Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/2e0CBSL1DtLNvZxPCerNmUzgmC0.roa
File: 2e0CBSL1DtLNvZxPCerNmUzgmC0.roa (raw, json)
Hash identifier: PqE/9yT3M7xJHzk4Gn9VPemCnhQ1mTSfg2F4dI+rkf8=
Subject key identifier: D9:ED:02:05:22:F5:0E:D2:CD:BD:9C:4F:09:EA:CD:99:4C:E0:98:2D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 45F7
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2e0CBSL1DtLNvZxPCerNmUzgmC0.roa
Signing time: Sun 21 Apr 2024 20:53:07 +0000
ROA not before: Sun 21 Apr 2024 20:53:07 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17911 (0x45f7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 21 20:53:07 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D9ED020522F50ED2CDBD9C4F09EACD994CE0982D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:d9:fc:a3:97:52:6b:2e:fb:3c:8a:12:6f:9c:
14:16:00:ae:01:e5:9b:45:40:26:2b:43:e6:82:c1:
56:07:a1:12:0c:3b:0e:83:5b:62:e4:07:41:ac:b6:
82:0f:99:26:35:72:3a:29:07:b1:ce:8d:3c:65:c2:
86:f9:ae:0b:25:77:7e:c5:41:6b:76:60:0a:00:4e:
8b:75:dd:50:0b:96:ac:9f:9b:c0:4c:34:b2:70:ad:
cf:76:ea:04:09:a3:0e:96:b4:e7:70:3e:a7:a4:6b:
fb:ec:bb:33:66:9f:ac:a4:58:de:86:9c:a0:3a:85:
e2:24:7c:79:a7:70:28:d6:2e:37:15:d5:83:5e:a6:
65:92:c4:e2:1a:12:c4:34:39:ed:ee:fa:01:fd:44:
09:66:b3:89:ba:c0:5a:c2:8c:61:ba:8e:c1:85:98:
33:b5:c8:9f:63:0c:49:45:d5:e0:7f:a4:fd:b8:7d:
8d:e5:a9:95:21:8f:0d:d3:b5:92:07:f6:83:2a:23:
5c:4a:a0:7b:1e:f3:55:d7:d9:73:a4:1d:5d:4f:ae:
28:e0:6c:f4:5b:cb:97:66:68:a9:d1:e7:28:9f:50:
fa:13:0b:eb:62:99:51:f2:60:4c:22:69:f9:ab:64:
ac:66:e8:8e:d7:ba:c8:5e:e7:e5:60:e2:90:56:04:
fb:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:ED:02:05:22:F5:0E:D2:CD:BD:9C:4F:09:EA:CD:99:4C:E0:98:2D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2e0CBSL1DtLNvZxPCerNmUzgmC0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
20:db:79:ac:1b:c4:de:c7:c5:19:5b:8b:14:b3:33:ca:67:a8:
b5:d4:05:8e:08:e5:6e:78:56:b1:a9:74:f5:07:ec:26:6c:57:
a4:11:85:16:bc:ac:18:cf:65:95:e8:fe:50:7c:fa:6c:8b:d6:
ba:4e:12:eb:bb:69:22:a7:73:54:66:8f:1e:53:5b:18:bf:f0:
62:31:06:85:12:b7:9b:b0:22:e2:88:9c:cf:c7:fe:06:93:7e:
c6:86:15:b8:90:40:31:a7:eb:68:fc:99:af:68:ef:09:fd:af:
11:fa:60:70:7b:0c:a5:f9:ef:25:6a:8d:7f:9d:e1:bb:1c:c8:
dd:db:03:3c:80:4e:91:ec:aa:a3:9c:61:cb:90:b4:4a:ab:5e:
d3:8b:22:28:61:29:c3:6e:66:b9:0b:23:0a:38:58:1c:e7:ea:
e5:68:37:15:3b:19:09:cd:c5:0e:e2:f0:8e:6a:62:ce:ef:df:
a8:19:56:4f:3c:ed:41:83:fe:f0:4a:5a:83:31:7b:dc:25:0a:
16:f7:90:ed:0a:a5:25:54:c3:59:1b:d1:95:99:9d:05:30:8f:
ce:21:19:ad:25:0c:39:0b:7c:9b:fd:92:8e:54:40:bd:94:3f:
04:de:46:99:0f:a1:15:09:98:7b:d1:ef:c8:e5:3e:ed:04:a6:
27:fa:d0:86
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICRfcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjEy
MDUzMDdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQ5RUQwMjA1MjJGNTBF
RDJDREJEOUM0RjA5RUFDRDk5NENFMDk4MkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCe2fyjl1JrLvs8ihJvnBQWAK4B5ZtFQCYrQ+aCwVYHoRIMOw6D
W2LkB0GstoIPmSY1cjopB7HOjTxlwob5rgsld37FQWt2YAoATot13VALlqyfm8BM
NLJwrc926gQJow6WtOdwPqeka/vsuzNmn6ykWN6GnKA6heIkfHmncCjWLjcV1YNe
pmWSxOIaEsQ0Oe3u+gH9RAlms4m6wFrCjGG6jsGFmDO1yJ9jDElF1eB/pP24fY3l
qZUhjw3TtZIH9oMqI1xKoHse81XX2XOkHV1PrijgbPRby5dmaKnR5yifUPoTC+ti
mVHyYEwiafmrZKxm6I7Xushe5+Vg4pBWBPsrAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU2e0CBSL1DtLNvZxPCerNmUzgmC0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzJlMENCU0wxRHRMTnZa
eFBDZXJObVV6Z21DMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBACDbeawbxN7HxRlbixSzM8pnqLXUBY4I
5W54VrGpdPUH7CZsV6QRhRa8rBjPZZXo/lB8+myL1rpOEuu7aSKnc1Rmjx5TWxi/
8GIxBoUSt5uwIuKInM/H/gaTfsaGFbiQQDGn62j8ma9o7wn9rxH6YHB7DKX57yVq
jX+d4bscyN3bAzyATpHsqqOcYcuQtEqrXtOLIihhKcNuZrkLIwo4WBzn6uVoNxU7
GQnNxQ7i8I5qYs7v36gZVk887UGD/vBKWoMxe9wlChb3kO0KpSVUw1kb0ZWZnQUw
j84hGa0lDDkLfJv9ko5UQL2UPwTeRpkPoRUJmHvR78jlPu0Epif60IY=
-----END CERTIFICATE-----
Generated at Mon Apr 22 01:44:00 2024 by rpki-client on console.sobornost.net