Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/WydZdd_AxgqImQAvA_b71hUZ0a4.roa
File: WydZdd_AxgqImQAvA_b71hUZ0a4.roa (raw, json)
Hash identifier: F2eah1aijVqImTkpuc0HtFSmD7/ieUQnmcuBB5X8I+M=
Subject key identifier: 5B:27:59:75:DF:C0:C6:0A:88:99:00:2F:03:F6:FB:D6:15:19:D1:AE
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 42CB
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WydZdd_AxgqImQAvA_b71hUZ0a4.roa
Signing time: Wed 17 Apr 2024 15:22:59 +0000
ROA not before: Wed 17 Apr 2024 15:22:59 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17099 (0x42cb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 17 15:22:59 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5B275975DFC0C60A8899002F03F6FBD61519D1AE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:2d:4d:f0:23:a3:53:67:5e:c9:86:46:86:4f:
ff:47:38:d1:15:5f:8c:96:d8:2f:d7:20:48:10:b6:
5f:00:6f:d1:db:57:c1:d9:85:71:00:44:92:53:a1:
30:18:9c:3f:f5:0f:b9:11:fd:93:4a:a2:49:64:9f:
a9:0e:bb:45:72:e6:14:8b:f4:02:11:d5:28:96:b1:
b6:0b:d6:e0:3d:d9:64:a0:81:d2:3d:b3:f3:6d:18:
b0:22:13:a7:45:85:60:c7:12:aa:69:7e:bc:c7:11:
d2:af:2d:e6:24:df:ce:ff:28:a8:93:95:ae:cc:48:
fc:7d:74:ab:53:1f:a7:fe:1f:1b:a4:88:c4:bc:8f:
84:ed:9b:93:93:9b:f5:08:8a:4a:73:2d:f6:59:96:
c1:88:6a:d1:70:8e:70:9b:27:78:96:1c:bc:dc:a7:
a1:5e:e5:4e:cb:f4:53:4a:50:ca:08:b7:26:e9:e4:
05:33:b1:30:a0:00:70:fd:68:54:04:22:f2:fd:1f:
85:76:38:56:bd:ff:23:73:10:83:a2:94:ba:87:64:
75:9c:f3:ac:c1:43:61:b9:73:b2:42:49:53:07:ab:
e7:c4:9d:f0:90:92:44:88:9d:91:be:0f:a0:28:c2:
9b:b6:97:df:30:59:58:09:2b:e0:ac:b2:84:6a:a2:
2a:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:27:59:75:DF:C0:C6:0A:88:99:00:2F:03:F6:FB:D6:15:19:D1:AE
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WydZdd_AxgqImQAvA_b71hUZ0a4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
8e:62:df:65:78:52:73:39:94:69:cf:a0:09:8f:0a:3e:7c:70:
b3:22:09:6f:d7:99:c8:0c:94:d2:ad:61:79:6c:d8:73:9a:d8:
b3:ad:63:b5:53:49:96:e7:1f:86:30:49:1c:9f:00:92:a8:5f:
79:b8:c6:b9:7e:7d:83:84:bf:da:ec:a0:a9:26:d8:72:14:05:
c0:70:ff:73:b4:c7:ab:cb:3a:db:a9:b9:57:ae:d0:29:92:83:
fa:d9:52:de:30:df:ae:8b:15:16:18:1b:ee:a9:b0:7b:1b:a2:
44:bb:43:c0:83:52:39:dd:f9:31:bd:eb:ca:7c:d4:88:91:7f:
f7:77:9c:10:e4:89:b9:a4:2f:a0:02:fe:ad:d7:e5:33:97:8e:
d3:57:15:af:84:85:a9:2e:38:bb:ad:dd:da:53:38:45:18:63:
b2:bf:e9:40:94:bb:4f:92:72:f7:c0:5e:49:c0:54:f0:f3:8c:
6b:13:ae:ee:95:c1:a2:45:76:1c:a1:53:5c:54:b8:bf:fa:1a:
7b:66:cc:a3:9c:c5:89:c0:36:da:32:dc:89:1b:3b:f7:2b:d6:
88:85:44:6b:09:9b:f3:49:eb:cb:55:f5:d1:79:88:d2:cf:3c:
34:95:1d:a5:bb:43:b3:a8:b4:89:67:ac:3d:58:da:c3:bb:be:
79:7e:79:4b
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQsswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTcx
NTIyNTlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDVCMjc1OTc1REZDMEM2
MEE4ODk5MDAyRjAzRjZGQkQ2MTUxOUQxQUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDGLU3wI6NTZ17JhkaGT/9HONEVX4yW2C/XIEgQtl8Ab9HbV8HZ
hXEARJJToTAYnD/1D7kR/ZNKoklkn6kOu0Vy5hSL9AIR1SiWsbYL1uA92WSggdI9
s/NtGLAiE6dFhWDHEqppfrzHEdKvLeYk387/KKiTla7MSPx9dKtTH6f+HxukiMS8
j4Ttm5OTm/UIikpzLfZZlsGIatFwjnCbJ3iWHLzcp6Fe5U7L9FNKUMoItybp5AUz
sTCgAHD9aFQEIvL9H4V2OFa9/yNzEIOilLqHZHWc86zBQ2G5c7JCSVMHq+fEnfCQ
kkSInZG+D6Aowpu2l98wWVgJK+CssoRqoirPAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUWydZdd/AxgqImQAvA/b71hUZ0a4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1d5ZFpkZF9BeGdxSW1R
QXZBX2I3MWhVWjBhNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAI5i32V4UnM5lGnPoAmPCj58cLMiCW/X
mcgMlNKtYXls2HOa2LOtY7VTSZbnH4YwSRyfAJKoX3m4xrl+fYOEv9rsoKkm2HIU
BcBw/3O0x6vLOtupuVeu0CmSg/rZUt4w366LFRYYG+6psHsbokS7Q8CDUjnd+TG9
68p81IiRf/d3nBDkibmkL6AC/q3X5TOXjtNXFa+EhakuOLut3dpTOEUYY7K/6UCU
u0+ScvfAXknAVPDzjGsTru6VwaJFdhyhU1xUuL/6GntmzKOcxYnANtoy3IkbO/cr
1oiFRGsJm/NJ68tV9dF5iNLPPDSVHaW7Q7OotIlnrD1Y2sO7vnl+eUs=
-----END CERTIFICATE-----
Generated at Wed Apr 17 21:27:37 2024 by rpki-client on console.sobornost.net