Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/x5ssE9A6MJEgb81-P4DMY-4rGDE.roa
File: x5ssE9A6MJEgb81-P4DMY-4rGDE.roa (raw, json)
Hash identifier: ekOITIKOLp9mfycbOCTrfnnZ0diy3CWe4mf1lRLWPXk=
Subject key identifier: C7:9B:2C:13:D0:3A:30:91:20:6F:CD:7E:3F:80:CC:63:EE:2B:18:31
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3CBF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/x5ssE9A6MJEgb81-P4DMY-4rGDE.roa
Signing time: Tue 09 Apr 2024 13:52:40 +0000
ROA not before: Tue 09 Apr 2024 13:52:40 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15551 (0x3cbf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 9 13:52:40 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C79B2C13D03A3091206FCD7E3F80CC63EE2B1831
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:fa:ba:73:37:b6:71:5f:63:b0:95:fc:43:50:
5d:45:af:99:1f:43:16:55:3d:d9:ef:99:75:d0:a4:
77:4c:27:6e:fc:cd:a5:87:9e:2e:f7:53:e0:02:6a:
0f:03:8b:cc:6c:f4:ee:fc:2a:86:22:cc:b3:ed:9b:
db:3b:13:00:4f:40:9f:f2:e7:75:c6:e8:52:20:b2:
a6:a4:39:c1:82:9e:e6:72:8b:e7:33:61:7e:42:35:
16:9a:15:ac:f2:99:58:89:87:73:a4:76:00:96:53:
9e:c7:79:cc:2e:34:26:8b:dd:a9:e0:79:bf:52:3f:
0e:eb:2a:94:ec:c6:b4:81:63:fc:c1:6d:d8:a0:ac:
0c:9b:9c:0a:cd:86:f5:87:6b:2e:b3:6a:2b:26:ca:
93:79:ab:11:92:cc:99:dd:37:1d:f5:46:78:50:57:
3e:af:9f:91:a3:80:a7:36:0b:29:d6:2b:4e:e2:ce:
af:93:8d:6f:1e:7b:be:00:71:82:79:6b:61:78:f4:
80:45:6b:3c:13:71:aa:bb:b5:f7:74:1f:81:5f:f8:
1d:96:31:f9:78:9a:81:51:2b:86:d6:75:32:21:e1:
7c:95:c9:ff:8d:b1:64:e2:18:45:cb:06:fd:03:53:
f4:f3:b8:07:ad:41:87:a4:c5:cd:e9:3e:7a:41:38:
10:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:9B:2C:13:D0:3A:30:91:20:6F:CD:7E:3F:80:CC:63:EE:2B:18:31
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/x5ssE9A6MJEgb81-P4DMY-4rGDE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
b0:3e:51:af:1c:db:ca:b5:86:45:26:6c:51:d3:62:ee:ca:cb:
ea:4a:ff:4c:c7:20:33:2b:90:a3:3a:f5:ce:9f:8e:b0:6f:f8:
f1:0c:81:4f:ab:7f:f3:fc:36:19:5a:91:51:9e:e5:c4:12:1a:
b8:3d:4a:67:d9:6c:d6:be:3f:96:ec:bf:4e:fe:54:42:58:6e:
27:bc:1e:e4:14:e3:d4:52:f9:71:59:1d:be:73:3a:55:0a:37:
a9:77:c4:1a:5e:e1:47:9e:54:99:42:79:ee:3a:d4:e5:cb:47:
e4:85:9c:84:69:71:2b:f9:d5:22:65:b9:a9:d2:4c:57:c1:b2:
78:da:21:0d:5c:0e:84:7b:1f:4d:9a:a4:7a:e3:19:c8:48:53:
29:46:46:4c:6a:29:c3:13:f4:ad:60:b8:e2:f8:47:42:86:ad:
31:ae:d7:a3:f8:fc:99:db:17:e0:c5:c6:63:58:b1:23:77:20:
e2:5f:a3:4a:4a:26:8c:72:9e:fe:02:ad:f5:9c:9d:04:a4:42:
8c:0b:4c:38:55:49:3f:3f:04:32:29:2c:f9:ac:22:20:0b:fd:
4a:a1:da:2e:fa:27:27:21:6c:4c:8a:3a:18:84:4f:7e:d1:8b:
8f:7b:b8:56:35:db:a6:24:f0:4e:ce:b1:c3:4c:1d:96:18:d9:
9f:0f:85:69
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICPL8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDkx
MzUyNDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEM3OUIyQzEzRDAzQTMw
OTEyMDZGQ0Q3RTNGODBDQzYzRUUyQjE4MzEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCr+rpzN7ZxX2OwlfxDUF1Fr5kfQxZVPdnvmXXQpHdMJ278zaWH
ni73U+ACag8Di8xs9O78KoYizLPtm9s7EwBPQJ/y53XG6FIgsqakOcGCnuZyi+cz
YX5CNRaaFazymViJh3OkdgCWU57HecwuNCaL3angeb9SPw7rKpTsxrSBY/zBbdig
rAybnArNhvWHay6zaismypN5qxGSzJndNx31RnhQVz6vn5GjgKc2CynWK07izq+T
jW8ee74AcYJ5a2F49IBFazwTcaq7tfd0H4Ff+B2WMfl4moFRK4bWdTIh4XyVyf+N
sWTiGEXLBv0DU/TzuAetQYekxc3pPnpBOBB9AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUx5ssE9A6MJEgb81+P4DMY+4rGDEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3g1c3NFOUE2TUpFZ2I4
MS1QNERNWS00ckdERS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBALA+Ua8c28q1hkUmbFHTYu7Ky+pK/0zH
IDMrkKM69c6fjrBv+PEMgU+rf/P8NhlakVGe5cQSGrg9SmfZbNa+P5bsv07+VEJY
bie8HuQU49RS+XFZHb5zOlUKN6l3xBpe4UeeVJlCee461OXLR+SFnIRpcSv51SJl
uanSTFfBsnjaIQ1cDoR7H02apHrjGchIUylGRkxqKcMT9K1guOL4R0KGrTGu16P4
/JnbF+DFxmNYsSN3IOJfo0pKJoxynv4CrfWcnQSkQowLTDhVST8/BDIpLPmsIiAL
/Uqh2i76JychbEyKOhiET37Ri497uFY126Yk8E7OscNMHZYY2Z8PhWk=
-----END CERTIFICATE-----
Generated at Tue Apr 9 20:29:13 2024 by rpki-client on console.sobornost.net