Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/IadtGbE5Cbhj4JSSgYqocKiO1ag.roa
File: IadtGbE5Cbhj4JSSgYqocKiO1ag.roa (raw, json)
Hash identifier: Yy0zdj0DPmZozNJwHZT/scmE9O1L/Irvef53Q1rRQ/8=
Subject key identifier: 21:A7:6D:19:B1:39:09:B8:63:E0:94:92:81:8A:A8:70:A8:8E:D5:A8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 401F
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/IadtGbE5Cbhj4JSSgYqocKiO1ag.roa
Signing time: Sun 14 Apr 2024 01:52:52 +0000
ROA not before: Sun 14 Apr 2024 01:52:52 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16415 (0x401f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 14 01:52:52 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=21A76D19B13909B863E09492818AA870A88ED5A8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:02:ed:17:6f:3a:fe:2a:8a:55:fa:c0:37:08:
c5:d9:92:a3:22:55:d5:37:5e:19:7e:1e:57:ae:ea:
09:f2:ab:e6:79:32:b7:c9:10:47:4a:eb:8a:71:cc:
6c:de:c2:51:90:5c:10:8f:c7:51:e7:5a:e2:43:f3:
48:97:5c:ae:fb:f0:69:6f:62:c9:40:2a:e1:26:be:
bf:9b:1d:d2:68:db:9e:f2:5c:97:6c:46:c3:f7:a3:
0a:71:50:ec:78:e0:7d:cc:41:f0:6f:54:6d:d5:25:
aa:6c:2a:68:07:2e:0c:9b:81:e3:9d:7a:c3:13:53:
a0:ce:f9:c2:57:a3:8c:61:72:b8:06:53:84:d2:bf:
ea:a8:9f:8e:b4:3e:18:79:ee:da:31:9b:49:d5:28:
ee:34:d0:7b:ee:c5:80:2a:2a:fe:61:51:e5:c2:54:
25:81:cf:ef:83:86:b8:32:a8:88:09:98:1e:cf:51:
ae:c9:e4:39:b6:21:47:a7:9e:58:e7:9f:a3:8d:60:
42:78:ae:72:4d:40:0c:99:e6:19:76:c6:0d:b1:f3:
d4:a3:87:23:7d:51:d0:0f:c3:ac:9f:1f:d5:5f:16:
ff:dc:0b:e5:e1:2f:08:c1:a1:22:57:b4:a9:61:fa:
60:8a:4d:37:e9:44:07:4e:93:c6:48:5b:27:8e:1d:
06:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:A7:6D:19:B1:39:09:B8:63:E0:94:92:81:8A:A8:70:A8:8E:D5:A8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/IadtGbE5Cbhj4JSSgYqocKiO1ag.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
68:7f:20:b9:69:7a:0f:c6:1e:c8:32:6a:8d:4b:c7:76:e2:b1:
25:b2:b6:b4:33:2c:a7:c2:44:54:9f:0f:7b:43:16:73:7d:f9:
74:0a:7a:d2:7f:ce:66:7b:d0:94:9a:6d:f1:04:45:2b:ea:f3:
19:f0:0b:40:e6:6e:6e:93:e5:d1:17:89:55:9d:c6:9f:16:81:
f1:c8:c5:de:3b:28:84:2a:b8:7c:ec:ab:02:17:6f:40:0c:9b:
14:d4:e4:b4:5e:67:ed:ad:6c:d1:bf:b8:b1:d9:ab:20:63:2c:
85:81:e8:84:fc:9b:12:b3:54:b2:57:d2:75:76:83:bd:43:e3:
dd:58:56:a7:5b:57:59:89:c1:64:4f:81:dd:21:d9:20:8d:b3:
53:5d:70:ca:3c:33:4f:aa:03:fc:48:93:c7:28:9f:16:3d:4c:
6c:f5:9d:d0:d0:3f:9a:63:63:68:40:f5:ce:46:43:db:8d:eb:
37:30:d8:9c:57:d4:04:18:9f:0f:0d:12:2d:39:b7:63:01:7e:
5e:48:7a:3f:1c:96:25:4b:62:98:d5:bc:a7:7a:1f:1c:bd:48:
db:4c:ae:6e:73:27:80:25:5e:af:26:5a:57:5c:19:1e:52:14:
66:a9:e3:16:37:36:7a:53:3e:0d:f6:f3:21:3c:48:1b:c3:9b:
bf:ab:5a:93
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQB8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTQw
MTUyNTJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDIxQTc2RDE5QjEzOTA5
Qjg2M0UwOTQ5MjgxOEFBODcwQTg4RUQ1QTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHAu0Xbzr+KopV+sA3CMXZkqMiVdU3Xhl+Hleu6gnyq+Z5MrfJ
EEdK64pxzGzewlGQXBCPx1HnWuJD80iXXK778GlvYslAKuEmvr+bHdJo257yXJds
RsP3owpxUOx44H3MQfBvVG3VJapsKmgHLgybgeOdesMTU6DO+cJXo4xhcrgGU4TS
v+qon460Phh57toxm0nVKO400HvuxYAqKv5hUeXCVCWBz++DhrgyqIgJmB7PUa7J
5Dm2IUennljnn6ONYEJ4rnJNQAyZ5hl2xg2x89SjhyN9UdAPw6yfH9VfFv/cC+Xh
LwjBoSJXtKlh+mCKTTfpRAdOk8ZIWyeOHQb/AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUIadtGbE5Cbhj4JSSgYqocKiO1agwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0lhZHRHYkU1Q2JoajRK
U1NnWXFvY0tpTzFhZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAGh/ILlpeg/GHsgyao1Lx3bisSWytrQz
LKfCRFSfD3tDFnN9+XQKetJ/zmZ70JSabfEERSvq8xnwC0Dmbm6T5dEXiVWdxp8W
gfHIxd47KIQquHzsqwIXb0AMmxTU5LReZ+2tbNG/uLHZqyBjLIWB6IT8mxKzVLJX
0nV2g71D491YVqdbV1mJwWRPgd0h2SCNs1NdcMo8M0+qA/xIk8conxY9TGz1ndDQ
P5pjY2hA9c5GQ9uN6zcw2JxX1AQYnw8NEi05t2MBfl5Iej8cliVLYpjVvKd6Hxy9
SNtMrm5zJ4AlXq8mWldcGR5SFGap4xY3NnpTPg328yE8SBvDm7+rWpM=
-----END CERTIFICATE-----
Generated at Sun Apr 14 08:03:31 2024 by rpki-client on console.sobornost.net