Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/fIcvtpWRpPx8EvJdOrh_RozTGgE.roa
File: fIcvtpWRpPx8EvJdOrh_RozTGgE.roa (raw, json)
Hash identifier: HjyCjXjsGuK4jpnqgakRhpuaoB4eq7MozuvSn9HEX8E=
Subject key identifier: 7C:87:2F:B6:95:91:A4:FC:7C:12:F2:5D:3A:B8:7F:46:8C:D3:1A:01
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3683
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fIcvtpWRpPx8EvJdOrh_RozTGgE.roa
Signing time: Mon 01 Apr 2024 06:22:15 +0000
ROA not before: Mon 01 Apr 2024 06:22:15 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13955 (0x3683)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 1 06:22:15 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=7C872FB69591A4FC7C12F25D3AB87F468CD31A01
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:0a:dc:59:70:2e:46:b3:54:c3:d9:6a:5e:72:
12:cd:db:ab:32:90:14:d5:51:cd:c9:c0:d4:5b:fe:
03:3b:7f:0e:43:27:8f:de:79:44:2c:89:24:e4:8e:
c5:47:b5:66:c2:ca:62:0e:3d:23:12:50:4e:ed:74:
48:84:42:ad:93:d0:8e:bf:14:ff:b2:ba:f6:97:7d:
61:df:49:da:47:76:b6:02:83:36:9c:8e:0f:a8:1c:
6a:8f:2d:00:e7:07:c5:94:c0:e6:d3:cb:0e:bd:80:
65:8e:3d:e5:41:ed:a6:86:47:2d:86:14:e9:6e:6f:
2d:ef:30:27:47:19:28:c9:fc:58:c7:00:4a:d3:72:
c1:63:33:a2:02:04:bd:11:9a:ae:46:a4:58:3c:f7:
db:59:75:2a:c2:1b:c7:a7:4e:a2:f4:bb:b0:20:fd:
49:2a:58:a4:7e:cc:f0:85:8e:8b:dd:0b:55:03:cd:
54:a5:94:15:04:bc:2f:7a:ee:ef:24:cc:45:ff:2c:
d4:df:93:2b:b4:39:5c:97:bb:39:5c:ef:fb:9a:89:
87:ba:11:ca:e7:90:28:85:3f:1d:98:66:62:e7:88:
df:4f:91:42:90:99:8d:d9:ef:6a:6e:ad:58:a1:6d:
2c:6f:7e:f8:9d:71:16:5f:5b:32:ce:b0:82:b3:d3:
66:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:87:2F:B6:95:91:A4:FC:7C:12:F2:5D:3A:B8:7F:46:8C:D3:1A:01
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fIcvtpWRpPx8EvJdOrh_RozTGgE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
46:5b:15:e4:58:88:11:e8:70:d2:94:aa:6f:d6:87:c8:26:b3:
c0:66:81:04:75:65:7e:25:df:3c:52:c5:92:12:32:14:2d:0e:
5d:6d:b8:f1:2f:78:e6:57:f7:4d:7b:da:f5:72:02:dd:6c:ca:
6b:06:2a:a9:e5:e9:27:a2:7f:bf:11:6c:03:54:bb:a0:36:96:
ad:48:94:be:15:9b:1e:07:83:58:34:2b:fc:fa:df:0d:c8:4f:
b0:a8:a6:1e:8c:ca:cf:52:1e:bb:47:c6:21:53:5f:36:38:8d:
29:eb:0b:41:48:74:ff:67:e7:c9:64:bc:f6:57:31:f1:20:1c:
7f:b0:64:91:6e:1c:07:20:b3:04:0e:50:6d:e8:51:3d:7b:d1:
e1:85:48:1b:a4:b4:61:cc:3d:50:18:7c:85:b6:7a:6e:2b:8e:
d9:da:8d:41:b6:d9:dd:c1:5f:0e:7b:50:92:1a:11:b5:aa:62:
f6:cb:cf:ee:61:dc:6f:f5:97:60:50:06:69:ca:f8:f4:4e:03:
5d:16:80:83:7a:44:58:21:4b:d1:ef:1c:22:e7:3d:80:61:73:
93:40:7f:7b:06:4d:8a:8c:e0:f9:82:2c:d7:35:ed:84:65:b3:
71:40:f0:1b:3d:16:03:96:5d:76:e6:2d:b5:bd:bf:86:6f:00:
9a:bc:96:ec
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICNoMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDEw
NjIyMTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDdDODcyRkI2OTU5MUE0
RkM3QzEyRjI1RDNBQjg3RjQ2OENEMzFBMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOCtxZcC5Gs1TD2WpechLN26sykBTVUc3JwNRb/gM7fw5DJ4/e
eUQsiSTkjsVHtWbCymIOPSMSUE7tdEiEQq2T0I6/FP+yuvaXfWHfSdpHdrYCgzac
jg+oHGqPLQDnB8WUwObTyw69gGWOPeVB7aaGRy2GFOluby3vMCdHGSjJ/FjHAErT
csFjM6ICBL0Rmq5GpFg899tZdSrCG8enTqL0u7Ag/UkqWKR+zPCFjovdC1UDzVSl
lBUEvC967u8kzEX/LNTfkyu0OVyXuzlc7/uaiYe6EcrnkCiFPx2YZmLniN9PkUKQ
mY3Z72purVihbSxvfvidcRZfWzLOsIKz02ZzAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUfIcvtpWRpPx8EvJdOrh/RozTGgEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2ZJY3Z0cFdScFB4OEV2
SmRPcmhfUm96VEdnRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAEZbFeRYiBHocNKUqm/Wh8gms8BmgQR1
ZX4l3zxSxZISMhQtDl1tuPEveOZX90172vVyAt1symsGKqnl6Seif78RbANUu6A2
lq1IlL4Vmx4Hg1g0K/z63w3IT7Coph6Mys9SHrtHxiFTXzY4jSnrC0FIdP9n58lk
vPZXMfEgHH+wZJFuHAcgswQOUG3oUT170eGFSBuktGHMPVAYfIW2em4rjtnajUG2
2d3BXw57UJIaEbWqYvbLz+5h3G/1l2BQBmnK+PROA10WgIN6RFghS9HvHCLnPYBh
c5NAf3sGTYqM4PmCLNc17YRls3FA8Bs9FgOWXXbmLbW9v4ZvAJq8luw=
-----END CERTIFICATE-----
Generated at Mon Apr 1 11:18:47 2024 by rpki-client on console.sobornost.net