Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/f90qnX_nnC75Fxzf-62SXQ32jzw.roa
File: f90qnX_nnC75Fxzf-62SXQ32jzw.roa (raw, json)
Hash identifier: BoECubi1f5/MVplLodet4pzUWJOuzXC7LnjGV+MsMXo=
Subject key identifier: 7F:DD:2A:9D:7F:E7:9C:2E:F9:17:1C:DF:FB:AD:92:5D:0D:F6:8F:3C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 346E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/f90qnX_nnC75Fxzf-62SXQ32jzw.roa
Signing time: Fri 29 Mar 2024 11:52:05 +0000
ROA not before: Fri 29 Mar 2024 11:52:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13422 (0x346e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 29 11:52:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=7FDD2A9D7FE79C2EF9171CDFFBAD925D0DF68F3C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:30:15:9c:2b:76:7f:23:a4:c8:21:5c:ea:e9:
1c:00:97:32:0b:04:93:66:ee:3e:00:5d:1b:ac:2e:
28:f7:5f:08:38:6c:9d:e8:38:b7:1c:3a:f9:9b:7e:
09:3e:ea:76:33:dd:6d:0e:00:b6:b6:67:3f:25:c6:
0f:32:d6:fb:55:7e:55:ba:20:6c:86:eb:27:cd:10:
7a:b7:51:1a:df:74:41:1e:a8:aa:e6:17:f4:42:be:
3b:8b:3c:ca:f8:bb:22:27:f8:80:49:d7:53:cf:02:
af:e8:17:c1:9c:77:d6:4e:21:6e:a4:73:6e:36:1a:
7f:80:27:0d:44:43:20:b4:cf:50:f9:15:b5:4c:66:
15:5e:59:27:15:85:27:3f:64:66:74:cf:f8:a6:37:
cb:2f:2a:2b:f1:26:b8:3e:8a:4d:6a:ba:1a:dc:29:
25:95:5b:ed:c3:96:fb:43:2a:ac:44:42:73:38:dd:
b9:20:20:52:64:39:dd:73:9f:e2:99:4f:6a:58:26:
bd:f5:6e:cb:2b:69:cc:ea:54:e9:dc:a3:cc:13:ae:
28:8c:f0:93:e2:82:c3:4a:72:cb:d7:c6:63:8e:2c:
74:b0:55:53:88:9e:cc:d0:f3:c7:02:58:f2:65:32:
c3:c4:26:97:cb:05:c9:31:3f:43:86:69:a2:ae:cc:
3e:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:DD:2A:9D:7F:E7:9C:2E:F9:17:1C:DF:FB:AD:92:5D:0D:F6:8F:3C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/f90qnX_nnC75Fxzf-62SXQ32jzw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
40:ad:a0:ee:a2:e4:6b:f1:82:71:e0:86:3e:f5:9c:5c:a8:d1:
b2:61:52:e9:9e:10:16:f4:22:61:84:e4:c9:c2:28:cc:2f:2e:
9a:84:b9:ce:cb:8c:2f:78:5e:e7:4f:62:98:12:71:ce:07:90:
2d:44:52:bc:ce:ee:82:80:03:10:21:58:c0:6f:37:f4:2e:95:
d5:27:82:54:00:f6:92:b8:2e:cb:64:38:86:fc:5d:ea:96:0d:
15:06:77:16:87:c1:6f:bb:1c:07:8b:89:6c:57:1c:34:4c:c6:
66:0b:2d:49:f9:84:2b:b7:00:06:81:d5:2e:9b:fd:7a:27:2a:
f4:11:2f:a7:b3:2a:30:25:ef:83:31:64:20:71:63:80:61:6b:
ad:11:28:f5:03:d4:e9:69:83:8a:2b:9c:3c:e4:25:65:90:9d:
cd:e4:ab:75:ba:75:c4:68:b1:6c:95:6e:92:a2:bf:be:46:97:
b6:94:f9:60:d6:13:cb:f3:8f:08:af:0d:0e:e4:6e:bb:97:ce:
f6:49:8b:f9:f4:4a:74:2b:42:60:3e:65:2e:f1:3d:96:2b:ad:
3f:d2:9b:21:75:cc:ad:14:00:4a:ef:a2:e1:bf:c7:77:fc:34:
8b:90:c7:d9:c5:e6:e3:e0:a7:93:07:05:ab:c1:5f:18:fb:24:
f7:af:b0:6b
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNG4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjkx
MTUyMDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDdGREQyQTlEN0ZFNzlD
MkVGOTE3MUNERkZCQUQ5MjVEMERGNjhGM0MwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDrMBWcK3Z/I6TIIVzq6RwAlzILBJNm7j4AXRusLij3Xwg4bJ3o
OLccOvmbfgk+6nYz3W0OALa2Zz8lxg8y1vtVflW6IGyG6yfNEHq3URrfdEEeqKrm
F/RCvjuLPMr4uyIn+IBJ11PPAq/oF8Gcd9ZOIW6kc242Gn+AJw1EQyC0z1D5FbVM
ZhVeWScVhSc/ZGZ0z/imN8svKivxJrg+ik1quhrcKSWVW+3DlvtDKqxEQnM43bkg
IFJkOd1zn+KZT2pYJr31bssraczqVOnco8wTriiM8JPigsNKcsvXxmOOLHSwVVOI
nszQ88cCWPJlMsPEJpfLBckxP0OGaaKuzD69AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUf90qnX/nnC75Fxzf+62SXQ32jzwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2Y5MHFuWF9ubkM3NUZ4
emYtNjJTWFEzMmp6dy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAQK2g7qLka/GCceCGPvWcXKjRsmFS6Z4Q
FvQiYYTkycIozC8umoS5zsuML3he509imBJxzgeQLURSvM7ugoADECFYwG839C6V
1SeCVAD2krguy2Q4hvxd6pYNFQZ3FofBb7scB4uJbFccNEzGZgstSfmEK7cABoHV
Lpv9eicq9BEvp7MqMCXvgzFkIHFjgGFrrREo9QPU6WmDiiucPOQlZZCdzeSrdbp1
xGixbJVukqK/vkaXtpT5YNYTy/OPCK8NDuRuu5fO9kmL+fRKdCtCYD5lLvE9liut
P9KbIXXMrRQASu+i4b/Hd/w0i5DH2cXm4+CnkwcFq8FfGPsk96+waw==
-----END CERTIFICATE-----
Generated at Sat Jun 21 12:10:18 2025 by rpki-client