Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/rQ3kImqB16oDv4FxRTVUSzUiCCg.roa
File: rQ3kImqB16oDv4FxRTVUSzUiCCg.roa (raw, json)
Hash identifier: ZIicrnuDj/N2KNTcHFEZC1QMnA/UYiCZ3gNQfcrwFk8=
Subject key identifier: AD:0D:E4:22:6A:81:D7:AA:03:BF:81:71:45:35:54:4B:35:22:08:28
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 540B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rQ3kImqB16oDv4FxRTVUSzUiCCg.roa
Signing time: Fri 10 May 2024 15:24:02 +0000
ROA not before: Fri 10 May 2024 15:24:02 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21515 (0x540b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 10 15:24:02 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=AD0DE4226A81D7AA03BF81714535544B35220828
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:c7:19:93:3c:50:1b:a0:4a:1e:74:7d:14:fc:
92:37:25:64:6e:d2:91:62:1e:21:91:0e:fa:b0:ca:
b9:1b:7a:f2:ec:53:3a:4a:d2:a1:2d:e3:a1:49:f0:
15:ed:d6:6c:5d:82:1e:cc:8f:75:cc:61:e4:45:06:
c5:67:ab:f5:73:46:5c:ec:bb:c8:74:93:fe:60:c8:
55:7a:bb:e0:09:97:94:1b:6f:8e:95:23:81:95:0e:
16:ee:d5:58:e6:1a:bf:8d:70:a4:8e:01:09:55:dd:
56:22:7f:1c:d5:fb:42:3c:da:72:71:ed:61:fa:50:
13:11:5e:f4:b6:31:e2:d9:b4:53:a2:9d:7c:e9:33:
6b:39:e7:37:94:ee:21:6e:0f:77:91:1c:08:b6:0e:
5b:71:cc:0d:0b:26:bd:a5:07:13:c8:74:8b:72:74:
bf:67:b9:79:0b:ad:ae:bb:2e:1f:d7:45:3b:92:69:
7c:58:6d:c0:fc:66:63:9e:ad:da:40:ba:51:3f:87:
91:df:63:f8:d3:ec:d8:cc:27:39:7a:69:5a:4c:45:
50:b9:d1:22:e6:ea:59:c2:70:40:bd:c4:61:d4:90:
98:8d:a3:85:d8:65:e5:98:4b:3d:8d:56:41:1e:5d:
3a:4e:db:79:d1:bf:e4:d7:1b:e1:da:fa:ba:68:db:
3f:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:0D:E4:22:6A:81:D7:AA:03:BF:81:71:45:35:54:4B:35:22:08:28
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rQ3kImqB16oDv4FxRTVUSzUiCCg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
a1:6c:67:81:bb:f0:d1:e6:df:56:49:bf:03:cc:12:70:76:6f:
2d:2b:4a:05:a0:11:0f:e0:a1:12:e7:0f:25:fe:85:84:33:b3:
43:d1:a7:b1:31:0c:de:fd:c3:46:55:96:f7:63:d8:02:96:b8:
7e:a1:f3:cb:72:a1:80:fa:fc:c7:52:53:7b:a3:93:4b:15:79:
15:57:37:6c:b3:4d:e6:97:e4:a0:d7:aa:75:ec:04:cf:41:8d:
8f:14:72:48:09:6a:27:fc:de:56:43:3f:eb:0a:79:5f:68:a1:
2f:ab:09:8c:bf:81:50:03:5a:f3:8b:ec:3e:89:9c:7e:7d:c9:
8a:84:cc:cc:b8:41:b8:cc:68:ae:07:bd:cd:4b:85:0f:65:0a:
9c:8e:a5:e2:c9:8a:d9:83:b0:9a:17:ed:a3:50:bc:5e:df:86:
06:55:7f:22:20:4b:b1:d9:c8:75:7c:c7:c7:83:b1:3f:75:40:
a4:10:b7:64:5f:16:0a:41:22:41:1e:36:b7:3c:f7:65:c6:f2:
c4:64:d5:40:76:6c:db:8a:ae:95:c1:17:b3:a7:40:72:67:33:
02:3e:b9:b2:60:43:f7:c5:b2:f8:ec:4a:ed:53:7e:64:45:dd:
f8:a2:20:b8:63:84:d1:fe:91:2d:83:06:cb:dd:3a:79:12:56:
53:06:66:e2
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICVAswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTAx
NTI0MDJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFEMERFNDIyNkE4MUQ3
QUEwM0JGODE3MTQ1MzU1NDRCMzUyMjA4MjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC0xxmTPFAboEoedH0U/JI3JWRu0pFiHiGRDvqwyrkbevLsUzpK
0qEt46FJ8BXt1mxdgh7Mj3XMYeRFBsVnq/VzRlzsu8h0k/5gyFV6u+AJl5Qbb46V
I4GVDhbu1VjmGr+NcKSOAQlV3VYifxzV+0I82nJx7WH6UBMRXvS2MeLZtFOinXzp
M2s55zeU7iFuD3eRHAi2DltxzA0LJr2lBxPIdItydL9nuXkLra67Lh/XRTuSaXxY
bcD8ZmOerdpAulE/h5HfY/jT7NjMJzl6aVpMRVC50SLm6lnCcEC9xGHUkJiNo4XY
ZeWYSz2NVkEeXTpO23nRv+TXG+Ha+rpo2z+rAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUrQ3kImqB16oDv4FxRTVUSzUiCCgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3JRM2tJbXFCMTZvRHY0
RnhSVFZVU3pVaUNDZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAKFsZ4G78NHm31ZJvwPMEnB2by0rSgWg
EQ/goRLnDyX+hYQzs0PRp7ExDN79w0ZVlvdj2AKWuH6h88tyoYD6/MdSU3ujk0sV
eRVXN2yzTeaX5KDXqnXsBM9BjY8UckgJaif83lZDP+sKeV9ooS+rCYy/gVADWvOL
7D6JnH59yYqEzMy4QbjMaK4Hvc1LhQ9lCpyOpeLJitmDsJoX7aNQvF7fhgZVfyIg
S7HZyHV8x8eDsT91QKQQt2RfFgpBIkEeNrc892XG8sRk1UB2bNuKrpXBF7OnQHJn
MwI+ubJgQ/fFsvjsSu1TfmRF3fiiILhjhNH+kS2DBsvdOnkSVlMGZuI=
-----END CERTIFICATE-----
Generated at Fri May 10 18:53:01 2024 by rpki-client on console.sobornost.net