Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/3zfJLFNVfMT5UZFL0kRHRECP9p0.roa
File: 3zfJLFNVfMT5UZFL0kRHRECP9p0.roa (raw, json)
Hash identifier: Qa9N2wVIDddUHp+hkB9JI1SrQ07wMOgiCxyx2LHFNMs=
Subject key identifier: DF:37:C9:2C:53:55:7C:C4:F9:51:91:4B:D2:44:47:44:40:8F:F6:9D
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 13C6
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/3zfJLFNVfMT5UZFL0kRHRECP9p0.roa
Signing time: Fri 12 Apr 2024 16:53:14 +0000
ROA not before: Fri 12 Apr 2024 16:53:14 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5062 (0x13c6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 12 16:53:14 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=DF37C92C53557CC4F951914BD2444744408FF69D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:b2:bb:11:28:94:60:89:b5:eb:20:c7:00:63:
d7:f3:05:ea:25:35:77:b4:3c:03:50:02:aa:01:99:
59:83:2a:ba:5b:b4:7e:f8:53:7f:2d:92:08:2d:40:
52:27:d9:04:92:83:5a:3c:6e:0d:ec:8e:a1:e5:e5:
33:36:97:c3:c3:3a:27:cf:1a:fe:fe:1e:3a:0a:b0:
8a:68:db:e0:da:71:9b:c8:85:69:61:db:62:18:0d:
7f:d6:91:fc:ce:c4:9a:8b:11:cd:7a:31:28:47:65:
ba:4a:d6:3c:b2:40:f7:37:ce:2f:43:97:6d:e0:73:
70:6f:41:12:9d:a6:a5:10:c9:03:57:2c:76:52:74:
02:39:1a:24:a9:c0:98:07:45:e0:ad:bd:f4:ad:85:
58:69:17:f0:c4:b1:12:82:e3:4f:c2:ce:6e:35:f5:
04:c5:30:70:79:43:a3:07:dc:13:b4:5e:1e:8c:54:
70:a4:ef:f8:eb:51:83:bc:06:b6:c6:61:72:4b:df:
2a:ee:8b:30:be:a8:16:48:9b:2a:7b:41:9c:70:79:
8d:04:c1:84:85:96:3b:13:d8:a0:e8:12:35:3b:52:
76:ce:3c:5a:c5:6d:17:ea:35:16:5a:3d:bb:e6:be:
03:94:58:b0:b7:1f:8b:7c:a8:20:51:f6:68:2a:67:
46:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:37:C9:2C:53:55:7C:C4:F9:51:91:4B:D2:44:47:44:40:8F:F6:9D
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/3zfJLFNVfMT5UZFL0kRHRECP9p0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
79:c2:d7:a0:f8:cb:04:c1:db:04:6b:c3:88:3e:4e:1f:d1:34:
54:35:aa:b0:88:7b:4c:a0:1a:9f:1d:1e:55:fc:79:48:9a:85:
22:20:7f:ab:92:d9:0e:c7:e1:92:d7:46:ac:81:a9:0b:ec:88:
0b:db:9e:56:bf:42:79:25:7b:90:09:72:1f:c7:8f:82:c4:f7:
65:7f:be:82:fc:eb:9b:85:d7:d4:ca:cd:bd:60:44:19:59:7e:
9c:e1:da:c1:41:a2:5e:17:0c:81:ca:29:f4:f7:86:ed:3e:8c:
a2:dd:4f:a8:ad:39:dc:5a:62:b4:cb:e2:3d:33:b0:2e:d8:0c:
c2:a1:09:1a:23:55:df:06:e0:94:de:1e:cf:f7:79:5f:24:5a:
20:aa:0f:61:99:85:af:bc:b2:a5:22:60:90:10:6a:2e:6e:b5:
08:94:fa:e6:aa:3b:27:e5:70:80:13:e2:80:3e:e9:fa:fc:ed:
66:0c:ad:7b:5d:13:5e:3d:8b:01:6d:33:18:96:1a:e8:37:62:
70:3f:08:bf:42:1d:fe:dc:78:26:e1:7c:31:62:78:e3:b3:c0:
b1:6b:d7:2e:e6:11:a3:48:1e:f7:19:43:dc:a0:6e:86:da:72:
d1:ef:e5:1a:db:d8:74:00:3d:de:67:5d:82:e1:fe:b5:9b:4a:
0b:7e:ab:f1
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICE8YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MTIx
NjUzMTRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKERGMzdDOTJDNTM1NTdD
QzRGOTUxOTE0QkQyNDQ0NzQ0NDA4RkY2OUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDgsrsRKJRgibXrIMcAY9fzBeolNXe0PANQAqoBmVmDKrpbtH74
U38tkggtQFIn2QSSg1o8bg3sjqHl5TM2l8PDOifPGv7+HjoKsIpo2+DacZvIhWlh
22IYDX/WkfzOxJqLEc16MShHZbpK1jyyQPc3zi9Dl23gc3BvQRKdpqUQyQNXLHZS
dAI5GiSpwJgHReCtvfSthVhpF/DEsRKC40/Czm419QTFMHB5Q6MH3BO0Xh6MVHCk
7/jrUYO8BrbGYXJL3yruizC+qBZImyp7QZxweY0EwYSFljsT2KDoEjU7UnbOPFrF
bRfqNRZaPbvmvgOUWLC3H4t8qCBR9mgqZ0bBAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU3zfJLFNVfMT5UZFL0kRHRECP9p0wHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzLzN6ZkpMRk5WZk1UNVVa
Rkwwa1JIUkVDUDlwMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEAecLXoPjLBMHbBGvDiD5OH9E0VDWqsIh7
TKAanx0eVfx5SJqFIiB/q5LZDsfhktdGrIGpC+yIC9ueVr9CeSV7kAlyH8ePgsT3
ZX++gvzrm4XX1MrNvWBEGVl+nOHawUGiXhcMgcop9PeG7T6Mot1PqK053FpitMvi
PTOwLtgMwqEJGiNV3wbglN4ez/d5XyRaIKoPYZmFr7yypSJgkBBqLm61CJT65qo7
J+VwgBPigD7p+vztZgyte10TXj2LAW0zGJYa6DdicD8Iv0Id/tx4JuF8MWJ447PA
sWvXLuYRo0ge9xlD3KBuhtpy0e/lGtvYdAA93mddguH+tZtKC36r8Q==
-----END CERTIFICATE-----
Generated at Fri Apr 12 19:21:39 2024 by rpki-client on console-fra.rpki-client.org