Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/j8FZVcBPME2LZDchtKGGgkyoxmo.roa
File: j8FZVcBPME2LZDchtKGGgkyoxmo.roa (raw, json)
Hash identifier: L9JeRV7NfVUFs6kVx5a0Q4FSzrjBW/E4w9craC2oMnE=
Subject key identifier: 8F:C1:59:55:C0:4F:30:4D:8B:64:37:21:B4:A1:86:82:4C:A8:C6:6A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 44A7
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/j8FZVcBPME2LZDchtKGGgkyoxmo.roa
Signing time: Sat 20 Apr 2024 02:53:11 +0000
ROA not before: Sat 20 Apr 2024 02:53:11 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17575 (0x44a7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 20 02:53:11 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8FC15955C04F304D8B643721B4A186824CA8C66A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:34:4e:bf:14:f7:ab:ae:7a:24:20:69:9f:5b:
37:c3:cd:c3:37:96:3b:29:07:e8:67:7d:3e:a3:ab:
ee:a2:9e:3a:3b:26:40:44:da:d6:eb:ba:b5:49:c1:
16:55:2c:01:53:d5:69:fb:c2:cd:3a:29:37:94:4c:
cb:9c:d3:05:f8:1d:8c:a8:70:cf:81:74:9d:10:b8:
5a:4b:78:96:5b:3f:04:e0:c9:17:44:f0:3b:bd:88:
12:db:10:3a:08:bc:28:67:c8:bb:e7:b2:22:23:c4:
14:74:85:4d:d8:64:20:ae:76:42:85:5e:65:f4:50:
eb:15:e2:9e:df:60:10:2d:35:bf:77:4b:f2:e0:51:
67:bd:b5:81:52:f0:3d:06:af:92:05:be:01:bd:a0:
6b:5a:7d:6f:4f:a0:04:b5:cb:d2:88:94:d1:a3:8b:
05:64:c7:d8:32:e9:41:b6:78:c7:1f:d9:6b:10:e3:
44:42:05:97:60:c7:c9:a2:c6:55:33:0f:2c:d5:ea:
0c:58:a6:a1:ac:5b:a5:73:9b:7d:28:c9:27:f7:8f:
81:2f:6d:28:58:bb:c2:69:15:d2:13:82:de:9d:b6:
b2:8a:57:69:2d:47:5e:cf:1d:56:a4:40:a8:49:6b:
54:70:cf:e1:26:22:a7:ce:d8:40:d3:86:d0:a5:a1:
e6:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:C1:59:55:C0:4F:30:4D:8B:64:37:21:B4:A1:86:82:4C:A8:C6:6A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/j8FZVcBPME2LZDchtKGGgkyoxmo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
08:13:45:0c:ac:2f:44:d3:62:72:b6:8d:6e:fc:af:11:e1:02:
f6:e2:f2:3e:e3:64:a2:f2:15:cf:ef:de:a4:d3:68:9a:a2:57:
52:ae:f6:0c:24:9f:19:da:61:a2:91:29:a5:af:5b:81:9f:08:
77:1a:ec:a0:89:6a:75:db:be:6c:eb:75:f1:c8:55:fa:66:a9:
b0:10:10:4d:8d:3d:d6:78:83:98:fd:97:d8:25:55:e6:67:8b:
89:ee:21:e2:ef:1a:b2:74:96:66:38:fa:e4:79:3d:06:3a:ec:
40:26:d9:2f:49:8f:7c:5a:e7:b6:8f:63:d2:eb:ba:df:a7:0b:
ce:d2:75:67:95:43:ca:df:4d:a9:78:c8:36:01:a4:02:dd:f3:
2a:eb:97:f8:75:8c:09:f7:fb:06:c8:c6:0e:1f:19:ba:ae:0f:
73:07:06:db:c4:fe:af:48:7d:9e:f8:f8:55:03:0f:83:2c:7c:
0d:74:36:84:ef:7b:78:4a:ee:ea:55:0c:9b:ba:b4:52:13:62:
d1:f5:7d:6a:9f:f1:1b:e7:a4:a3:61:ba:96:78:3d:ce:5e:bc:
27:fa:84:d2:55:4f:6a:61:fe:0f:0a:1a:26:f2:0c:00:0a:fc:
a8:50:64:0f:ce:f0:b6:b5:52:7e:ff:c6:4a:13:1f:70:f9:e0:
e8:50:4d:ec
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICRKcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjAw
MjUzMTFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhGQzE1OTU1QzA0RjMw
NEQ4QjY0MzcyMUI0QTE4NjgyNENBOEM2NkEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDNE6/FPerrnokIGmfWzfDzcM3ljspB+hnfT6jq+6injo7JkBE
2tbrurVJwRZVLAFT1Wn7ws06KTeUTMuc0wX4HYyocM+BdJ0QuFpLeJZbPwTgyRdE
8Du9iBLbEDoIvChnyLvnsiIjxBR0hU3YZCCudkKFXmX0UOsV4p7fYBAtNb93S/Lg
UWe9tYFS8D0Gr5IFvgG9oGtafW9PoAS1y9KIlNGjiwVkx9gy6UG2eMcf2WsQ40RC
BZdgx8mixlUzDyzV6gxYpqGsW6Vzm30oySf3j4EvbShYu8JpFdITgt6dtrKKV2kt
R17PHVakQKhJa1Rwz+EmIqfO2EDThtCloebhAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUj8FZVcBPME2LZDchtKGGgkyoxmowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2o4RlpWY0JQTUUyTFpE
Y2h0S0dHZ2t5b3htby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAAgTRQysL0TTYnK2jW78rxHhAvbi8j7j
ZKLyFc/v3qTTaJqiV1Ku9gwknxnaYaKRKaWvW4GfCHca7KCJanXbvmzrdfHIVfpm
qbAQEE2NPdZ4g5j9l9glVeZni4nuIeLvGrJ0lmY4+uR5PQY67EAm2S9Jj3xa57aP
Y9Lrut+nC87SdWeVQ8rfTal4yDYBpALd8yrrl/h1jAn3+wbIxg4fGbquD3MHBtvE
/q9IfZ74+FUDD4MsfA10NoTve3hK7upVDJu6tFITYtH1fWqf8RvnpKNhupZ4Pc5e
vCf6hNJVT2ph/g8KGibyDAAK/KhQZA/O8La1Un7/xkoTH3D54OhQTew=
-----END CERTIFICATE-----
Generated at Sat Apr 20 07:46:16 2024 by rpki-client on console.sobornost.net