Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/qsWC3menTPoqY4rr3TnmpgfA5Bo.roa
File: qsWC3menTPoqY4rr3TnmpgfA5Bo.roa (raw, json)
Hash identifier: zndLvb1Fcku7PlY8iJ0wrAIzq9SrtCmjFTsPnLAeUDE=
Subject key identifier: AA:C5:82:DE:67:A7:4C:FA:2A:63:8A:EB:DD:39:E6:A6:07:C0:E4:1A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 406B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qsWC3menTPoqY4rr3TnmpgfA5Bo.roa
Signing time: Sun 14 Apr 2024 11:22:52 +0000
ROA not before: Sun 14 Apr 2024 11:22:52 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16491 (0x406b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 14 11:22:52 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=AAC582DE67A74CFA2A638AEBDD39E6A607C0E41A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:14:3b:8e:0d:d7:aa:19:ac:52:7c:5a:d2:65:
dc:54:29:af:f4:9d:64:ba:09:47:00:86:46:7e:d5:
c0:77:5c:6b:12:47:d3:aa:87:ec:03:15:fd:b2:2e:
8d:5d:d3:a9:82:a7:65:0c:33:20:6c:4c:a1:56:79:
f1:a5:14:78:57:12:e3:80:11:cb:a4:8b:9f:0a:5e:
28:34:45:c6:bb:7a:28:e1:3d:5f:ea:56:f8:68:36:
ad:55:f0:9c:bd:a8:df:b5:dd:b0:ec:3e:76:86:07:
68:7d:de:88:21:15:b1:46:f5:5a:ad:59:a6:18:f0:
37:88:a3:da:cb:bc:30:37:ff:47:30:73:9e:85:b2:
7e:19:dd:99:39:3e:9c:81:49:33:41:1d:6f:be:c7:
e3:18:eb:86:b9:29:02:27:bc:63:f6:28:28:9e:6e:
6f:10:27:a8:42:9a:fb:42:97:5d:b0:73:d0:1b:7b:
cc:8e:1a:12:13:d0:9b:54:8f:ce:96:6b:4b:22:dd:
bd:9a:8a:d4:e4:d4:d2:52:12:1e:ca:70:fb:23:d2:
1e:3e:e8:fa:7e:cc:f1:c0:b9:6b:fb:7d:c9:03:87:
2b:44:0c:05:90:e3:77:98:fa:08:e8:ce:34:ff:bb:
b8:96:e9:98:46:77:78:b5:4c:5a:2f:63:cd:70:2c:
e3:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:C5:82:DE:67:A7:4C:FA:2A:63:8A:EB:DD:39:E6:A6:07:C0:E4:1A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qsWC3menTPoqY4rr3TnmpgfA5Bo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
35:a0:c0:81:ca:66:0b:b3:b1:15:2b:e7:37:f3:0b:6d:9c:71:
cd:d9:3c:7c:40:97:b6:50:4b:f1:fb:cc:e9:39:ce:c6:17:ad:
d9:f0:e9:b0:00:f7:dc:3f:9a:9d:64:af:e6:8e:47:00:06:07:
74:ee:d7:9b:9a:bf:47:ca:e1:4d:d4:d6:1f:93:dd:7e:77:a0:
5f:fc:9a:3b:aa:ee:98:4c:da:20:78:05:8f:2c:ee:1a:a9:93:
d8:b0:aa:fe:c0:20:7c:96:a9:44:75:20:b4:44:11:54:35:8e:
45:4e:5b:88:ad:e1:d9:70:17:7b:13:e9:e9:17:0f:1e:f6:b9:
bc:e8:2a:4b:49:ba:d9:80:e9:57:8b:a8:2b:72:f9:d2:b0:06:
4b:73:8b:3d:fd:07:80:64:0a:41:22:05:47:80:63:64:e7:7b:
ce:b9:43:36:16:31:ad:9e:7e:c6:a7:06:1e:a1:e6:d3:82:02:
14:9c:49:b4:e2:eb:31:08:19:43:3a:da:91:11:b4:c5:a6:67:
90:1f:3c:35:cd:6b:ca:f0:4b:15:01:81:d8:c7:b4:89:c7:ba:
b7:61:93:3b:a6:b6:f0:8a:9d:fd:1f:5e:83:98:87:44:af:a6:
da:49:89:15:34:59:cb:0f:93:e7:6c:cd:45:30:f1:69:93:32:
8c:77:28:8b
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQGswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTQx
MTIyNTJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFBQzU4MkRFNjdBNzRD
RkEyQTYzOEFFQkREMzlFNkE2MDdDMEU0MUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDqFDuODdeqGaxSfFrSZdxUKa/0nWS6CUcAhkZ+1cB3XGsSR9Oq
h+wDFf2yLo1d06mCp2UMMyBsTKFWefGlFHhXEuOAEcuki58KXig0Rca7eijhPV/q
VvhoNq1V8Jy9qN+13bDsPnaGB2h93oghFbFG9VqtWaYY8DeIo9rLvDA3/0cwc56F
sn4Z3Zk5PpyBSTNBHW++x+MY64a5KQInvGP2KCiebm8QJ6hCmvtCl12wc9Abe8yO
GhIT0JtUj86Wa0si3b2aitTk1NJSEh7KcPsj0h4+6Pp+zPHAuWv7fckDhytEDAWQ
43eY+gjozjT/u7iW6ZhGd3i1TFovY81wLOOFAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUqsWC3menTPoqY4rr3TnmpgfA5BowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3FzV0MzbWVuVFBvcVk0
cnIzVG5tcGdmQTVCby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBADWgwIHKZguzsRUr5zfzC22ccc3ZPHxA
l7ZQS/H7zOk5zsYXrdnw6bAA99w/mp1kr+aORwAGB3Tu15uav0fK4U3U1h+T3X53
oF/8mjuq7phM2iB4BY8s7hqpk9iwqv7AIHyWqUR1ILREEVQ1jkVOW4it4dlwF3sT
6ekXDx72ubzoKktJutmA6VeLqCty+dKwBktziz39B4BkCkEiBUeAY2Tne865QzYW
Ma2efsanBh6h5tOCAhScSbTi6zEIGUM62pERtMWmZ5AfPDXNa8rwSxUBgdjHtInH
urdhkzumtvCKnf0fXoOYh0SvptpJiRU0WcsPk+dszUUw8WmTMox3KIs=
-----END CERTIFICATE-----
Generated at Sun Apr 14 16:37:35 2024 by rpki-client on console.sobornost.net