Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/CDSRta1mzhrJ-nG7Y72xMNvqICk.roa
File: CDSRta1mzhrJ-nG7Y72xMNvqICk.roa (raw, json)
Hash identifier: TnFNKY9+amQb8ZBDw/Y9X2JVwxtndZjtYLR+PhDz3uI=
Subject key identifier: 08:34:91:B5:AD:66:CE:1A:C9:FA:71:BB:63:BD:B1:30:DB:EA:20:29
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 399F
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/CDSRta1mzhrJ-nG7Y72xMNvqICk.roa
Signing time: Fri 05 Apr 2024 09:52:24 +0000
ROA not before: Fri 05 Apr 2024 09:52:24 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14751 (0x399f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 5 09:52:24 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=083491B5AD66CE1AC9FA71BB63BDB130DBEA2029
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:e9:ee:8e:5c:54:f7:68:95:30:ab:1c:e5:0f:
a1:aa:31:b4:73:3d:12:78:ce:7f:c0:bd:fc:88:b8:
68:47:2e:d7:e6:2a:6a:8d:81:22:a0:cc:6f:b9:48:
4b:b1:04:ae:c3:ce:21:99:f6:a1:36:83:d0:50:ec:
64:ac:1c:75:fe:24:73:28:81:db:8a:e4:5f:80:9d:
69:26:3b:e5:b7:9a:32:b7:47:47:cd:85:8f:e8:10:
54:84:67:5e:a4:00:2e:32:fb:e7:2c:43:6c:96:58:
82:1d:7f:9a:42:db:48:63:b6:3e:5e:9b:5a:a6:48:
ff:76:77:e1:48:e2:ff:63:99:6f:12:66:02:f7:ad:
70:be:f8:4d:50:4e:95:32:ba:9e:91:a2:44:d2:62:
d1:38:0e:8a:47:16:a5:17:be:2b:35:37:65:66:21:
36:3d:24:af:de:f9:1a:4d:70:29:92:35:ca:c5:4d:
c2:e5:f3:e0:2a:2f:5e:63:59:df:a7:2c:52:c3:66:
e7:33:7d:80:5e:45:e7:f1:65:4b:35:6c:af:d7:fb:
d2:a3:85:e2:63:07:50:6f:a0:19:6b:db:31:4d:3e:
9d:50:52:18:31:a3:14:6d:8e:0d:24:68:69:87:21:
67:c0:4b:57:31:49:fa:1a:b3:68:01:ba:f3:4c:28:
40:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:34:91:B5:AD:66:CE:1A:C9:FA:71:BB:63:BD:B1:30:DB:EA:20:29
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/CDSRta1mzhrJ-nG7Y72xMNvqICk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
71:b2:05:a2:e3:c6:b4:91:74:ac:f7:11:0a:b4:24:bd:39:e5:
04:64:ce:a2:b1:0d:d9:8e:97:6d:9d:83:46:c8:56:6d:62:2a:
f6:a3:c9:58:26:a2:cc:25:99:a9:bb:32:c1:7f:10:1c:f1:c6:
66:56:52:67:ea:ce:bc:db:1e:28:89:d9:11:a2:31:04:20:e4:
2f:49:47:d6:f4:44:66:79:9e:52:dc:05:43:fb:81:6e:04:82:
d2:1c:87:fc:9e:90:b0:b4:bb:19:55:dc:33:14:c8:17:2e:2a:
ad:53:51:4f:32:a9:a3:0b:de:06:8e:ef:9f:32:ad:75:9a:58:
b8:99:47:9c:1c:2c:64:f6:35:79:5a:21:8f:73:f7:f8:8c:87:
36:34:c3:79:31:14:ca:fc:ef:d5:56:7f:7d:1c:c5:d6:ab:7e:
1a:a2:60:73:81:2e:27:e9:5e:f8:36:98:82:b4:d4:bb:00:3b:
ff:50:cc:ce:a2:ad:6a:63:76:88:94:c2:59:7a:bb:b3:30:0e:
dc:47:a4:c3:70:f1:a5:e0:cd:83:14:80:b2:24:89:01:be:6f:
e5:e7:c3:24:d4:de:c0:f9:03:26:ba:19:ff:37:7f:92:e5:0b:
c5:7f:ae:b8:db:0a:68:e9:c3:9f:ba:c4:d6:5a:62:87:b5:c8:
fb:53:17:f8
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICOZ8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDUw
OTUyMjRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDA4MzQ5MUI1QUQ2NkNF
MUFDOUZBNzFCQjYzQkRCMTMwREJFQTIwMjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDr6e6OXFT3aJUwqxzlD6GqMbRzPRJ4zn/AvfyIuGhHLtfmKmqN
gSKgzG+5SEuxBK7DziGZ9qE2g9BQ7GSsHHX+JHMogduK5F+AnWkmO+W3mjK3R0fN
hY/oEFSEZ16kAC4y++csQ2yWWIIdf5pC20hjtj5em1qmSP92d+FI4v9jmW8SZgL3
rXC++E1QTpUyup6RokTSYtE4DopHFqUXvis1N2VmITY9JK/e+RpNcCmSNcrFTcLl
8+AqL15jWd+nLFLDZuczfYBeRefxZUs1bK/X+9KjheJjB1BvoBlr2zFNPp1QUhgx
oxRtjg0kaGmHIWfAS1cxSfoas2gBuvNMKECJAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUCDSRta1mzhrJ+nG7Y72xMNvqICkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0NEU1J0YTFtemhySi1u
RzdZNzJ4TU52cUlDay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAHGyBaLjxrSRdKz3EQq0JL055QRkzqKx
DdmOl22dg0bIVm1iKvajyVgmoswlmam7MsF/EBzxxmZWUmfqzrzbHiiJ2RGiMQQg
5C9JR9b0RGZ5nlLcBUP7gW4EgtIch/yekLC0uxlV3DMUyBcuKq1TUU8yqaML3gaO
758yrXWaWLiZR5wcLGT2NXlaIY9z9/iMhzY0w3kxFMr879VWf30cxdarfhqiYHOB
LifpXvg2mIK01LsAO/9QzM6irWpjdoiUwll6u7MwDtxHpMNw8aXgzYMUgLIkiQG+
b+XnwyTU3sD5Aya6Gf83f5LlC8V/rrjbCmjpw5+6xNZaYoe1yPtTF/g=
-----END CERTIFICATE-----
Generated at Fri Apr 5 10:25:33 2024 by rpki-client on console-fra.rpki-client.org