Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/PfO72ubMzsoWeKbH9tprTe1VzDI.roa
File: PfO72ubMzsoWeKbH9tprTe1VzDI.roa (raw, json)
Hash identifier: QzzY9IG9T4JQIQuDCeIU5bAPyCaTsENEP9MAffxhk5k=
Subject key identifier: 3D:F3:BB:DA:E6:CC:CE:CA:16:78:A6:C7:F6:DA:6B:4D:ED:55:CC:32
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3E03
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PfO72ubMzsoWeKbH9tprTe1VzDI.roa
Signing time: Thu 11 Apr 2024 06:22:47 +0000
ROA not before: Thu 11 Apr 2024 06:22:47 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15875 (0x3e03)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 11 06:22:47 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3DF3BBDAE6CCCECA1678A6C7F6DA6B4DED55CC32
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:2b:07:98:83:a0:2c:c2:de:6a:d8:f9:68:34:
f8:2c:aa:16:e5:c4:cd:c9:fc:3a:d1:36:f1:1e:d7:
48:b5:cd:ff:f5:37:10:73:52:bd:0a:62:2b:00:8e:
22:3e:35:c1:dc:1a:ff:e9:95:93:fa:cd:63:67:3b:
80:73:eb:4e:e0:0b:b9:9c:cf:9d:ee:82:29:74:2c:
27:09:32:73:a7:34:a7:d3:06:32:7a:a9:dd:9b:41:
04:84:9e:fa:b7:cc:f4:d4:b7:f8:7e:c9:56:62:58:
b4:91:32:d7:8a:5e:21:81:9f:34:05:91:9e:ad:b0:
ac:2d:4c:ba:2e:69:fe:e6:67:87:04:93:a8:af:7d:
33:cb:36:d9:a9:81:e0:13:13:8e:8e:1f:b1:91:d8:
d6:5e:69:79:c9:ee:c4:4f:46:11:bd:a0:0b:b4:95:
49:59:e1:18:81:ce:a2:10:f0:8b:ea:b8:47:83:33:
3f:3a:18:ca:db:17:fe:6a:46:21:1b:a5:1d:d4:fb:
ca:0c:c9:75:4d:cd:06:0d:cc:e2:6d:e1:94:84:27:
ec:cd:e6:ff:23:39:0a:51:a9:2f:26:04:2a:23:f0:
39:fb:9e:6f:32:77:3e:25:47:19:3b:9d:3d:ae:63:
34:e7:71:0c:1b:bd:c0:a0:7d:eb:3d:b5:5f:91:3d:
a3:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:F3:BB:DA:E6:CC:CE:CA:16:78:A6:C7:F6:DA:6B:4D:ED:55:CC:32
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PfO72ubMzsoWeKbH9tprTe1VzDI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
50:90:d7:5a:9c:4f:7b:93:a7:d6:2c:88:e3:e1:0d:72:bd:b7:
9d:f7:9e:ac:5c:4d:22:07:59:0c:98:44:a3:08:ca:be:ff:88:
22:46:2d:e0:af:d8:6a:99:fc:ea:e7:c2:5e:0e:f9:5d:80:4a:
ed:4f:85:a7:94:4f:7f:10:4f:27:d7:62:49:2c:be:9d:b6:2f:
da:e7:ff:ec:34:47:71:a0:ce:c3:87:0a:d6:11:1b:4a:4c:3c:
10:5f:c4:8e:61:a7:bd:7a:4f:81:8f:18:5b:26:54:b1:45:07:
6e:e9:75:78:17:e0:47:b2:aa:f4:9e:49:aa:76:4c:b7:01:37:
86:03:fb:1d:6e:c6:0c:9f:00:a8:7d:f2:58:f4:dc:d4:d9:fc:
b1:d9:10:cc:d2:f5:52:52:fa:e1:98:41:4f:42:16:bb:78:78:
7a:b8:12:12:70:39:26:a5:89:69:e4:3c:35:0b:be:11:81:ee:
27:98:cb:02:16:75:4c:70:f2:50:9d:0b:e3:eb:f6:3b:2e:17:
86:c6:8d:4f:69:68:10:ca:d6:1a:e2:a7:1d:38:f8:b4:5e:53:
a3:99:fc:5b:20:0b:16:e8:55:c1:e3:15:ec:f9:95:c2:01:af:
c9:85:a8:78:fc:4b:d9:4d:67:81:3a:9e:b4:b7:46:6d:1c:8d:
eb:ff:a0:c7
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICPgMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTEw
NjIyNDdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDNERjNCQkRBRTZDQ0NF
Q0ExNjc4QTZDN0Y2REE2QjRERUQ1NUNDMzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQClKweYg6Aswt5q2PloNPgsqhblxM3J/DrRNvEe10i1zf/1NxBz
Ur0KYisAjiI+NcHcGv/plZP6zWNnO4Bz607gC7mcz53ugil0LCcJMnOnNKfTBjJ6
qd2bQQSEnvq3zPTUt/h+yVZiWLSRMteKXiGBnzQFkZ6tsKwtTLouaf7mZ4cEk6iv
fTPLNtmpgeATE46OH7GR2NZeaXnJ7sRPRhG9oAu0lUlZ4RiBzqIQ8IvquEeDMz86
GMrbF/5qRiEbpR3U+8oMyXVNzQYNzOJt4ZSEJ+zN5v8jOQpRqS8mBCoj8Dn7nm8y
dz4lRxk7nT2uYzTncQwbvcCgfes9tV+RPaNfAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUPfO72ubMzsoWeKbH9tprTe1VzDIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1BmTzcydWJNenNvV2VL
Ykg5dHByVGUxVnpESS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAFCQ11qcT3uTp9YsiOPhDXK9t533nqxc
TSIHWQyYRKMIyr7/iCJGLeCv2GqZ/Ornwl4O+V2ASu1PhaeUT38QTyfXYkksvp22
L9rn/+w0R3GgzsOHCtYRG0pMPBBfxI5hp716T4GPGFsmVLFFB27pdXgX4EeyqvSe
Sap2TLcBN4YD+x1uxgyfAKh98lj03NTZ/LHZEMzS9VJS+uGYQU9CFrt4eHq4EhJw
OSaliWnkPDULvhGB7ieYywIWdUxw8lCdC+Pr9jsuF4bGjU9paBDK1hripx04+LRe
U6OZ/FsgCxboVcHjFez5lcIBr8mFqHj8S9lNZ4E6nrS3Rm0cjev/oMc=
-----END CERTIFICATE-----
Generated at Thu Apr 11 06:50:33 2024 by rpki-client on console-fra.rpki-client.org