Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Ow84mTiYNXVbG5BT3E7ijkPrZXs.roa
File: Ow84mTiYNXVbG5BT3E7ijkPrZXs.roa (raw, json)
Hash identifier: aNimDMkMSGbCeSMlZvcHEzFUQHrayAU2yh7bVPGTXAw=
Subject key identifier: 3B:0F:38:99:38:98:35:75:5B:1B:90:53:DC:4E:E2:8E:43:EB:65:7B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 45E3
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Ow84mTiYNXVbG5BT3E7ijkPrZXs.roa
Signing time: Sun 21 Apr 2024 18:23:16 +0000
ROA not before: Sun 21 Apr 2024 18:23:16 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17891 (0x45e3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 21 18:23:16 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3B0F3899389835755B1B9053DC4EE28E43EB657B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:16:ad:2c:a1:cd:d7:04:a5:d4:ad:82:18:24:
57:b3:f1:d9:ad:f2:6f:c2:f6:48:c7:39:1f:c0:22:
2f:f0:2a:87:65:d0:56:ca:42:9c:8a:ac:58:e6:6d:
ff:aa:40:b5:ce:75:b6:ad:95:09:74:16:fb:9a:86:
1f:14:61:9c:f7:92:1d:eb:13:6f:07:f6:2d:96:fb:
c2:37:7c:29:b8:f3:27:d1:38:d1:ae:2e:4f:c9:5b:
7d:b9:ba:2f:22:92:cb:e9:05:e3:0a:f2:bc:57:99:
e5:94:e4:b9:ba:02:30:8d:53:b9:a7:99:86:4a:78:
fd:b1:e4:67:01:8e:7e:cb:64:6c:c0:39:85:fa:a3:
17:75:a5:72:6c:b4:63:bf:c2:a3:79:33:a7:f8:ad:
e6:19:96:7b:ff:07:1d:49:19:58:df:74:cd:da:71:
c9:b4:23:3e:29:a8:dd:4b:26:62:ea:a9:c7:e5:ad:
a0:e7:f5:ce:50:04:67:f6:05:98:fc:84:dd:69:d8:
a5:af:0c:f7:e5:78:5f:d6:64:2c:a3:dd:c6:3e:ce:
dd:9b:58:c6:d0:65:d3:fe:7a:50:ea:25:1f:a2:07:
ba:26:64:90:5c:15:f9:b0:6d:ee:55:5b:ba:49:7a:
c7:d5:c9:1d:8b:12:62:57:ca:6e:81:2f:ad:0b:36:
86:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:0F:38:99:38:98:35:75:5B:1B:90:53:DC:4E:E2:8E:43:EB:65:7B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Ow84mTiYNXVbG5BT3E7ijkPrZXs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
21:99:a7:c5:15:67:82:26:5a:1e:1e:b8:6a:c6:8a:a7:62:8d:
f7:90:8f:0f:bd:03:b8:77:ed:3f:5c:25:77:25:86:41:a5:00:
29:b1:c2:3c:ce:7e:75:61:4b:51:7d:9d:c2:56:1b:ad:2e:c9:
07:ad:98:0b:de:7b:8c:63:f4:24:c9:58:73:24:fd:f6:59:0f:
95:07:d1:9d:b9:d1:5e:1e:20:41:8a:22:3b:22:84:bf:23:86:
27:1e:a2:12:f6:45:8b:ce:c7:f6:ae:34:f0:bf:5e:9a:03:d1:
7c:3a:ee:9a:f7:61:5c:71:37:80:9c:76:92:9b:06:71:bc:69:
f8:0e:b5:de:11:1b:b1:2c:94:2a:21:8c:ee:d7:0a:52:d7:2a:
04:11:1b:10:fb:0d:5d:2c:92:d6:48:c8:6f:fb:c4:48:04:20:
5e:6b:60:4e:18:34:6f:1c:0d:05:28:5f:17:76:24:b9:dd:5c:
f5:e3:82:32:c8:2d:4a:de:b3:84:15:c4:c5:a5:75:b1:0c:d9:
4f:45:d3:25:f9:69:70:42:77:f0:4e:63:91:7d:40:41:20:1f:
52:ec:af:53:6b:83:c6:34:dc:b6:46:77:fc:db:93:22:36:d0:
8d:4d:8e:69:20:bc:95:e9:0b:a3:d8:44:b8:a8:e2:1c:45:57:
a8:35:6d:fd
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICReMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjEx
ODIzMTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDNCMEYzODk5Mzg5ODM1
NzU1QjFCOTA1M0RDNEVFMjhFNDNFQjY1N0IwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC1Fq0soc3XBKXUrYIYJFez8dmt8m/C9kjHOR/AIi/wKodl0FbK
QpyKrFjmbf+qQLXOdbatlQl0Fvuahh8UYZz3kh3rE28H9i2W+8I3fCm48yfRONGu
Lk/JW325ui8iksvpBeMK8rxXmeWU5Lm6AjCNU7mnmYZKeP2x5GcBjn7LZGzAOYX6
oxd1pXJstGO/wqN5M6f4reYZlnv/Bx1JGVjfdM3accm0Iz4pqN1LJmLqqcflraDn
9c5QBGf2BZj8hN1p2KWvDPfleF/WZCyj3cY+zt2bWMbQZdP+elDqJR+iB7omZJBc
Ffmwbe5VW7pJesfVyR2LEmJXym6BL60LNoZrAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUOw84mTiYNXVbG5BT3E7ijkPrZXswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L093ODRtVGlZTlhWYkc1
QlQzRTdpamtQclpYcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBACGZp8UVZ4ImWh4euGrGiqdijfeQjw+9
A7h37T9cJXclhkGlACmxwjzOfnVhS1F9ncJWG60uyQetmAvee4xj9CTJWHMk/fZZ
D5UH0Z250V4eIEGKIjsihL8jhiceohL2RYvOx/auNPC/XpoD0Xw67pr3YVxxN4Cc
dpKbBnG8afgOtd4RG7EslCohjO7XClLXKgQRGxD7DV0sktZIyG/7xEgEIF5rYE4Y
NG8cDQUoXxd2JLndXPXjgjLILUres4QVxMWldbEM2U9F0yX5aXBCd/BOY5F9QEEg
H1Lsr1Nrg8Y03LZGd/zbkyI20I1NjmkgvJXpC6PYRLio4hxFV6g1bf0=
-----END CERTIFICATE-----
Generated at Sun Apr 21 22:16:48 2024 by rpki-client on console.sobornost.net