Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/qhNFJHfZNkWWIRja9lz-NbHfm78.roa
File: qhNFJHfZNkWWIRja9lz-NbHfm78.roa (raw, json)
Hash identifier: kJUTR0J/acf38U5iIM9Lm/NuX0YIwKctCfqZY6o1Lmc=
Subject key identifier: AA:13:45:24:77:D9:36:45:96:21:18:DA:F6:5C:FE:35:B1:DF:9B:BF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3B9B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qhNFJHfZNkWWIRja9lz-NbHfm78.roa
Signing time: Mon 08 Apr 2024 01:22:33 +0000
ROA not before: Mon 08 Apr 2024 01:22:33 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15259 (0x3b9b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 8 01:22:33 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=AA13452477D93645962118DAF65CFE35B1DF9BBF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:f4:b4:0d:4b:7f:1a:17:0b:34:90:21:90:c4:
47:00:ee:f4:05:b9:25:81:20:66:f9:d0:92:11:1f:
92:7a:1f:64:d3:6e:f8:e7:74:1b:36:27:4d:ac:5b:
8d:e1:4c:b5:26:08:1f:57:37:76:c6:be:ff:11:f5:
15:c2:95:b3:64:1e:6b:5d:48:f9:a4:38:b0:4d:9f:
67:59:e3:51:16:34:9f:b4:4b:f5:68:37:fb:f8:a2:
08:cf:e4:33:b2:b3:84:59:f4:13:c8:97:e0:f7:fc:
b7:20:47:26:97:03:e1:50:62:5d:3d:ac:f1:22:d7:
75:8c:c2:2c:47:9b:75:a7:bb:25:90:9a:c2:8b:5d:
14:e9:06:de:4d:eb:eb:7f:d2:8e:49:11:87:b9:17:
24:8d:78:fe:9d:a7:7e:2a:22:2d:3a:1a:bd:c8:96:
ec:8b:90:ed:2e:2a:ad:f1:3c:de:f0:43:7c:4d:de:
b2:eb:d9:25:a2:23:dc:f7:8f:ee:f4:e4:ae:30:e0:
bb:49:c5:95:77:8b:fb:cb:ba:7d:af:96:de:81:59:
fe:99:25:8f:46:e1:83:60:f7:30:3b:2a:33:77:eb:
bc:e9:49:05:46:fb:0e:ed:f4:36:19:39:d2:4b:e2:
57:3c:45:90:75:2e:31:43:a8:c1:9c:c4:6d:39:d0:
e4:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:13:45:24:77:D9:36:45:96:21:18:DA:F6:5C:FE:35:B1:DF:9B:BF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qhNFJHfZNkWWIRja9lz-NbHfm78.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
29:cd:b5:3f:01:1c:af:12:f0:59:27:f2:6d:c9:6b:dc:ed:ac:
fd:96:26:85:b0:4d:42:d1:14:69:ca:00:f9:a6:1d:ef:33:fc:
c5:d3:4b:4c:ae:15:94:20:6c:a3:7a:18:ea:77:90:e1:88:a8:
6f:87:e7:02:61:09:3e:5d:fd:4f:e2:a4:a4:56:33:29:db:e5:
cc:e2:88:90:00:50:0f:1b:5e:26:5d:32:19:2d:f9:73:14:ef:
12:3d:64:ab:f9:d5:79:94:3a:95:91:cb:f7:11:00:27:d2:65:
8c:bd:44:27:d4:5e:f5:de:10:d2:08:28:34:2f:ce:fc:11:ab:
5b:84:0c:f2:8c:8c:8d:ff:96:59:01:d0:70:b7:97:47:21:e8:
01:1c:52:0c:c9:10:94:75:80:5c:53:5a:94:b0:a5:fc:f8:42:
c1:e5:ad:9d:5c:be:80:03:51:59:10:a5:de:85:87:7c:07:2b:
53:6c:55:00:f4:d2:be:7a:cb:2a:d3:6a:43:c8:14:75:17:0d:
78:70:01:ef:d8:f7:9c:1b:b5:5d:c2:f7:cc:5a:bb:fd:d3:47:
67:b5:ec:9c:bd:b2:d1:8e:d5:25:40:4b:a8:db:6f:c0:ea:0f:
cd:0d:52:92:fb:3b:15:03:66:00:fb:35:0b:7a:a9:45:4a:56:
95:26:22:2c
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICO5swDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDgw
MTIyMzNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFBMTM0NTI0NzdEOTM2
NDU5NjIxMThEQUY2NUNGRTM1QjFERjlCQkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC69LQNS38aFws0kCGQxEcA7vQFuSWBIGb50JIRH5J6H2TTbvjn
dBs2J02sW43hTLUmCB9XN3bGvv8R9RXClbNkHmtdSPmkOLBNn2dZ41EWNJ+0S/Vo
N/v4ogjP5DOys4RZ9BPIl+D3/LcgRyaXA+FQYl09rPEi13WMwixHm3WnuyWQmsKL
XRTpBt5N6+t/0o5JEYe5FySNeP6dp34qIi06Gr3IluyLkO0uKq3xPN7wQ3xN3rLr
2SWiI9z3j+705K4w4LtJxZV3i/vLun2vlt6BWf6ZJY9G4YNg9zA7KjN367zpSQVG
+w7t9DYZOdJL4lc8RZB1LjFDqMGcxG050OTBAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUqhNFJHfZNkWWIRja9lz+NbHfm78wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3FoTkZKSGZaTmtXV0lS
amE5bHotTmJIZm03OC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBACnNtT8BHK8S8Fkn8m3Ja9ztrP2WJoWw
TULRFGnKAPmmHe8z/MXTS0yuFZQgbKN6GOp3kOGIqG+H5wJhCT5d/U/ipKRWMynb
5cziiJAAUA8bXiZdMhkt+XMU7xI9ZKv51XmUOpWRy/cRACfSZYy9RCfUXvXeENII
KDQvzvwRq1uEDPKMjI3/llkB0HC3l0ch6AEcUgzJEJR1gFxTWpSwpfz4QsHlrZ1c
voADUVkQpd6Fh3wHK1NsVQD00r56yyrTakPIFHUXDXhwAe/Y95wbtV3C98xau/3T
R2e17Jy9stGO1SVAS6jbb8DqD80NUpL7OxUDZgD7NQt6qUVKVpUmIiw=
-----END CERTIFICATE-----
Generated at Mon Apr 8 09:30:09 2024 by rpki-client on console.sobornost.net