Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/PNalxRdMwBdNhKtqu47Taie890s.roa
File: PNalxRdMwBdNhKtqu47Taie890s.roa (raw, json)
Hash identifier: EpmrP6Lwmi8UmO9rQ9UccDEYoPGSL8okf8TbZH5aLgw=
Subject key identifier: 3C:D6:A5:C5:17:4C:C0:17:4D:84:AB:6A:BB:8E:D3:6A:27:BC:F7:4B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 544F
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PNalxRdMwBdNhKtqu47Taie890s.roa
Signing time: Fri 10 May 2024 23:54:07 +0000
ROA not before: Fri 10 May 2024 23:54:07 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21583 (0x544f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 10 23:54:07 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3CD6A5C5174CC0174D84AB6ABB8ED36A27BCF74B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:15:64:09:ba:c3:1b:03:e7:69:3f:45:ce:04:
73:39:aa:46:b0:e3:76:5c:29:05:71:df:24:f3:c4:
61:7a:b6:57:07:e3:18:81:6e:54:71:56:14:70:10:
91:dc:2a:d3:fc:f1:de:2b:bb:fd:da:0f:20:f6:df:
f4:dd:4b:e5:12:c0:41:b2:a8:da:40:28:76:85:a1:
f6:ed:23:6a:57:e5:b7:08:1e:e1:2e:1b:8d:8d:91:
68:b0:d6:45:03:1b:1a:4d:9d:65:1d:70:c6:25:c1:
cc:16:5a:d7:d5:dd:94:a0:95:b4:80:f5:c7:75:ec:
30:bf:45:e2:7f:9d:fe:18:cc:58:70:46:04:a5:e8:
f3:05:b5:74:ed:60:32:b3:bc:cd:e3:9d:4d:8c:ff:
82:c1:28:8d:d2:70:e3:b8:56:ac:32:2f:96:2e:3e:
3e:e2:06:5e:e0:8f:3a:03:55:3c:43:4d:12:7d:56:
1d:f9:f4:58:30:37:94:fe:6a:f8:e8:68:43:98:db:
a6:7b:19:35:17:6e:11:c0:7f:25:df:0a:ed:38:cb:
99:64:ef:9c:69:dc:aa:5c:f5:46:ef:e1:80:a0:82:
81:a0:2c:43:05:b4:57:55:a1:92:d2:43:9a:4e:38:
3b:14:17:f7:3b:c2:30:94:5b:91:1e:4d:e6:92:9a:
e1:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:D6:A5:C5:17:4C:C0:17:4D:84:AB:6A:BB:8E:D3:6A:27:BC:F7:4B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PNalxRdMwBdNhKtqu47Taie890s.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
ac:bd:79:08:96:fd:05:a7:b5:c6:f8:ac:bb:0d:2f:28:14:50:
cd:b3:ec:15:8b:79:60:3d:d6:cd:86:47:f6:01:30:80:e6:82:
33:3c:0f:9c:6b:67:cc:45:d6:3e:d1:27:f7:cf:dc:19:0c:5c:
98:15:64:81:59:87:27:4b:16:97:2d:b3:3d:78:ab:a5:05:a4:
73:1a:fb:4a:42:f9:71:1a:a3:04:7b:98:9b:c6:fc:14:d6:1a:
a8:af:3b:6c:7e:5c:b0:9b:0e:93:52:f9:86:3b:3d:74:d0:5e:
77:5e:d9:fe:e4:9f:8e:e5:a1:27:39:e9:01:6e:54:57:f6:9b:
65:20:c2:2b:64:47:5b:3d:e3:2d:f7:3a:e2:43:f8:b1:02:22:
56:60:99:2b:87:a3:1e:d7:2d:a9:25:6a:0c:85:3d:f3:f7:9a:
73:26:24:de:d4:54:c5:98:53:4e:77:2e:a7:11:b6:96:83:59:
ee:5a:ae:00:28:9f:4b:cd:d4:8d:4f:f0:4a:63:b3:ad:36:2f:
79:a5:78:22:ab:08:18:5b:ac:d9:e3:f8:92:3d:5f:cb:c9:70:
92:b3:ca:5d:0f:dd:69:c8:49:a0:2f:32:96:6e:10:6c:fa:92:
dd:c5:e0:0f:f7:00:54:ba:b5:1f:a2:8a:47:7c:db:96:5f:4a:
bc:6a:2b:74
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICVE8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTAy
MzU0MDdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDNDRDZBNUM1MTc0Q0Mw
MTc0RDg0QUI2QUJCOEVEMzZBMjdCQ0Y3NEIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC8FWQJusMbA+dpP0XOBHM5qkaw43ZcKQVx3yTzxGF6tlcH4xiB
blRxVhRwEJHcKtP88d4ru/3aDyD23/TdS+USwEGyqNpAKHaFofbtI2pX5bcIHuEu
G42NkWiw1kUDGxpNnWUdcMYlwcwWWtfV3ZSglbSA9cd17DC/ReJ/nf4YzFhwRgSl
6PMFtXTtYDKzvM3jnU2M/4LBKI3ScOO4VqwyL5YuPj7iBl7gjzoDVTxDTRJ9Vh35
9FgwN5T+avjoaEOY26Z7GTUXbhHAfyXfCu04y5lk75xp3Kpc9Ubv4YCggoGgLEMF
tFdVoZLSQ5pOODsUF/c7wjCUW5EeTeaSmuErAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUPNalxRdMwBdNhKtqu47Taie890swHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1BOYWx4UmRNd0JkTmhL
dHF1NDdUYWllODkwcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAKy9eQiW/QWntcb4rLsNLygUUM2z7BWL
eWA91s2GR/YBMIDmgjM8D5xrZ8xF1j7RJ/fP3BkMXJgVZIFZhydLFpctsz14q6UF
pHMa+0pC+XEaowR7mJvG/BTWGqivO2x+XLCbDpNS+YY7PXTQXnde2f7kn47loSc5
6QFuVFf2m2UgwitkR1s94y33OuJD+LECIlZgmSuHox7XLaklagyFPfP3mnMmJN7U
VMWYU053LqcRtpaDWe5argAon0vN1I1P8Epjs602L3mleCKrCBhbrNnj+JI9X8vJ
cJKzyl0P3WnISaAvMpZuEGz6kt3F4A/3AFS6tR+iikd825ZfSrxqK3Q=
-----END CERTIFICATE-----
Generated at Sat May 11 14:26:45 2024 by rpki-client on console.sobornost.net