNStpks83B4lPKMZbX9TS6A.roa
File: SQBDlNStpks83B4lPKMZbX9TS6A.roa (raw, json)
Hash identifier: JYnqImAZuSXEyFHkY3ifWQXZjQgpTYZ0WIeXMQY4A6A=
Subject key identifier: 49:00:43:94:D4:AD:A6:4B:3C:DC:1E:25:3C:A3:19:6D:7F:53:4B:A0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5097
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/SQBDlNStpks83B4lPKMZbX9TS6A.roa
Signing time: Mon 06 May 2024 00:54:06 +0000
ROA not before: Mon 06 May 2024 00:54:06 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20631 (0x5097)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 6 00:54:06 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=49004394D4ADA64B3CDC1E253CA3196D7F534BA0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:c0:62:0c:fa:f0:9f:35:7c:e9:91:6b:50:f9:
18:8f:39:1c:7a:97:b8:e9:b3:9a:49:23:da:c3:d0:
15:95:b6:c8:80:04:4a:77:1e:ba:5d:d6:d0:65:7d:
5a:92:0d:60:f8:a7:d0:a5:da:9e:51:0c:be:71:0b:
6e:62:de:fb:02:9f:37:1a:3f:f1:0b:47:0c:45:61:
f0:b8:02:a6:c0:a4:e2:54:5a:10:ec:4f:46:83:b5:
73:59:34:8a:f9:b2:82:f3:53:21:a6:e0:2e:4f:79:
c9:d8:d0:3b:d2:cc:03:78:e0:80:d3:1c:d5:35:21:
81:6f:ef:d7:c6:9c:77:7d:c1:c2:2b:61:e0:53:03:
ce:68:28:48:71:d0:96:e2:aa:02:66:e9:d9:fb:66:
4f:df:e8:da:0c:5d:98:97:f8:45:68:c4:db:f6:29:
83:00:d6:57:e7:45:eb:b5:54:7a:22:bc:22:ec:4e:
bd:00:c2:68:24:e5:31:30:58:35:a3:fe:bf:f6:11:
7f:8f:61:bf:f2:4d:e5:22:4f:ea:3f:20:43:eb:ef:
00:4b:6f:6f:f0:10:72:58:4d:4e:fd:ea:1b:6a:32:
60:67:71:d7:de:eb:84:38:5f:1a:af:1f:3c:43:56:
6f:0f:97:c2:2f:3c:f3:5b:b6:10:6f:b6:69:9a:76:
b9:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:00:43:94:D4:AD:A6:4B:3C:DC:1E:25:3C:A3:19:6D:7F:53:4B:A0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/SQBDlNStpks83B4lPKMZbX9TS6A.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
2d:ba:33:e5:9c:eb:d0:6d:7f:5f:fa:66:43:bd:32:66:10:c4:
6f:f5:e7:09:56:ad:bf:1f:97:86:d5:ec:f8:f4:29:af:5c:51:
8b:4a:e3:26:c8:68:9d:69:3a:25:e1:7e:66:67:b3:4a:4f:84:
6e:f8:33:6c:47:e8:69:60:64:72:cb:69:c0:53:a1:d6:10:4b:
30:4a:1e:77:32:ab:03:ff:b4:71:87:db:e0:5f:e0:fb:9b:26:
88:20:6d:d7:01:b1:0b:a0:33:8f:c1:4f:77:fb:1c:e4:3f:5c:
46:ac:40:cb:53:1a:f9:c8:ba:c3:25:8e:ad:69:2e:7f:74:ff:
ba:b8:9d:f5:7d:c8:dd:56:0c:cb:fd:a9:d5:57:2d:4f:79:ba:
d9:4b:bd:88:13:d3:7b:97:75:56:de:96:7c:59:76:2d:80:85:
89:6e:5c:70:db:c8:2d:a6:9c:a8:fc:7c:8a:46:a9:35:e9:e4:
67:ff:4b:45:a6:06:1d:1e:16:6e:db:b5:fb:53:c9:d4:bf:1c:
cf:be:c5:98:5c:af:32:38:c1:3d:0f:b1:8a:55:62:80:60:f7:
ed:56:f5:cf:12:b9:4b:3f:38:87:50:24:5e:af:52:f1:2c:87:
16:9e:3b:da:b8:11:45:56:f2:2b:4b:39:e1:7e:b0:50:ab:12:
7e:a8:ad:53
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICUJcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDYw
MDU0MDZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQ5MDA0Mzk0RDRBREE2
NEIzQ0RDMUUyNTNDQTMxOTZEN0Y1MzRCQTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCqwGIM+vCfNXzpkWtQ+RiPORx6l7jps5pJI9rD0BWVtsiABEp3
Hrpd1tBlfVqSDWD4p9Cl2p5RDL5xC25i3vsCnzcaP/ELRwxFYfC4AqbApOJUWhDs
T0aDtXNZNIr5soLzUyGm4C5PecnY0DvSzAN44IDTHNU1IYFv79fGnHd9wcIrYeBT
A85oKEhx0JbiqgJm6dn7Zk/f6NoMXZiX+EVoxNv2KYMA1lfnReu1VHoivCLsTr0A
wmgk5TEwWDWj/r/2EX+PYb/yTeUiT+o/IEPr7wBLb2/wEHJYTU796htqMmBncdfe
64Q4XxqvHzxDVm8Pl8IvPPNbthBvtmmadrnHAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUSQBDlNStpks83B4lPKMZbX9TS6AwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1NRQkRsTlN0cGtzODNC
NGxQS01aYlg5VFM2QS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAC26M+Wc69Btf1/6ZkO9MmYQxG/15wlW
rb8fl4bV7Pj0Ka9cUYtK4ybIaJ1pOiXhfmZns0pPhG74M2xH6GlgZHLLacBTodYQ
SzBKHncyqwP/tHGH2+Bf4PubJoggbdcBsQugM4/BT3f7HOQ/XEasQMtTGvnIusMl
jq1pLn90/7q4nfV9yN1WDMv9qdVXLU95utlLvYgT03uXdVbelnxZdi2AhYluXHDb
yC2mnKj8fIpGqTXp5Gf/S0WmBh0eFm7btftTydS/HM++xZhcrzI4wT0PsYpVYoBg
9+1W9c8SuUs/OIdQJF6vUvEshxaeO9q4EUVW8itLOeF+sFCrEn6orVM=
-----END CERTIFICATE-----
Generated at Sat May 17 21:29:12 2025 by rpki-client