Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/oq-YTc5RKHdNsVCPgIHsEI7s008.roa
File: oq-YTc5RKHdNsVCPgIHsEI7s008.roa (raw, json)
Hash identifier: H7nlkSXXOYWZym88uU84VmSgmLyNnVbG1upOuz1jrfY=
Subject key identifier: A2:AF:98:4D:CE:51:28:77:4D:B1:50:8F:80:81:EC:10:8E:EC:D3:4F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4EB7
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/oq-YTc5RKHdNsVCPgIHsEI7s008.roa
Signing time: Fri 03 May 2024 12:53:56 +0000
ROA not before: Fri 03 May 2024 12:53:56 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20151 (0x4eb7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 3 12:53:56 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A2AF984DCE5128774DB1508F8081EC108EECD34F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:2b:e3:87:0c:06:5d:87:c9:77:ec:3e:0e:d1:
ee:c3:39:06:aa:f6:7a:69:70:1c:63:b8:27:76:99:
be:a7:8d:41:57:71:e8:48:74:a7:0b:3b:da:27:05:
f2:1c:4a:f9:08:ef:85:8e:cf:d3:2d:92:49:db:c8:
5e:70:2f:05:9a:a5:9b:26:9a:53:d1:33:f8:b2:16:
9f:94:90:f0:f7:b6:9a:c2:dc:e8:33:0d:41:74:c7:
cf:e4:ca:f4:c8:0f:50:4e:66:f8:27:61:f4:68:02:
0b:a2:98:b8:b3:8a:42:7a:79:04:4f:fc:91:79:95:
ef:db:38:84:0b:3a:bd:fc:80:35:e2:48:f8:ea:e3:
5b:04:26:60:44:73:1d:44:92:ef:d2:50:88:cc:04:
4d:87:17:f8:b3:7e:dd:69:d7:78:50:1d:df:eb:63:
fb:2d:ef:4a:26:d4:0c:a5:ec:c8:9d:20:65:5b:45:
bb:64:4a:36:7a:3b:06:d8:f4:50:0a:3c:39:97:16:
59:9b:50:8d:ab:a8:24:02:33:8a:fa:50:f1:3e:fc:
24:62:0f:3b:cc:8d:2d:f7:e5:8d:47:91:53:eb:fd:
75:3b:ce:ab:0f:ad:e0:35:4e:74:a3:9a:93:a3:9b:
eb:8e:a9:8b:fa:52:13:44:80:30:33:eb:9f:6a:d8:
5f:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:AF:98:4D:CE:51:28:77:4D:B1:50:8F:80:81:EC:10:8E:EC:D3:4F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/oq-YTc5RKHdNsVCPgIHsEI7s008.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
77:f3:9d:f4:21:32:13:f7:69:3e:7d:f8:c1:7e:12:02:7c:3f:
ed:8c:ac:05:5d:98:62:47:0c:e0:2c:c0:e6:59:6c:74:a0:87:
5b:5b:51:5d:9e:c8:9a:3d:71:61:5d:79:34:34:57:74:d4:c4:
73:cf:0f:52:29:87:4c:96:62:d8:04:51:3e:97:69:50:1b:02:
8b:ac:8b:80:3b:6a:c1:c3:82:85:40:82:a0:30:96:c5:e1:cb:
08:54:a4:90:24:1f:43:61:0c:20:79:e9:d5:7c:fe:3e:d4:b6:
cf:b5:e7:d7:06:33:3e:13:d3:7b:81:99:8c:b1:27:7f:f2:66:
14:15:88:90:d8:4a:98:80:17:25:ae:41:c3:95:87:e3:4d:95:
22:b8:58:ee:39:14:37:57:c6:3d:e9:2e:ad:84:e4:08:44:c0:
fc:a2:db:5a:15:99:09:21:dc:a3:70:1d:58:41:3b:93:4b:a1:
f9:64:36:fe:95:8a:eb:58:30:5f:64:58:3a:01:99:6e:6a:c6:
c5:ef:e2:cc:19:a5:ba:e6:15:c6:79:a6:ce:59:53:ac:c6:cc:
2a:e6:45:c4:4c:8c:ab:05:f4:ed:42:27:59:de:ee:bb:68:22:
dd:26:f5:72:61:72:01:b7:a6:84:d9:f9:fb:af:87:9e:d5:ff:
12:f9:92:df
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICTrcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDMx
MjUzNTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEEyQUY5ODREQ0U1MTI4
Nzc0REIxNTA4RjgwODFFQzEwOEVFQ0QzNEYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDtK+OHDAZdh8l37D4O0e7DOQaq9nppcBxjuCd2mb6njUFXcehI
dKcLO9onBfIcSvkI74WOz9MtkknbyF5wLwWapZsmmlPRM/iyFp+UkPD3tprC3Ogz
DUF0x8/kyvTID1BOZvgnYfRoAguimLizikJ6eQRP/JF5le/bOIQLOr38gDXiSPjq
41sEJmBEcx1Eku/SUIjMBE2HF/izft1p13hQHd/rY/st70om1Ayl7MidIGVbRbtk
SjZ6OwbY9FAKPDmXFlmbUI2rqCQCM4r6UPE+/CRiDzvMjS335Y1HkVPr/XU7zqsP
reA1TnSjmpOjm+uOqYv6UhNEgDAz659q2F+XAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUoq+YTc5RKHdNsVCPgIHsEI7s008wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L29xLVlUYzVSS0hkTnNW
Q1BnSUhzRUk3czAwOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAHfznfQhMhP3aT59+MF+EgJ8P+2MrAVd
mGJHDOAswOZZbHSgh1tbUV2eyJo9cWFdeTQ0V3TUxHPPD1Iph0yWYtgEUT6XaVAb
Aousi4A7asHDgoVAgqAwlsXhywhUpJAkH0NhDCB56dV8/j7Uts+159cGMz4T03uB
mYyxJ3/yZhQViJDYSpiAFyWuQcOVh+NNlSK4WO45FDdXxj3pLq2E5AhEwPyi21oV
mQkh3KNwHVhBO5NLoflkNv6ViutYMF9kWDoBmW5qxsXv4swZpbrmFcZ5ps5ZU6zG
zCrmRcRMjKsF9O1CJ1ne7rtoIt0m9XJhcgG3poTZ+fuvh57V/xL5kt8=
-----END CERTIFICATE-----
Generated at Fri May 3 17:05:21 2024 by rpki-client on console.sobornost.net