Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/U-ShamlMy1MrnPTFLso5GKRQQrA.roa
File: U-ShamlMy1MrnPTFLso5GKRQQrA.roa (raw, json)
Hash identifier: DTFgPtFlEgbeDJuxTjFgR1LHM6cTCqAXmUSna7tNUZ4=
Subject key identifier: 53:E4:A1:6A:69:4C:CB:53:2B:9C:F4:C5:2E:CA:39:18:A4:50:42:B0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3C6A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/U-ShamlMy1MrnPTFLso5GKRQQrA.roa
Signing time: Tue 09 Apr 2024 03:22:36 +0000
ROA not before: Tue 09 Apr 2024 03:22:36 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15466 (0x3c6a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 9 03:22:36 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=53E4A16A694CCB532B9CF4C52ECA3918A45042B0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:e8:87:68:50:9d:3c:57:e7:fd:55:f2:81:a4:
66:17:28:bc:3d:d0:9a:a9:f1:4b:63:16:d0:92:9d:
6f:f2:0e:70:e6:70:39:e4:ec:37:f3:e9:ec:0a:c4:
32:da:ec:80:fd:41:37:38:64:19:03:c8:15:84:84:
59:93:4d:43:86:c5:fe:8d:d9:ad:a7:8f:04:fe:40:
99:5e:b7:a4:af:02:97:14:95:76:bf:e9:38:0a:00:
b2:9d:7f:fe:67:42:79:b1:53:73:6a:c4:da:17:af:
bd:47:73:1d:09:2d:a6:eb:21:25:ba:a6:0a:ba:c7:
a5:32:95:31:d3:ae:f2:fd:cd:23:d0:e4:d3:7d:60:
f6:d5:db:e3:de:dc:fb:1e:b6:d8:5e:7f:9e:0b:5a:
dc:1f:35:42:3a:dc:bc:26:cf:5f:21:35:cd:ed:4d:
91:a9:36:80:8f:27:c2:5b:5c:fe:50:91:99:bd:cd:
d8:16:ec:08:9f:51:9f:6a:f8:74:f2:b1:33:39:f4:
c3:6e:b6:9c:08:38:31:f9:75:e4:f4:55:3e:de:56:
1f:87:71:4e:88:48:60:3b:55:7f:b9:70:58:92:2b:
a0:73:72:41:25:0d:df:f1:6f:00:f8:93:d5:65:cb:
2d:ac:37:40:be:35:f7:52:b0:bc:79:38:a1:7c:54:
54:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:E4:A1:6A:69:4C:CB:53:2B:9C:F4:C5:2E:CA:39:18:A4:50:42:B0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/U-ShamlMy1MrnPTFLso5GKRQQrA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
5f:10:bc:80:f2:31:58:39:27:12:06:8c:5f:70:f7:75:4f:01:
f4:7b:43:d3:0f:ae:cb:b2:d1:67:56:46:00:bc:ae:c5:b7:eb:
1f:ce:d0:30:ae:95:5f:42:3b:a5:01:0e:c6:1f:61:fb:30:cf:
c3:c7:52:eb:54:d4:f4:59:d1:72:9d:e0:cd:cf:a3:55:58:65:
cd:a5:ff:a1:e4:f2:42:6b:c8:45:a8:58:72:d4:7e:e1:d5:02:
56:d7:28:e4:99:6c:b2:5c:90:98:26:eb:07:a8:fa:77:91:d5:
39:23:4b:73:cb:64:18:02:06:30:26:e3:e0:21:78:fb:85:ad:
f0:b9:65:ec:27:33:f9:83:f5:2a:1e:27:02:92:d4:02:2e:aa:
04:a4:4e:40:b9:53:f6:50:ea:e1:33:fc:d7:4f:60:83:4e:b8:
a7:59:9b:95:2e:76:1c:7a:f1:a3:5d:87:a3:19:91:96:c5:a5:
2f:9e:60:c5:b8:98:a1:d7:68:02:3c:4b:e1:b1:00:2d:3c:59:
af:a0:0e:5b:62:02:2a:21:7d:dd:39:e4:f6:e6:b2:48:e0:1c:
6c:ea:19:23:f2:6b:b9:0c:98:83:d5:5b:a3:4c:ad:a7:d5:88:
0c:3b:68:34:e4:71:5c:b4:6d:30:1b:d9:73:81:81:0f:12:de:
37:79:ca:54
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPGowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDkw
MzIyMzZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDUzRTRBMTZBNjk0Q0NC
NTMyQjlDRjRDNTJFQ0EzOTE4QTQ1MDQyQjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCv6IdoUJ08V+f9VfKBpGYXKLw90Jqp8UtjFtCSnW/yDnDmcDnk
7Dfz6ewKxDLa7ID9QTc4ZBkDyBWEhFmTTUOGxf6N2a2njwT+QJlet6SvApcUlXa/
6TgKALKdf/5nQnmxU3NqxNoXr71Hcx0JLabrISW6pgq6x6UylTHTrvL9zSPQ5NN9
YPbV2+Pe3Psetthef54LWtwfNUI63Lwmz18hNc3tTZGpNoCPJ8JbXP5QkZm9zdgW
7AifUZ9q+HTysTM59MNutpwIODH5deT0VT7eVh+HcU6ISGA7VX+5cFiSK6BzckEl
Dd/xbwD4k9Vlyy2sN0C+NfdSsLx5OKF8VFRtAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUU+ShamlMy1MrnPTFLso5GKRQQrAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1UtU2hhbWxNeTFNcm5Q
VEZMc281R0tSUVFyQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAXxC8gPIxWDknEgaMX3D3dU8B9HtD0w+u
y7LRZ1ZGALyuxbfrH87QMK6VX0I7pQEOxh9h+zDPw8dS61TU9FnRcp3gzc+jVVhl
zaX/oeTyQmvIRahYctR+4dUCVtco5JlsslyQmCbrB6j6d5HVOSNLc8tkGAIGMCbj
4CF4+4Wt8Lll7Ccz+YP1Kh4nApLUAi6qBKROQLlT9lDq4TP8109gg064p1mblS52
HHrxo12HoxmRlsWlL55gxbiYoddoAjxL4bEALTxZr6AOW2ICKiF93Tnk9uaySOAc
bOoZI/JruQyYg9Vbo0ytp9WIDDtoNORxXLRtMBvZc4GBDxLeN3nKVA==
-----END CERTIFICATE-----
Generated at Tue Apr 9 10:07:50 2024 by rpki-client on console.sobornost.net