Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ivtPZf1mFQMWj9FQIhjrGGsCiwk.roa
File: ivtPZf1mFQMWj9FQIhjrGGsCiwk.roa (raw, json)
Hash identifier: /iIa1xOkl5br76fmDSRy1D7F2l88GX2mBIXA/rjqWbk=
Subject key identifier: 8A:FB:4F:65:FD:66:15:03:16:8F:D1:50:22:18:EB:18:6B:02:8B:09
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 34BB
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ivtPZf1mFQMWj9FQIhjrGGsCiwk.roa
Signing time: Fri 29 Mar 2024 21:22:36 +0000
ROA not before: Fri 29 Mar 2024 21:22:36 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13499 (0x34bb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 29 21:22:36 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8AFB4F65FD661503168FD1502218EB186B028B09
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:5f:b2:4c:a8:3d:ee:76:7d:1e:73:47:fe:6e:
73:e8:9a:48:b9:a2:80:0a:42:c0:de:07:68:da:ea:
0a:d5:62:0d:29:21:29:11:87:ff:c8:bc:37:52:0d:
b6:b1:b3:30:20:00:45:77:7f:85:be:ff:3c:4e:ac:
b4:81:c4:ab:62:91:2e:03:16:66:5f:c0:6c:21:73:
a9:b3:45:4e:be:ed:2d:05:7c:0f:4f:b0:35:36:d6:
f3:f6:59:56:84:3a:98:82:80:00:0d:c9:e9:c1:a2:
36:7a:75:eb:4c:18:72:14:40:3f:9a:cf:a1:53:38:
e1:49:ee:d0:4b:8c:24:98:16:79:fb:ae:08:12:a9:
c4:f8:ef:cc:8b:eb:b8:c3:c0:4a:cb:c5:91:17:27:
2e:aa:57:ce:fc:c0:b5:da:88:d7:0c:e6:00:96:c0:
6d:a9:ff:9d:17:99:6b:dc:d2:5a:3a:5a:d8:c5:e9:
bf:d9:1d:4d:e6:26:0a:dd:fa:4c:3a:ee:0b:83:81:
36:d8:9a:7d:a2:25:5a:26:8b:65:c7:fe:fc:a8:3c:
77:41:c2:57:fa:da:16:dc:d4:7d:b5:18:75:f1:77:
d8:fd:61:3a:2a:75:56:f9:c0:4c:2d:2d:c2:d1:8a:
a5:ef:99:a3:0c:be:6a:80:71:19:43:37:55:29:6f:
ab:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:FB:4F:65:FD:66:15:03:16:8F:D1:50:22:18:EB:18:6B:02:8B:09
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ivtPZf1mFQMWj9FQIhjrGGsCiwk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
72:e2:94:19:3b:64:dc:f9:a1:3c:3d:8d:a2:a6:42:c4:37:50:
b1:9b:8b:83:27:bc:52:cc:56:33:bb:e8:f9:18:3f:6f:7d:b9:
ba:7a:a1:33:52:c7:8a:71:c9:f8:db:2a:0a:1e:89:3c:ce:0b:
1f:14:b8:10:41:ac:8c:64:af:36:89:cf:c7:cb:10:a1:2f:79:
e2:59:9f:34:c7:09:2c:62:33:94:16:82:7c:9e:38:a4:53:65:
89:71:5a:34:ec:f7:f3:8a:a0:06:0c:0d:65:35:75:a7:94:54:
05:24:16:18:2e:8b:a8:fb:79:44:a8:86:3b:02:12:24:58:c9:
9c:4c:07:4f:52:3e:28:8a:d6:af:f6:d8:85:7a:fa:b3:d0:fb:
c0:b6:d4:92:f1:18:d3:ee:29:b1:1b:16:d8:3e:3a:80:e1:3c:
ba:6a:4f:20:b2:e7:a4:d0:15:99:f1:75:d3:55:be:c1:1c:ee:
9b:0a:b3:43:06:02:fd:c2:a8:52:8a:7f:0a:ab:59:ae:e6:10:
aa:fb:19:90:18:22:0b:98:af:92:47:1b:e4:eb:da:7e:29:36:
c3:fd:ef:ff:fa:78:e0:fa:e6:55:ce:7c:72:9a:12:9b:4a:9b:
7d:1f:46:5e:c0:96:83:65:ce:54:2a:2f:c4:4d:ea:00:e7:07:
84:b7:35:11
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICNLswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjky
MTIyMzZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhBRkI0RjY1RkQ2NjE1
MDMxNjhGRDE1MDIyMThFQjE4NkIwMjhCMDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9X7JMqD3udn0ec0f+bnPomki5ooAKQsDeB2ja6grVYg0pISkR
h//IvDdSDbaxszAgAEV3f4W+/zxOrLSBxKtikS4DFmZfwGwhc6mzRU6+7S0FfA9P
sDU21vP2WVaEOpiCgAANyenBojZ6detMGHIUQD+az6FTOOFJ7tBLjCSYFnn7rggS
qcT478yL67jDwErLxZEXJy6qV878wLXaiNcM5gCWwG2p/50XmWvc0lo6WtjF6b/Z
HU3mJgrd+kw67guDgTbYmn2iJVomi2XH/vyoPHdBwlf62hbc1H21GHXxd9j9YToq
dVb5wEwtLcLRiqXvmaMMvmqAcRlDN1Upb6thAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUivtPZf1mFQMWj9FQIhjrGGsCiwkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2l2dFBaZjFtRlFNV2o5
RlFJaGpyR0dzQ2l3ay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAHLilBk7ZNz5oTw9jaKmQsQ3ULGbi4Mn
vFLMVjO76PkYP299ubp6oTNSx4pxyfjbKgoeiTzOCx8UuBBBrIxkrzaJz8fLEKEv
eeJZnzTHCSxiM5QWgnyeOKRTZYlxWjTs9/OKoAYMDWU1daeUVAUkFhgui6j7eUSo
hjsCEiRYyZxMB09SPiiK1q/22IV6+rPQ+8C21JLxGNPuKbEbFtg+OoDhPLpqTyCy
56TQFZnxddNVvsEc7psKs0MGAv3CqFKKfwqrWa7mEKr7GZAYIguYr5JHG+Tr2n4p
NsP97//6eOD65lXOfHKaEptKm30fRl7AloNlzlQqL8RN6gDnB4S3NRE=
-----END CERTIFICATE-----
Generated at Sat Mar 30 05:22:44 2024 by rpki-client on console.sobornost.net