Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/gPSJHYQ00E41CxxJ6xG6nHXcAg0.roa
File: gPSJHYQ00E41CxxJ6xG6nHXcAg0.roa (raw, json)
Hash identifier: c9aA4PKPtOXe3hHAviwGGfvMRkgm0G7DOTVS+9Uy4Hg=
Subject key identifier: 80:F4:89:1D:84:34:D0:4E:35:0B:1C:49:EB:11:BA:9C:75:DC:02:0D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3F13
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/gPSJHYQ00E41CxxJ6xG6nHXcAg0.roa
Signing time: Fri 12 Apr 2024 16:22:48 +0000
ROA not before: Fri 12 Apr 2024 16:22:48 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16147 (0x3f13)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 12 16:22:48 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=80F4891D8434D04E350B1C49EB11BA9C75DC020D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:d6:16:28:2f:5d:1a:42:c4:b3:cd:dc:fc:a4:
42:43:1c:2a:e2:3b:0f:a7:42:2b:9a:74:0a:7d:3b:
de:df:e4:a5:2d:5c:ea:44:88:d7:f1:83:7d:ca:b8:
03:c3:2a:bd:79:10:e6:fd:74:43:5c:96:e4:42:51:
e9:4d:53:42:fc:de:58:38:0c:89:2f:2b:d2:52:17:
cb:8c:9f:06:79:c1:be:1f:fe:44:b9:4e:04:e5:99:
8d:e1:dd:32:b5:48:d4:1a:f4:c3:08:85:a8:d7:a3:
54:4e:da:2f:f1:7b:37:12:38:04:34:e6:7c:e8:7a:
1b:52:7f:e4:94:72:c4:70:4b:cc:4a:43:e8:69:ac:
8d:e8:8a:34:0c:9b:61:53:b0:fa:ee:4d:60:ed:a8:
8d:d2:0e:5f:2f:6e:7d:a5:e3:a4:b0:3a:38:13:1b:
5f:f5:b9:e0:d0:c6:15:2d:37:6c:f9:c9:56:22:44:
eb:eb:35:2d:69:90:29:12:ab:7b:21:98:49:de:22:
67:0f:da:0c:a6:71:d4:d2:f7:99:fe:fa:e5:d7:c3:
18:7b:9d:cc:58:51:99:30:cf:d3:aa:34:9f:11:8c:
74:61:68:9c:0b:f4:8c:00:38:2f:9f:0b:f6:6f:77:
75:80:17:46:b5:7a:0a:88:38:39:f0:46:bc:fe:83:
72:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:F4:89:1D:84:34:D0:4E:35:0B:1C:49:EB:11:BA:9C:75:DC:02:0D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/gPSJHYQ00E41CxxJ6xG6nHXcAg0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
6b:f8:2e:c8:21:b3:c3:5d:c7:1f:7c:ba:62:e4:06:da:f8:eb:
a2:4d:ff:7d:2a:b9:f3:b9:c4:f9:5f:f1:79:42:ee:30:44:fe:
db:dd:d9:7f:68:ad:84:06:51:fc:27:fa:4e:32:7d:78:45:7e:
a1:a5:b8:27:00:a1:ce:86:e2:83:01:eb:52:58:1b:d2:9c:57:
0b:5e:c9:6c:07:d4:90:7c:21:0b:fc:31:6f:72:bc:cf:96:87:
5c:e0:17:50:2b:0b:a8:b6:fd:13:00:3f:61:30:43:07:de:91:
25:82:69:9e:bd:31:10:30:9a:00:e9:46:ba:2b:e9:87:51:49:
fe:9a:b6:d5:85:d6:27:d1:5b:25:13:66:6e:6d:0c:5c:60:53:
c3:72:3a:00:6a:4e:a6:44:ad:77:c2:40:95:cb:5a:22:d2:3a:
59:1a:43:d1:5f:41:9c:96:cf:54:4a:bf:0d:d5:d9:a6:e1:ba:
f6:fe:44:59:c3:0d:37:47:1e:35:6a:9e:36:ba:50:e3:41:30:
e2:40:db:8e:62:c7:0e:39:22:66:62:44:06:25:4b:95:35:e3:
7f:c8:2d:5f:5a:d0:05:0f:a7:cd:29:69:ef:b9:df:9f:4e:5d:
4f:59:1f:34:ed:3b:fe:8a:43:68:ec:f7:fe:8f:30:df:8f:f2:
84:4d:41:2c
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICPxMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTIx
NjIyNDhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDgwRjQ4OTFEODQzNEQw
NEUzNTBCMUM0OUVCMTFCQTlDNzVEQzAyMEQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDX1hYoL10aQsSzzdz8pEJDHCriOw+nQiuadAp9O97f5KUtXOpE
iNfxg33KuAPDKr15EOb9dENcluRCUelNU0L83lg4DIkvK9JSF8uMnwZ5wb4f/kS5
TgTlmY3h3TK1SNQa9MMIhajXo1RO2i/xezcSOAQ05nzoehtSf+SUcsRwS8xKQ+hp
rI3oijQMm2FTsPruTWDtqI3SDl8vbn2l46SwOjgTG1/1ueDQxhUtN2z5yVYiROvr
NS1pkCkSq3shmEneImcP2gymcdTS95n++uXXwxh7ncxYUZkwz9OqNJ8RjHRhaJwL
9IwAOC+fC/Zvd3WAF0a1egqIODnwRrz+g3LBAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUgPSJHYQ00E41CxxJ6xG6nHXcAg0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2dQU0pIWVEwMEU0MUN4
eEo2eEc2bkhYY0FnMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAGv4Lsghs8Ndxx98umLkBtr466JN/30q
ufO5xPlf8XlC7jBE/tvd2X9orYQGUfwn+k4yfXhFfqGluCcAoc6G4oMB61JYG9Kc
VwteyWwH1JB8IQv8MW9yvM+Wh1zgF1ArC6i2/RMAP2EwQwfekSWCaZ69MRAwmgDp
Rror6YdRSf6attWF1ifRWyUTZm5tDFxgU8NyOgBqTqZErXfCQJXLWiLSOlkaQ9Ff
QZyWz1RKvw3V2abhuvb+RFnDDTdHHjVqnja6UONBMOJA245ixw45ImZiRAYlS5U1
43/ILV9a0AUPp80pae+5359OXU9ZHzTtO/6KQ2js9/6PMN+P8oRNQSw=
-----END CERTIFICATE-----
Generated at Sat Apr 13 02:37:20 2024 by rpki-client on console.sobornost.net