Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/vjJvar-K3qFll3wW4MLsCMHHlI0.roa
File: vjJvar-K3qFll3wW4MLsCMHHlI0.roa (raw, json)
Hash identifier: VEgWggh1O+WQISJ7SVh0uFGfCefMngh4m1ro2g+X4BI=
Subject key identifier: BE:32:6F:6A:BF:8A:DE:A1:65:97:7C:16:E0:C2:EC:08:C1:C7:94:8D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3D5F
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vjJvar-K3qFll3wW4MLsCMHHlI0.roa
Signing time: Wed 10 Apr 2024 09:52:40 +0000
ROA not before: Wed 10 Apr 2024 09:52:40 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15711 (0x3d5f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 10 09:52:40 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=BE326F6ABF8ADEA165977C16E0C2EC08C1C7948D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:9a:64:a7:e1:ee:5c:0c:9e:2f:20:0c:fb:b5:
1d:3b:88:c8:3e:6c:98:33:a9:a2:a9:25:a6:3b:1b:
8a:4f:fc:5b:61:67:f3:a0:77:70:05:40:1f:54:59:
1c:56:ce:5d:fa:79:f6:60:ec:e5:1d:4c:21:e7:53:
58:35:6d:f7:a5:47:7e:54:89:f7:09:1a:89:49:fb:
6f:27:56:a4:b6:82:f9:6f:ba:e9:7d:74:36:00:2e:
5a:41:d2:18:26:f0:f8:be:e2:6d:ec:63:a8:e5:05:
58:a9:0f:09:e1:cd:b5:df:53:a5:20:ed:49:0a:96:
3a:9c:31:99:96:8f:57:4d:6a:72:67:dd:8a:a1:2d:
e1:e2:60:2e:53:8b:59:03:76:61:2d:54:0c:ef:82:
de:37:59:01:ad:2d:b8:f7:13:77:91:25:df:96:26:
70:94:78:f4:77:0f:e2:23:db:16:3f:bb:e1:13:96:
28:25:72:69:72:25:70:06:e1:f3:d8:a2:0d:d8:cb:
85:2d:1c:05:5e:ae:c6:f7:f3:9e:47:be:8c:92:dc:
35:50:ef:43:69:92:a0:84:70:44:45:47:f5:1d:06:
c8:12:40:b9:cb:0f:61:3c:2f:5d:0a:d7:e3:1a:cc:
c4:88:d6:64:b1:0e:e7:72:39:e5:81:b5:e9:06:f4:
38:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:32:6F:6A:BF:8A:DE:A1:65:97:7C:16:E0:C2:EC:08:C1:C7:94:8D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vjJvar-K3qFll3wW4MLsCMHHlI0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
32:c7:0e:c6:6b:35:ec:09:32:bf:39:e7:54:87:1b:1d:b9:7f:
8f:bd:98:cb:42:c0:a9:07:eb:39:2a:cd:d3:6f:e0:1d:97:93:
4d:96:bd:54:cd:52:66:49:63:4d:60:5c:93:90:dd:0c:de:c8:
11:4a:01:b5:ed:06:92:95:8e:1f:43:3f:26:e0:39:67:d9:21:
2d:2a:80:39:6e:2a:84:43:a5:77:c8:68:b0:ed:4e:af:78:70:
a4:05:72:5a:37:e6:de:79:d9:69:18:7e:62:88:04:6c:77:70:
ca:00:29:d7:b7:65:d6:ed:b9:52:87:9c:9c:44:5c:b1:33:68:
4f:58:ec:2c:36:79:58:2f:d9:2c:3a:83:bd:6e:7a:dc:f3:71:
6b:a8:f5:42:d8:00:d0:80:33:6f:02:6c:dd:c1:d9:f7:97:c1:
7f:f5:0b:15:5c:f5:72:9c:eb:93:f1:ac:0f:6a:67:62:c0:b4:
02:52:56:b7:74:c2:72:39:4e:62:3b:1b:f3:f1:07:52:e6:78:
f0:94:76:e3:a8:60:da:18:3c:65:8b:db:5f:49:c3:c7:4c:5c:
a3:ac:c8:b9:f1:43:50:3f:81:4e:9d:ae:f4:f5:00:72:bc:ef:
05:e9:bb:24:f3:02:37:82:6f:4c:04:44:27:7d:97:51:eb:14:
05:c7:c7:bf
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICPV8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTAw
OTUyNDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEJFMzI2RjZBQkY4QURF
QTE2NTk3N0MxNkUwQzJFQzA4QzFDNzk0OEQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCzmmSn4e5cDJ4vIAz7tR07iMg+bJgzqaKpJaY7G4pP/FthZ/Og
d3AFQB9UWRxWzl36efZg7OUdTCHnU1g1bfelR35UifcJGolJ+28nVqS2gvlvuul9
dDYALlpB0hgm8Pi+4m3sY6jlBVipDwnhzbXfU6Ug7UkKljqcMZmWj1dNanJn3Yqh
LeHiYC5Ti1kDdmEtVAzvgt43WQGtLbj3E3eRJd+WJnCUePR3D+Ij2xY/u+ETligl
cmlyJXAG4fPYog3Yy4UtHAVersb3855HvoyS3DVQ70NpkqCEcERFR/UdBsgSQLnL
D2E8L10K1+MazMSI1mSxDudyOeWBtekG9Di1AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUvjJvar+K3qFll3wW4MLsCMHHlI0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3ZqSnZhci1LM3FGbGwz
d1c0TUxzQ01ISGxJMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBADLHDsZrNewJMr8551SHGx25f4+9mMtC
wKkH6zkqzdNv4B2Xk02WvVTNUmZJY01gXJOQ3QzeyBFKAbXtBpKVjh9DPybgOWfZ
IS0qgDluKoRDpXfIaLDtTq94cKQFclo35t552WkYfmKIBGx3cMoAKde3ZdbtuVKH
nJxEXLEzaE9Y7Cw2eVgv2Sw6g71uetzzcWuo9ULYANCAM28CbN3B2feXwX/1CxVc
9XKc65PxrA9qZ2LAtAJSVrd0wnI5TmI7G/PxB1LmePCUduOoYNoYPGWL219Jw8dM
XKOsyLnxQ1A/gU6drvT1AHK87wXpuyTzAjeCb0wERCd9l1HrFAXHx78=
-----END CERTIFICATE-----
Generated at Wed Apr 10 16:17:29 2024 by rpki-client on console.sobornost.net