Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/3IcaQTFFrk6x9p0Kq0rcSHgk5NI.roa
File: 3IcaQTFFrk6x9p0Kq0rcSHgk5NI.roa (raw, json)
Hash identifier: On7U0QD7w01zqViuws9BqoU2zFoZPEW/arKcDv2RQNA=
Subject key identifier: DC:87:1A:41:31:45:AE:4E:B1:F6:9D:0A:AB:4A:DC:48:78:24:E4:D2
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 147A
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/3IcaQTFFrk6x9p0Kq0rcSHgk5NI.roa
Signing time: Sun 14 Apr 2024 13:53:18 +0000
ROA not before: Sun 14 Apr 2024 13:53:18 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5242 (0x147a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 14 13:53:18 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=DC871A413145AE4EB1F69D0AAB4ADC487824E4D2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:4c:7d:c4:7c:b0:c6:6e:71:8b:9b:7f:f1:26:
20:5e:c9:cd:65:cb:9f:5a:ad:77:f8:a8:f4:9d:4e:
61:0c:d9:0f:5c:a7:2c:7b:d3:b8:2a:08:41:85:e8:
64:89:d2:c2:84:46:c7:7c:89:cc:68:b8:37:b1:7a:
ef:36:82:73:55:21:78:73:32:58:be:b8:6c:a6:f1:
4a:b0:b4:ed:9a:10:b3:b1:79:4d:00:e1:7e:ff:13:
bf:8a:11:37:e2:13:aa:f8:de:39:c6:70:c0:3f:c8:
93:16:8b:24:c7:c0:49:12:3f:4f:b7:93:4b:9c:77:
6c:17:49:2e:b7:f5:4a:b8:2f:02:95:21:ae:bd:c9:
a0:20:07:2f:cc:ec:4d:a0:c0:8e:f4:0c:c2:bd:d4:
11:de:47:77:4d:8e:d0:4b:5f:7a:b8:d4:d1:1a:53:
b4:ad:c2:37:00:03:4f:c3:06:73:40:52:b1:0d:35:
49:00:fa:82:84:fd:ef:5e:62:48:46:2b:e3:bb:37:
72:0a:01:cc:90:b7:29:d1:88:37:d2:4d:02:0c:c6:
12:fb:79:79:ba:63:6a:a5:10:3a:63:6f:c8:e3:d4:
07:f9:08:20:db:c7:bd:41:23:9a:40:8d:53:f2:7d:
28:eb:ef:e7:7a:7a:89:ff:e5:0e:4e:cc:05:86:ef:
5c:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:87:1A:41:31:45:AE:4E:B1:F6:9D:0A:AB:4A:DC:48:78:24:E4:D2
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/3IcaQTFFrk6x9p0Kq0rcSHgk5NI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
49:cf:b4:26:62:d5:04:13:de:8b:0e:99:31:58:6f:ef:e1:46:
24:07:d9:b1:cf:e4:44:57:8f:db:f5:41:71:06:57:64:3f:40:
dd:3e:56:aa:ec:1c:3e:87:f5:00:ee:02:bc:53:26:98:68:dd:
58:f7:1d:6e:94:16:cd:05:6c:1b:7c:f3:4e:33:36:58:0d:f6:
df:ee:f9:3f:ff:04:bb:4d:f8:d1:63:76:cf:ab:18:e8:5b:ca:
59:50:95:8e:71:35:46:d6:47:3f:15:78:1c:a6:ab:26:0e:be:
e9:44:47:e8:71:df:a0:69:2f:70:76:49:2b:fe:0f:4c:42:c3:
aa:46:2a:07:39:56:b8:00:3d:97:a7:ec:22:f5:4c:ce:f4:18:
74:75:c0:f9:fc:86:c8:7a:75:c9:aa:37:29:f7:e2:7e:1f:49:
5d:02:58:4c:27:47:7a:ae:09:e8:39:7d:2f:48:a9:dd:0c:3b:
7f:65:07:d9:82:4a:72:b4:66:27:5b:db:37:0f:00:09:38:95:
41:52:a4:8f:27:1e:6b:88:1e:01:f3:39:e8:3a:ae:7b:54:d7:
a9:29:55:47:a3:5b:99:dc:85:ce:3a:f0:e0:e5:d8:f2:f7:b8:
73:be:86:6a:32:ff:00:34:97:ff:80:3b:85:c9:b7:73:20:b3:
56:b4:4c:8e
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICFHowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MTQx
MzUzMThaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKERDODcxQTQxMzE0NUFF
NEVCMUY2OUQwQUFCNEFEQzQ4NzgyNEU0RDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDwTH3EfLDGbnGLm3/xJiBeyc1ly59arXf4qPSdTmEM2Q9cpyx7
07gqCEGF6GSJ0sKERsd8icxouDexeu82gnNVIXhzMli+uGym8UqwtO2aELOxeU0A
4X7/E7+KETfiE6r43jnGcMA/yJMWiyTHwEkSP0+3k0ucd2wXSS639Uq4LwKVIa69
yaAgBy/M7E2gwI70DMK91BHeR3dNjtBLX3q41NEaU7StwjcAA0/DBnNAUrENNUkA
+oKE/e9eYkhGK+O7N3IKAcyQtynRiDfSTQIMxhL7eXm6Y2qlEDpjb8jj1Af5CCDb
x71BI5pAjVPyfSjr7+d6eon/5Q5OzAWG71xzAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU3IcaQTFFrk6x9p0Kq0rcSHgk5NIwHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzLzNJY2FRVEZGcms2eDlw
MEtxMHJjU0hnazVOSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEASc+0JmLVBBPeiw6ZMVhv7+FGJAfZsc/k
RFeP2/VBcQZXZD9A3T5WquwcPof1AO4CvFMmmGjdWPcdbpQWzQVsG3zzTjM2WA32
3+75P/8Eu0340WN2z6sY6FvKWVCVjnE1RtZHPxV4HKarJg6+6URH6HHfoGkvcHZJ
K/4PTELDqkYqBzlWuAA9l6fsIvVMzvQYdHXA+fyGyHp1yao3Kffifh9JXQJYTCdH
eq4J6Dl9L0ip3Qw7f2UH2YJKcrRmJ1vbNw8ACTiVQVKkjycea4geAfM56Dque1TX
qSlVR6NbmdyFzjrw4OXY8ve4c76GajL/ADSX/4A7hcm3cyCzVrRMjg==
-----END CERTIFICATE-----
Generated at Sun Apr 14 15:41:22 2024 by rpki-client on console-ams.rpki-client.org