Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/tn5DBNhSf3OiPr-j3yMLdLDtGws.roa
File: tn5DBNhSf3OiPr-j3yMLdLDtGws.roa (raw, json)
Hash identifier: Kim1PisLAi4/uUOYJxTZ+yqMj0ShdpYDXnqLee5WTOM=
Subject key identifier: B6:7E:43:04:D8:52:7F:73:A2:3E:BF:A3:DF:23:0B:74:B0:ED:1B:0B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3FBF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tn5DBNhSf3OiPr-j3yMLdLDtGws.roa
Signing time: Sat 13 Apr 2024 13:52:53 +0000
ROA not before: Sat 13 Apr 2024 13:52:53 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16319 (0x3fbf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 13 13:52:53 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B67E4304D8527F73A23EBFA3DF230B74B0ED1B0B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:29:53:2b:2e:8e:e9:c6:f9:0f:fc:20:c3:37:
79:8a:93:5c:d9:9d:ae:64:31:80:b9:ed:fe:f1:37:
90:8b:62:fd:93:87:fd:da:56:fb:0b:b5:bd:b9:4d:
eb:ea:72:bf:1a:f1:4b:9e:10:9c:7b:46:4f:bd:e9:
c7:d0:e0:e3:1a:4c:fe:f5:4d:a5:8f:a7:a4:75:b0:
0a:e6:93:c1:fb:ea:3a:37:4a:a2:73:14:3a:51:46:
92:62:5e:fa:82:90:1b:f9:74:f5:15:b9:5a:3b:aa:
1a:e6:28:c3:e8:47:d8:d7:e7:15:45:a7:e6:38:f0:
63:fb:a0:27:fc:33:33:7a:18:8b:18:4c:78:e9:a1:
6d:90:75:9c:d5:d0:93:62:42:2e:9d:13:b3:73:25:
99:b5:0a:dc:29:f8:97:4f:53:d9:8b:b6:f3:15:b7:
4c:e3:56:d0:56:04:f6:06:54:77:53:e5:22:de:72:
bf:ca:63:d8:7f:ec:b2:9f:8c:c6:f0:0a:dd:99:31:
47:b2:61:34:c4:0c:4f:53:99:dd:c7:4c:de:fd:d0:
2b:67:9f:c7:3b:fa:6e:f5:81:04:d8:9f:a1:d2:4b:
30:59:19:04:36:0e:28:d7:d4:ac:71:f2:c1:a9:34:
e7:ce:72:6c:97:bf:16:aa:bb:fc:a4:64:9c:f2:93:
60:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:7E:43:04:D8:52:7F:73:A2:3E:BF:A3:DF:23:0B:74:B0:ED:1B:0B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tn5DBNhSf3OiPr-j3yMLdLDtGws.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
7a:34:71:db:c5:69:1e:af:41:5e:92:75:17:bc:46:25:0c:36:
4a:2b:fa:69:e9:4f:35:a7:cd:35:a8:d1:d6:49:28:d7:d4:e9:
87:18:47:f9:f5:ad:8d:6c:c9:d6:63:da:41:41:09:71:b9:58:
e3:20:76:30:eb:40:f7:9d:06:a3:b3:e6:9d:ec:a2:92:71:4c:
c9:88:c7:4e:e0:7a:75:3e:56:dc:4d:f0:0c:21:fd:7f:e4:74:
be:fb:da:99:34:9e:f8:3d:05:d1:61:76:94:5e:27:8a:63:d7:
4a:38:d9:41:bc:bf:e2:e6:3d:9c:a4:d8:ef:55:24:1e:f1:9b:
63:7d:23:23:d6:da:a9:86:40:11:df:b2:3a:a9:3f:ce:d8:ca:
d4:92:55:a8:72:de:61:5c:20:a9:10:19:2b:f5:35:c7:aa:dc:
93:c4:98:fb:9a:90:c0:dd:42:5e:a6:9c:a1:58:1b:ef:d7:70:
ea:36:3d:a1:e8:c9:2a:d4:f8:6a:1a:a5:6a:ea:4d:45:cd:f6:
49:f1:6d:d0:98:9e:69:ba:aa:30:29:20:63:4a:0e:37:8c:70:
fa:a2:b9:b1:b3:6d:82:4f:fa:e0:ca:86:79:5b:86:61:7a:70:
54:2c:c7:3d:9c:a6:fa:33:9b:eb:ff:67:46:f9:aa:8c:ef:13:
ce:8c:14:3d
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICP78wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTMx
MzUyNTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEI2N0U0MzA0RDg1MjdG
NzNBMjNFQkZBM0RGMjMwQjc0QjBFRDFCMEIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDfKVMrLo7pxvkP/CDDN3mKk1zZna5kMYC57f7xN5CLYv2Th/3a
VvsLtb25Tevqcr8a8UueEJx7Rk+96cfQ4OMaTP71TaWPp6R1sArmk8H76jo3SqJz
FDpRRpJiXvqCkBv5dPUVuVo7qhrmKMPoR9jX5xVFp+Y48GP7oCf8MzN6GIsYTHjp
oW2QdZzV0JNiQi6dE7NzJZm1Ctwp+JdPU9mLtvMVt0zjVtBWBPYGVHdT5SLecr/K
Y9h/7LKfjMbwCt2ZMUeyYTTEDE9Tmd3HTN790Ctnn8c7+m71gQTYn6HSSzBZGQQ2
DijX1Kxx8sGpNOfOcmyXvxaqu/ykZJzyk2DPAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUtn5DBNhSf3OiPr+j3yMLdLDtGwswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3RuNURCTmhTZjNPaVBy
LWozeU1MZExEdEd3cy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAHo0cdvFaR6vQV6SdRe8RiUMNkor+mnp
TzWnzTWo0dZJKNfU6YcYR/n1rY1sydZj2kFBCXG5WOMgdjDrQPedBqOz5p3sopJx
TMmIx07genU+VtxN8Awh/X/kdL772pk0nvg9BdFhdpReJ4pj10o42UG8v+LmPZyk
2O9VJB7xm2N9IyPW2qmGQBHfsjqpP87YytSSVahy3mFcIKkQGSv1Nceq3JPEmPua
kMDdQl6mnKFYG+/XcOo2PaHoySrU+GoapWrqTUXN9knxbdCYnmm6qjApIGNKDjeM
cPqiubGzbYJP+uDKhnlbhmF6cFQsxz2cpvozm+v/Z0b5qozvE86MFD0=
-----END CERTIFICATE-----
Generated at Sat Apr 13 19:10:14 2024 by rpki-client on console.sobornost.net