Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/cOntZC5z2R5PY5XlkET1IKEwGvw.roa
File: cOntZC5z2R5PY5XlkET1IKEwGvw.roa (raw, json)
Hash identifier: Po0kRXpAUum7DQxg3Ne4ja+UXWw8JW76XPnExRG5IfA=
Subject key identifier: 70:E9:ED:64:2E:73:D9:1E:4F:63:95:E5:90:44:F5:20:A1:30:1A:FC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4847
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/cOntZC5z2R5PY5XlkET1IKEwGvw.roa
Signing time: Wed 24 Apr 2024 22:53:19 +0000
ROA not before: Wed 24 Apr 2024 22:53:19 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18503 (0x4847)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 24 22:53:19 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=70E9ED642E73D91E4F6395E59044F520A1301AFC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:36:ba:00:3a:e2:c5:fb:49:ba:2c:a2:a1:ba:
f2:94:36:48:4c:89:eb:6e:cb:69:2b:9e:51:37:d9:
ac:6e:3c:29:16:a5:f2:a9:36:3b:47:ba:04:ca:24:
6e:e2:59:88:08:0f:da:b3:7a:75:cd:0a:fe:9d:17:
74:61:24:d5:ed:73:8a:32:56:83:00:21:c1:72:1f:
a4:a3:77:67:b4:b9:11:b0:97:61:cd:fc:fd:62:b6:
8a:a7:7c:23:62:4c:35:74:b7:9c:01:08:33:b8:ab:
7a:9f:a4:16:c6:f7:0f:81:fe:2d:5a:59:63:f9:35:
4e:80:62:01:a7:bb:f1:cc:26:1a:0a:c3:36:88:d7:
8c:fa:af:cb:0e:1b:8e:b4:47:5d:72:2f:69:5f:cb:
2b:69:6b:e4:ac:e4:fe:31:30:66:31:41:44:a0:bc:
8e:08:6d:a5:15:11:77:30:63:ad:82:76:a0:68:7c:
90:d4:00:1e:a2:cc:ec:d6:a8:f7:19:8e:fd:2f:91:
de:f3:cb:10:81:59:5a:dc:3f:bb:5f:36:ef:13:a5:
c3:d1:92:ef:e5:9d:88:cc:21:16:ff:27:af:34:48:
b9:db:35:fe:fb:5d:f6:b8:f0:de:c0:2c:1b:9a:ee:
f2:45:d6:c2:8e:f2:6a:ef:9a:6d:1b:d7:f1:16:59:
8c:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:E9:ED:64:2E:73:D9:1E:4F:63:95:E5:90:44:F5:20:A1:30:1A:FC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/cOntZC5z2R5PY5XlkET1IKEwGvw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
89:d7:62:cd:9f:87:13:6c:4b:62:57:60:4d:cc:74:9e:81:39:
60:93:3a:19:24:3f:0f:88:8b:c9:14:de:80:13:8a:a3:44:eb:
04:36:e0:c7:2c:bf:cd:ee:34:19:1c:9c:2e:39:cc:e5:ed:35:
34:3c:2c:a4:09:f0:41:f9:f4:6d:91:42:70:33:03:50:f7:86:
19:4c:09:b0:1e:05:bb:71:6e:76:75:75:92:7f:d3:10:bd:8d:
3d:75:9d:2b:f5:ea:e6:1f:6f:e9:79:32:99:71:71:8c:7c:89:
49:ab:69:59:aa:0d:4a:62:cf:c5:47:b7:56:79:e9:bc:68:3b:
b1:1f:cc:18:64:7e:34:58:6b:e7:c2:9c:44:03:a8:e4:7a:ae:
76:16:42:15:ae:ad:e7:ae:27:c6:03:b0:0b:f2:ea:3a:91:6c:
e8:74:fa:69:e6:76:ff:9e:9b:86:68:4a:b8:d1:c2:0d:81:64:
e7:f5:1e:f5:ec:59:31:7f:23:0c:41:5a:dd:4c:57:31:95:ba:
9e:ff:c9:59:52:05:ef:d3:14:b8:fc:bc:6a:3f:d2:46:eb:7a:
16:00:9f:4b:08:6c:d1:16:23:32:1e:23:9e:19:ed:3e:1a:a1:
52:39:c7:28:92:a2:51:4c:20:53:d7:ec:6c:4c:9a:56:94:dd:
0e:ea:94:79
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICSEcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjQy
MjUzMTlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDcwRTlFRDY0MkU3M0Q5
MUU0RjYzOTVFNTkwNDRGNTIwQTEzMDFBRkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6NroAOuLF+0m6LKKhuvKUNkhMietuy2krnlE32axuPCkWpfKp
NjtHugTKJG7iWYgID9qzenXNCv6dF3RhJNXtc4oyVoMAIcFyH6Sjd2e0uRGwl2HN
/P1itoqnfCNiTDV0t5wBCDO4q3qfpBbG9w+B/i1aWWP5NU6AYgGnu/HMJhoKwzaI
14z6r8sOG460R11yL2lfyytpa+Ss5P4xMGYxQUSgvI4IbaUVEXcwY62CdqBofJDU
AB6izOzWqPcZjv0vkd7zyxCBWVrcP7tfNu8TpcPRku/lnYjMIRb/J680SLnbNf77
Xfa48N7ALBua7vJF1sKO8mrvmm0b1/EWWYxDAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUcOntZC5z2R5PY5XlkET1IKEwGvwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2NPbnRaQzV6MlI1UFk1
WGxrRVQxSUtFd0d2dy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAInXYs2fhxNsS2JXYE3MdJ6BOWCTOhkk
Pw+Ii8kU3oATiqNE6wQ24Mcsv83uNBkcnC45zOXtNTQ8LKQJ8EH59G2RQnAzA1D3
hhlMCbAeBbtxbnZ1dZJ/0xC9jT11nSv16uYfb+l5MplxcYx8iUmraVmqDUpiz8VH
t1Z56bxoO7EfzBhkfjRYa+fCnEQDqOR6rnYWQhWureeuJ8YDsAvy6jqRbOh0+mnm
dv+em4ZoSrjRwg2BZOf1HvXsWTF/IwxBWt1MVzGVup7/yVlSBe/TFLj8vGo/0kbr
ehYAn0sIbNEWIzIeI54Z7T4aoVI5xyiSolFMIFPX7GxMmlaU3Q7qlHk=
-----END CERTIFICATE-----
Generated at Fri Apr 26 03:43:41 2024 by rpki-client on console.sobornost.net