Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/hJz-q6xcieCFulEOFE3QMQqlPEs.roa
File: hJz-q6xcieCFulEOFE3QMQqlPEs.roa (raw, json)
Hash identifier: 6ooFTvaQ2phRQd9Ki/IKk4wvfKB0Xy808VI5xrpLy7c=
Subject key identifier: 84:9C:FE:AB:AC:5C:89:E0:85:BA:51:0E:14:4D:D0:31:0A:A5:3C:4B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 35F3
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hJz-q6xcieCFulEOFE3QMQqlPEs.roa
Signing time: Sun 31 Mar 2024 12:22:30 +0000
ROA not before: Sun 31 Mar 2024 12:22:30 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13811 (0x35f3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 31 12:22:30 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=849CFEABAC5C89E085BA510E144DD0310AA53C4B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:33:c6:33:5a:05:b8:05:71:ba:15:1f:77:88:
cc:f8:b6:59:ed:fa:5c:87:3f:42:e9:f7:d4:b3:ec:
2e:60:1d:4b:1b:fd:50:f5:a5:25:24:e2:9e:41:ac:
85:69:32:f7:d6:e7:ba:e8:dd:ff:c1:5e:65:c8:4f:
15:63:a5:60:28:47:cc:e0:db:6a:83:af:d0:11:0b:
18:53:21:ec:bb:bf:93:c5:0e:0d:c0:35:e1:8c:3a:
5f:42:59:9c:8b:1b:cf:99:d5:22:a1:69:77:6b:2d:
05:0b:9f:0d:f8:7e:e8:fb:cc:9f:fa:e3:f7:a7:16:
29:bc:33:1a:35:df:32:1f:51:bd:fa:24:05:dd:57:
25:25:91:f3:00:4f:00:6d:1e:2d:5d:a2:16:8f:0c:
41:5e:1b:61:6c:19:c1:63:e1:a1:84:3e:98:61:64:
0c:30:20:ae:1e:9f:ef:16:8b:e8:7e:7a:83:0c:23:
51:34:f4:e2:a7:e2:f5:59:04:be:e4:65:89:d9:8d:
81:76:a0:18:b0:07:0d:24:e9:8e:62:36:22:55:d1:
98:99:c1:d3:19:53:e7:9b:50:d0:da:5e:b8:da:0f:
87:05:df:68:06:4c:b4:58:d3:89:91:75:ea:24:30:
9b:1e:6b:85:dd:26:43:df:b2:42:72:36:90:5d:00:
bb:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:9C:FE:AB:AC:5C:89:E0:85:BA:51:0E:14:4D:D0:31:0A:A5:3C:4B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hJz-q6xcieCFulEOFE3QMQqlPEs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
3a:0a:74:01:12:e8:48:85:48:dd:c5:e3:57:4c:81:2f:b0:9d:
ea:a6:ff:48:f0:34:44:94:be:a8:7c:c1:2b:48:9c:fc:86:18:
d3:12:07:d1:6b:7c:cf:93:bc:93:04:a7:93:60:51:c5:a8:2c:
f4:a0:70:cb:f7:be:8e:20:09:78:20:ef:fd:fc:11:68:f0:e8:
7e:e7:f9:8c:13:da:cc:6a:15:67:e0:3c:cb:41:3b:da:5c:4e:
4f:3c:ac:81:75:70:8d:eb:10:42:c7:f6:52:d3:39:0b:2e:af:
0d:fa:1b:1b:0c:63:7a:8d:fa:e0:3e:fe:b5:bf:96:e2:22:4d:
2e:78:40:cd:5b:96:21:f7:30:ef:5f:14:ea:6a:19:7b:dd:95:
44:1d:29:5d:da:22:00:b4:98:8b:3f:f0:2a:be:2d:8a:3d:4f:
6c:6e:52:16:a1:e8:87:fc:d0:60:04:2b:1e:9d:dd:73:11:ab:
00:2b:9a:c1:3a:87:fe:53:b4:be:96:4c:6e:9a:e1:58:97:a4:
7a:d9:66:88:3f:99:6d:2e:42:d4:ad:9d:0e:b9:46:7c:7f:aa:
f1:29:82:ed:2a:4c:2b:f6:1e:1e:08:85:8b:f7:c1:d8:2b:2a:
9d:e9:e5:3f:e2:7b:4a:04:b2:f0:ff:39:f8:a0:26:2e:15:7a:
f2:91:11:82
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICNfMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzEx
MjIyMzBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDg0OUNGRUFCQUM1Qzg5
RTA4NUJBNTEwRTE0NEREMDMxMEFBNTNDNEIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4M8YzWgW4BXG6FR93iMz4tlnt+lyHP0Lp99Sz7C5gHUsb/VD1
pSUk4p5BrIVpMvfW57ro3f/BXmXITxVjpWAoR8zg22qDr9ARCxhTIey7v5PFDg3A
NeGMOl9CWZyLG8+Z1SKhaXdrLQULnw34fuj7zJ/64/enFim8Mxo13zIfUb36JAXd
VyUlkfMATwBtHi1dohaPDEFeG2FsGcFj4aGEPphhZAwwIK4en+8Wi+h+eoMMI1E0
9OKn4vVZBL7kZYnZjYF2oBiwBw0k6Y5iNiJV0ZiZwdMZU+ebUNDaXrjaD4cF32gG
TLRY04mRdeokMJsea4XdJkPfskJyNpBdALsxAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUhJz+q6xcieCFulEOFE3QMQqlPEswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2hKei1xNnhjaWVDRnVs
RU9GRTNRTVFxbFBFcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBADoKdAES6EiFSN3F41dMgS+wneqm/0jw
NESUvqh8wStInPyGGNMSB9FrfM+TvJMEp5NgUcWoLPSgcMv3vo4gCXgg7/38EWjw
6H7n+YwT2sxqFWfgPMtBO9pcTk88rIF1cI3rEELH9lLTOQsurw36GxsMY3qN+uA+
/rW/luIiTS54QM1bliH3MO9fFOpqGXvdlUQdKV3aIgC0mIs/8Cq+LYo9T2xuUhah
6If80GAEKx6d3XMRqwArmsE6h/5TtL6WTG6a4ViXpHrZZog/mW0uQtStnQ65Rnx/
qvEpgu0qTCv2Hh4IhYv3wdgrKp3p5T/ie0oEsvD/OfigJi4VevKREYI=
-----END CERTIFICATE-----
Generated at Sun Mar 31 16:50:14 2024 by rpki-client on console.sobornost.net