Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/X6WGZNZESpK6sRn5_w__1ZszojM.roa
File: X6WGZNZESpK6sRn5_w__1ZszojM.roa (raw, json)
Hash identifier: T+bnuV6hBRO6NUIP8fKf60ERi9xTjGAHG709kH+6zvo=
Subject key identifier: 5F:A5:86:64:D6:44:4A:92:BA:B1:19:F9:FF:0F:FF:D5:9B:33:A2:33
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4ECF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/X6WGZNZESpK6sRn5_w__1ZszojM.roa
Signing time: Fri 03 May 2024 15:53:46 +0000
ROA not before: Fri 03 May 2024 15:53:46 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20175 (0x4ecf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 3 15:53:46 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5FA58664D6444A92BAB119F9FF0FFFD59B33A233
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:9d:b9:85:70:72:d4:b7:d0:29:f9:6e:e5:a0:
6a:8d:20:dd:c8:7c:ba:82:52:4d:f3:22:b9:43:79:
42:9a:30:a3:ec:04:ff:58:65:b9:93:69:1f:77:08:
25:83:c0:4a:f8:7f:e3:19:3a:60:00:08:c4:0b:dd:
7a:b6:51:f3:21:76:5a:e8:93:62:69:51:58:51:cd:
91:c6:81:14:1c:c8:df:cc:c8:f5:e5:c6:a8:cd:73:
a6:8a:8e:a3:3f:86:d2:d4:c4:3c:dc:61:68:30:53:
c7:cc:a4:33:ff:79:96:ea:a9:04:79:36:bf:0a:b2:
a9:1d:39:3d:d4:3f:6c:d7:1b:e4:26:9c:c0:f6:86:
dd:6b:52:cb:88:83:95:95:b8:e2:4e:45:50:d3:78:
00:30:d7:e9:34:0f:60:f6:77:c0:9d:d1:74:52:00:
bf:d6:96:27:03:1f:72:7d:1d:62:d3:25:9a:db:4e:
da:9b:ec:24:07:43:a9:02:f6:d0:51:9b:cb:f3:70:
84:7c:80:5c:97:ec:59:d0:06:b8:3d:8c:10:29:44:
51:b9:da:7f:2e:f5:74:ea:5e:60:aa:f6:0a:ce:8f:
55:15:ea:e4:5c:fa:e6:fc:e0:d4:80:5b:a9:2b:6d:
a1:f6:ad:a0:e4:8b:4d:25:c8:2c:f1:63:64:72:fe:
41:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:A5:86:64:D6:44:4A:92:BA:B1:19:F9:FF:0F:FF:D5:9B:33:A2:33
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/X6WGZNZESpK6sRn5_w__1ZszojM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
63:d5:da:2e:16:54:c8:3a:e7:4a:99:fe:5e:79:c4:1c:31:bc:
3a:0b:95:16:7a:dd:7e:59:fb:ab:4d:90:0e:28:c4:0d:fb:69:
e1:3a:23:e7:bf:cf:ba:cf:5c:55:7b:e0:e6:65:78:2c:75:49:
5f:28:1e:15:ff:5e:1a:c8:b9:3b:85:10:ae:16:2d:e8:cc:8c:
eb:e0:84:2f:d0:ce:4d:d2:7a:45:c6:a0:87:e5:e7:96:a4:6c:
07:08:3d:c6:ac:b3:a5:ab:92:55:3a:2b:08:83:e1:ce:47:6a:
52:79:b2:ce:e1:4d:c1:f3:68:4f:bb:97:5f:ab:32:3e:e9:6c:
56:c3:44:c9:32:74:d2:75:ee:2c:3c:ff:32:67:8d:e6:86:50:
e9:52:2d:20:bf:00:f7:fd:c5:e9:98:fa:da:c0:60:91:17:b3:
cb:83:5c:70:bd:1f:3a:cc:82:55:cf:60:12:d4:22:ac:19:34:
9f:de:17:45:69:81:70:20:fc:67:b6:6c:65:b6:e8:ce:fa:b2:
30:79:8d:92:39:68:f0:e7:5f:91:c9:e5:68:5b:29:7e:3e:fc:
90:e4:00:3a:03:70:bf:bb:20:e3:e0:22:f2:23:03:15:1d:75:
e4:f7:99:cf:70:9c:08:f1:db:a2:4f:a5:c6:98:8c:98:dd:14:
c4:e1:38:10
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICTs8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDMx
NTUzNDZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDVGQTU4NjY0RDY0NDRB
OTJCQUIxMTlGOUZGMEZGRkQ1OUIzM0EyMzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4nbmFcHLUt9Ap+W7loGqNIN3IfLqCUk3zIrlDeUKaMKPsBP9Y
ZbmTaR93CCWDwEr4f+MZOmAACMQL3Xq2UfMhdlrok2JpUVhRzZHGgRQcyN/MyPXl
xqjNc6aKjqM/htLUxDzcYWgwU8fMpDP/eZbqqQR5Nr8KsqkdOT3UP2zXG+QmnMD2
ht1rUsuIg5WVuOJORVDTeAAw1+k0D2D2d8Cd0XRSAL/WlicDH3J9HWLTJZrbTtqb
7CQHQ6kC9tBRm8vzcIR8gFyX7FnQBrg9jBApRFG52n8u9XTqXmCq9grOj1UV6uRc
+ub84NSAW6krbaH2raDki00lyCzxY2Ry/kGlAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUX6WGZNZESpK6sRn5/w//1ZszojMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1g2V0daTlpFU3BLNnNS
bjVfd19fMVpzem9qTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAGPV2i4WVMg650qZ/l55xBwxvDoLlRZ6
3X5Z+6tNkA4oxA37aeE6I+e/z7rPXFV74OZleCx1SV8oHhX/XhrIuTuFEK4WLejM
jOvghC/Qzk3SekXGoIfl55akbAcIPcass6WrklU6KwiD4c5HalJ5ss7hTcHzaE+7
l1+rMj7pbFbDRMkydNJ17iw8/zJnjeaGUOlSLSC/APf9xemY+trAYJEXs8uDXHC9
HzrMglXPYBLUIqwZNJ/eF0VpgXAg/Ge2bGW26M76sjB5jZI5aPDnX5HJ5WhbKX4+
/JDkADoDcL+7IOPgIvIjAxUddeT3mc9wnAjx26JPpcaYjJjdFMThOBA=
-----END CERTIFICATE-----
Generated at Fri May 3 20:57:19 2024 by rpki-client on console.sobornost.net