Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/3EO_KaEM5OAudPrJBiBW2YNLrtE.roa
File: 3EO_KaEM5OAudPrJBiBW2YNLrtE.roa (raw, json)
Hash identifier: 0uqFYy2jAIAcYprtQaY8hpOkNW6RnksdLRrszL11Vt0=
Subject key identifier: DC:43:BF:29:A1:0C:E4:E0:2E:74:FA:C9:06:20:56:D9:83:4B:AE:D1
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 45C3
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3EO_KaEM5OAudPrJBiBW2YNLrtE.roa
Signing time: Sun 21 Apr 2024 14:23:08 +0000
ROA not before: Sun 21 Apr 2024 14:23:08 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17859 (0x45c3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 21 14:23:08 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=DC43BF29A10CE4E02E74FAC9062056D9834BAED1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:07:4f:fa:44:68:41:bf:18:1b:0e:8b:93:a9:
40:64:15:c3:45:b9:73:71:0e:65:d3:22:d8:34:33:
58:ab:20:68:69:38:a2:ec:c3:48:a9:0a:3d:49:f1:
9f:7b:b9:db:65:d8:f5:5d:90:0e:b5:b8:48:97:69:
31:e6:63:21:4d:83:98:38:ab:99:22:9c:e3:63:55:
f4:7b:58:ec:cc:38:d0:a1:ae:17:dd:3f:a9:8a:b2:
7a:d7:a3:f1:88:6c:69:46:00:35:92:77:79:70:35:
ee:3c:84:90:fd:4c:e2:c2:fe:20:21:3d:82:93:15:
d0:0b:a1:f8:1f:78:82:74:6c:08:b5:9e:82:84:00:
83:81:4d:40:9f:27:3d:ef:79:fd:29:e2:92:f1:f7:
89:72:87:d7:8f:a0:a8:e6:0d:8f:48:da:6b:d4:97:
0a:ca:5d:00:ff:4b:66:e4:62:39:59:bb:41:97:6e:
c7:e7:90:70:f6:97:13:d4:d8:c0:b7:10:53:7d:3f:
de:d2:3a:52:64:77:2e:c2:aa:97:48:14:84:77:97:
a9:52:e6:6c:05:63:a9:b4:3f:eb:83:16:1b:fd:07:
90:53:e3:f1:ab:83:ca:cd:f3:b9:76:94:72:87:7e:
e6:11:f2:49:30:5b:49:9a:a5:cf:76:c8:b2:4f:2c:
28:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:43:BF:29:A1:0C:E4:E0:2E:74:FA:C9:06:20:56:D9:83:4B:AE:D1
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3EO_KaEM5OAudPrJBiBW2YNLrtE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
0b:ba:7c:38:d9:9f:40:39:0c:39:cc:9f:17:13:d0:6f:d9:ee:
b4:e6:89:e0:12:e0:d5:5f:2c:bf:77:41:df:dc:bd:89:3b:0e:
0c:84:e5:04:88:0a:98:30:31:1a:8d:17:80:49:30:28:28:59:
e1:16:0f:72:78:b0:22:ea:c6:54:a5:8a:26:c9:5b:a3:fe:c8:
f8:5a:a6:53:6f:5d:70:1d:4f:b0:ee:f2:d8:a8:ac:9c:95:ab:
a9:f2:38:e2:95:cf:a2:a4:17:f0:58:d6:46:59:30:c5:de:54:
42:83:cd:3e:b3:07:94:df:15:85:1e:fa:e5:b2:22:12:67:25:
6e:91:a6:f9:cc:c1:5e:23:95:ab:6f:61:bd:47:92:59:05:cb:
d3:d1:b0:8c:37:96:57:d1:5a:22:b6:5d:a7:6b:72:ba:bc:eb:
51:66:0f:c4:bc:90:1c:c6:80:c4:26:07:0f:8a:ef:e4:42:7b:
8c:85:92:75:e3:63:5e:07:d6:ce:88:2e:b4:2a:7d:fb:63:c0:
aa:f0:bb:c9:14:92:40:57:14:92:af:61:5b:e0:b6:91:d8:c2:
95:24:55:d5:83:83:9a:59:24:9e:9d:67:6f:40:39:7e:59:39:
cc:2c:ab:5b:84:ae:65:e5:6e:95:b1:4b:08:02:77:cd:ba:dd:
ab:00:ec:0d
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICRcMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjEx
NDIzMDhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKERDNDNCRjI5QTEwQ0U0
RTAyRTc0RkFDOTA2MjA1NkQ5ODM0QkFFRDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/B0/6RGhBvxgbDouTqUBkFcNFuXNxDmXTItg0M1irIGhpOKLs
w0ipCj1J8Z97udtl2PVdkA61uEiXaTHmYyFNg5g4q5kinONjVfR7WOzMONChrhfd
P6mKsnrXo/GIbGlGADWSd3lwNe48hJD9TOLC/iAhPYKTFdALofgfeIJ0bAi1noKE
AIOBTUCfJz3vef0p4pLx94lyh9ePoKjmDY9I2mvUlwrKXQD/S2bkYjlZu0GXbsfn
kHD2lxPU2MC3EFN9P97SOlJkdy7CqpdIFIR3l6lS5mwFY6m0P+uDFhv9B5BT4/Gr
g8rN87l2lHKHfuYR8kkwW0mapc92yLJPLChhAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU3EO/KaEM5OAudPrJBiBW2YNLrtEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzNFT19LYUVNNU9BdWRQ
ckpCaUJXMllOTHJ0RS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAAu6fDjZn0A5DDnMnxcT0G/Z7rTmieAS
4NVfLL93Qd/cvYk7DgyE5QSICpgwMRqNF4BJMCgoWeEWD3J4sCLqxlSliibJW6P+
yPhaplNvXXAdT7Du8tiorJyVq6nyOOKVz6KkF/BY1kZZMMXeVEKDzT6zB5TfFYUe
+uWyIhJnJW6RpvnMwV4jlatvYb1HklkFy9PRsIw3llfRWiK2Xadrcrq861FmD8S8
kBzGgMQmBw+K7+RCe4yFknXjY14H1s6ILrQqfftjwKrwu8kUkkBXFJKvYVvgtpHY
wpUkVdWDg5pZJJ6dZ29AOX5ZOcwsq1uErmXlbpWxSwgCd8263asA7A0=
-----END CERTIFICATE-----
Generated at Sun Apr 21 19:48:16 2024 by rpki-client on console.sobornost.net