Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Bgzj9f0TIJXJf-LiHua1yIynfiw.roa
File: Bgzj9f0TIJXJf-LiHua1yIynfiw.roa (raw, json)
Hash identifier: XIvk2Olgg6GpyRxk1/loD7vE+ppCCtjeZj0zyGr2cXY=
Subject key identifier: 06:0C:E3:F5:FD:13:20:95:C9:7F:E2:E2:1E:E6:B5:C8:8C:A7:7E:2C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3B43
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Bgzj9f0TIJXJf-LiHua1yIynfiw.roa
Signing time: Sun 07 Apr 2024 14:23:00 +0000
ROA not before: Sun 07 Apr 2024 14:23:00 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15171 (0x3b43)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 7 14:23:00 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=060CE3F5FD132095C97FE2E21EE6B5C88CA77E2C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:9b:8b:da:de:f0:45:6d:12:e0:d1:34:4c:03:
de:42:d4:60:bf:48:55:73:7c:8a:1f:5d:d6:bf:33:
ac:97:ba:d0:9f:e7:14:8c:33:f6:e3:90:d5:aa:13:
34:77:cd:35:0c:cd:86:08:d1:d2:fd:2f:3c:35:7b:
8e:b6:ac:4f:fe:a1:43:e4:af:8e:96:11:b6:25:4f:
5b:84:43:c7:bd:09:8e:0e:73:21:2e:2c:d6:35:1f:
d6:9c:95:20:98:ec:68:91:3f:d9:73:9e:3a:5c:e4:
b1:df:83:a7:62:5e:4b:ec:ec:54:68:66:e3:25:24:
73:f4:da:13:99:c0:03:0f:53:4d:22:4b:ec:a9:39:
50:34:9b:32:26:8b:7b:02:ea:14:d3:dd:74:9f:ae:
d1:79:41:be:91:ab:e6:dd:c8:97:8e:e1:fc:ae:3c:
21:1a:62:1c:e2:0c:3d:37:aa:9c:94:a3:da:b7:36:
96:e6:42:4a:a4:14:c6:1f:c9:7e:03:62:eb:e5:50:
20:b1:6a:37:81:d9:1a:47:fa:22:0f:0e:29:f6:fd:
22:af:31:24:b3:ee:df:8a:7f:78:9b:55:11:f2:ba:
3e:23:24:30:1b:6d:8d:e8:1c:e9:57:bc:1b:b4:f4:
95:6c:34:10:d0:f5:6d:c9:0b:83:cb:0d:e2:39:56:
7a:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:0C:E3:F5:FD:13:20:95:C9:7F:E2:E2:1E:E6:B5:C8:8C:A7:7E:2C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Bgzj9f0TIJXJf-LiHua1yIynfiw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
9c:f9:21:ba:ff:45:33:7d:bc:9c:3f:dd:b2:5a:bb:02:0b:d8:
1f:99:57:88:7f:b0:3e:5f:a6:9c:53:99:9a:84:71:53:a2:b5:
69:2e:2c:59:e3:a5:3a:c6:ec:bc:9c:70:df:d1:a6:29:db:6c:
71:02:cc:da:d3:f4:27:5f:b1:39:a0:82:71:0c:72:7c:20:36:
ef:f0:1f:24:dc:eb:b1:b5:8f:f3:83:0d:46:71:6e:ae:ad:d1:
44:18:1b:88:d4:6f:1c:25:4c:bb:d9:40:a0:4c:6a:9c:a7:ef:
3e:0c:c3:e5:19:3e:74:4e:c7:07:2b:ec:56:48:11:c3:7c:50:
57:45:52:fb:76:4f:92:b1:57:b0:6c:9e:ea:5f:06:e9:55:c3:
c6:e5:95:6c:bc:da:d7:da:44:e2:7a:7b:11:c9:95:48:12:28:
4c:65:49:3a:95:24:bf:95:d7:45:9c:ae:87:13:37:dc:67:6d:
79:25:0c:0e:78:aa:f7:a2:1f:90:12:4b:d5:e8:80:da:d1:4e:
51:9a:12:58:4b:4b:35:ae:ef:a1:1b:ec:6e:3d:0c:fa:52:16:
e0:c1:23:53:d5:58:c8:db:af:d2:18:fb:e6:61:d2:ca:22:4a:
fb:0c:8e:92:52:24:9b:0e:a2:af:bf:3d:7a:ed:b0:00:e3:1d:
ee:70:ac:08
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICO0MwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDcx
NDIzMDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDA2MENFM0Y1RkQxMzIw
OTVDOTdGRTJFMjFFRTZCNUM4OENBNzdFMkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCum4va3vBFbRLg0TRMA95C1GC/SFVzfIofXda/M6yXutCf5xSM
M/bjkNWqEzR3zTUMzYYI0dL9Lzw1e462rE/+oUPkr46WEbYlT1uEQ8e9CY4OcyEu
LNY1H9aclSCY7GiRP9lznjpc5LHfg6diXkvs7FRoZuMlJHP02hOZwAMPU00iS+yp
OVA0mzImi3sC6hTT3XSfrtF5Qb6Rq+bdyJeO4fyuPCEaYhziDD03qpyUo9q3Npbm
QkqkFMYfyX4DYuvlUCCxajeB2RpH+iIPDin2/SKvMSSz7t+Kf3ibVRHyuj4jJDAb
bY3oHOlXvBu09JVsNBDQ9W3JC4PLDeI5VnojAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUBgzj9f0TIJXJf+LiHua1yIynfiwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0Jnemo5ZjBUSUpYSmYt
TGlIdWExeUl5bmZpdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAJz5Ibr/RTN9vJw/3bJauwIL2B+ZV4h/
sD5fppxTmZqEcVOitWkuLFnjpTrG7LyccN/RpinbbHECzNrT9CdfsTmggnEMcnwg
Nu/wHyTc67G1j/ODDUZxbq6t0UQYG4jUbxwlTLvZQKBMapyn7z4Mw+UZPnROxwcr
7FZIEcN8UFdFUvt2T5KxV7BsnupfBulVw8bllWy82tfaROJ6exHJlUgSKExlSTqV
JL+V10WcrocTN9xnbXklDA54qveiH5ASS9XogNrRTlGaElhLSzWu76Eb7G49DPpS
FuDBI1PVWMjbr9IY++Zh0soiSvsMjpJSJJsOoq+/PXrtsADjHe5wrAg=
-----END CERTIFICATE-----
Generated at Sun Apr 7 18:05:41 2024 by rpki-client on console.sobornost.net