Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/DKUpWMTef_PH8YRMdVb7Vjz7L-I.roa
File: DKUpWMTef_PH8YRMdVb7Vjz7L-I.roa (raw, json)
Hash identifier: lP782vazaMmR0yJuhLIufqRe0YD6xwgcDkJaBlcKaV0=
Subject key identifier: 0C:A5:29:58:C4:DE:7F:F3:C7:F1:84:4C:75:56:FB:56:3C:FB:2F:E2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 49AB
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DKUpWMTef_PH8YRMdVb7Vjz7L-I.roa
Signing time: Fri 26 Apr 2024 19:23:24 +0000
ROA not before: Fri 26 Apr 2024 19:23:24 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18859 (0x49ab)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 26 19:23:24 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=0CA52958C4DE7FF3C7F1844C7556FB563CFB2FE2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:70:4a:3c:6d:1d:60:be:5c:bf:f5:ca:cd:16:
ce:50:0c:ec:b3:83:77:96:a9:92:ab:57:d1:ab:7d:
00:20:02:10:2f:9e:13:ad:d4:11:ab:73:85:a6:3c:
d2:c7:ac:2c:3e:a8:6f:f7:de:5e:c0:ca:17:e2:6e:
b3:0f:e4:4d:06:b5:78:9a:9a:5f:13:b7:79:02:20:
35:d7:e6:30:5b:30:33:a1:97:4e:d1:38:0a:fe:41:
93:99:f2:f8:62:33:36:b0:97:05:21:07:55:80:67:
99:70:41:cc:59:04:9e:f3:a9:c5:51:dd:b7:59:93:
dd:24:89:45:41:5f:e5:98:2b:29:6b:7c:05:95:fb:
e8:a3:73:b1:37:f8:47:60:03:8d:27:27:c9:9b:e5:
f4:62:0d:95:c5:aa:97:70:e4:22:44:60:b4:15:4c:
16:d2:f5:bf:f7:28:ac:04:ef:c4:c3:51:ed:ab:83:
47:81:e6:86:f9:c8:bd:34:64:95:07:d7:6d:ac:ae:
2a:c7:23:5b:6e:82:66:a9:82:87:6e:24:e4:59:a6:
8e:16:5a:64:6f:bd:2b:cd:f9:29:03:77:22:00:f3:
59:40:ac:68:bf:4d:cf:1c:1a:ca:03:e3:1a:84:13:
b3:f5:17:d7:c1:9b:d7:4a:2e:a5:17:15:bc:28:4e:
d5:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:A5:29:58:C4:DE:7F:F3:C7:F1:84:4C:75:56:FB:56:3C:FB:2F:E2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DKUpWMTef_PH8YRMdVb7Vjz7L-I.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
a8:c8:16:4f:19:da:0c:80:28:77:cd:78:4f:31:c5:4f:33:94:
19:98:b7:93:85:67:b5:7f:cc:58:50:ad:8e:c6:f4:0f:bd:69:
85:77:18:be:6f:5f:5a:0c:22:aa:95:96:71:ec:f1:f6:13:be:
13:7e:cd:b6:9e:79:6e:f6:2c:e4:dd:4a:7c:c2:1a:0e:1f:51:
31:87:5a:7d:14:d0:dd:e7:fb:e9:64:11:95:ca:a9:37:80:63:
d5:39:f6:7f:ae:06:03:6b:95:9a:6a:8c:c3:da:9d:f7:f5:1b:
69:ec:cf:98:e0:c0:cc:6d:f5:d3:b7:3c:c8:e9:0b:78:90:3a:
20:5f:78:99:4d:18:1c:2a:b1:6e:fa:ab:05:48:5c:ae:50:01:
82:81:60:f8:ed:cb:7b:08:ec:52:f2:c4:16:62:85:0b:a8:eb:
77:16:a8:07:a1:95:b3:3d:14:f5:70:80:37:e4:db:14:ec:45:
fe:b9:8f:4c:99:6c:6e:3f:2f:b2:9b:91:03:60:07:59:5c:2e:
da:a9:ae:23:6b:0d:a7:1f:e0:bf:a0:98:39:b9:62:62:f8:71:
1f:59:f8:e2:90:55:f0:a4:4c:bd:94:43:d3:13:f4:01:89:0e:
19:14:70:7c:89:4c:d3:38:52:95:38:2f:7e:6c:f8:65:4d:8c:
60:0b:9d:03
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICSaswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjYx
OTIzMjRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDBDQTUyOTU4QzRERTdG
RjNDN0YxODQ0Qzc1NTZGQjU2M0NGQjJGRTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHcEo8bR1gvly/9crNFs5QDOyzg3eWqZKrV9GrfQAgAhAvnhOt
1BGrc4WmPNLHrCw+qG/33l7AyhfibrMP5E0GtXiaml8Tt3kCIDXX5jBbMDOhl07R
OAr+QZOZ8vhiMzawlwUhB1WAZ5lwQcxZBJ7zqcVR3bdZk90kiUVBX+WYKylrfAWV
++ijc7E3+EdgA40nJ8mb5fRiDZXFqpdw5CJEYLQVTBbS9b/3KKwE78TDUe2rg0eB
5ob5yL00ZJUH122srirHI1tugmapgoduJORZpo4WWmRvvSvN+SkDdyIA81lArGi/
Tc8cGsoD4xqEE7P1F9fBm9dKLqUXFbwoTtXrAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUDKUpWMTef/PH8YRMdVb7Vjz7L+IwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0RLVXBXTVRlZl9QSDhZ
Uk1kVmI3Vmp6N0wtSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAKjIFk8Z2gyAKHfNeE8xxU8zlBmYt5OF
Z7V/zFhQrY7G9A+9aYV3GL5vX1oMIqqVlnHs8fYTvhN+zbaeeW72LOTdSnzCGg4f
UTGHWn0U0N3n++lkEZXKqTeAY9U59n+uBgNrlZpqjMPanff1G2nsz5jgwMxt9dO3
PMjpC3iQOiBfeJlNGBwqsW76qwVIXK5QAYKBYPjty3sI7FLyxBZihQuo63cWqAeh
lbM9FPVwgDfk2xTsRf65j0yZbG4/L7KbkQNgB1lcLtqpriNrDacf4L+gmDm5YmL4
cR9Z+OKQVfCkTL2UQ9MT9AGJDhkUcHyJTNM4UpU4L35s+GVNjGALnQM=
-----END CERTIFICATE-----
Generated at Sat Apr 27 10:40:45 2024 by rpki-client on console.sobornost.net