Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/78ZFMw1lbc1KxcKDSIIohhlpVfg.roa
File: 78ZFMw1lbc1KxcKDSIIohhlpVfg.roa (raw, json)
Hash identifier: fxxLEr5Qh68R2mQQ0E0TUzj91V1Wf7ZbF7oeki0XVV4=
Subject key identifier: EF:C6:45:33:0D:65:6D:CD:4A:C5:C2:83:48:82:28:86:19:69:55:F8
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 1314
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78ZFMw1lbc1KxcKDSIIohhlpVfg.roa
Signing time: Wed 10 Apr 2024 20:23:09 +0000
ROA not before: Wed 10 Apr 2024 20:23:09 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4884 (0x1314)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 10 20:23:09 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=EFC645330D656DCD4AC5C28348822886196955F8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:ff:73:19:0c:0d:4b:0d:4d:c8:7c:d8:27:48:
ed:ff:4e:c4:47:36:f3:b3:0e:57:7f:4a:08:97:24:
b9:2c:dd:1d:da:c8:06:b5:f7:aa:33:ac:ce:de:be:
d9:fc:8b:e9:18:3c:a5:12:77:7e:83:97:e7:ea:be:
cf:76:4e:f4:10:ac:6d:70:b3:12:bc:83:6b:dd:78:
af:f5:0e:8a:9e:fc:1d:3c:c2:19:20:fe:bd:63:c9:
6c:2e:d1:d6:db:d7:41:55:3e:36:8d:b4:8e:44:02:
d9:d3:8b:70:00:52:6b:df:4a:56:fb:48:de:fe:06:
2f:18:d1:29:e8:cd:c7:42:04:82:c7:ab:7a:19:6a:
03:3d:3b:b7:1c:0e:25:83:32:5d:89:3b:1a:2f:c2:
8f:45:d3:15:8e:c2:9a:c9:c5:bc:3f:ae:98:59:df:
73:f8:99:fb:31:69:c9:37:3e:ca:5e:6a:86:78:cd:
2b:42:ac:97:5b:e2:ef:68:aa:49:47:22:67:97:6b:
ca:61:b2:cc:6c:04:ce:a1:aa:d8:bc:2e:1e:d0:3f:
a2:d6:fb:b3:8e:e0:c5:1a:3c:15:21:08:d5:eb:43:
62:00:70:91:b9:de:d6:c5:24:0c:ea:d2:05:b0:06:
e7:46:c9:88:9b:70:bf:e2:14:27:d4:12:54:58:26:
48:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:C6:45:33:0D:65:6D:CD:4A:C5:C2:83:48:82:28:86:19:69:55:F8
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78ZFMw1lbc1KxcKDSIIohhlpVfg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
2a:aa:4c:2c:05:0d:24:e8:9e:8d:1d:a4:57:2b:46:6a:61:8a:
e9:cd:4c:76:96:15:ac:b9:12:80:48:1f:65:c7:49:c3:0c:fa:
4d:a8:e3:a1:31:cd:6b:be:08:77:55:be:22:16:04:97:07:82:
a3:2c:38:c2:d8:d6:85:ac:8e:5c:59:e4:a4:4c:df:d6:fe:79:
18:e9:07:c8:aa:f0:9e:ed:91:4d:47:da:cc:d4:8c:72:e0:87:
51:d2:ec:b4:0e:d5:fa:11:90:4f:89:b5:73:0d:cc:71:cd:25:
38:58:77:23:83:17:0e:3f:61:ef:c6:4a:30:63:41:45:07:fc:
62:f4:58:d7:a2:ad:68:b1:b3:7c:84:35:a2:71:1e:8c:59:82:
af:b2:f6:c4:26:5f:65:95:67:f2:82:4a:d6:9d:45:44:11:a5:
30:f1:4b:ea:4b:69:f2:27:0f:a3:e0:25:4e:34:ab:09:ad:93:
29:80:36:15:75:a0:4f:4f:b7:bf:a9:57:5e:e4:53:9d:99:e6:
a7:08:79:18:bb:b1:a7:25:d0:32:57:53:9b:88:ce:6e:d5:98:
50:9c:a1:4d:e0:d8:61:47:24:46:c8:ad:9e:f0:0e:53:47:e5:
61:9c:f6:fe:59:96:58:93:d1:0e:fc:7a:c0:54:bf:f0:e8:5d:
93:7c:5b:33
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICExQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MTAy
MDIzMDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEVGQzY0NTMzMEQ2NTZE
Q0Q0QUM1QzI4MzQ4ODIyODg2MTk2OTU1RjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9/3MZDA1LDU3IfNgnSO3/TsRHNvOzDld/SgiXJLks3R3ayAa1
96ozrM7evtn8i+kYPKUSd36Dl+fqvs92TvQQrG1wsxK8g2vdeK/1Doqe/B08whkg
/r1jyWwu0dbb10FVPjaNtI5EAtnTi3AAUmvfSlb7SN7+Bi8Y0SnozcdCBILHq3oZ
agM9O7ccDiWDMl2JOxovwo9F0xWOwprJxbw/rphZ33P4mfsxack3PspeaoZ4zStC
rJdb4u9oqklHImeXa8phssxsBM6hqti8Lh7QP6LW+7OO4MUaPBUhCNXrQ2IAcJG5
3tbFJAzq0gWwBudGyYibcL/iFCfUElRYJkidAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU78ZFMw1lbc1KxcKDSIIohhlpVfgwHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzLzc4WkZNdzFsYmMxS3hj
S0RTSUlvaGhscFZmZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEAKqpMLAUNJOiejR2kVytGamGK6c1MdpYV
rLkSgEgfZcdJwwz6TajjoTHNa74Id1W+IhYElweCoyw4wtjWhayOXFnkpEzf1v55
GOkHyKrwnu2RTUfazNSMcuCHUdLstA7V+hGQT4m1cw3Mcc0lOFh3I4MXDj9h78ZK
MGNBRQf8YvRY16KtaLGzfIQ1onEejFmCr7L2xCZfZZVn8oJK1p1FRBGlMPFL6ktp
8icPo+AlTjSrCa2TKYA2FXWgT0+3v6lXXuRTnZnmpwh5GLuxpyXQMldTm4jObtWY
UJyhTeDYYUckRsitnvAOU0flYZz2/lmWWJPRDvx6wFS/8Ohdk3xbMw==
-----END CERTIFICATE-----
Generated at Wed Apr 10 21:46:49 2024 by rpki-client on console-ams.rpki-client.org