Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/qLHRm8NmEZ-Q8nSM4AuPIwR5-UU.roa
File: qLHRm8NmEZ-Q8nSM4AuPIwR5-UU.roa (raw, json)
Hash identifier: 65FmP/Qn/0S78sRipG7AIr0G9AyilvrweXfYD3CgY6M=
Subject key identifier: A8:B1:D1:9B:C3:66:11:9F:90:F2:74:8C:E0:0B:8F:23:04:79:F9:45
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3E53
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qLHRm8NmEZ-Q8nSM4AuPIwR5-UU.roa
Signing time: Thu 11 Apr 2024 16:22:47 +0000
ROA not before: Thu 11 Apr 2024 16:22:47 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15955 (0x3e53)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 11 16:22:47 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A8B1D19BC366119F90F2748CE00B8F230479F945
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:de:22:fe:21:2c:8d:cd:08:f3:5c:4b:ce:2b:
1f:01:c8:67:76:28:e4:2c:9a:72:e0:0d:42:f7:c6:
c2:1f:4f:94:9d:bd:1d:32:b8:ea:4a:f1:80:82:c3:
45:de:f0:10:d7:d1:24:62:2e:5a:13:97:be:e2:d2:
c8:65:38:b4:16:96:2d:69:1c:92:71:94:92:24:86:
06:10:f4:d8:56:09:1c:7c:e2:8e:67:29:ae:1d:62:
7e:38:c9:b0:db:ac:60:5f:e9:44:c9:00:f3:58:fb:
4d:ea:af:a5:e0:37:df:01:2f:21:ca:88:8d:04:79:
83:6c:48:a3:d7:61:6b:6a:72:15:7a:d8:9b:8e:ef:
bc:71:f1:2f:d1:4e:50:ec:cf:ca:9b:fc:1c:a6:f6:
02:08:d5:1f:5e:01:91:f1:28:1a:97:ce:5f:70:95:
76:68:39:8f:a6:28:a3:13:10:22:53:31:8e:b6:b0:
bf:34:5e:30:c3:02:8d:c0:c9:d9:4f:e3:87:ed:52:
ec:05:8a:3a:da:18:3b:6e:e4:ae:25:ef:f3:7a:cc:
06:bf:80:79:aa:d6:2a:96:83:5f:84:ea:ad:62:24:
0b:4c:79:d7:be:2f:e9:5b:4f:98:11:8b:f2:d0:31:
17:9e:1e:1a:3a:d4:be:ef:84:6f:74:94:4d:30:17:
fd:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:B1:D1:9B:C3:66:11:9F:90:F2:74:8C:E0:0B:8F:23:04:79:F9:45
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qLHRm8NmEZ-Q8nSM4AuPIwR5-UU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
b4:1b:b5:59:8b:f1:ed:d5:6b:34:8c:a8:a5:f7:e8:ea:1a:18:
62:35:73:f3:fd:8e:86:b5:b1:de:bf:c7:8f:59:11:81:ec:28:
3f:bd:e4:c8:29:b4:1c:47:82:0d:ad:28:33:e3:ed:2a:c3:5a:
67:e2:65:8e:01:a1:2d:86:68:3e:67:da:28:44:cf:5b:e9:c9:
bc:3b:b0:b9:83:1d:e2:7a:0a:50:6b:51:b9:d8:47:77:0b:a3:
f1:c9:97:6d:2a:0e:1a:83:80:03:67:c5:ef:4b:4b:8b:9a:07:
f7:df:cd:ce:b0:91:05:fb:20:7f:bc:01:18:81:71:c4:47:3a:
1c:71:ce:57:27:67:c9:f4:7c:59:fe:f6:59:6a:31:2c:3a:37:
97:67:ca:7e:fa:2f:d5:2b:26:a0:be:2c:fb:53:19:96:89:5b:
42:ce:a7:47:25:cc:3d:63:6f:94:28:5c:90:93:08:1f:d7:18:
a0:ba:79:27:26:0a:4a:84:82:ed:05:d9:af:29:7a:e0:68:8d:
39:cc:fd:bc:4d:42:af:9d:6e:40:35:a2:bc:ac:f4:83:11:8f:
0d:14:64:87:5b:df:e7:4f:f2:1d:91:0b:6d:ba:fa:c3:31:20:
4a:ac:83:14:4f:d3:b6:74:30:ae:a2:8b:8d:f0:97:f1:53:4c:
e5:8f:d3:d5
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICPlMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTEx
NjIyNDdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEE4QjFEMTlCQzM2NjEx
OUY5MEYyNzQ4Q0UwMEI4RjIzMDQ3OUY5NDUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDI3iL+ISyNzQjzXEvOKx8ByGd2KOQsmnLgDUL3xsIfT5SdvR0y
uOpK8YCCw0Xe8BDX0SRiLloTl77i0shlOLQWli1pHJJxlJIkhgYQ9NhWCRx84o5n
Ka4dYn44ybDbrGBf6UTJAPNY+03qr6XgN98BLyHKiI0EeYNsSKPXYWtqchV62JuO
77xx8S/RTlDsz8qb/Bym9gII1R9eAZHxKBqXzl9wlXZoOY+mKKMTECJTMY62sL80
XjDDAo3AydlP44ftUuwFijraGDtu5K4l7/N6zAa/gHmq1iqWg1+E6q1iJAtMede+
L+lbT5gRi/LQMReeHho61L7vhG90lE0wF/03AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUqLHRm8NmEZ+Q8nSM4AuPIwR5+UUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3FMSFJtOE5tRVotUThu
U000QXVQSXdSNS1VVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBALQbtVmL8e3VazSMqKX36OoaGGI1c/P9
joa1sd6/x49ZEYHsKD+95MgptBxHgg2tKDPj7SrDWmfiZY4BoS2GaD5n2ihEz1vp
ybw7sLmDHeJ6ClBrUbnYR3cLo/HJl20qDhqDgANnxe9LS4uaB/ffzc6wkQX7IH+8
ARiBccRHOhxxzlcnZ8n0fFn+9llqMSw6N5dnyn76L9UrJqC+LPtTGZaJW0LOp0cl
zD1jb5QoXJCTCB/XGKC6eScmCkqEgu0F2a8peuBojTnM/bxNQq+dbkA1orys9IMR
jw0UZIdb3+dP8h2RC226+sMxIEqsgxRP07Z0MK6ii43wl/FTTOWP09U=
-----END CERTIFICATE-----
Generated at Sun May 18 04:49:54 2025 by rpki-client