Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/-N1wRN3UqmWmMTiWjeerOoAFots.roa
File: -N1wRN3UqmWmMTiWjeerOoAFots.roa (raw, json)
Hash identifier: KFng6MndgIvduEtwiPamcKhvGGivbe0UXq2qt7r5+2k=
Subject key identifier: F8:DD:70:44:DD:D4:AA:65:A6:31:38:96:8D:E7:AB:3A:80:05:A2:DB
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 14AE
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/-N1wRN3UqmWmMTiWjeerOoAFots.roa
Signing time: Mon 15 Apr 2024 02:53:17 +0000
ROA not before: Mon 15 Apr 2024 02:53:17 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5294 (0x14ae)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 15 02:53:17 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=F8DD7044DDD4AA65A63138968DE7AB3A8005A2DB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:25:c4:17:4b:08:f1:55:17:c7:8a:3c:eb:fd:
73:91:25:5a:be:15:c7:b6:ee:3c:52:b3:ab:fd:f3:
bc:f2:81:c4:f7:71:64:1e:1d:b4:f4:bd:fb:a0:83:
22:76:2d:d3:28:47:6b:92:3a:b0:7b:a5:1e:97:21:
4b:10:4b:2b:53:40:a9:ea:46:04:86:6b:0c:32:18:
8e:1b:89:8c:a7:50:2a:a7:28:d9:a8:55:75:97:2e:
83:93:67:55:66:82:9e:a2:3e:33:0f:cb:a3:0e:25:
30:16:a3:fa:11:36:05:f2:53:86:01:35:81:ae:82:
21:14:e3:4e:f5:6b:ce:58:87:52:ab:81:a7:4c:5c:
59:0f:be:76:f9:e2:29:f1:4d:3a:0d:d5:22:33:1c:
b7:5f:61:b4:b5:88:9d:1d:a8:82:c2:38:22:fb:3f:
c5:fb:5a:06:cf:c7:1b:12:ec:ea:b6:17:dd:4e:ce:
a9:80:85:54:63:70:59:39:f1:bb:a4:49:37:6b:52:
0d:a2:e4:57:a9:48:70:16:55:7b:27:9f:22:b0:39:
27:8f:f6:15:33:c9:f9:15:6c:3e:a6:3c:4c:f4:6e:
bf:b5:cb:a7:45:78:fd:71:b5:54:cc:e8:6b:9b:dd:
2c:3d:e9:01:a8:4d:aa:6c:04:9b:84:37:66:cc:3a:
27:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:DD:70:44:DD:D4:AA:65:A6:31:38:96:8D:E7:AB:3A:80:05:A2:DB
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/-N1wRN3UqmWmMTiWjeerOoAFots.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
04:a3:9b:3b:5e:59:08:db:d9:be:a4:8f:fa:4e:3b:cb:58:92:
3a:4c:1c:99:11:39:55:55:1a:42:4c:52:95:37:e8:9d:89:54:
c0:60:ac:ec:cc:29:58:80:11:15:e7:b4:16:b4:53:7c:42:3b:
d5:66:5f:1c:50:9c:84:c3:1f:8a:8a:5a:6c:9f:4a:ea:22:bd:
99:f1:66:d3:63:f6:ce:fe:3e:d4:95:ae:87:7d:26:4b:7c:a2:
0f:62:d8:33:e4:8d:da:4b:35:44:dd:fa:53:d6:9c:ca:b2:90:
ba:4c:50:19:4e:ec:36:b7:e7:ff:bc:5f:0a:3f:77:c5:12:c6:
16:89:98:52:19:df:d9:39:66:70:c5:f0:28:4c:d8:34:6d:b6:
ed:5c:f1:7f:ca:38:c7:4b:ff:f7:6a:4a:08:54:2c:ef:7d:08:
98:b9:0b:a4:56:0e:ed:53:91:e4:d4:2f:f5:7a:5f:9d:84:51:
85:eb:81:22:5a:7e:c0:4e:13:7d:eb:36:9d:51:98:d6:45:e5:
31:4a:e6:70:72:94:cf:b2:c3:93:e9:e6:19:73:49:9e:5a:a2:
9f:8a:0d:17:14:93:1f:22:5c:f6:cb:7e:10:6b:af:c2:ba:14:
c9:34:39:f7:a9:db:c0:ce:7c:ec:d6:e7:43:e2:8b:db:06:1a:
10:25:d5:56
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICFK4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MTUw
MjUzMTdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEY4REQ3MDQ0RERENEFB
NjVBNjMxMzg5NjhERTdBQjNBODAwNUEyREIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFJcQXSwjxVRfHijzr/XORJVq+Fce27jxSs6v987zygcT3cWQe
HbT0vfuggyJ2LdMoR2uSOrB7pR6XIUsQSytTQKnqRgSGawwyGI4biYynUCqnKNmo
VXWXLoOTZ1Vmgp6iPjMPy6MOJTAWo/oRNgXyU4YBNYGugiEU4071a85Yh1KrgadM
XFkPvnb54inxTToN1SIzHLdfYbS1iJ0dqILCOCL7P8X7WgbPxxsS7Oq2F91OzqmA
hVRjcFk58bukSTdrUg2i5FepSHAWVXsnnyKwOSeP9hUzyfkVbD6mPEz0br+1y6dF
eP1xtVTM6Gub3Sw96QGoTapsBJuEN2bMOidlAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU+N1wRN3UqmWmMTiWjeerOoAFotswHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzLy1OMXdSTjNVcW1XbU1U
aVdqZWVyT29BRm90cy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEABKObO15ZCNvZvqSP+k47y1iSOkwcmRE5
VVUaQkxSlTfonYlUwGCs7MwpWIARFee0FrRTfEI71WZfHFCchMMfiopabJ9K6iK9
mfFm02P2zv4+1JWuh30mS3yiD2LYM+SN2ks1RN36U9acyrKQukxQGU7sNrfn/7xf
Cj93xRLGFomYUhnf2TlmcMXwKEzYNG227Vzxf8o4x0v/92pKCFQs730ImLkLpFYO
7VOR5NQv9XpfnYRRheuBIlp+wE4Tfes2nVGY1kXlMUrmcHKUz7LDk+nmGXNJnlqi
n4oNFxSTHyJc9st+EGuvwroUyTQ596nbwM587NbnQ+KL2wYaECXVVg==
-----END CERTIFICATE-----
Generated at Mon Apr 15 04:24:48 2024 by rpki-client on console-fra.rpki-client.org