Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/NuZiUhGRKcqf_p_10gHYF5bcayo.roa
File: NuZiUhGRKcqf_p_10gHYF5bcayo.roa (raw, json)
Hash identifier: mVTnqK5yQIGvbXwgZHQ+K0f4n8JQhjCjQEQKXlSt8ok=
Subject key identifier: 36:E6:62:52:11:91:29:CA:9F:FE:9F:F5:D2:01:D8:17:96:DC:6B:2A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 35FF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NuZiUhGRKcqf_p_10gHYF5bcayo.roa
Signing time: Sun 31 Mar 2024 13:52:11 +0000
ROA not before: Sun 31 Mar 2024 13:52:11 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13823 (0x35ff)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 31 13:52:11 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=36E66252119129CA9FFE9FF5D201D81796DC6B2A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:ab:8b:1d:76:71:41:76:a3:b3:95:5c:fa:ea:
9e:87:a0:9c:e3:27:50:b6:f8:aa:de:8e:23:7c:71:
08:94:b1:f1:94:55:1b:6c:04:d9:00:a4:e2:aa:da:
39:cb:0c:3c:04:db:af:13:17:69:c1:ac:8b:3c:f7:
27:fb:b1:25:5f:d9:c5:a0:9e:41:18:c6:89:f1:fa:
61:b7:a6:b0:ca:2e:17:85:49:ca:81:84:5b:ad:a7:
65:23:21:39:da:56:db:fe:57:e3:a4:71:8f:eb:a2:
28:5d:b4:52:1e:cb:a2:47:d7:36:51:49:bf:a0:3a:
08:f8:23:ee:16:11:18:e0:25:b1:4c:df:33:91:04:
fc:15:9f:31:f7:ab:81:31:9d:c3:e4:0d:da:03:fd:
24:74:ff:92:e6:2d:0f:77:0a:d1:61:6a:9b:22:7a:
2e:62:04:5b:62:d2:8f:9b:58:f7:6d:28:81:bc:d1:
8a:38:28:13:66:47:af:96:84:b0:92:d9:34:1f:cc:
2a:39:cb:36:6f:41:54:6c:74:7a:4b:6a:a5:27:fc:
5d:5a:42:91:4e:3b:0a:8f:7b:05:c4:4b:c7:59:9d:
d1:0c:72:46:16:2e:32:28:d7:02:d9:1a:ae:65:37:
8e:07:2f:82:82:2e:51:9d:ee:d2:86:8f:ce:54:d6:
cf:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:E6:62:52:11:91:29:CA:9F:FE:9F:F5:D2:01:D8:17:96:DC:6B:2A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NuZiUhGRKcqf_p_10gHYF5bcayo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
2d:7e:ba:2a:bb:60:15:d4:b3:ed:b8:13:47:2f:8e:7d:22:1f:
27:cb:69:b9:63:36:92:33:fc:6c:43:4a:42:49:a8:19:e7:c8:
b5:dd:73:c5:ef:f6:5e:bb:11:33:38:cc:9b:4f:b8:bc:0e:16:
73:b2:45:db:30:d6:cd:73:0b:8b:59:85:31:e3:f7:db:82:c0:
d0:10:96:44:d8:13:8a:f1:e4:93:20:21:06:47:60:81:2e:15:
e9:24:e4:ef:0c:df:a8:b4:2a:10:ec:6c:b2:e2:f9:c7:e5:e0:
d4:38:30:6f:37:64:60:ab:6e:b2:87:3b:b1:37:4e:51:e8:74:
8e:c5:27:ec:df:49:ca:4e:a5:c6:f0:70:23:32:05:ec:aa:82:
d8:1d:79:b9:23:a4:f3:14:65:b7:bf:5d:9f:30:12:22:3c:49:
47:1b:0c:10:37:5c:07:15:ac:a7:b3:5a:2b:88:87:04:64:3b:
cc:ec:ed:a7:c6:5f:20:ad:f9:35:20:5b:49:fe:f7:2d:c7:d1:
30:8d:fc:91:6d:59:ff:84:19:67:a3:04:07:b4:47:db:5a:b4:
99:52:9f:f5:f6:a4:73:c2:65:e9:95:13:4f:88:8d:a2:7a:69:
c7:b9:80:75:5c:b2:bf:ed:fc:21:8f:72:ef:07:fa:85:5f:40:
6c:97:0f:18
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICNf8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzEx
MzUyMTFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDM2RTY2MjUyMTE5MTI5
Q0E5RkZFOUZGNUQyMDFEODE3OTZEQzZCMkEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCq4sddnFBdqOzlVz66p6HoJzjJ1C2+KrejiN8cQiUsfGUVRts
BNkApOKq2jnLDDwE268TF2nBrIs89yf7sSVf2cWgnkEYxonx+mG3prDKLheFScqB
hFutp2UjITnaVtv+V+OkcY/roihdtFIey6JH1zZRSb+gOgj4I+4WERjgJbFM3zOR
BPwVnzH3q4ExncPkDdoD/SR0/5LmLQ93CtFhapsiei5iBFti0o+bWPdtKIG80Yo4
KBNmR6+WhLCS2TQfzCo5yzZvQVRsdHpLaqUn/F1aQpFOOwqPewXES8dZndEMckYW
LjIo1wLZGq5lN44HL4KCLlGd7tKGj85U1s+1AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUNuZiUhGRKcqf/p/10gHYF5bcayowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L051WmlVaEdSS2NxZl9w
XzEwZ0hZRjViY2F5by5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAC1+uiq7YBXUs+24E0cvjn0iHyfLablj
NpIz/GxDSkJJqBnnyLXdc8Xv9l67ETM4zJtPuLwOFnOyRdsw1s1zC4tZhTHj99uC
wNAQlkTYE4rx5JMgIQZHYIEuFekk5O8M36i0KhDsbLLi+cfl4NQ4MG83ZGCrbrKH
O7E3TlHodI7FJ+zfScpOpcbwcCMyBeyqgtgdebkjpPMUZbe/XZ8wEiI8SUcbDBA3
XAcVrKezWiuIhwRkO8zs7afGXyCt+TUgW0n+9y3H0TCN/JFtWf+EGWejBAe0R9ta
tJlSn/X2pHPCZemVE0+IjaJ6ace5gHVcsr/t/CGPcu8H+oVfQGyXDxg=
-----END CERTIFICATE-----
Generated at Sun Mar 31 20:32:18 2024 by rpki-client on console.sobornost.net