Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/7GnXVyOaFcl-Fq5dgtZeYdm_tAo.roa
File: 7GnXVyOaFcl-Fq5dgtZeYdm_tAo.roa (raw, json)
Hash identifier: JCzCK91yCum57sIPTmJXH5pw4bUAGJExGnieZGKawAY=
Subject key identifier: EC:69:D7:57:23:9A:15:C9:7E:16:AE:5D:82:D6:5E:61:D9:BF:B4:0A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 496B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7GnXVyOaFcl-Fq5dgtZeYdm_tAo.roa
Signing time: Fri 26 Apr 2024 11:23:22 +0000
ROA not before: Fri 26 Apr 2024 11:23:22 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18795 (0x496b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 26 11:23:22 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=EC69D757239A15C97E16AE5D82D65E61D9BFB40A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:0f:bd:c9:b3:8a:02:04:2e:62:08:4f:0c:b2:
fb:7d:a1:b4:3f:3b:a0:91:cd:14:4c:47:b7:95:fc:
83:3b:28:97:9b:8e:e2:6d:f3:f2:c9:59:b6:98:28:
fe:cf:33:31:4f:3d:8b:39:da:42:76:0b:4f:ae:f1:
1c:e7:fb:63:be:8f:3e:6f:7a:a3:ab:67:e7:21:c0:
a6:e7:c6:81:75:13:c5:7c:a2:2c:0f:ac:9e:8d:25:
99:e5:4e:3b:9f:b4:1f:f6:36:0e:fd:d1:94:3c:44:
f5:5a:b8:c0:29:22:81:cf:99:44:5c:1f:52:f7:8f:
f4:c0:65:71:9b:02:18:04:cd:4c:a2:43:4a:96:41:
66:53:db:b8:f7:8e:a4:ff:7b:01:f7:ca:7c:6c:08:
9d:f1:e2:02:a9:a2:d9:00:7e:ac:bf:10:29:43:6b:
fd:9f:10:3b:35:b0:28:fb:2e:db:08:73:0b:9f:38:
3b:17:a1:92:d9:5b:bb:e1:fc:21:10:1c:2c:06:16:
77:92:a9:0d:f3:60:22:ba:2d:26:2c:42:d1:8a:17:
c0:c4:62:ee:93:e2:1f:ba:fc:de:85:24:47:ef:27:
65:05:a4:f3:df:f4:3c:7f:97:0b:ef:21:b5:d4:02:
f7:86:8c:1a:e7:82:e9:88:dd:2a:05:16:84:4a:17:
25:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EC:69:D7:57:23:9A:15:C9:7E:16:AE:5D:82:D6:5E:61:D9:BF:B4:0A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7GnXVyOaFcl-Fq5dgtZeYdm_tAo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
3c:31:5d:a1:95:23:74:55:90:b0:ff:0f:3a:44:dc:0c:93:d7:
80:90:36:59:8c:49:4a:8e:fe:a4:f6:54:45:a7:24:81:7d:f3:
bb:46:a9:94:3b:69:f1:56:a9:28:39:1e:f0:a7:a2:55:a8:57:
b3:ee:79:03:45:c1:19:8d:d8:56:58:b4:9d:ce:80:28:5b:fe:
c3:0c:21:51:80:0c:da:31:f2:a9:2b:7f:a4:bd:3b:6b:eb:f7:
1c:12:a7:94:33:fc:ae:ab:6a:d3:ea:ae:37:da:3b:79:76:bb:
e1:b7:f2:13:d9:9a:fc:61:b9:48:8d:2f:c5:81:b3:14:72:de:
40:b6:a1:5b:0d:d8:ff:cc:d5:dc:fc:59:67:4b:32:e9:23:21:
f9:e3:2f:d7:8e:0c:71:99:68:9b:89:29:5e:4a:3a:98:65:ac:
85:15:16:e0:b6:51:2d:c0:d3:09:61:90:b4:53:6b:d2:41:0e:
ac:ff:f4:09:f2:75:dc:01:b4:f2:f8:fa:be:a7:cc:d0:fb:1b:
8f:9a:1c:36:71:02:4d:88:a3:da:3e:69:bf:e2:b3:d7:9a:4b:
0e:c8:8e:ca:67:6e:49:fe:cb:83:2a:38:3d:65:88:d4:1a:c7:
13:24:21:1a:51:70:93:6e:b9:53:5e:66:b8:dd:cf:15:26:be:
f2:29:03:a2
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICSWswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjYx
MTIzMjJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEVDNjlENzU3MjM5QTE1
Qzk3RTE2QUU1RDgyRDY1RTYxRDlCRkI0MEEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCfD73Js4oCBC5iCE8Msvt9obQ/O6CRzRRMR7eV/IM7KJebjuJt
8/LJWbaYKP7PMzFPPYs52kJ2C0+u8Rzn+2O+jz5veqOrZ+chwKbnxoF1E8V8oiwP
rJ6NJZnlTjuftB/2Ng790ZQ8RPVauMApIoHPmURcH1L3j/TAZXGbAhgEzUyiQ0qW
QWZT27j3jqT/ewH3ynxsCJ3x4gKpotkAfqy/EClDa/2fEDs1sCj7LtsIcwufODsX
oZLZW7vh/CEQHCwGFneSqQ3zYCK6LSYsQtGKF8DEYu6T4h+6/N6FJEfvJ2UFpPPf
9Dx/lwvvIbXUAveGjBrngumI3SoFFoRKFyXjAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU7GnXVyOaFcl+Fq5dgtZeYdm/tAowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzdHblhWeU9hRmNsLUZx
NWRndFplWWRtX3RBby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBADwxXaGVI3RVkLD/DzpE3AyT14CQNlmM
SUqO/qT2VEWnJIF987tGqZQ7afFWqSg5HvCnolWoV7PueQNFwRmN2FZYtJ3OgChb
/sMMIVGADNox8qkrf6S9O2vr9xwSp5Qz/K6ratPqrjfaO3l2u+G38hPZmvxhuUiN
L8WBsxRy3kC2oVsN2P/M1dz8WWdLMukjIfnjL9eODHGZaJuJKV5KOphlrIUVFuC2
US3A0wlhkLRTa9JBDqz/9AnyddwBtPL4+r6nzND7G4+aHDZxAk2Io9o+ab/is9ea
Sw7Ijspnbkn+y4MqOD1liNQaxxMkIRpRcJNuuVNeZrjdzxUmvvIpA6I=
-----END CERTIFICATE-----
Generated at Fri Apr 26 18:27:24 2024 by rpki-client on console.sobornost.net