Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/UrQTHawpKvNvw657Prq9jVpYTpE.roa
File: UrQTHawpKvNvw657Prq9jVpYTpE.roa (raw, json)
Hash identifier: 5H7PvZUvf8uwhnraD0wGtGDTOiBqagd0AcANB+1ht98=
Subject key identifier: 52:B4:13:1D:AC:29:2A:F3:6F:C3:AE:7B:3E:BA:BD:8D:5A:58:4E:91
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 36E3
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/UrQTHawpKvNvw657Prq9jVpYTpE.roa
Signing time: Mon 01 Apr 2024 18:22:14 +0000
ROA not before: Mon 01 Apr 2024 18:22:14 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14051 (0x36e3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 1 18:22:14 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=52B4131DAC292AF36FC3AE7B3EBABD8D5A584E91
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:9a:5d:1a:41:d0:cc:36:74:d3:4f:7d:d6:81:
e7:67:59:20:b3:74:0e:ae:8a:4f:af:b5:64:29:7a:
c4:f6:a6:16:be:a2:71:bb:ea:d9:db:cf:8c:58:90:
b4:a0:35:74:31:79:8c:c5:c5:99:d7:8d:0e:1e:f0:
ad:54:27:77:35:35:4b:e6:2b:25:8c:a6:76:9f:7b:
11:aa:b4:2b:d8:f4:0d:b6:ec:ca:f7:5d:8c:0d:91:
e1:95:b9:fa:bd:46:21:7d:e6:dc:4d:51:4d:a2:47:
23:f5:bb:9c:ef:8a:62:61:4e:8d:44:cd:0d:e7:ea:
3d:ce:99:96:bb:4d:21:83:e5:c3:eb:b9:9d:ec:72:
69:15:ae:8a:fa:0d:b6:c1:83:e1:40:04:9d:47:cd:
72:b3:82:a5:a0:53:9f:4a:34:ea:10:9d:a8:ea:66:
71:31:e0:b6:a6:66:9d:3d:52:24:ea:ea:01:72:d6:
d4:61:8d:49:90:d0:5d:e0:a3:de:a6:5a:11:f2:eb:
43:c7:57:6d:c3:c6:00:1a:c0:59:b4:d0:94:94:ba:
15:54:c7:4c:0b:a7:88:9e:ca:2b:88:ac:47:03:e9:
01:81:1a:29:c1:0a:7b:7a:a7:06:b8:7e:8b:ac:15:
6e:e0:71:7c:1e:fc:44:b3:0e:4a:80:60:28:b0:ee:
41:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:B4:13:1D:AC:29:2A:F3:6F:C3:AE:7B:3E:BA:BD:8D:5A:58:4E:91
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/UrQTHawpKvNvw657Prq9jVpYTpE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
3a:e4:a2:a4:8c:bc:c6:79:36:29:93:7e:b3:54:10:98:b7:d1:
e2:c6:f8:cc:66:cc:a2:2b:02:57:26:c6:29:4a:1d:a9:a0:68:
8d:eb:71:36:c9:70:2c:0e:dd:b5:1a:ab:f8:1e:bc:1f:b5:6b:
f0:d1:d8:6f:d3:cf:26:05:8f:67:e3:ed:2e:5c:64:13:1b:64:
04:75:89:47:fe:dc:bf:ab:36:41:01:19:7f:d4:f4:67:2c:60:
39:61:d9:2f:0a:5c:e6:0e:59:33:02:dd:44:0f:eb:af:98:f2:
d4:d6:9c:8c:62:1e:12:6c:a7:1c:1d:15:66:13:a9:38:5c:71:
f9:bb:84:bb:66:60:eb:ec:6e:55:04:4d:54:0a:35:38:8d:5d:
7f:a5:6a:a8:fa:1f:d8:b6:42:67:b1:dd:4d:f3:73:71:72:df:
ea:2c:cf:f1:58:34:74:74:1f:54:4e:7f:e8:ec:ce:5c:96:09:
3a:16:16:ef:94:99:67:05:69:35:87:ae:a7:4f:38:7f:54:96:
49:d3:89:de:17:d1:62:da:ab:48:91:7c:b2:44:2b:5a:8b:8e:
7f:e0:92:82:a3:2f:24:ac:0e:80:fc:d5:18:c1:50:63:01:a4:
10:2e:ed:8d:32:af:0f:27:b0:21:16:26:0a:0c:eb:3d:d4:6a:
51:8e:5e:a6
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICNuMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDEx
ODIyMTRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDUyQjQxMzFEQUMyOTJB
RjM2RkMzQUU3QjNFQkFCRDhENUE1ODRFOTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDml0aQdDMNnTTT33WgednWSCzdA6uik+vtWQpesT2pha+onG7
6tnbz4xYkLSgNXQxeYzFxZnXjQ4e8K1UJ3c1NUvmKyWMpnafexGqtCvY9A227Mr3
XYwNkeGVufq9RiF95txNUU2iRyP1u5zvimJhTo1EzQ3n6j3OmZa7TSGD5cPruZ3s
cmkVror6DbbBg+FABJ1HzXKzgqWgU59KNOoQnajqZnEx4LamZp09UiTq6gFy1tRh
jUmQ0F3go96mWhHy60PHV23DxgAawFm00JSUuhVUx0wLp4ieyiuIrEcD6QGBGinB
Cnt6pwa4fousFW7gcXwe/ESzDkqAYCiw7kFHAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUUrQTHawpKvNvw657Prq9jVpYTpEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1VyUVRIYXdwS3ZOdnc2
NTdQcnE5alZwWVRwRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBADrkoqSMvMZ5NimTfrNUEJi30eLG+Mxm
zKIrAlcmxilKHamgaI3rcTbJcCwO3bUaq/gevB+1a/DR2G/TzyYFj2fj7S5cZBMb
ZAR1iUf+3L+rNkEBGX/U9GcsYDlh2S8KXOYOWTMC3UQP66+Y8tTWnIxiHhJspxwd
FWYTqThccfm7hLtmYOvsblUETVQKNTiNXX+laqj6H9i2Qmex3U3zc3Fy3+osz/FY
NHR0H1ROf+jszlyWCToWFu+UmWcFaTWHrqdPOH9UlknTid4X0WLaq0iRfLJEK1qL
jn/gkoKjLySsDoD81RjBUGMBpBAu7Y0yrw8nsCEWJgoM6z3UalGOXqY=
-----END CERTIFICATE-----
Generated at Mon Apr 1 22:19:10 2024 by rpki-client on console.sobornost.net