Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/sXio9-cvAPpb1zVWiSUNBlxTYa8.roa
File: sXio9-cvAPpb1zVWiSUNBlxTYa8.roa (raw, json)
Hash identifier: 6CSoEI4nMIEcDgIRH0rC7cDr0RSa6dTZfZbMZqoEiPI=
Subject key identifier: B1:78:A8:F7:E7:2F:00:FA:5B:D7:35:56:89:25:0D:06:5C:53:61:AF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4C87
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/sXio9-cvAPpb1zVWiSUNBlxTYa8.roa
Signing time: Tue 30 Apr 2024 14:53:38 +0000
ROA not before: Tue 30 Apr 2024 14:53:38 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19591 (0x4c87)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 30 14:53:38 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B178A8F7E72F00FA5BD7355689250D065C5361AF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:23:ab:c5:03:17:c0:8b:0b:bd:4f:61:cc:5d:
f5:58:be:d1:40:30:0e:44:49:f8:0c:bc:c7:c9:bc:
c9:f4:9f:26:16:89:19:1b:72:7c:d5:89:4f:56:3f:
2d:a8:7b:a7:f9:08:c0:ed:35:b7:1d:35:0b:d7:42:
84:b0:d3:f6:0e:1a:c8:57:cf:c9:a4:26:9f:26:fd:
92:a4:d3:63:dc:42:73:be:de:4c:f7:c3:0e:53:8c:
8d:68:36:bb:f6:f3:43:1e:3d:d5:1a:68:02:b1:75:
0f:1f:b7:b7:b8:54:e4:5c:4e:75:2a:31:80:0d:25:
54:c1:4a:78:e5:51:e7:18:3c:0f:fd:d5:21:3c:0b:
3b:14:b7:62:88:fd:87:e3:ea:7f:7d:2f:78:67:b9:
64:5e:3c:73:fe:f3:5e:28:ee:9b:a5:43:36:09:62:
71:32:2d:25:de:8a:1c:79:f8:23:72:78:58:69:a8:
84:e6:bd:ae:99:f6:a7:17:48:3d:30:a2:c1:a6:d2:
e0:16:71:e2:d3:45:c8:6a:a3:fd:bb:49:fe:a4:95:
d5:b0:e7:4f:f7:34:99:8d:89:88:cb:06:1f:ce:56:
55:de:1b:75:2a:52:bf:b1:9c:60:57:04:2d:5e:7a:
25:0c:55:3d:50:55:27:4a:80:b5:9b:e1:23:82:dd:
53:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:78:A8:F7:E7:2F:00:FA:5B:D7:35:56:89:25:0D:06:5C:53:61:AF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/sXio9-cvAPpb1zVWiSUNBlxTYa8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
6d:4f:59:e4:4c:9b:54:e6:4e:13:8c:73:9e:f8:0b:b3:24:27:
d2:12:fb:f8:da:3e:9e:41:4d:6d:f6:6a:bd:cf:8e:b0:e0:f0:
b2:de:5f:ef:42:a1:90:1b:c1:1b:cd:a6:69:0c:da:0c:a6:c8:
98:2f:55:9f:a1:12:06:c4:d3:57:78:49:55:ed:a8:3f:73:d7:
35:e5:ba:db:ab:b1:d4:b2:aa:67:d9:53:9f:b6:19:e3:6a:0d:
27:9e:a0:6c:98:96:f2:09:f6:e1:8a:ce:9f:bd:25:20:ab:40:
ac:76:60:de:0e:dd:3b:e5:b8:4f:0b:58:8f:fe:39:8f:5f:67:
f9:eb:7e:b4:2d:cf:20:07:ce:55:72:52:5e:a8:5e:fe:c9:4b:
a4:71:81:fa:b0:a0:2b:dd:db:f3:45:99:73:02:01:c7:ab:bc:
f9:8a:9e:3c:bb:21:3f:cc:f2:fa:19:7a:5c:e3:4f:c6:31:99:
c4:fb:9c:9f:cc:0a:7e:8d:ba:90:ed:15:95:3c:ab:68:53:60:
13:65:a7:16:58:2c:4b:4e:c3:0d:d3:9b:98:f4:9f:82:3a:80:
54:e9:e3:39:67:04:15:76:b7:fb:43:39:4f:8c:d3:d3:54:03:
24:1b:61:f4:18:77:39:4c:08:7e:09:f4:c4:a6:18:01:18:f9:
77:3f:3f:4b
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICTIcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MzAx
NDUzMzhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEIxNzhBOEY3RTcyRjAw
RkE1QkQ3MzU1Njg5MjUwRDA2NUM1MzYxQUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCfI6vFAxfAiwu9T2HMXfVYvtFAMA5ESfgMvMfJvMn0nyYWiRkb
cnzViU9WPy2oe6f5CMDtNbcdNQvXQoSw0/YOGshXz8mkJp8m/ZKk02PcQnO+3kz3
ww5TjI1oNrv280MePdUaaAKxdQ8ft7e4VORcTnUqMYANJVTBSnjlUecYPA/91SE8
CzsUt2KI/Yfj6n99L3hnuWRePHP+814o7pulQzYJYnEyLSXeihx5+CNyeFhpqITm
va6Z9qcXSD0wosGm0uAWceLTRchqo/27Sf6kldWw50/3NJmNiYjLBh/OVlXeG3Uq
Ur+xnGBXBC1eeiUMVT1QVSdKgLWb4SOC3VNDAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUsXio9+cvAPpb1zVWiSUNBlxTYa8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3NYaW85LWN2QVBwYjF6
VldpU1VOQmx4VFlhOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAG1PWeRMm1TmThOMc574C7MkJ9IS+/ja
Pp5BTW32ar3PjrDg8LLeX+9CoZAbwRvNpmkM2gymyJgvVZ+hEgbE01d4SVXtqD9z
1zXlutursdSyqmfZU5+2GeNqDSeeoGyYlvIJ9uGKzp+9JSCrQKx2YN4O3TvluE8L
WI/+OY9fZ/nrfrQtzyAHzlVyUl6oXv7JS6RxgfqwoCvd2/NFmXMCAcervPmKnjy7
IT/M8voZelzjT8YxmcT7nJ/MCn6NupDtFZU8q2hTYBNlpxZYLEtOww3Tm5j0n4I6
gFTp4zlnBBV2t/tDOU+M09NUAyQbYfQYdzlMCH4J9MSmGAEY+Xc/P0s=
-----END CERTIFICATE-----
Generated at Tue Apr 30 18:40:19 2024 by rpki-client on console.sobornost.net