Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/RXXf4Tcv3WE8yQVjPIinpjbKSzg.roa
File: RXXf4Tcv3WE8yQVjPIinpjbKSzg.roa (raw, json)
Hash identifier: 4UpJ5p4f43UWOvWcFVI6F1C8trQT1D7jW37RmWHWR8U=
Subject key identifier: 45:75:DF:E1:37:2F:DD:61:3C:C9:05:63:3C:88:A7:A6:36:CA:4B:38
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 33C3
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RXXf4Tcv3WE8yQVjPIinpjbKSzg.roa
Signing time: Thu 28 Mar 2024 14:22:08 +0000
ROA not before: Thu 28 Mar 2024 14:22:08 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13251 (0x33c3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 28 14:22:08 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=4575DFE1372FDD613CC905633C88A7A636CA4B38
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:3c:04:e5:39:02:2d:ab:2a:e6:a7:e9:d3:d6:
40:b0:67:d8:df:9e:c1:00:89:4b:3a:c6:a8:ab:ec:
f5:d9:ba:5a:4f:67:f4:cf:43:6a:11:31:b6:9b:a2:
9f:83:46:ea:7e:b3:cd:a0:e4:72:f3:71:04:4c:73:
9d:19:4e:51:25:82:6a:cc:ec:fe:00:a2:a5:f6:c8:
50:1c:ba:75:fd:45:4b:48:09:4f:32:ed:39:98:4b:
cc:f1:c7:59:c2:a4:b9:0b:46:e9:e4:08:99:bc:3b:
14:3e:08:de:a7:99:72:00:52:29:87:31:98:74:0f:
f5:fb:7e:4e:df:e5:c7:97:01:8f:92:4d:d7:18:17:
76:8c:5a:97:33:a0:ce:12:84:a6:8e:24:9b:9e:3f:
e2:d8:da:bf:1e:44:e5:e4:f2:42:d9:a2:cd:66:e5:
12:5e:4b:40:d5:08:38:36:10:a8:12:fb:59:c5:95:
0b:ff:8b:c2:ab:c5:67:54:04:b3:64:0e:49:69:d7:
18:66:a3:56:55:05:d5:dc:27:4f:c8:12:fe:64:cd:
63:e3:be:2c:70:cd:a9:3b:e0:3c:43:63:87:a1:76:
3d:10:a6:2e:df:aa:6b:93:d1:21:48:5b:a0:2a:c3:
de:2c:75:3b:09:22:01:96:2b:08:a6:35:23:e7:96:
28:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:75:DF:E1:37:2F:DD:61:3C:C9:05:63:3C:88:A7:A6:36:CA:4B:38
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RXXf4Tcv3WE8yQVjPIinpjbKSzg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
37:37:35:1a:bf:8d:13:25:d7:6f:ac:e9:37:73:2f:fd:c6:68:
a5:b4:be:c1:3a:84:29:d6:1c:c2:2f:d8:c3:0b:53:32:f1:d0:
99:1e:92:23:7e:f0:ce:36:87:e7:99:a2:9f:fc:31:06:7d:ba:
cb:b8:44:8e:ac:bb:dd:3a:55:0c:32:50:21:b4:df:be:2d:5c:
3c:24:3c:24:2c:70:8f:16:5b:38:37:ab:59:e3:12:4f:0f:de:
78:98:ea:c1:21:99:3e:ad:ab:36:78:b7:22:79:7b:56:95:a3:
4d:1a:00:79:d0:cd:4a:27:43:4f:1d:cc:7e:3f:f9:ea:ec:b6:
56:19:e7:1b:16:81:bc:79:17:aa:01:f5:b9:3f:a0:48:7f:1c:
ea:5f:31:7d:9e:c2:e6:fe:6b:65:f7:89:95:bd:63:b6:fc:54:
0f:60:81:d1:61:4a:09:ea:07:85:00:18:8e:97:d2:96:55:62:
9a:43:e1:cb:82:2e:33:24:de:6c:31:26:4b:05:2b:4d:a1:f4:
a8:4b:d3:7b:91:e8:20:a5:bd:f6:da:bb:c8:1d:b1:e1:9e:f5:
2f:39:8a:e7:90:f8:df:72:6b:35:08:17:4d:cd:27:5f:72:cd:
27:2b:36:33:b9:1e:73:1b:38:89:25:45:d1:eb:18:f3:1d:37:
4f:2b:4e:6b
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICM8MwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjgx
NDIyMDhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQ1NzVERkUxMzcyRkRE
NjEzQ0M5MDU2MzNDODhBN0E2MzZDQTRCMzgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDAPATlOQItqyrmp+nT1kCwZ9jfnsEAiUs6xqir7PXZulpPZ/TP
Q2oRMbabop+DRup+s82g5HLzcQRMc50ZTlElgmrM7P4AoqX2yFAcunX9RUtICU8y
7TmYS8zxx1nCpLkLRunkCJm8OxQ+CN6nmXIAUimHMZh0D/X7fk7f5ceXAY+STdcY
F3aMWpczoM4ShKaOJJueP+LY2r8eROXk8kLZos1m5RJeS0DVCDg2EKgS+1nFlQv/
i8KrxWdUBLNkDklp1xhmo1ZVBdXcJ0/IEv5kzWPjvixwzak74DxDY4ehdj0Qpi7f
qmuT0SFIW6Aqw94sdTsJIgGWKwimNSPnligVAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQURXXf4Tcv3WE8yQVjPIinpjbKSzgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1JYWGY0VGN2M1dFOHlR
VmpQSWlucGpiS1N6Zy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBADc3NRq/jRMl12+s6TdzL/3GaKW0vsE6
hCnWHMIv2MMLUzLx0JkekiN+8M42h+eZop/8MQZ9usu4RI6su906VQwyUCG0374t
XDwkPCQscI8WWzg3q1njEk8P3niY6sEhmT6tqzZ4tyJ5e1aVo00aAHnQzUonQ08d
zH4/+erstlYZ5xsWgbx5F6oB9bk/oEh/HOpfMX2ewub+a2X3iZW9Y7b8VA9ggdFh
SgnqB4UAGI6X0pZVYppD4cuCLjMk3mwxJksFK02h9KhL03uR6CClvfbau8gdseGe
9S85iueQ+N9yazUIF03NJ19yzScrNjO5HnMbOIklRdHrGPMdN08rTms=
-----END CERTIFICATE-----
Generated at Thu Mar 28 21:02:48 2024 by rpki-client on console.sobornost.net