Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/PwVyFKaumpyFp7TyJ8D4PWuPHqY.roa
File: PwVyFKaumpyFp7TyJ8D4PWuPHqY.roa (raw, json)
Hash identifier: AQjM8CPVGRzJk3tPkkek6xv0fAXBtNJyQV4Ac40TudY=
Subject key identifier: 3F:05:72:14:A6:AE:9A:9C:85:A7:B4:F2:27:C0:F8:3D:6B:8F:1E:A6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 451F
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PwVyFKaumpyFp7TyJ8D4PWuPHqY.roa
Signing time: Sat 20 Apr 2024 17:53:12 +0000
ROA not before: Sat 20 Apr 2024 17:53:12 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17695 (0x451f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 20 17:53:12 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3F057214A6AE9A9C85A7B4F227C0F83D6B8F1EA6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:95:21:1f:9a:bc:2f:eb:27:8b:04:7f:4e:a4:
8c:cb:63:7f:d9:6f:1b:2a:f5:6b:26:5f:9e:c1:7e:
e2:d5:98:47:73:9e:f2:88:b4:12:f5:76:d5:07:95:
49:a6:59:2e:33:87:cc:18:32:32:b7:7b:d3:e3:77:
74:ae:cf:d2:04:0e:d9:14:4a:c8:59:21:0c:e9:30:
7b:15:33:b6:c0:f8:b9:a5:44:b2:59:21:91:87:54:
de:d0:21:d1:78:c7:c1:95:69:3b:f2:76:17:5e:0d:
3f:25:2d:e7:25:bf:bd:17:6d:a1:25:ab:6b:47:14:
4d:5a:6d:5b:58:81:c5:40:49:05:ad:fd:15:a1:36:
14:70:1a:14:45:4f:67:42:eb:82:3c:f4:5a:a1:70:
20:5a:cb:18:29:fc:e5:74:aa:e6:87:da:6a:10:10:
f2:d9:79:cf:2e:67:24:02:d3:06:12:de:70:0d:ab:
66:4e:e1:ba:db:fb:62:af:be:fd:ac:62:35:69:8f:
2e:40:9e:24:a2:87:ae:ad:67:32:68:89:70:39:32:
d4:b6:8f:c9:79:6e:1d:e6:ee:58:aa:46:65:88:64:
1e:f2:78:7b:fe:6f:fb:5f:8f:5f:7d:7e:2e:28:94:
e1:7f:5f:3c:e8:26:b0:05:13:2c:b8:bb:6c:d9:14:
33:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:05:72:14:A6:AE:9A:9C:85:A7:B4:F2:27:C0:F8:3D:6B:8F:1E:A6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PwVyFKaumpyFp7TyJ8D4PWuPHqY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
5f:4a:c5:08:6a:7f:54:5e:79:18:98:d3:15:84:77:cf:b8:eb:
a5:63:1c:9e:4c:39:2e:65:88:34:a7:58:4c:07:47:ca:db:6e:
47:96:f8:2f:cc:57:29:95:77:43:39:e2:92:0e:d1:91:d5:cc:
fe:c0:72:1d:dc:bd:72:fa:50:b4:7e:ac:57:4b:34:00:fc:cf:
4a:29:5d:48:f6:44:3a:7d:da:88:d9:95:e4:02:8f:c4:98:dd:
3b:75:f6:92:42:4d:ee:1d:70:17:68:34:4b:fa:5a:36:e1:03:
92:8b:f4:03:d3:1c:e4:dd:ba:60:63:8f:d4:98:0d:6a:22:86:
f2:b2:93:04:e2:ba:a7:e2:79:31:44:d8:69:64:79:bc:97:09:
7c:72:3b:65:1f:c5:dc:fe:97:3f:82:99:de:e1:2e:e3:de:66:
53:c0:5a:4a:68:77:22:af:fb:29:52:95:e7:1f:82:e7:61:53:
1d:5d:ec:78:7c:27:e7:55:f6:0e:de:89:d0:d5:50:6e:df:0c:
16:dc:0f:e8:b8:1c:65:ed:56:ab:ea:47:07:b0:3c:ab:33:b9:
65:00:65:d2:75:63:8c:39:96:a0:73:f4:f0:57:99:06:28:b1:
91:6e:90:76:3a:0f:b1:2d:92:59:dd:5f:dc:40:cb:3a:0e:c4:
48:4e:b1:1f
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICRR8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjAx
NzUzMTJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDNGMDU3MjE0QTZBRTlB
OUM4NUE3QjRGMjI3QzBGODNENkI4RjFFQTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDUlSEfmrwv6yeLBH9OpIzLY3/Zbxsq9WsmX57BfuLVmEdznvKI
tBL1dtUHlUmmWS4zh8wYMjK3e9Pjd3Suz9IEDtkUSshZIQzpMHsVM7bA+LmlRLJZ
IZGHVN7QIdF4x8GVaTvydhdeDT8lLeclv70XbaElq2tHFE1abVtYgcVASQWt/RWh
NhRwGhRFT2dC64I89FqhcCBayxgp/OV0quaH2moQEPLZec8uZyQC0wYS3nANq2ZO
4brb+2Kvvv2sYjVpjy5AniSih66tZzJoiXA5MtS2j8l5bh3m7liqRmWIZB7yeHv+
b/tfj199fi4olOF/XzzoJrAFEyy4u2zZFDNFAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUPwVyFKaumpyFp7TyJ8D4PWuPHqYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1B3VnlGS2F1bXB5RnA3
VHlKOEQ0UFd1UEhxWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAF9KxQhqf1ReeRiY0xWEd8+466VjHJ5M
OS5liDSnWEwHR8rbbkeW+C/MVymVd0M54pIO0ZHVzP7Ach3cvXL6ULR+rFdLNAD8
z0opXUj2RDp92ojZleQCj8SY3Tt19pJCTe4dcBdoNEv6WjbhA5KL9APTHOTdumBj
j9SYDWoihvKykwTiuqfieTFE2GlkebyXCXxyO2Ufxdz+lz+Cmd7hLuPeZlPAWkpo
dyKv+ylSlecfgudhUx1d7Hh8J+dV9g7eidDVUG7fDBbcD+i4HGXtVqvqRwewPKsz
uWUAZdJ1Y4w5lqBz9PBXmQYosZFukHY6D7EtklndX9xAyzoOxEhOsR8=
-----END CERTIFICATE-----
Generated at Sun Apr 21 00:35:21 2024 by rpki-client on console.sobornost.net