Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ea48zIND-dSkaOUgVq1HYnOR5vg.roa
File: ea48zIND-dSkaOUgVq1HYnOR5vg.roa (raw, json)
Hash identifier: CvhVQkOcPkxxdLJTb3Al9Hjx6Nqd+Rk8PmAnMDlHbPc=
Subject key identifier: 79:AE:3C:CC:83:43:F9:D4:A4:68:E5:20:56:AD:47:62:73:91:E6:F8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 443F
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ea48zIND-dSkaOUgVq1HYnOR5vg.roa
Signing time: Fri 19 Apr 2024 13:53:24 +0000
ROA not before: Fri 19 Apr 2024 13:53:24 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17471 (0x443f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 19 13:53:24 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=79AE3CCC8343F9D4A468E52056AD47627391E6F8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:9f:47:53:e0:e3:07:b7:9b:31:f4:96:01:b0:
b1:c4:66:10:25:6a:1e:25:8e:8f:95:da:bb:75:13:
75:d3:2e:86:b3:d6:d7:63:dd:86:3a:36:06:85:34:
c6:e2:a8:c3:9b:b1:6e:a0:cf:be:ca:70:54:94:d5:
cf:48:26:1b:f8:3c:b7:76:94:8a:62:74:cb:db:4b:
80:05:53:88:9e:c6:18:13:28:10:7c:3c:b3:f9:c5:
fb:93:e8:c1:53:09:5f:2b:ec:8e:ef:46:ca:96:da:
92:98:44:f3:80:c6:96:e2:1a:70:da:59:86:c3:ac:
75:03:17:12:c3:2a:c4:d0:fc:e6:98:ee:15:e1:91:
1a:7f:4f:46:8d:c5:ca:90:c8:3f:9a:cd:e2:ee:69:
5a:81:8d:29:cc:53:cc:d3:bf:cc:97:b4:8d:3c:18:
54:b1:d1:d1:f3:e3:36:4c:ac:a7:44:56:c9:42:93:
7e:64:df:5a:ba:59:2d:2d:a5:17:72:d4:45:f7:28:
cc:64:5d:57:7f:4c:c6:e8:8d:84:a8:86:20:d6:f5:
33:27:90:94:76:5a:07:d8:b0:b9:83:b4:54:73:32:
fa:a4:56:35:03:dd:b7:1a:00:1e:e6:64:32:47:78:
f3:43:ed:bd:a1:92:34:b6:09:59:00:e7:c2:70:dc:
59:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
79:AE:3C:CC:83:43:F9:D4:A4:68:E5:20:56:AD:47:62:73:91:E6:F8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ea48zIND-dSkaOUgVq1HYnOR5vg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
b6:35:e5:4d:2d:59:a5:54:21:80:67:c1:27:68:37:f1:4c:3e:
c7:34:2a:41:12:63:e3:98:6f:84:d0:4c:b5:24:98:62:17:66:
73:01:39:a0:d1:f9:c7:8a:19:8b:fa:fe:20:0c:3e:c9:ca:f4:
e3:42:ff:fb:af:b9:a9:5d:12:05:af:b7:5f:06:29:74:61:44:
fa:c4:63:0b:d1:bc:5b:e9:9d:57:2e:8b:b2:b4:6d:df:68:7f:
82:ff:24:bf:ed:d5:e0:c3:8c:cc:e7:bd:5e:49:cc:88:f1:dd:
f6:d4:f8:8a:7f:8b:8e:a2:ea:da:e2:c9:5f:3f:f1:75:8c:b6:
d4:ac:f5:4d:54:d4:78:37:a2:4b:ea:56:56:39:f7:71:d2:2a:
f7:1d:e6:f8:9f:49:87:d0:e3:ee:3b:64:c0:74:5a:ae:e0:b0:
69:e2:ff:1d:a7:61:d6:84:4f:16:a6:da:18:8f:5f:37:49:19:
63:01:f8:0f:97:b8:36:7e:0d:20:90:f4:62:a7:d8:ca:1d:d2:
67:d8:f1:41:8a:e2:4b:ba:f8:78:cf:8c:8d:fb:b4:86:81:8b:
3d:47:07:7d:6c:1d:0c:d7:c5:2d:13:b2:6c:8e:f8:5c:14:0e:
c8:3d:9a:35:35:1b:cb:07:a4:64:b9:e9:79:85:87:c4:29:17:
34:be:7a:3b
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICRD8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTkx
MzUzMjRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDc5QUUzQ0NDODM0M0Y5
RDRBNDY4RTUyMDU2QUQ0NzYyNzM5MUU2RjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCUn0dT4OMHt5sx9JYBsLHEZhAlah4ljo+V2rt1E3XTLoaz1tdj
3YY6NgaFNMbiqMObsW6gz77KcFSU1c9IJhv4PLd2lIpidMvbS4AFU4iexhgTKBB8
PLP5xfuT6MFTCV8r7I7vRsqW2pKYRPOAxpbiGnDaWYbDrHUDFxLDKsTQ/OaY7hXh
kRp/T0aNxcqQyD+azeLuaVqBjSnMU8zTv8yXtI08GFSx0dHz4zZMrKdEVslCk35k
31q6WS0tpRdy1EX3KMxkXVd/TMbojYSohiDW9TMnkJR2WgfYsLmDtFRzMvqkVjUD
3bcaAB7mZDJHePND7b2hkjS2CVkA58Jw3FkvAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUea48zIND+dSkaOUgVq1HYnOR5vgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2VhNDh6SU5ELWRTa2FP
VWdWcTFIWW5PUjV2Zy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBALY15U0tWaVUIYBnwSdoN/FMPsc0KkES
Y+OYb4TQTLUkmGIXZnMBOaDR+ceKGYv6/iAMPsnK9ONC//uvualdEgWvt18GKXRh
RPrEYwvRvFvpnVcui7K0bd9of4L/JL/t1eDDjMznvV5JzIjx3fbU+Ip/i46i6tri
yV8/8XWMttSs9U1U1Hg3okvqVlY593HSKvcd5vifSYfQ4+47ZMB0Wq7gsGni/x2n
YdaETxam2hiPXzdJGWMB+A+XuDZ+DSCQ9GKn2Mod0mfY8UGK4ku6+HjPjI37tIaB
iz1HB31sHQzXxS0TsmyO+FwUDsg9mjU1G8sHpGS56XmFh8QpFzS+ejs=
-----END CERTIFICATE-----
Generated at Fri Apr 19 19:03:59 2024 by rpki-client on console.sobornost.net