Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/hPGPYUKWGdOofWuZA_1tomDpm2s.roa
File: hPGPYUKWGdOofWuZA_1tomDpm2s.roa (raw, json)
Hash identifier: M0+cihGk/ZkOQQIDSt/3xieuewMbXXo6uXSPFSXuipA=
Subject key identifier: 84:F1:8F:61:42:96:19:D3:A8:7D:6B:99:03:FD:6D:A2:60:E9:9B:6B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 359B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hPGPYUKWGdOofWuZA_1tomDpm2s.roa
Signing time: Sun 31 Mar 2024 01:22:13 +0000
ROA not before: Sun 31 Mar 2024 01:22:13 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13723 (0x359b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 31 01:22:13 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=84F18F61429619D3A87D6B9903FD6DA260E99B6B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:e6:7f:69:3f:da:11:b7:e5:92:0d:0c:ad:fe:
9d:81:68:aa:09:e1:5c:05:20:a6:02:8c:f9:d7:0f:
0e:10:2e:d2:9c:ad:10:14:ad:85:81:6a:19:53:29:
21:38:77:80:2a:c6:18:cc:6b:70:63:9e:08:e7:f8:
0c:fb:bf:29:01:0d:11:30:40:d0:ca:e9:25:24:48:
5e:04:17:35:f3:b0:c0:ae:15:d9:41:3a:dc:f5:27:
2d:61:43:34:13:3c:1e:c9:2e:01:f8:a9:f2:71:9c:
c1:be:2b:11:8a:d0:62:56:f3:05:cb:81:8f:d0:6e:
ec:f9:a1:48:38:10:4b:a7:9a:7a:2c:ea:96:92:91:
d2:7c:cd:be:31:ae:34:d3:41:7a:06:81:bd:cd:2b:
93:92:ca:34:e2:4f:58:da:d9:30:33:0f:5f:0d:90:
05:f0:22:00:6d:1f:ec:02:06:fe:a8:90:0e:ce:b4:
c4:98:16:d8:ae:43:ad:d3:f5:72:eb:1c:d8:d9:85:
ff:a6:cd:63:09:b7:9b:96:1b:a8:3c:42:01:1f:e3:
03:1c:a1:eb:e2:27:62:d3:0a:66:ee:8e:aa:fe:4e:
25:90:a9:d2:ff:4e:88:ec:aa:5c:ee:c6:2c:be:4d:
da:75:dc:dc:da:b4:db:61:ad:df:e2:6b:e0:73:f1:
e9:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:F1:8F:61:42:96:19:D3:A8:7D:6B:99:03:FD:6D:A2:60:E9:9B:6B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hPGPYUKWGdOofWuZA_1tomDpm2s.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
94:51:ce:48:c6:0c:c1:5b:8f:94:a3:56:4f:70:57:cd:88:a3:
b7:c5:03:b0:ea:36:da:03:6f:c9:04:a8:81:c0:e9:ac:10:83:
48:3b:49:dc:a2:8e:73:73:18:cb:4a:d6:33:c9:25:21:54:26:
a6:0b:b8:e9:54:0c:9c:3c:4f:19:88:b0:3b:01:4e:eb:2a:ba:
cc:c3:11:67:4b:c0:22:49:84:98:86:fd:31:69:69:18:3f:77:
30:a7:6f:f7:4c:12:78:b0:34:72:45:ba:bb:e4:dd:37:10:10:
72:a2:1a:65:69:61:f3:26:92:69:53:a8:f9:65:8f:59:11:8e:
03:74:23:d5:f4:44:48:46:f1:93:d4:24:52:31:ff:be:ec:af:
72:8f:fe:e7:23:a4:6d:3b:65:61:b1:0c:f7:38:a3:24:8c:b1:
52:c3:ea:74:65:a0:b6:c0:79:03:93:96:e3:b0:b5:e3:40:70:
d9:ea:5a:ba:e0:bc:04:cf:4f:b9:4d:b4:fc:6a:1c:b3:4a:67:
bc:c3:8e:4d:5f:19:5d:96:15:5c:b0:67:a4:57:3e:0f:0a:51:
37:ac:b9:e5:b2:a0:7b:fe:b3:c1:6c:9e:15:f6:24:01:1d:43:
cd:a0:c6:bd:00:e7:e6:d8:17:fb:4a:67:b0:90:74:aa:e6:8e:
93:be:fd:6d
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICNZswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzEw
MTIyMTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDg0RjE4RjYxNDI5NjE5
RDNBODdENkI5OTAzRkQ2REEyNjBFOTlCNkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDT5n9pP9oRt+WSDQyt/p2BaKoJ4VwFIKYCjPnXDw4QLtKcrRAU
rYWBahlTKSE4d4AqxhjMa3Bjngjn+Az7vykBDREwQNDK6SUkSF4EFzXzsMCuFdlB
Otz1Jy1hQzQTPB7JLgH4qfJxnMG+KxGK0GJW8wXLgY/Qbuz5oUg4EEunmnos6paS
kdJ8zb4xrjTTQXoGgb3NK5OSyjTiT1ja2TAzD18NkAXwIgBtH+wCBv6okA7OtMSY
FtiuQ63T9XLrHNjZhf+mzWMJt5uWG6g8QgEf4wMcoeviJ2LTCmbujqr+TiWQqdL/
Tojsqlzuxiy+Tdp13NzatNthrd/ia+Bz8ek3AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUhPGPYUKWGdOofWuZA/1tomDpm2swHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2hQR1BZVUtXR2RPb2ZX
dVpBXzF0b21EcG0ycy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAJRRzkjGDMFbj5SjVk9wV82Io7fFA7Dq
NtoDb8kEqIHA6awQg0g7SdyijnNzGMtK1jPJJSFUJqYLuOlUDJw8TxmIsDsBTusq
uszDEWdLwCJJhJiG/TFpaRg/dzCnb/dMEniwNHJFurvk3TcQEHKiGmVpYfMmkmlT
qPllj1kRjgN0I9X0REhG8ZPUJFIx/77sr3KP/ucjpG07ZWGxDPc4oySMsVLD6nRl
oLbAeQOTluOwteNAcNnqWrrgvATPT7lNtPxqHLNKZ7zDjk1fGV2WFVywZ6RXPg8K
UTesueWyoHv+s8FsnhX2JAEdQ82gxr0A5+bYF/tKZ7CQdKrmjpO+/W0=
-----END CERTIFICATE-----
Generated at Sun Mar 31 06:26:09 2024 by rpki-client on console.sobornost.net