Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/PjbnhqYpe119Oaq27RFVkcu0kz8.roa
File: PjbnhqYpe119Oaq27RFVkcu0kz8.roa (raw, json)
Hash identifier: Q2ACTTFvu4ZUSulqpol4bUySUOWNmXOB3Fwq743i1Vw=
Subject key identifier: 3E:36:E7:86:A6:29:7B:5D:7D:39:AA:B6:ED:11:55:91:CB:B4:93:3F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4087
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PjbnhqYpe119Oaq27RFVkcu0kz8.roa
Signing time: Sun 14 Apr 2024 14:53:01 +0000
ROA not before: Sun 14 Apr 2024 14:53:01 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16519 (0x4087)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 14 14:53:01 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3E36E786A6297B5D7D39AAB6ED115591CBB4933F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:41:49:0e:dc:86:8f:98:a5:95:34:a9:00:06:
c5:8f:b1:17:ca:bc:f5:56:ae:ba:05:9a:d6:e2:ee:
46:8e:c8:17:05:6e:a9:a3:9c:31:79:f5:ce:38:3b:
e0:61:c6:db:ae:53:15:cf:6f:25:81:c1:0c:6a:d7:
9d:c6:f2:8b:7d:cd:fe:46:34:58:45:4c:3c:1c:05:
5e:5f:af:02:3e:f9:0d:67:77:e1:70:7f:40:55:86:
18:b2:06:cb:f9:f6:82:00:0d:50:1c:22:43:5c:6b:
20:70:51:6a:8f:2c:b6:e8:b1:13:c0:9d:3a:62:f6:
4c:30:e8:c0:f4:14:ce:e7:16:ba:48:ca:70:26:0f:
49:41:15:d8:57:d0:e8:8e:69:67:45:b8:38:4b:c3:
7f:f5:82:73:8e:a2:0d:61:9c:0d:c2:3b:3a:11:02:
7f:1f:03:ec:73:5d:32:2b:8e:72:83:b9:96:b0:c0:
e7:ba:11:9c:d2:4a:31:1e:19:8e:67:94:0c:11:84:
f5:dd:c0:81:8c:d2:4f:a5:86:5f:e3:fe:92:d4:82:
e9:2a:ac:8f:c0:31:14:31:b1:fd:d7:8c:79:09:bd:
58:af:8d:4c:31:56:4b:16:13:e7:07:e4:b2:2a:5d:
e2:b6:d5:62:06:4d:07:e1:31:82:ca:08:26:0a:17:
29:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:36:E7:86:A6:29:7B:5D:7D:39:AA:B6:ED:11:55:91:CB:B4:93:3F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PjbnhqYpe119Oaq27RFVkcu0kz8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
76:75:19:a3:be:eb:50:00:ea:e2:62:c0:81:a9:67:8d:c8:b2:
03:ac:9a:3c:53:4c:83:4d:36:ab:65:be:64:7a:fc:00:23:ec:
68:1d:81:c0:05:52:f5:94:09:01:5f:41:70:52:1c:1b:2b:b7:
34:50:a8:ac:92:c9:49:14:2c:dc:8f:16:ee:aa:3a:20:1f:12:
87:e5:73:44:de:ac:59:cd:14:e3:d5:fd:41:b9:06:4e:f6:72:
f3:0a:cf:ff:2f:24:f8:85:c8:fb:10:4d:27:02:b7:16:4c:1a:
8b:04:e4:e1:27:cf:7e:07:73:eb:1b:f6:29:9b:7c:79:13:93:
24:c6:61:23:57:9a:58:c0:8d:38:fa:37:18:8a:d6:cc:49:7b:
e2:9e:b1:dd:5c:44:c0:14:21:b2:3b:0d:00:20:3f:a2:af:e0:
1f:e2:53:fa:f0:d1:23:46:b9:7d:9b:35:08:bd:9b:ec:68:3a:
40:e2:68:43:ce:5f:05:17:a2:9f:6b:a5:6f:a8:53:fd:8e:1d:
55:4c:b5:56:83:23:90:9b:fa:c2:66:2a:bf:de:5f:c9:15:07:
f6:c7:5a:57:8b:9c:5f:e6:63:51:ef:16:49:66:e3:c8:81:4f:
77:72:b5:ab:28:af:0f:0c:fd:21:c4:21:5d:f4:b6:a5:dc:97:
0d:fa:25:8b
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQIcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTQx
NDUzMDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDNFMzZFNzg2QTYyOTdC
NUQ3RDM5QUFCNkVEMTE1NTkxQ0JCNDkzM0YwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCxQUkO3IaPmKWVNKkABsWPsRfKvPVWrroFmtbi7kaOyBcFbqmj
nDF59c44O+BhxtuuUxXPbyWBwQxq153G8ot9zf5GNFhFTDwcBV5frwI++Q1nd+Fw
f0BVhhiyBsv59oIADVAcIkNcayBwUWqPLLbosRPAnTpi9kww6MD0FM7nFrpIynAm
D0lBFdhX0OiOaWdFuDhLw3/1gnOOog1hnA3COzoRAn8fA+xzXTIrjnKDuZawwOe6
EZzSSjEeGY5nlAwRhPXdwIGM0k+lhl/j/pLUgukqrI/AMRQxsf3XjHkJvVivjUwx
VksWE+cH5LIqXeK21WIGTQfhMYLKCCYKFylFAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUPjbnhqYpe119Oaq27RFVkcu0kz8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1BqYm5ocVlwZTExOU9h
cTI3UkZWa2N1MGt6OC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAHZ1GaO+61AA6uJiwIGpZ43IsgOsmjxT
TINNNqtlvmR6/AAj7GgdgcAFUvWUCQFfQXBSHBsrtzRQqKySyUkULNyPFu6qOiAf
Eoflc0TerFnNFOPV/UG5Bk72cvMKz/8vJPiFyPsQTScCtxZMGosE5OEnz34Hc+sb
9imbfHkTkyTGYSNXmljAjTj6NxiK1sxJe+Kesd1cRMAUIbI7DQAgP6Kv4B/iU/rw
0SNGuX2bNQi9m+xoOkDiaEPOXwUXop9rpW+oU/2OHVVMtVaDI5Cb+sJmKr/eX8kV
B/bHWleLnF/mY1HvFklm48iBT3dytasorw8M/SHEIV30tqXclw36JYs=
-----END CERTIFICATE-----
Generated at Sun Apr 14 18:59:53 2024 by rpki-client on console.sobornost.net