Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/onhL93stH24TCaU63a0UpxZG6l4.roa
File: onhL93stH24TCaU63a0UpxZG6l4.roa (raw, json)
Hash identifier: z+MJLbAh5MyI+BfFIPWsDbpMJO3K7yZKvpxgWKAhQ0o=
Subject key identifier: A2:78:4B:F7:7B:2D:1F:6E:13:09:A5:3A:DD:AD:14:A7:16:46:EA:5E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 33FB
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/onhL93stH24TCaU63a0UpxZG6l4.roa
Signing time: Thu 28 Mar 2024 21:22:07 +0000
ROA not before: Thu 28 Mar 2024 21:22:07 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13307 (0x33fb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 28 21:22:07 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A2784BF77B2D1F6E1309A53ADDAD14A71646EA5E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:eb:41:b8:29:e6:20:15:89:ae:ae:ee:9f:36:
fb:91:ac:b6:c8:9a:b5:f5:94:e4:fa:1a:63:ff:ca:
59:e0:de:4b:3b:d4:7a:a0:07:f7:2b:5b:04:26:57:
ad:93:e9:7c:46:f9:85:54:51:8a:7e:fc:66:ab:20:
bb:c1:2e:76:0f:a0:b6:fe:d4:7d:9a:b9:c7:9c:cf:
12:42:91:ae:a7:4e:33:d0:67:5e:cc:28:c0:c5:ea:
51:78:7a:76:13:47:fd:e9:a1:24:67:f3:54:6d:f1:
ce:a1:b2:cc:50:77:96:25:66:f2:75:45:1e:b6:ea:
9e:5e:cc:fd:78:69:f3:33:e8:5f:e7:a9:41:58:9d:
81:ab:6b:da:f1:38:be:8b:18:bd:7f:f8:82:e8:b2:
9c:c5:ac:db:6b:36:53:c5:66:fa:3e:b6:2f:46:22:
fd:a9:f4:b9:5f:ff:cc:03:43:05:f4:94:66:15:64:
cb:03:f8:c8:83:67:52:8b:e3:2e:b2:3f:12:2b:d9:
a6:3a:44:31:a8:c8:4d:67:24:a7:39:3f:14:e5:15:
a7:29:03:30:cf:d3:58:a5:61:91:84:2d:ed:4a:d8:
86:65:fd:9b:46:bb:ae:ee:cc:12:0b:8a:7c:52:e7:
c8:24:18:36:e5:c9:ef:f2:8d:df:e0:1e:d2:69:26:
89:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:78:4B:F7:7B:2D:1F:6E:13:09:A5:3A:DD:AD:14:A7:16:46:EA:5E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/onhL93stH24TCaU63a0UpxZG6l4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
6a:93:7b:96:21:6f:62:b9:6b:e5:73:78:f9:55:1b:d6:a4:13:
68:83:09:80:ab:a1:3e:6c:ae:fa:f3:79:6f:75:e0:90:6f:b5:
f7:de:d9:35:3d:3c:73:c4:05:a3:f6:ca:12:1c:8f:0e:a7:c5:
0f:53:26:46:55:53:c9:d2:a3:6c:56:4c:a8:9d:87:71:97:c9:
77:21:6f:3a:c4:c2:1c:44:85:6d:3c:1f:4d:7f:c6:73:81:10:
42:39:5b:d8:6b:a2:0b:3e:7a:da:2e:9f:1f:cc:3e:e6:c1:09:
8d:e7:7f:4a:5c:dd:10:07:d1:5f:d8:c8:55:fb:82:c6:0c:dc:
2e:1f:6b:44:0b:4a:29:95:8c:99:75:19:60:4e:8d:fa:70:b5:
aa:f9:37:52:55:2d:2e:0d:60:ba:be:8d:c9:1e:b9:c8:55:0a:
50:04:da:4f:44:3f:d9:a6:60:1a:2f:b5:42:05:b5:21:3a:c2:
6b:76:68:a3:fc:44:10:f7:64:01:c5:a2:7b:48:aa:27:8c:41:
52:c1:d6:20:f4:8e:8b:4b:35:13:64:13:f3:5a:56:89:32:7b:
5e:f2:19:90:88:95:ae:3c:d4:ee:2d:b8:59:61:13:a1:92:84:
81:0f:26:02:9c:aa:f1:ae:3f:f8:0c:a5:88:b5:dc:80:1d:bd:
42:36:a6:58
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICM/swDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjgy
MTIyMDdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEEyNzg0QkY3N0IyRDFG
NkUxMzA5QTUzQUREQUQxNEE3MTY0NkVBNUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDG60G4KeYgFYmuru6fNvuRrLbImrX1lOT6GmP/ylng3ks71Hqg
B/crWwQmV62T6XxG+YVUUYp+/GarILvBLnYPoLb+1H2auceczxJCka6nTjPQZ17M
KMDF6lF4enYTR/3poSRn81Rt8c6hssxQd5YlZvJ1RR626p5ezP14afMz6F/nqUFY
nYGra9rxOL6LGL1/+ILospzFrNtrNlPFZvo+ti9GIv2p9Llf/8wDQwX0lGYVZMsD
+MiDZ1KL4y6yPxIr2aY6RDGoyE1nJKc5PxTlFacpAzDP01ilYZGELe1K2IZl/ZtG
u67uzBILinxS58gkGDblye/yjd/gHtJpJomDAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUonhL93stH24TCaU63a0UpxZG6l4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L29uaEw5M3N0SDI0VENh
VTYzYTBVcHhaRzZsNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAGqTe5Yhb2K5a+VzePlVG9akE2iDCYCr
oT5srvrzeW914JBvtffe2TU9PHPEBaP2yhIcjw6nxQ9TJkZVU8nSo2xWTKidh3GX
yXchbzrEwhxEhW08H01/xnOBEEI5W9hrogs+etounx/MPubBCY3nf0pc3RAH0V/Y
yFX7gsYM3C4fa0QLSimVjJl1GWBOjfpwtar5N1JVLS4NYLq+jckeuchVClAE2k9E
P9mmYBovtUIFtSE6wmt2aKP8RBD3ZAHFontIqieMQVLB1iD0jotLNRNkE/NaVoky
e17yGZCIla481O4tuFlhE6GShIEPJgKcqvGuP/gMpYi13IAdvUI2plg=
-----END CERTIFICATE-----
Generated at Fri Mar 29 05:42:23 2024 by rpki-client on console.sobornost.net