Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/LOINfVzVRlWzIkCXN_KTE22u5dw.roa
File: LOINfVzVRlWzIkCXN_KTE22u5dw.roa (raw, json)
Hash identifier: Q9shL3HySPKVS/DtEQy1hgq6XR9ZS3rlWd12bqCDGjc=
Subject key identifier: 2C:E2:0D:7D:5C:D5:46:55:B3:22:40:97:37:F2:93:13:6D:AE:E5:DC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3423
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/LOINfVzVRlWzIkCXN_KTE22u5dw.roa
Signing time: Fri 29 Mar 2024 02:22:12 +0000
ROA not before: Fri 29 Mar 2024 02:22:12 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13347 (0x3423)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 29 02:22:12 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=2CE20D7D5CD54655B322409737F293136DAEE5DC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:f6:33:42:3e:4f:98:e8:16:91:62:0a:ce:79:
6a:eb:32:7f:68:2b:6b:42:0f:29:99:74:07:65:c6:
29:4a:62:71:b6:47:79:88:ae:10:0e:86:d1:19:b9:
aa:2e:75:c1:fc:84:17:1c:83:22:dc:58:80:32:b1:
65:28:8c:e0:d6:f9:37:30:e2:30:f5:86:f0:18:c9:
b2:69:1a:90:6c:33:9f:26:59:ac:fb:9b:90:a2:0d:
c3:aa:cb:86:4f:81:31:4b:f9:b5:d4:b3:70:a2:01:
4a:34:44:b4:78:20:7b:2d:38:02:7a:86:9c:b3:3e:
4c:97:65:99:93:5b:f7:6c:6f:2d:01:12:bc:bc:61:
72:41:f7:f3:a5:0f:28:6c:81:45:41:af:a2:75:d9:
0c:4d:2d:2a:a6:46:1b:cd:f7:06:09:b1:02:90:e5:
cb:81:b5:6b:54:17:70:25:b3:3a:c3:75:47:3d:6a:
df:68:b7:d9:7c:fd:ae:2a:80:99:ae:9f:93:95:bf:
3e:26:81:01:c7:4d:49:6a:43:24:af:17:28:66:e8:
e1:1f:93:3e:3a:dd:82:b1:fd:2d:0a:46:c8:d9:14:
58:13:07:5e:af:eb:ab:38:3f:2e:a9:af:40:72:0d:
69:9d:1f:95:98:7e:35:00:72:65:17:af:43:c5:ff:
bf:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:E2:0D:7D:5C:D5:46:55:B3:22:40:97:37:F2:93:13:6D:AE:E5:DC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/LOINfVzVRlWzIkCXN_KTE22u5dw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
25:cc:7f:c7:0c:fe:59:ac:5f:94:51:86:48:da:89:c3:c4:0a:
20:e5:94:c9:1b:72:a0:4e:30:a9:02:2f:48:1c:7d:f3:f6:e0:
28:80:05:67:65:be:94:3d:15:f3:44:47:af:58:fc:1c:6c:83:
63:19:38:b8:45:5d:3d:12:b6:e4:f2:13:65:da:15:32:62:e4:
41:c8:7e:67:b6:67:ed:66:c2:60:47:30:eb:d7:21:15:2b:8b:
e0:af:35:d4:b6:e2:d6:8b:82:7b:28:7b:ac:40:cf:02:f5:aa:
c4:b1:09:9b:c7:59:00:53:26:03:c2:b7:f1:c6:93:7b:87:dd:
ed:d9:75:ad:51:ba:42:49:6b:d7:55:c2:5e:fd:e7:31:1a:04:
d1:01:ba:19:dd:39:a0:8f:09:85:97:5d:52:86:1c:5e:10:e9:
13:bd:46:49:03:48:69:86:cd:8e:3b:52:a2:f0:db:24:75:9f:
a9:df:6e:2e:63:34:0a:13:68:00:38:f7:13:6c:cd:4e:78:7c:
95:3e:c5:e9:4e:83:20:a3:6f:13:36:97:f2:6e:7d:59:d1:d7:
f2:ce:4f:2c:53:43:ea:33:5a:38:e8:f0:a9:62:7f:f3:d5:b1:
70:68:33:be:c2:21:1e:13:7d:4f:d7:58:e7:17:3a:97:ad:56:
9c:78:86:b4
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICNCMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjkw
MjIyMTJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDJDRTIwRDdENUNENTQ2
NTVCMzIyNDA5NzM3RjI5MzEzNkRBRUU1REMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDK9jNCPk+Y6BaRYgrOeWrrMn9oK2tCDymZdAdlxilKYnG2R3mI
rhAOhtEZuaoudcH8hBccgyLcWIAysWUojODW+Tcw4jD1hvAYybJpGpBsM58mWaz7
m5CiDcOqy4ZPgTFL+bXUs3CiAUo0RLR4IHstOAJ6hpyzPkyXZZmTW/dsby0BEry8
YXJB9/OlDyhsgUVBr6J12QxNLSqmRhvN9wYJsQKQ5cuBtWtUF3AlszrDdUc9at9o
t9l8/a4qgJmun5OVvz4mgQHHTUlqQySvFyhm6OEfkz463YKx/S0KRsjZFFgTB16v
66s4Py6pr0ByDWmdH5WYfjUAcmUXr0PF/7+RAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQULOINfVzVRlWzIkCXN/KTE22u5dwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0xPSU5mVnpWUmxXeklr
Q1hOX0tURTIydTVkdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBACXMf8cM/lmsX5RRhkjaicPECiDllMkb
cqBOMKkCL0gcffP24CiABWdlvpQ9FfNER69Y/Bxsg2MZOLhFXT0StuTyE2XaFTJi
5EHIfme2Z+1mwmBHMOvXIRUri+CvNdS24taLgnsoe6xAzwL1qsSxCZvHWQBTJgPC
t/HGk3uH3e3Zda1RukJJa9dVwl795zEaBNEBuhndOaCPCYWXXVKGHF4Q6RO9RkkD
SGmGzY47UqLw2yR1n6nfbi5jNAoTaAA49xNszU54fJU+xelOgyCjbxM2l/JufVnR
1/LOTyxTQ+ozWjjo8Klif/PVsXBoM77CIR4TfU/XWOcXOpetVpx4hrQ=
-----END CERTIFICATE-----
Generated at Fri Mar 29 07:59:35 2024 by rpki-client on console.sobornost.net