Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/C0IRfnKWoL1I-dNLuVlG0wLJLd8.roa
File: C0IRfnKWoL1I-dNLuVlG0wLJLd8.roa (raw, json)
Hash identifier: uhsLaEpCwCcUvpdcyg7OM8C0z2XYqU2YSVThCgWgq+A=
Subject key identifier: 0B:42:11:7E:72:96:A0:BD:48:F9:D3:4B:B9:59:46:D3:02:C9:2D:DF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4A17
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/C0IRfnKWoL1I-dNLuVlG0wLJLd8.roa
Signing time: Sat 27 Apr 2024 08:53:25 +0000
ROA not before: Sat 27 Apr 2024 08:53:25 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18967 (0x4a17)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 27 08:53:25 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=0B42117E7296A0BD48F9D34BB95946D302C92DDF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:ce:3b:8a:41:27:4a:4b:e5:9d:30:ba:f3:d3:
d8:67:d6:9f:56:87:14:a9:2f:e5:b2:16:ce:b5:b8:
d3:d3:33:4b:fc:fa:ea:86:2e:7e:11:26:c1:d3:3b:
ca:be:50:07:0c:9e:47:4f:49:2c:a0:b9:ce:62:92:
b8:6c:f5:26:e3:68:6a:46:0d:6c:0b:2f:30:fe:4f:
88:e8:69:2c:bb:4d:bc:13:ab:17:8b:2c:87:8f:56:
07:0b:f7:40:a9:b5:67:73:91:20:ec:ac:09:2e:6d:
91:98:6e:30:0f:1e:b8:b4:f4:a7:aa:1e:6e:3b:38:
5b:88:53:23:51:71:c0:a0:88:0b:bf:66:08:f5:9c:
99:d0:38:a4:10:7f:78:a3:d7:51:6f:e3:1b:45:6e:
6f:7d:6c:ab:c1:83:28:26:4e:94:66:aa:9c:68:82:
4b:7a:67:c9:5a:4a:eb:bd:a7:90:88:f8:e7:e4:d9:
dc:8c:71:68:50:12:fb:c2:46:bc:17:09:16:90:96:
18:e8:99:60:13:01:3a:a3:c9:8c:78:45:2c:af:71:
ea:33:ea:ee:b9:98:c2:2e:88:53:84:e0:66:2f:6e:
8c:71:7b:58:e6:f9:23:55:58:75:34:da:1e:44:5e:
2d:5d:bb:33:d6:65:d4:ec:a3:6e:28:30:86:8a:f7:
51:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0B:42:11:7E:72:96:A0:BD:48:F9:D3:4B:B9:59:46:D3:02:C9:2D:DF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/C0IRfnKWoL1I-dNLuVlG0wLJLd8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
5f:2a:53:23:68:cf:ca:6b:4b:14:c5:11:2e:12:7e:46:11:25:
ab:31:b1:52:a1:ea:11:13:fe:b0:b1:40:d8:2b:62:5d:84:7f:
f5:64:a0:4f:9a:b2:37:22:d9:48:1a:e7:1f:94:7b:77:90:ef:
ef:53:29:7a:6f:aa:66:a2:ad:5d:92:1b:4e:53:6b:83:f2:bc:
c5:ef:38:25:53:30:8a:d0:9f:0e:5a:3b:c6:a5:1f:c2:f6:0d:
91:57:f5:8b:dc:b8:72:ff:1a:fb:df:14:5f:fd:3a:d1:70:40:
e8:d6:be:9f:3e:14:48:f4:16:d2:b3:a9:fd:b4:79:5e:96:75:
14:d3:a1:f1:c9:0c:56:a0:8e:24:86:59:7e:74:d9:2c:35:2d:
05:8e:f0:ed:7f:b7:6f:09:a6:59:03:93:00:76:f0:b6:f7:a0:
6d:26:bf:b2:87:d3:67:a2:9a:7f:5b:ef:6c:c2:2b:4b:81:6b:
f1:9d:20:c3:e0:9b:a1:02:fa:11:b4:be:74:23:ae:37:df:3d:
fd:04:d8:4b:d7:f7:f6:55:53:21:51:92:37:c2:e8:fa:45:1b:
c1:d2:62:3d:c4:c7:a3:81:e1:c8:d9:33:72:32:a6:96:5b:9d:
f4:33:7d:1d:7a:a8:5b:ba:c3:a8:40:b4:f4:3d:8c:d2:b5:9d:
4d:1f:c5:e9
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICShcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjcw
ODUzMjVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDBCNDIxMTdFNzI5NkEw
QkQ0OEY5RDM0QkI5NTk0NkQzMDJDOTJEREYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/zjuKQSdKS+WdMLrz09hn1p9WhxSpL+WyFs61uNPTM0v8+uqG
Ln4RJsHTO8q+UAcMnkdPSSyguc5ikrhs9SbjaGpGDWwLLzD+T4joaSy7TbwTqxeL
LIePVgcL90CptWdzkSDsrAkubZGYbjAPHri09KeqHm47OFuIUyNRccCgiAu/Zgj1
nJnQOKQQf3ij11Fv4xtFbm99bKvBgygmTpRmqpxogkt6Z8laSuu9p5CI+Ofk2dyM
cWhQEvvCRrwXCRaQlhjomWATATqjyYx4RSyvceoz6u65mMIuiFOE4GYvboxxe1jm
+SNVWHU02h5EXi1duzPWZdTso24oMIaK91EdAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUC0IRfnKWoL1I+dNLuVlG0wLJLd8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0MwSVJmbktXb0wxSS1k
Tkx1VmxHMHdMSkxkOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAF8qUyNoz8prSxTFES4SfkYRJasxsVKh
6hET/rCxQNgrYl2Ef/VkoE+asjci2Uga5x+Ue3eQ7+9TKXpvqmairV2SG05Ta4Py
vMXvOCVTMIrQnw5aO8alH8L2DZFX9YvcuHL/GvvfFF/9OtFwQOjWvp8+FEj0FtKz
qf20eV6WdRTTofHJDFagjiSGWX502Sw1LQWO8O1/t28JplkDkwB28Lb3oG0mv7KH
02eimn9b72zCK0uBa/GdIMPgm6EC+hG0vnQjrjffPf0E2EvX9/ZVUyFRkjfC6PpF
G8HSYj3Ex6OB4cjZM3IyppZbnfQzfR16qFu6w6hAtPQ9jNK1nU0fxek=
-----END CERTIFICATE-----
Generated at Sat Apr 27 12:54:23 2024 by rpki-client on console.sobornost.net