Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/yBxZrse-Uunnfb2K3IY9VHEGBfE.roa
File: yBxZrse-Uunnfb2K3IY9VHEGBfE.roa (raw, json)
Hash identifier: DGeIVzb5pqVB+2qY4Kl4RpitJ/4K2eC+uOI4/6LXkRk=
Subject key identifier: C8:1C:59:AE:C7:BE:52:E9:E7:7D:BD:8A:DC:86:3D:54:71:06:05:F1
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4263
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yBxZrse-Uunnfb2K3IY9VHEGBfE.roa
Signing time: Wed 17 Apr 2024 02:23:25 +0000
ROA not before: Wed 17 Apr 2024 02:23:25 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16995 (0x4263)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 17 02:23:25 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C81C59AEC7BE52E9E77DBD8ADC863D54710605F1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:6a:55:3c:06:67:b0:b0:24:ad:92:d4:d6:d8:
36:fa:86:8e:8a:c0:ec:06:ac:10:86:74:e6:49:f9:
71:01:8f:58:83:92:0b:f9:fe:27:cd:4b:b4:b0:ee:
40:5b:56:23:23:f9:66:1c:2d:db:50:53:20:18:cc:
dc:b1:d7:e5:50:e3:c2:cb:71:ad:d5:2d:c8:25:f5:
af:54:d2:61:65:0a:d5:93:a5:09:be:ac:31:2c:eb:
47:c9:a2:4a:ce:a7:66:67:81:8f:ab:09:62:15:2a:
3b:f6:62:4a:5d:46:7c:c6:34:45:eb:9e:a2:87:df:
4f:95:ff:e2:fd:35:47:bd:32:99:7b:64:e0:13:80:
40:a6:de:57:e9:8c:9c:69:14:c3:fe:a3:ba:23:c2:
c2:56:7b:d4:a7:2b:97:9d:7a:40:6e:98:e6:2a:55:
02:bc:a4:e2:b2:a1:e1:cd:a0:ad:b1:04:1a:14:c6:
55:b4:b4:2e:b5:f1:ca:64:86:56:24:73:b1:b5:9c:
96:89:d6:d7:c4:b2:5e:b6:b8:79:37:03:75:4e:38:
31:e1:f1:ac:b2:d8:39:69:4b:db:ab:7e:8e:97:2a:
f9:80:7f:94:c0:ec:2e:1a:d1:d8:af:49:7a:74:6c:
86:ab:b0:05:33:ad:59:f9:98:c6:00:f8:ff:2f:ab:
bc:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:1C:59:AE:C7:BE:52:E9:E7:7D:BD:8A:DC:86:3D:54:71:06:05:F1
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yBxZrse-Uunnfb2K3IY9VHEGBfE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
8c:0e:91:df:47:58:65:d2:ac:c1:d4:ab:18:fa:4b:40:f1:6f:
46:46:b4:d6:a9:6b:72:e8:08:cc:2d:78:bb:4a:f1:78:6c:55:
79:30:ec:ba:24:5a:7b:1b:7a:80:54:78:4a:66:97:22:1e:5b:
d8:e7:c5:95:5a:ca:80:c3:8f:3d:e0:a5:59:51:69:b6:30:c5:
e2:70:32:2f:37:ae:22:bd:db:80:52:1d:6e:db:d9:6a:5f:ad:
db:36:0c:0d:29:a7:48:43:31:96:f9:9b:d7:8d:10:f1:6a:f2:
72:d6:f3:7c:d2:cc:87:2e:54:cf:6c:97:02:ed:35:54:70:8a:
c6:c1:cd:04:f9:23:a7:41:e3:b4:ae:b8:10:c4:09:02:11:10:
b4:2d:eb:91:bf:4f:93:f1:40:7f:04:8f:01:c1:7d:37:be:28:
ef:3b:ba:95:19:17:6d:b4:c7:d2:64:31:37:0c:77:0e:17:aa:
6d:56:d6:a7:8e:16:df:cd:78:82:6f:28:6e:14:1f:df:8d:5c:
8e:c8:83:e0:fd:73:b5:65:35:3c:bd:01:16:ad:aa:cc:4e:47:
09:33:13:02:15:51:9b:f8:52:4c:2a:70:a9:83:14:94:7b:27:
11:ce:63:0e:25:9a:df:0c:90:50:0d:73:8c:b9:51:98:de:38:
8d:48:db:ef
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQmMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTcw
MjIzMjVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEM4MUM1OUFFQzdCRTUy
RTlFNzdEQkQ4QURDODYzRDU0NzEwNjA1RjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4alU8BmewsCStktTW2Db6ho6KwOwGrBCGdOZJ+XEBj1iDkgv5
/ifNS7Sw7kBbViMj+WYcLdtQUyAYzNyx1+VQ48LLca3VLcgl9a9U0mFlCtWTpQm+
rDEs60fJokrOp2ZngY+rCWIVKjv2YkpdRnzGNEXrnqKH30+V/+L9NUe9Mpl7ZOAT
gECm3lfpjJxpFMP+o7ojwsJWe9SnK5edekBumOYqVQK8pOKyoeHNoK2xBBoUxlW0
tC618cpkhlYkc7G1nJaJ1tfEsl62uHk3A3VOODHh8ayy2DlpS9urfo6XKvmAf5TA
7C4a0divSXp0bIarsAUzrVn5mMYA+P8vq7xVAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUyBxZrse+Uunnfb2K3IY9VHEGBfEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3lCeFpyc2UtVXVubmZi
MkszSVk5VkhFR0JmRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAIwOkd9HWGXSrMHUqxj6S0Dxb0ZGtNap
a3LoCMwteLtK8XhsVXkw7LokWnsbeoBUeEpmlyIeW9jnxZVayoDDjz3gpVlRabYw
xeJwMi83riK924BSHW7b2Wpfrds2DA0pp0hDMZb5m9eNEPFq8nLW83zSzIcuVM9s
lwLtNVRwisbBzQT5I6dB47SuuBDECQIRELQt65G/T5PxQH8EjwHBfTe+KO87upUZ
F220x9JkMTcMdw4Xqm1W1qeOFt/NeIJvKG4UH9+NXI7Ig+D9c7VlNTy9ARatqsxO
RwkzEwIVUZv4UkwqcKmDFJR7JxHOYw4lmt8MkFANc4y5UZjeOI1I2+8=
-----END CERTIFICATE-----
Generated at Wed Apr 17 08:40:33 2024 by rpki-client on console.sobornost.net