Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Z6zfmN_4xXN8oeveIBqrLp_mJVs.roa
File: Z6zfmN_4xXN8oeveIBqrLp_mJVs.roa (raw, json)
Hash identifier: vPytsO3TF+9v4M7MPIQapLxAzGKButdHj+Vvlsgdjp0=
Subject key identifier: 67:AC:DF:98:DF:F8:C5:73:7C:A1:EB:DE:20:1A:AB:2E:9F:E6:25:5B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3E7B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Z6zfmN_4xXN8oeveIBqrLp_mJVs.roa
Signing time: Thu 11 Apr 2024 21:22:48 +0000
ROA not before: Thu 11 Apr 2024 21:22:48 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15995 (0x3e7b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 11 21:22:48 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=67ACDF98DFF8C5737CA1EBDE201AAB2E9FE6255B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:d4:35:cb:40:0f:bf:27:6b:af:04:b4:93:5f:
d9:9c:3b:99:e2:51:f7:7c:0b:4d:c5:57:1b:f9:c1:
2a:ec:3b:00:72:80:74:e7:b0:fb:91:bf:b9:f8:b3:
5c:7b:70:5a:a5:67:18:52:2e:d4:90:f8:2e:8b:9c:
9e:1b:7a:1c:5d:3a:bc:fa:09:68:1c:3d:74:b1:0d:
6d:f3:23:30:73:7d:9a:83:37:7f:31:99:c7:64:27:
f8:8a:91:60:50:be:02:60:de:18:d7:c0:2c:46:28:
bd:56:f3:00:0b:34:5a:a4:da:63:11:fb:a0:2e:b3:
e6:ae:8d:d1:81:8f:39:39:71:16:f5:71:74:3c:bb:
ca:0b:ec:95:60:38:16:fc:3a:52:be:52:4e:40:b6:
2f:ef:51:70:bb:82:6e:ec:53:18:05:cb:22:a2:4d:
a0:c6:35:20:a1:dd:21:ae:1d:c3:4e:50:db:3b:2e:
1a:c6:a2:51:92:b0:98:21:fd:3e:dc:84:c9:f0:79:
50:f7:1c:c8:13:f1:0e:ae:93:b2:43:dc:40:0d:6b:
a4:52:27:9a:bc:fc:4c:da:26:48:f7:2a:a2:46:59:
18:46:6c:e6:77:ef:18:16:1e:59:d7:82:06:ee:6d:
d0:e0:39:39:ad:36:48:55:7a:b2:0c:30:a5:da:b2:
5e:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:AC:DF:98:DF:F8:C5:73:7C:A1:EB:DE:20:1A:AB:2E:9F:E6:25:5B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Z6zfmN_4xXN8oeveIBqrLp_mJVs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
5a:44:71:24:18:c1:ad:d3:67:58:bf:ec:46:7a:c1:68:f9:ae:
50:59:bf:97:5d:4a:20:03:3d:31:a4:d1:92:b4:38:15:58:91:
e9:d5:8d:3c:9f:8d:67:74:05:c0:80:0d:04:cc:16:06:41:81:
df:5a:9a:8f:28:18:d6:74:24:32:67:00:49:c3:9e:02:d1:30:
a8:98:39:ba:34:11:02:e7:34:39:4c:e0:f4:ef:8b:8b:91:75:
47:63:ee:ac:11:37:2a:78:c1:15:91:65:a0:1e:1c:70:9e:b6:
22:91:b4:7b:a0:90:74:52:95:11:69:ce:a2:13:64:8a:d1:33:
fb:9b:56:b5:3b:96:4a:eb:d1:7b:ab:b7:19:2e:87:89:cc:fd:
33:a9:f7:a1:5f:1c:b5:20:23:79:65:25:10:cc:e1:a4:24:ee:
e8:48:3e:b7:9c:78:d6:01:84:b0:6d:5f:db:ba:3c:1d:2f:a3:
e7:89:23:2e:86:a1:1f:89:8c:df:6f:2c:bb:5a:f3:2a:77:64:
49:a0:43:38:d0:42:f2:ca:ec:13:f6:3a:0e:04:58:10:62:7c:
eb:10:62:6a:05:d1:dc:38:0d:4c:a5:24:38:84:f9:8a:82:00:
bb:24:3d:05:62:6d:36:5c:03:59:0f:13:20:ef:b3:1e:8c:ba:
98:8e:a5:45
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICPnswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTEy
MTIyNDhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDY3QUNERjk4REZGOEM1
NzM3Q0ExRUJERTIwMUFBQjJFOUZFNjI1NUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDO1DXLQA+/J2uvBLSTX9mcO5niUfd8C03FVxv5wSrsOwBygHTn
sPuRv7n4s1x7cFqlZxhSLtSQ+C6LnJ4behxdOrz6CWgcPXSxDW3zIzBzfZqDN38x
mcdkJ/iKkWBQvgJg3hjXwCxGKL1W8wALNFqk2mMR+6Aus+aujdGBjzk5cRb1cXQ8
u8oL7JVgOBb8OlK+Uk5Ati/vUXC7gm7sUxgFyyKiTaDGNSCh3SGuHcNOUNs7LhrG
olGSsJgh/T7chMnweVD3HMgT8Q6uk7JD3EANa6RSJ5q8/EzaJkj3KqJGWRhGbOZ3
7xgWHlnXggbubdDgOTmtNkhVerIMMKXasl77AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUZ6zfmN/4xXN8oeveIBqrLp/mJVswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1o2emZtTl80eFhOOG9l
dmVJQnFyTHBfbUpWcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAFpEcSQYwa3TZ1i/7EZ6wWj5rlBZv5dd
SiADPTGk0ZK0OBVYkenVjTyfjWd0BcCADQTMFgZBgd9amo8oGNZ0JDJnAEnDngLR
MKiYObo0EQLnNDlM4PTvi4uRdUdj7qwRNyp4wRWRZaAeHHCetiKRtHugkHRSlRFp
zqITZIrRM/ubVrU7lkrr0Xurtxkuh4nM/TOp96FfHLUgI3llJRDM4aQk7uhIPrec
eNYBhLBtX9u6PB0vo+eJIy6GoR+JjN9vLLta8yp3ZEmgQzjQQvLK7BP2Og4EWBBi
fOsQYmoF0dw4DUylJDiE+YqCALskPQVibTZcA1kPEyDvsx6MupiOpUU=
-----END CERTIFICATE-----
Generated at Fri Apr 12 04:03:54 2024 by rpki-client on console.sobornost.net