Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/661sp45GEO0U37d-ffJ4ypFPnFA.roa
File: 661sp45GEO0U37d-ffJ4ypFPnFA.roa (raw, json)
Hash identifier: ZO8t4rjiViE7DhhbWqAgizgxhrLmveT8dybDak2SXN4=
Subject key identifier: EB:AD:6C:A7:8E:46:10:ED:14:DF:B7:7E:7D:F2:78:CA:91:4F:9C:50
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3BC3
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/661sp45GEO0U37d-ffJ4ypFPnFA.roa
Signing time: Mon 08 Apr 2024 06:22:38 +0000
ROA not before: Mon 08 Apr 2024 06:22:38 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15299 (0x3bc3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 8 06:22:38 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=EBAD6CA78E4610ED14DFB77E7DF278CA914F9C50
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:73:d9:ee:c9:a6:00:be:ce:fa:5f:f8:41:04:
74:00:59:42:ab:f0:69:c7:a6:04:39:76:88:fd:58:
96:15:17:dd:2c:b1:d4:fd:d5:eb:66:33:16:b5:a2:
98:e2:f6:47:d3:26:96:a0:dc:ba:22:75:8e:65:59:
0a:53:a4:74:63:15:61:50:cf:df:d6:1c:7c:a7:6b:
03:a4:aa:73:54:85:50:50:37:26:89:56:08:5d:b1:
d2:81:f8:95:99:de:d9:8f:c3:35:ba:de:44:dd:95:
84:88:64:36:88:5a:09:a2:29:40:ae:c2:6c:27:05:
bd:28:b3:dd:96:3c:e6:d8:23:4e:11:8c:33:14:47:
4a:3c:e9:06:55:de:14:be:b5:b7:7c:e4:b0:58:8f:
c8:a7:fa:0a:a3:1a:77:f7:84:92:07:bf:2a:d4:a4:
59:02:03:b7:59:cb:cd:ee:2f:72:49:17:b0:a4:f3:
52:14:84:53:23:f9:aa:51:15:c5:56:b7:49:b3:be:
32:e2:fe:ca:6c:8f:8c:aa:6c:72:f6:f2:e4:47:ca:
01:68:eb:5e:18:0d:0e:ce:2e:a6:6f:3a:77:2b:bd:
88:82:57:03:7d:4c:d3:57:9e:69:be:f1:7b:5a:6f:
b0:73:22:7d:f6:48:d9:b3:6c:ad:45:2d:d0:4f:35:
09:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EB:AD:6C:A7:8E:46:10:ED:14:DF:B7:7E:7D:F2:78:CA:91:4F:9C:50
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/661sp45GEO0U37d-ffJ4ypFPnFA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
15:66:9a:f3:5f:fc:87:9b:79:70:0d:e1:ae:57:00:8d:70:3f:
e6:a6:0a:13:93:16:1c:79:ba:46:ca:e0:df:6e:68:da:c7:71:
b3:5b:95:1f:ee:a6:db:88:e2:20:75:24:6f:4b:f9:61:08:ac:
eb:e1:df:17:9b:c5:76:89:73:5a:63:65:fe:d0:be:4d:d6:c5:
07:c0:e5:3b:5d:6a:ac:1b:f5:6d:89:19:5a:5e:c4:b9:23:02:
f3:41:74:58:df:77:8a:5c:90:a1:e5:90:07:e3:0b:ab:42:e1:
3d:e2:a4:6d:36:d3:66:77:4b:ff:82:ed:82:06:a5:02:c0:43:
89:07:59:32:26:4e:f9:dd:46:eb:a1:a8:f2:45:7f:b3:48:b3:
53:72:b0:51:a5:de:5a:c2:d8:b7:78:a6:a1:e5:76:7e:fe:a0:
cf:6a:ef:28:b2:80:39:1d:8f:ac:fe:17:2e:bf:c4:22:69:2e:
3f:5f:20:a9:f7:98:50:4d:e8:ac:76:34:a7:2e:9e:13:72:e6:
98:9a:34:e5:a5:02:0e:45:1c:86:49:71:b0:e1:54:01:a0:41:
02:4e:1f:f0:38:f3:fa:e0:c4:cc:a2:04:f2:10:e6:6d:f7:92:
8e:5b:3b:f0:bf:fb:c5:31:c0:a5:25:8c:ce:66:70:3d:ab:7e:
1c:df:c5:94
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICO8MwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDgw
NjIyMzhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEVCQUQ2Q0E3OEU0NjEw
RUQxNERGQjc3RTdERjI3OENBOTE0RjlDNTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7c9nuyaYAvs76X/hBBHQAWUKr8GnHpgQ5doj9WJYVF90ssdT9
1etmMxa1opji9kfTJpag3LoidY5lWQpTpHRjFWFQz9/WHHynawOkqnNUhVBQNyaJ
VghdsdKB+JWZ3tmPwzW63kTdlYSIZDaIWgmiKUCuwmwnBb0os92WPObYI04RjDMU
R0o86QZV3hS+tbd85LBYj8in+gqjGnf3hJIHvyrUpFkCA7dZy83uL3JJF7Ck81IU
hFMj+apRFcVWt0mzvjLi/spsj4yqbHL28uRHygFo614YDQ7OLqZvOncrvYiCVwN9
TNNXnmm+8Xtab7BzIn32SNmzbK1FLdBPNQmLAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU661sp45GEO0U37d+ffJ4ypFPnFAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzY2MXNwNDVHRU8wVTM3
ZC1mZko0eXBGUG5GQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBABVmmvNf/IebeXAN4a5XAI1wP+amChOT
Fhx5ukbK4N9uaNrHcbNblR/uptuI4iB1JG9L+WEIrOvh3xebxXaJc1pjZf7Qvk3W
xQfA5Ttdaqwb9W2JGVpexLkjAvNBdFjfd4pckKHlkAfjC6tC4T3ipG0202Z3S/+C
7YIGpQLAQ4kHWTImTvndRuuhqPJFf7NIs1NysFGl3lrC2Ld4pqHldn7+oM9q7yiy
gDkdj6z+Fy6/xCJpLj9fIKn3mFBN6Kx2NKcunhNy5piaNOWlAg5FHIZJcbDhVAGg
QQJOH/A48/rgxMyiBPIQ5m33ko5bO/C/+8UxwKUljM5mcD2rfhzfxZQ=
-----END CERTIFICATE-----
Generated at Mon Apr 8 12:58:56 2024 by rpki-client on console.sobornost.net