Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/xx2S0M9c-aHOiolKIifmcBF5kVM.roa
File: xx2S0M9c-aHOiolKIifmcBF5kVM.roa (raw, json)
Hash identifier: 4+EylMhBZE1o8/YNoGgDLSHXY2dxnnxdu5ZTR+CCiLk=
Subject key identifier: C7:1D:92:D0:CF:5C:F9:A1:CE:8A:89:4A:22:27:E6:70:11:79:91:53
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3917
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xx2S0M9c-aHOiolKIifmcBF5kVM.roa
Signing time: Thu 04 Apr 2024 16:52:22 +0000
ROA not before: Thu 04 Apr 2024 16:52:22 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14615 (0x3917)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 4 16:52:22 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C71D92D0CF5CF9A1CE8A894A2227E67011799153
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:61:1e:4b:18:f5:2f:ee:f3:1b:e5:2a:8c:0f:
f3:a3:df:d3:21:df:29:c2:59:4d:30:f8:62:4c:11:
35:ba:70:2e:14:81:da:53:f8:27:ab:d8:b5:91:6d:
4b:7c:27:e7:9e:8e:88:5d:3d:48:fd:38:cc:d1:8c:
01:30:62:7b:ac:93:c4:a5:55:99:bb:46:75:45:e9:
33:1f:17:0c:bb:35:ae:33:10:3e:cf:86:16:a1:67:
9d:a1:00:66:b8:8b:10:2f:67:e9:74:d1:86:6e:e2:
71:a2:0b:80:ae:4c:48:94:f5:63:a9:4f:d0:4a:85:
80:60:18:ed:65:d3:61:37:1a:6c:cb:8e:eb:ad:22:
b5:ad:02:6e:42:a2:e9:31:70:66:89:56:8c:0b:3d:
cc:6e:17:c5:e9:c2:3f:2e:04:69:cf:02:3b:a9:68:
bd:c7:3a:8c:e4:7f:75:d3:f2:5c:32:35:cf:61:d5:
55:5a:f4:4f:03:2b:cf:cc:a0:12:8f:e3:d4:d1:77:
b0:1f:27:48:54:1e:89:5f:1e:7b:05:8c:ec:55:ac:
2b:da:18:8e:f3:ad:f2:3b:66:d1:33:1e:34:19:6b:
eb:5f:a7:e7:26:e9:6f:69:ed:23:b3:75:46:da:49:
fa:90:74:5a:fb:99:be:8e:d8:57:88:07:a5:1b:64:
c2:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:1D:92:D0:CF:5C:F9:A1:CE:8A:89:4A:22:27:E6:70:11:79:91:53
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xx2S0M9c-aHOiolKIifmcBF5kVM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
aa:1a:77:44:b8:f8:f5:09:75:60:ec:ca:dc:60:62:81:25:bf:
63:70:84:0f:44:91:59:41:74:87:ec:0d:ce:c7:41:82:4d:04:
74:28:d6:68:af:22:c1:10:fe:49:84:4c:d7:79:63:85:c3:74:
75:f8:49:60:5d:2f:ec:fb:b0:2b:de:9d:79:a5:e6:e4:e9:f1:
40:a3:7d:c0:dc:e2:a3:49:aa:20:e7:ba:6d:e7:56:56:6b:f5:
93:47:ee:3a:cc:e7:ea:a0:07:b0:9f:9a:a8:f0:97:7d:d9:34:
3b:e6:e4:67:4b:9f:70:e9:7a:f1:39:de:20:e5:19:ca:5e:b0:
2e:2b:f1:fe:69:38:ce:17:70:f9:96:f9:87:6a:bd:f2:f5:ff:
b7:8d:e1:87:a0:f7:ef:8d:fa:46:a1:b4:76:54:74:7b:fd:f6:
f4:5f:4f:f2:a2:55:a6:2b:a6:29:a2:7b:8d:bb:f7:c6:86:61:
52:f7:52:52:8d:e6:47:b7:38:63:da:05:4d:3e:b9:29:19:55:
02:78:7c:77:13:61:9a:0f:3b:56:96:94:cc:63:c4:c9:fc:86:
20:37:67:29:40:2a:53:48:23:16:2c:32:de:10:f3:02:b9:23:
4f:1b:6d:e4:c9:29:aa:ad:92:99:b0:3c:08:44:1a:87:a2:90:
72:95:ab:96
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICORcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDQx
NjUyMjJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEM3MUQ5MkQwQ0Y1Q0Y5
QTFDRThBODk0QTIyMjdFNjcwMTE3OTkxNTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMYR5LGPUv7vMb5SqMD/Oj39Mh3ynCWU0w+GJMETW6cC4UgdpT
+Cer2LWRbUt8J+eejohdPUj9OMzRjAEwYnusk8SlVZm7RnVF6TMfFwy7Na4zED7P
hhahZ52hAGa4ixAvZ+l00YZu4nGiC4CuTEiU9WOpT9BKhYBgGO1l02E3GmzLjuut
IrWtAm5CoukxcGaJVowLPcxuF8Xpwj8uBGnPAjupaL3HOozkf3XT8lwyNc9h1VVa
9E8DK8/MoBKP49TRd7AfJ0hUHolfHnsFjOxVrCvaGI7zrfI7ZtEzHjQZa+tfp+cm
6W9p7SOzdUbaSfqQdFr7mb6O2FeIB6UbZMLhAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUxx2S0M9c+aHOiolKIifmcBF5kVMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3h4MlMwTTljLWFIT2lv
bEtJaWZtY0JGNWtWTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAKoad0S4+PUJdWDsytxgYoElv2NwhA9E
kVlBdIfsDc7HQYJNBHQo1mivIsEQ/kmETNd5Y4XDdHX4SWBdL+z7sCvenXml5uTp
8UCjfcDc4qNJqiDnum3nVlZr9ZNH7jrM5+qgB7Cfmqjwl33ZNDvm5GdLn3DpevE5
3iDlGcpesC4r8f5pOM4XcPmW+YdqvfL1/7eN4Yeg9++N+kahtHZUdHv99vRfT/Ki
VaYrpimie42798aGYVL3UlKN5ke3OGPaBU0+uSkZVQJ4fHcTYZoPO1aWlMxjxMn8
hiA3ZylAKlNIIxYsMt4Q8wK5I08bbeTJKaqtkpmwPAhEGoeikHKVq5Y=
-----END CERTIFICATE-----
Generated at Thu Apr 4 23:41:04 2024 by rpki-client on console.sobornost.net