Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/mKfaMwAyQWcD0fG8BsJ-Icv7q9k.roa
File: mKfaMwAyQWcD0fG8BsJ-Icv7q9k.roa (raw, json)
Hash identifier: 1VUyXKXyhZxAmL7XwiITMCQFcKSobvdA+ij8o25Al9E=
Subject key identifier: 98:A7:DA:33:00:32:41:67:03:D1:F1:BC:06:C2:7E:21:CB:FB:AB:D9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 43A7
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/mKfaMwAyQWcD0fG8BsJ-Icv7q9k.roa
Signing time: Thu 18 Apr 2024 18:53:01 +0000
ROA not before: Thu 18 Apr 2024 18:53:01 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17319 (0x43a7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 18 18:53:01 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=98A7DA330032416703D1F1BC06C27E21CBFBABD9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:1d:3d:88:41:90:3b:d7:88:00:41:9d:0c:7b:
6f:d8:52:09:50:e1:cc:1d:79:66:72:23:da:30:e5:
b0:9f:a2:14:92:4e:aa:8c:07:f0:8d:26:88:12:d7:
e0:e4:40:b0:46:93:8e:a7:8e:a8:d4:72:65:eb:43:
f0:66:18:b5:4d:62:97:fd:f2:13:cd:16:8f:f5:80:
74:d5:5c:18:b3:f9:5f:c3:17:dd:a1:44:eb:98:5a:
dd:e5:fa:9d:87:9d:8f:52:63:03:a8:b8:a7:57:94:
5b:78:0e:66:ad:61:cf:64:40:7b:6e:b8:aa:c7:2b:
dd:d8:d4:0a:23:83:8f:8d:5c:8a:12:cb:c9:bd:7e:
48:bc:82:b7:b3:0f:de:4f:28:c8:56:28:2a:e4:35:
31:22:2e:40:1a:0f:59:94:ca:a7:26:02:17:0e:a0:
0b:7b:a3:38:ec:f7:bc:c7:74:ac:f2:fc:00:97:f3:
38:4f:61:d3:fe:30:30:cf:1d:31:6e:bb:a7:ca:b8:
a0:bb:a6:aa:41:d9:e0:b8:d4:87:b0:96:ef:67:b2:
8e:2e:fd:92:30:6e:c3:a5:c8:7c:1f:11:3b:65:89:
dd:44:ff:9e:36:bc:1d:59:ab:a5:34:11:27:0b:41:
46:68:20:f2:85:5a:46:dd:2e:7c:71:a4:51:8d:47:
e1:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:A7:DA:33:00:32:41:67:03:D1:F1:BC:06:C2:7E:21:CB:FB:AB:D9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/mKfaMwAyQWcD0fG8BsJ-Icv7q9k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
75:aa:08:5d:27:21:c1:13:bf:36:4b:dd:95:65:d2:b2:52:75:
dc:ef:d2:41:cd:5b:62:ef:f9:64:e4:2f:73:a1:7f:ae:85:88:
40:37:5c:d4:a9:86:0a:14:a3:5e:7e:50:99:3a:5b:5e:16:9a:
27:ee:e9:05:e9:35:f6:27:9a:8d:d6:52:a1:72:51:9f:90:5c:
b3:af:3e:21:71:f6:f4:74:0b:49:e1:f5:fa:49:41:27:5a:73:
8a:5b:7a:07:e4:ae:27:28:14:cd:78:66:f6:78:75:2d:1e:38:
69:93:ce:58:29:9f:07:d3:dd:15:6e:47:c7:e0:1e:bb:18:49:
f6:1f:aa:f0:6f:cc:39:fb:d4:76:56:7c:fe:a0:8a:6d:b7:6e:
e1:06:e5:f1:6d:3e:0f:ab:1d:94:69:4c:b7:86:6a:27:84:8d:
10:36:5b:88:ab:1a:9d:f6:99:56:a6:39:6c:7d:77:3e:fa:11:
78:b5:22:c8:54:71:c0:bf:56:71:f0:87:74:6d:9f:8b:2e:18:
67:bc:18:64:ee:52:92:e5:62:d4:05:a1:d7:bc:9d:5f:22:3d:
e3:9c:14:7e:9b:b8:26:c0:38:27:fb:d7:68:b4:ba:d2:e2:15:
7d:99:24:24:0f:2e:91:c8:71:2b:d1:3d:e8:b5:7e:d4:8d:7c:
12:84:a5:81
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQ6cwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTgx
ODUzMDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDk4QTdEQTMzMDAzMjQx
NjcwM0QxRjFCQzA2QzI3RTIxQ0JGQkFCRDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC8HT2IQZA714gAQZ0Me2/YUglQ4cwdeWZyI9ow5bCfohSSTqqM
B/CNJogS1+DkQLBGk46njqjUcmXrQ/BmGLVNYpf98hPNFo/1gHTVXBiz+V/DF92h
ROuYWt3l+p2HnY9SYwOouKdXlFt4DmatYc9kQHtuuKrHK93Y1Aojg4+NXIoSy8m9
fki8grezD95PKMhWKCrkNTEiLkAaD1mUyqcmAhcOoAt7ozjs97zHdKzy/ACX8zhP
YdP+MDDPHTFuu6fKuKC7pqpB2eC41Iewlu9nso4u/ZIwbsOlyHwfETtlid1E/542
vB1Zq6U0EScLQUZoIPKFWkbdLnxxpFGNR+HvAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUmKfaMwAyQWcD0fG8BsJ+Icv7q9kwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L21LZmFNd0F5UVdjRDBm
RzhCc0otSWN2N3E5ay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAHWqCF0nIcETvzZL3ZVl0rJSddzv0kHN
W2Lv+WTkL3Ohf66FiEA3XNSphgoUo15+UJk6W14Wmifu6QXpNfYnmo3WUqFyUZ+Q
XLOvPiFx9vR0C0nh9fpJQSdac4pbegfkricoFM14ZvZ4dS0eOGmTzlgpnwfT3RVu
R8fgHrsYSfYfqvBvzDn71HZWfP6gim23buEG5fFtPg+rHZRpTLeGaieEjRA2W4ir
Gp32mVamOWx9dz76EXi1IshUccC/VnHwh3Rtn4suGGe8GGTuUpLlYtQFode8nV8i
PeOcFH6buCbAOCf712i0utLiFX2ZJCQPLpHIcSvRPei1ftSNfBKEpYE=
-----END CERTIFICATE-----
Generated at Fri Apr 19 08:12:41 2024 by rpki-client on console.sobornost.net