Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/mfotBd2t08_DwkAcjnYpnS6Zx9Y.roa
File: mfotBd2t08_DwkAcjnYpnS6Zx9Y.roa (raw, json)
Hash identifier: muhmEBDUhg9mt02AOOPRzD+ItYBgSbSLvLFlfzU8upk=
Subject key identifier: 99:FA:2D:05:DD:AD:D3:CF:C3:C2:40:1C:8E:76:29:9D:2E:99:C7:D6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4177
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/mfotBd2t08_DwkAcjnYpnS6Zx9Y.roa
Signing time: Mon 15 Apr 2024 20:52:56 +0000
ROA not before: Mon 15 Apr 2024 20:52:56 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16759 (0x4177)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 20:52:56 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=99FA2D05DDADD3CFC3C2401C8E76299D2E99C7D6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:70:01:09:c4:18:b8:db:b1:70:0a:ba:b7:be:
7b:48:ea:c5:10:d7:1d:18:ec:a1:57:a9:2b:db:03:
4a:6f:44:c8:9b:21:28:54:55:e8:af:22:f3:46:a2:
1c:67:f1:33:14:ef:bb:0f:c8:15:2b:c2:85:d5:c8:
43:7b:18:c6:b8:73:1b:27:66:75:49:20:1b:07:21:
2d:a4:0b:e9:e3:54:4f:de:cb:26:e9:a2:1a:9d:5c:
b4:8e:82:e7:c0:58:64:44:78:39:63:31:cb:cd:38:
19:18:49:5c:dc:50:81:5c:ad:a9:55:38:12:74:91:
72:ff:f6:ca:cb:4e:27:52:a1:e2:b8:85:fe:8c:94:
2b:2f:d2:84:1c:bf:4d:77:45:9f:22:2b:2f:44:1c:
92:e5:39:be:78:83:5f:c7:de:aa:95:7e:df:11:ff:
7b:0b:df:63:1d:cc:e0:60:e6:30:cf:10:66:a1:11:
76:55:61:b8:2a:3f:77:23:a3:96:6e:58:6c:5d:a1:
c0:eb:96:a0:9d:73:b3:ea:83:25:14:f0:cc:b8:11:
c9:a3:5a:93:e5:ca:de:cb:9f:0a:b8:72:45:dc:88:
e1:c5:e2:18:a9:03:62:53:f8:31:7b:51:bd:5d:00:
3a:9b:fe:be:77:e1:03:4d:d9:b8:09:46:1b:28:e4:
70:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:FA:2D:05:DD:AD:D3:CF:C3:C2:40:1C:8E:76:29:9D:2E:99:C7:D6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/mfotBd2t08_DwkAcjnYpnS6Zx9Y.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
13:a3:0a:ea:0e:57:a1:5b:36:9d:54:c6:92:27:8a:cd:eb:cd:
30:bf:ef:6e:ad:79:ec:1c:61:0e:1e:4f:b1:99:b6:df:0e:52:
d5:4e:54:10:fc:d3:e5:16:70:a7:87:69:c0:d4:73:86:9f:e7:
e0:ec:22:75:11:52:03:ef:77:28:0a:9b:7e:e6:8b:f9:e5:29:
50:f6:bf:81:0c:bb:f9:f2:9c:29:fc:4f:b0:ab:c3:09:f5:7a:
ec:cd:27:6c:97:a5:93:37:23:08:ce:fb:8d:da:c8:25:d4:73:
7f:ea:dd:2f:d6:95:95:ee:7c:8c:6b:32:af:6b:40:2c:3a:f7:
9e:fa:3e:58:72:cc:72:80:dc:4c:7e:71:47:bc:00:13:85:c4:
6a:00:37:20:8e:84:79:d5:75:c7:d3:d3:08:c7:61:f6:ac:22:
e2:34:ae:e6:8a:4b:0e:8e:9d:a4:3d:b1:8a:ac:b8:60:0d:9d:
ea:44:44:55:50:6e:8b:48:93:7f:4b:34:74:38:14:a7:93:f9:
d2:6c:99:16:97:c1:4c:c6:6c:c7:3e:7b:cf:27:af:ea:99:60:
24:db:8b:c4:c1:20:cb:f2:19:86:60:bd:a6:94:6d:7c:8a:f9:
58:ed:4d:e6:5b:6c:b5:40:6a:aa:f0:eb:4f:dd:75:bb:de:fc:
48:20:da:99
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQXcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUy
MDUyNTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDk5RkEyRDA1RERBREQz
Q0ZDM0MyNDAxQzhFNzYyOTlEMkU5OUM3RDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC8cAEJxBi427FwCrq3vntI6sUQ1x0Y7KFXqSvbA0pvRMibIShU
VeivIvNGohxn8TMU77sPyBUrwoXVyEN7GMa4cxsnZnVJIBsHIS2kC+njVE/eyybp
ohqdXLSOgufAWGREeDljMcvNOBkYSVzcUIFcralVOBJ0kXL/9srLTidSoeK4hf6M
lCsv0oQcv013RZ8iKy9EHJLlOb54g1/H3qqVft8R/3sL32MdzOBg5jDPEGahEXZV
YbgqP3cjo5ZuWGxdocDrlqCdc7PqgyUU8My4EcmjWpPlyt7Lnwq4ckXciOHF4hip
A2JT+DF7Ub1dADqb/r534QNN2bgJRhso5HDFAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUmfotBd2t08/DwkAcjnYpnS6Zx9YwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L21mb3RCZDJ0MDhfRHdr
QWNqbllwblM2Wng5WS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBABOjCuoOV6FbNp1UxpInis3rzTC/726t
eewcYQ4eT7GZtt8OUtVOVBD80+UWcKeHacDUc4af5+DsInURUgPvdygKm37mi/nl
KVD2v4EMu/nynCn8T7Crwwn1euzNJ2yXpZM3IwjO+43ayCXUc3/q3S/WlZXufIxr
Mq9rQCw69576PlhyzHKA3Ex+cUe8ABOFxGoANyCOhHnVdcfT0wjHYfasIuI0ruaK
Sw6OnaQ9sYqsuGANnepERFVQbotIk39LNHQ4FKeT+dJsmRaXwUzGbMc+e88nr+qZ
YCTbi8TBIMvyGYZgvaaUbXyK+VjtTeZbbLVAaqrw60/ddbve/Egg2pk=
-----END CERTIFICATE-----
Generated at Tue Apr 16 09:59:22 2024 by rpki-client on console.sobornost.net