Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/0y0I8uyyjKU04gg0EuZJNlD_s7I.roa
File: 0y0I8uyyjKU04gg0EuZJNlD_s7I.roa (raw, json)
Hash identifier: gJrfvTUphXZYtzFdKd+4Ylle4JCBhuOu6EkJw/d16XU=
Subject key identifier: D3:2D:08:F2:EC:B2:8C:A5:34:E2:08:34:12:E6:49:36:50:FF:B3:B2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4A5B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0y0I8uyyjKU04gg0EuZJNlD_s7I.roa
Signing time: Sat 27 Apr 2024 17:23:27 +0000
ROA not before: Sat 27 Apr 2024 17:23:27 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19035 (0x4a5b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 27 17:23:27 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D32D08F2ECB28CA534E2083412E6493650FFB3B2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:60:d2:6e:12:76:4f:3d:e1:aa:2f:c7:cb:ce:
49:42:e9:fd:2a:dc:33:c9:72:a4:12:b2:e7:35:cf:
3e:1f:fd:36:ab:8c:99:e1:5c:e9:aa:3a:c0:41:87:
5c:87:5c:7b:fa:6c:29:f7:8d:ef:52:ce:e4:03:7d:
dc:d8:7e:03:b9:53:f5:2a:90:3a:cb:8f:43:e9:11:
63:31:14:51:55:0c:96:03:10:14:e1:9d:4e:06:af:
68:63:70:0c:eb:83:e8:32:62:b3:26:22:2a:15:f8:
a4:3c:58:2f:65:fc:b1:0b:72:f8:03:52:a8:c6:6a:
49:9a:12:00:2f:9d:87:56:5d:80:d3:e8:a8:52:f6:
02:5e:50:db:86:d5:2a:32:3e:ef:7e:a8:18:a7:89:
ae:fa:44:a8:ea:61:1f:7c:f3:4b:1c:18:95:8b:b3:
1b:b6:5e:50:78:53:7c:8f:96:70:49:02:1d:aa:7b:
0b:57:f1:d2:9f:78:4a:1e:7b:b9:20:49:5f:21:92:
4a:75:93:bf:3f:86:77:42:c5:cd:6e:53:08:fb:6a:
28:89:b4:2b:32:53:29:32:12:7d:74:da:01:2a:a0:
8a:c6:16:d7:c8:ac:d5:36:e8:fa:de:44:f6:a3:05:
19:df:5d:c0:13:a6:65:11:b2:e8:5b:53:3b:8e:23:
59:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:2D:08:F2:EC:B2:8C:A5:34:E2:08:34:12:E6:49:36:50:FF:B3:B2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0y0I8uyyjKU04gg0EuZJNlD_s7I.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
6a:86:33:21:d8:01:67:21:97:ec:dc:bb:54:2b:bb:99:67:70:
39:96:d1:d3:bd:d0:73:f9:eb:28:e5:45:9e:1a:21:fe:70:a5:
6b:94:65:2f:83:dc:3f:13:c3:7f:57:a6:41:bb:36:3e:ba:80:
89:b9:c4:db:a8:2b:f2:37:5b:a3:dc:a4:51:ca:c0:ee:04:60:
61:dd:80:c9:19:cf:44:55:21:f5:61:3a:42:08:52:c7:e7:f0:
8e:36:db:4e:10:5c:83:1e:66:4d:5e:d1:b8:8a:1d:04:4d:70:
9c:c4:ac:83:63:09:51:46:e0:67:48:b8:14:cd:4b:77:5e:d4:
ba:84:47:32:b1:2d:28:e9:69:34:a5:0e:37:7a:e4:31:96:bd:
1a:1d:0b:bb:17:b3:42:43:10:af:a8:38:2a:2c:ae:9e:12:94:
e6:de:dd:a3:cc:7c:24:df:4e:36:9a:3c:d3:3c:42:fa:1a:1e:
42:52:33:00:75:0a:e8:1c:d9:c9:c7:cc:e2:ba:83:63:38:58:
19:74:51:28:fb:28:a2:2a:6f:36:5a:97:02:1c:46:23:18:07:
10:9f:f4:1e:4f:01:d6:80:f1:28:a5:15:08:47:52:4d:63:b5:
bb:88:ca:77:ff:e1:80:6c:58:9e:78:6b:d0:ec:4b:87:8f:ac:
ba:bd:d3:61
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICSlswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjcx
NzIzMjdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQzMkQwOEYyRUNCMjhD
QTUzNEUyMDgzNDEyRTY0OTM2NTBGRkIzQjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDGYNJuEnZPPeGqL8fLzklC6f0q3DPJcqQSsuc1zz4f/TarjJnh
XOmqOsBBh1yHXHv6bCn3je9SzuQDfdzYfgO5U/UqkDrLj0PpEWMxFFFVDJYDEBTh
nU4Gr2hjcAzrg+gyYrMmIioV+KQ8WC9l/LELcvgDUqjGakmaEgAvnYdWXYDT6KhS
9gJeUNuG1SoyPu9+qBinia76RKjqYR9880scGJWLsxu2XlB4U3yPlnBJAh2qewtX
8dKfeEoee7kgSV8hkkp1k78/hndCxc1uUwj7aiiJtCsyUykyEn102gEqoIrGFtfI
rNU26PreRPajBRnfXcATpmURsuhbUzuOI1mJAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU0y0I8uyyjKU04gg0EuZJNlD/s7IwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzB5MEk4dXl5aktVMDRn
ZzBFdVpKTmxEX3M3SS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAGqGMyHYAWchl+zcu1Qru5lncDmW0dO9
0HP56yjlRZ4aIf5wpWuUZS+D3D8Tw39XpkG7Nj66gIm5xNuoK/I3W6PcpFHKwO4E
YGHdgMkZz0RVIfVhOkIIUsfn8I42204QXIMeZk1e0biKHQRNcJzErINjCVFG4GdI
uBTNS3de1LqERzKxLSjpaTSlDjd65DGWvRodC7sXs0JDEK+oOCosrp4SlObe3aPM
fCTfTjaaPNM8QvoaHkJSMwB1Cugc2cnHzOK6g2M4WBl0USj7KKIqbzZalwIcRiMY
BxCf9B5PAdaA8SilFQhHUk1jtbuIynf/4YBsWJ54a9DsS4ePrLq902E=
-----END CERTIFICATE-----
Generated at Sat Apr 27 23:07:35 2024 by rpki-client on console.sobornost.net