Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/k5UA1PbDEh42VkHIwGlz1F00IfQ.roa
File: k5UA1PbDEh42VkHIwGlz1F00IfQ.roa (raw, json)
Hash identifier: 8QQR6vMSVQ/U6jEN7CizFvEeOp5H+UocpW9WZaIkD0k=
Subject key identifier: 93:95:00:D4:F6:C3:12:1E:36:56:41:C8:C0:69:73:D4:5D:34:21:F4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3AB3
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/k5UA1PbDEh42VkHIwGlz1F00IfQ.roa
Signing time: Sat 06 Apr 2024 20:22:33 +0000
ROA not before: Sat 06 Apr 2024 20:22:33 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15027 (0x3ab3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 6 20:22:33 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=939500D4F6C3121E365641C8C06973D45D3421F4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:0a:e5:a2:76:ae:42:d0:d8:48:c3:d9:e4:b2:
3a:a9:a4:44:d3:74:23:86:6c:82:39:68:a7:ce:c1:
ad:25:21:c0:a6:15:e9:c0:af:d7:ac:7a:4a:cf:6d:
ef:77:3e:5e:a0:60:f6:13:7c:61:29:65:ff:0e:cb:
66:9b:8d:b9:42:10:fb:c9:a3:27:de:06:19:59:a3:
52:4f:90:7f:01:fe:71:e9:18:8c:ca:64:2b:6c:68:
37:00:89:7c:ae:d7:d9:89:8b:97:fd:56:57:d8:2a:
a2:09:6b:03:ca:0c:ba:27:5e:c1:80:37:13:f8:a0:
01:18:e9:8f:4a:6d:c6:d3:d8:81:ba:bf:50:c3:e5:
2a:71:4c:63:b5:31:58:76:86:73:fc:81:83:22:1f:
28:19:73:ac:36:ba:84:68:4f:dd:cf:50:c7:a2:41:
af:a8:03:d9:51:28:91:3c:5a:dd:da:90:60:06:b8:
e7:c9:dc:d7:16:17:d2:62:3f:69:26:4e:5c:04:31:
73:82:fc:bc:ea:e5:13:cd:04:00:5e:28:e5:46:ee:
85:56:7e:7d:a1:b1:71:e1:83:c6:53:ac:20:4f:41:
18:56:fb:b9:19:47:d5:bc:03:d9:6d:1f:b9:2d:eb:
5a:46:52:ca:6e:37:59:c7:22:a5:44:11:91:20:b0:
eb:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:95:00:D4:F6:C3:12:1E:36:56:41:C8:C0:69:73:D4:5D:34:21:F4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/k5UA1PbDEh42VkHIwGlz1F00IfQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
5a:6a:b1:ae:1c:7c:96:c6:c0:eb:77:a1:42:51:f7:20:52:d0:
36:68:36:7c:8f:2c:7d:ca:4f:d0:e1:d3:49:a7:cd:2e:12:77:
45:7a:fa:ad:60:58:34:c0:1b:c6:6d:80:1a:cd:d1:d0:64:a1:
a9:23:be:35:fb:7d:9e:b1:a3:63:6d:50:e2:ad:55:f3:00:a5:
e4:3b:a8:19:d0:a5:a4:96:93:c3:f6:76:23:95:b0:52:45:e0:
0b:6f:7d:73:bc:31:0e:41:55:0d:5f:da:24:1f:0d:7f:18:1b:
69:bb:f9:65:24:2b:25:f2:31:3f:e0:98:a0:9c:7b:c7:33:b3:
b0:f4:54:42:87:76:31:41:5f:ea:a1:fb:05:c2:c5:bf:33:65:
32:62:3b:5e:f5:90:8b:29:4d:0f:a3:64:30:1e:0a:c9:3d:62:
64:56:ac:b9:6c:e7:6f:c2:2a:79:9d:2a:ab:7c:f5:84:db:37:
f2:f3:72:94:19:f3:f8:3b:7b:06:8a:cc:b4:5a:12:3c:24:1b:
3f:38:89:d2:55:13:d7:e0:be:de:e8:20:a8:bf:c6:9c:b7:4d:
37:bc:bd:1d:40:07:ff:14:c1:7b:b0:15:31:81:3a:c8:7f:29:
f1:65:b3:c6:23:49:7a:87:32:4c:7f:5f:c9:4f:03:32:06:d6:
f5:94:f8:2a
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICOrMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDYy
MDIyMzNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDkzOTUwMEQ0RjZDMzEy
MUUzNjU2NDFDOEMwNjk3M0Q0NUQzNDIxRjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC5CuWidq5C0NhIw9nksjqppETTdCOGbII5aKfOwa0lIcCmFenA
r9esekrPbe93Pl6gYPYTfGEpZf8Oy2abjblCEPvJoyfeBhlZo1JPkH8B/nHpGIzK
ZCtsaDcAiXyu19mJi5f9VlfYKqIJawPKDLonXsGANxP4oAEY6Y9KbcbT2IG6v1DD
5SpxTGO1MVh2hnP8gYMiHygZc6w2uoRoT93PUMeiQa+oA9lRKJE8Wt3akGAGuOfJ
3NcWF9JiP2kmTlwEMXOC/Lzq5RPNBABeKOVG7oVWfn2hsXHhg8ZTrCBPQRhW+7kZ
R9W8A9ltH7kt61pGUspuN1nHIqVEEZEgsOuRAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUk5UA1PbDEh42VkHIwGlz1F00IfQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2s1VUExUGJERWg0MlZr
SEl3R2x6MUYwMElmUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAFpqsa4cfJbGwOt3oUJR9yBS0DZoNnyP
LH3KT9Dh00mnzS4Sd0V6+q1gWDTAG8ZtgBrN0dBkoakjvjX7fZ6xo2NtUOKtVfMA
peQ7qBnQpaSWk8P2diOVsFJF4AtvfXO8MQ5BVQ1f2iQfDX8YG2m7+WUkKyXyMT/g
mKCce8czs7D0VEKHdjFBX+qh+wXCxb8zZTJiO171kIspTQ+jZDAeCsk9YmRWrLls
52/CKnmdKqt89YTbN/LzcpQZ8/g7ewaKzLRaEjwkGz84idJVE9fgvt7oIKi/xpy3
TTe8vR1AB/8UwXuwFTGBOsh/KfFls8YjSXqHMkx/X8lPAzIG1vWU+Co=
-----END CERTIFICATE-----
Generated at Sun Apr 7 03:14:14 2024 by rpki-client on console.sobornost.net