Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/S-kaClS_RJC_uSQyPwB7c2LQeFk.roa
File: S-kaClS_RJC_uSQyPwB7c2LQeFk.roa (raw, json)
Hash identifier: 3PLtymEenAjwtdAZzE++UlYnSrmLhYSRUoQlX8gBr7E=
Subject key identifier: 4B:E9:1A:0A:54:BF:44:90:BF:B9:24:32:3F:00:7B:73:62:D0:78:59
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3547
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/S-kaClS_RJC_uSQyPwB7c2LQeFk.roa
Signing time: Sat 30 Mar 2024 14:52:09 +0000
ROA not before: Sat 30 Mar 2024 14:52:09 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13639 (0x3547)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 30 14:52:09 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=4BE91A0A54BF4490BFB924323F007B7362D07859
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:80:7a:73:7d:f8:d9:92:be:69:8c:b8:3f:94:
e5:79:21:fb:3f:a8:cb:87:ba:67:c7:7a:d0:20:c9:
a6:0e:44:a8:c8:78:91:f6:f5:52:50:b2:9a:d7:78:
98:66:ca:a4:c3:05:44:0b:ea:34:42:15:f0:3e:b0:
d6:71:25:d2:f6:8e:5b:2f:b1:a2:7d:2d:0a:a5:11:
d7:8d:61:b2:6a:69:f3:cc:b2:61:c0:1b:e1:b4:0a:
65:db:6f:d5:59:53:69:db:4e:6c:31:39:fe:51:6f:
16:07:cd:96:da:cb:09:62:c1:8d:a1:34:85:1b:f5:
c1:c7:af:c3:18:7e:84:f1:1c:fe:67:de:f3:5e:4f:
8b:68:51:4b:0f:25:c9:d5:04:4f:fb:e9:07:94:6d:
b6:0d:0b:d1:67:d7:6a:db:6b:23:c2:f7:ba:da:3b:
06:ed:ec:ad:b7:fe:5c:14:4b:90:d6:75:5a:39:46:
c2:ab:5f:a1:e4:80:3c:04:a6:2f:56:40:4f:90:a9:
5f:3f:d7:6d:f8:1b:0a:aa:bb:b7:ec:b6:2f:13:1d:
17:a9:90:3f:50:dc:1f:f4:da:08:50:87:c5:02:0a:
2f:3f:da:c4:b8:63:cd:19:aa:7a:64:d5:8a:32:85:
b0:7e:89:04:90:da:8e:31:71:91:67:a4:51:d3:ee:
88:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:E9:1A:0A:54:BF:44:90:BF:B9:24:32:3F:00:7B:73:62:D0:78:59
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/S-kaClS_RJC_uSQyPwB7c2LQeFk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
28:45:87:8d:0e:df:74:0e:e8:a5:11:ed:a5:30:f9:ae:61:e7:
eb:2a:9f:e0:6d:06:29:f3:2e:3d:b7:9c:71:26:95:8c:29:08:
35:bd:6c:31:1f:f8:0c:42:5c:fc:11:f0:8f:ff:e2:2d:13:98:
10:8c:e3:22:bf:fc:d5:9f:ab:bc:f0:b7:a6:ba:bc:ad:42:07:
20:04:2a:14:43:e6:91:95:d8:02:c5:72:58:2e:d9:d8:0c:7d:
74:97:9b:4e:61:8f:cb:6e:0c:5e:c7:f1:24:e3:90:23:1d:34:
3c:e9:44:7b:22:bc:9c:bd:7d:6e:19:5f:f5:87:da:54:fc:cd:
8d:78:f0:31:99:e0:71:bd:89:a0:c2:d3:3c:e3:c7:3f:00:f7:
45:c8:11:05:56:be:4f:2f:71:8f:bf:08:c3:4c:46:12:2a:0d:
10:37:70:5d:fd:49:bd:63:16:2b:51:c2:b2:f0:a5:f6:83:de:
d3:e8:20:12:11:f7:f6:ea:17:af:99:91:e9:d5:a0:ac:83:f4:
b6:b5:fe:e0:37:b6:92:c5:95:d3:10:0b:51:03:4e:c0:7a:90:
64:12:2c:27:2b:a9:16:5b:d1:cc:a9:a5:d1:28:32:a3:bc:b1:
9f:48:eb:7a:dd:b9:12:aa:f3:fe:ff:8f:e5:b6:26:ef:eb:30:
06:29:87:53
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICNUcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzAx
NDUyMDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDRCRTkxQTBBNTRCRjQ0
OTBCRkI5MjQzMjNGMDA3QjczNjJEMDc4NTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDNgHpzffjZkr5pjLg/lOV5Ifs/qMuHumfHetAgyaYORKjIeJH2
9VJQsprXeJhmyqTDBUQL6jRCFfA+sNZxJdL2jlsvsaJ9LQqlEdeNYbJqafPMsmHA
G+G0CmXbb9VZU2nbTmwxOf5RbxYHzZbaywliwY2hNIUb9cHHr8MYfoTxHP5n3vNe
T4toUUsPJcnVBE/76QeUbbYNC9Fn12rbayPC97raOwbt7K23/lwUS5DWdVo5RsKr
X6HkgDwEpi9WQE+QqV8/1234Gwqqu7fsti8THRepkD9Q3B/02ghQh8UCCi8/2sS4
Y80Zqnpk1YoyhbB+iQSQ2o4xcZFnpFHT7oiPAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUS+kaClS/RJC/uSQyPwB7c2LQeFkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1Mta2FDbFNfUkpDX3VT
UXlQd0I3YzJMUWVGay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAChFh40O33QO6KUR7aUw+a5h5+sqn+Bt
BinzLj23nHEmlYwpCDW9bDEf+AxCXPwR8I//4i0TmBCM4yK//NWfq7zwt6a6vK1C
ByAEKhRD5pGV2ALFclgu2dgMfXSXm05hj8tuDF7H8STjkCMdNDzpRHsivJy9fW4Z
X/WH2lT8zY148DGZ4HG9iaDC0zzjxz8A90XIEQVWvk8vcY+/CMNMRhIqDRA3cF39
Sb1jFitRwrLwpfaD3tPoIBIR9/bqF6+ZkenVoKyD9La1/uA3tpLFldMQC1EDTsB6
kGQSLCcrqRZb0cyppdEoMqO8sZ9I63rduRKq8/7/j+W2Ju/rMAYph1M=
-----END CERTIFICATE-----
Generated at Sat Mar 30 18:21:33 2024 by rpki-client on console.sobornost.net