Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/yzyPins9BGqzySVZU5UpZ7t0xWE.roa
File: yzyPins9BGqzySVZU5UpZ7t0xWE.roa (raw, json)
Hash identifier: gfxe97XxrjjyTVFb+QfGC3Hohlq5YINUR+YGfLK/P9Q=
Subject key identifier: CB:3C:8F:8A:7B:3D:04:6A:B3:C9:25:59:53:95:29:67:BB:74:C5:61
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 429B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yzyPins9BGqzySVZU5UpZ7t0xWE.roa
Signing time: Wed 17 Apr 2024 09:22:59 +0000
ROA not before: Wed 17 Apr 2024 09:22:59 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17051 (0x429b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 17 09:22:59 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=CB3C8F8A7B3D046AB3C9255953952967BB74C561
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:d1:dc:dc:cd:d7:da:c6:8b:af:08:f2:38:8e:
45:67:cf:d2:c4:45:d8:8e:b1:1a:b0:95:34:bb:db:
e6:df:98:ca:5d:60:d9:18:5a:0e:57:83:3c:19:8d:
78:62:c7:92:2a:5f:85:2d:9d:8b:90:46:45:75:19:
dd:95:88:88:49:50:20:9d:63:44:06:b8:03:5d:3a:
c0:5f:d5:9f:ac:00:51:6d:2e:2d:40:27:99:70:07:
09:6b:8d:f2:33:c9:c8:df:dd:a6:e0:c2:a4:4b:dd:
20:e1:ec:7b:72:50:bd:f4:c8:cf:d8:a9:7a:95:87:
ca:1e:bd:f7:04:3c:89:32:46:92:c2:bd:95:f7:7a:
40:c6:98:4d:3c:31:35:bd:fe:4f:f7:74:7e:00:ca:
99:86:1e:8f:17:73:a6:f9:81:82:db:dd:17:d9:ec:
69:6b:0d:61:40:60:28:24:11:c9:02:0d:d6:1a:ea:
54:f4:c6:19:ca:1c:59:88:a2:b4:e6:52:e4:9c:5f:
74:3b:72:6a:96:fe:3d:e3:53:ba:06:33:41:dc:87:
c8:24:0d:90:3d:dc:0a:94:b7:4d:4f:76:13:9a:3c:
e8:3f:4f:64:8b:1a:cf:23:44:49:03:da:2f:d0:0c:
a5:73:bb:8a:51:05:3e:a3:07:9e:e3:f8:03:71:02:
57:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:3C:8F:8A:7B:3D:04:6A:B3:C9:25:59:53:95:29:67:BB:74:C5:61
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yzyPins9BGqzySVZU5UpZ7t0xWE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
1b:1a:b1:c0:9a:65:92:88:b8:56:33:32:4e:60:0e:c7:cc:15:
7b:2d:0e:ec:fe:33:9f:8c:83:e7:7a:c7:b1:32:2e:58:80:d0:
e3:f7:c6:fd:f8:8f:61:66:7b:98:a2:9a:6b:85:ec:32:c1:87:
83:37:44:16:3e:84:f2:af:3b:eb:a6:a9:ac:99:5e:5e:97:ad:
8b:94:b8:d6:b8:46:b9:45:b9:4e:76:55:50:32:25:69:ae:68:
03:1c:7c:67:9e:6e:6e:db:a0:20:8a:5f:05:dc:d9:2f:7f:1f:
77:ec:ce:ab:f8:51:62:0b:9c:4b:34:87:96:cb:ed:70:88:d9:
17:2f:fb:02:c0:d8:e7:62:23:23:3f:66:02:81:ec:cb:05:15:
33:bd:36:d8:94:91:6c:dc:69:03:17:90:31:c6:55:d0:13:9c:
a4:7a:2b:6a:2b:31:bf:f7:45:b7:1a:a4:d9:87:1e:4e:87:84:
1f:48:53:7e:9f:5b:11:72:a2:46:5d:66:a8:4d:b1:be:2e:63:
3a:2d:d6:64:fd:58:b8:69:80:ca:1d:83:25:8c:83:30:e4:92:
91:13:c0:10:25:61:a1:22:5c:64:12:79:10:76:17:bb:18:2f:
9d:7f:c5:65:ba:68:58:57:8f:4c:f2:f4:66:7b:90:db:f7:1f:
63:5a:4f:48
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQpswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTcw
OTIyNTlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKENCM0M4RjhBN0IzRDA0
NkFCM0M5MjU1OTUzOTUyOTY3QkI3NEM1NjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCk0dzczdfaxouvCPI4jkVnz9LERdiOsRqwlTS72+bfmMpdYNkY
Wg5XgzwZjXhix5IqX4UtnYuQRkV1Gd2ViIhJUCCdY0QGuANdOsBf1Z+sAFFtLi1A
J5lwBwlrjfIzycjf3abgwqRL3SDh7HtyUL30yM/YqXqVh8oevfcEPIkyRpLCvZX3
ekDGmE08MTW9/k/3dH4AypmGHo8Xc6b5gYLb3RfZ7GlrDWFAYCgkEckCDdYa6lT0
xhnKHFmIorTmUuScX3Q7cmqW/j3jU7oGM0Hch8gkDZA93AqUt01PdhOaPOg/T2SL
Gs8jREkD2i/QDKVzu4pRBT6jB57j+ANxAlcJAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUyzyPins9BGqzySVZU5UpZ7t0xWEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3l6eVBpbnM5QkdxenlT
VlpVNVVwWjd0MHhXRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBABsascCaZZKIuFYzMk5gDsfMFXstDuz+
M5+Mg+d6x7EyLliA0OP3xv34j2Fme5iimmuF7DLBh4M3RBY+hPKvO+umqayZXl6X
rYuUuNa4RrlFuU52VVAyJWmuaAMcfGeebm7boCCKXwXc2S9/H3fszqv4UWILnEs0
h5bL7XCI2Rcv+wLA2OdiIyM/ZgKB7MsFFTO9NtiUkWzcaQMXkDHGVdATnKR6K2or
Mb/3RbcapNmHHk6HhB9IU36fWxFyokZdZqhNsb4uYzot1mT9WLhpgModgyWMgzDk
kpETwBAlYaEiXGQSeRB2F7sYL51/xWW6aFhXj0zy9GZ7kNv3H2NaT0g=
-----END CERTIFICATE-----
Generated at Wed Apr 17 14:46:04 2024 by rpki-client on console.sobornost.net