Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/BRELLKYCgiZoBwYY2E8sJqQ4QdQ.roa
File: BRELLKYCgiZoBwYY2E8sJqQ4QdQ.roa (raw, json)
Hash identifier: GYWdMSynmt580K5Dfo9OB9NogeHTao0UzoAgtcWfScE=
Subject key identifier: 05:11:0B:2C:A6:02:82:26:68:07:06:18:D8:4F:2C:26:A4:38:41:D4
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 11AA
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/BRELLKYCgiZoBwYY2E8sJqQ4QdQ.roa
Signing time: Sun 07 Apr 2024 01:52:53 +0000
ROA not before: Sun 07 Apr 2024 01:52:53 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4522 (0x11aa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 7 01:52:53 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=05110B2CA602822668070618D84F2C26A43841D4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:bd:57:40:12:c1:e9:06:2a:87:3a:b6:85:30:
cd:64:24:e9:be:8a:b7:6e:04:a7:28:44:06:fd:39:
a4:4f:b2:1c:ee:a8:2c:67:24:f5:77:a4:1c:89:9d:
12:ff:f8:09:b1:b2:55:df:17:f8:de:bc:59:22:41:
96:b7:84:8a:4c:c2:53:78:5a:62:5b:19:74:d5:e1:
76:d2:96:fb:21:96:34:db:c8:c6:71:e9:ca:8c:e0:
63:96:54:8e:75:ef:ae:bd:bd:ec:79:7a:b5:71:e1:
f7:41:d0:fb:1f:c8:e3:53:99:0d:8d:a3:19:26:0c:
89:8c:90:01:f8:3d:f1:d8:09:18:cf:12:8e:7c:db:
fc:ed:a5:18:43:4d:38:6d:64:41:25:56:e9:da:e4:
3d:6e:43:29:5e:fc:de:69:a6:27:11:03:34:26:cf:
1f:61:2c:b4:b8:51:99:e0:6d:52:5c:24:ca:ba:4c:
d8:bd:df:3c:a9:15:7c:23:3d:80:a6:78:be:1b:9a:
1c:a2:12:bb:cb:88:02:5d:15:eb:37:3b:ff:1e:55:
f5:bc:9f:bc:8f:2e:06:79:dd:9e:90:de:de:c4:e4:
2e:12:a9:15:41:36:13:89:f8:94:aa:77:2d:7f:60:
74:f8:fb:95:bc:0c:ed:40:fd:bf:01:7a:5a:02:d7:
2b:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:11:0B:2C:A6:02:82:26:68:07:06:18:D8:4F:2C:26:A4:38:41:D4
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/BRELLKYCgiZoBwYY2E8sJqQ4QdQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
6a:2f:5d:80:9e:d2:fb:84:3c:25:fc:89:98:4a:db:af:66:dc:
53:58:22:2c:64:3f:33:02:fa:92:60:72:10:35:03:f7:a2:1b:
b1:f6:e4:0b:77:36:ea:06:7d:ec:9f:fa:8d:04:cb:31:8a:e7:
e6:61:e3:81:1d:c6:c0:3b:b9:d9:f8:dc:29:2a:8a:87:37:b4:
55:bb:b4:95:9f:2e:07:d3:09:aa:cd:b1:f7:5b:85:9e:6e:30:
9c:23:67:5a:8e:c2:9b:b9:dd:cb:f6:0a:35:2f:b9:da:62:03:
3a:a0:9a:8d:16:71:60:4e:8a:4d:49:9b:52:97:c7:2a:23:2d:
c6:89:8c:35:a0:48:a6:b7:7d:10:b9:af:51:f4:74:3a:03:d0:
4d:cf:46:f4:fe:54:70:ca:fe:54:04:f8:02:48:cc:8f:f1:73:
d6:3f:4c:eb:8c:c1:4a:89:49:1b:72:90:7c:1c:30:7f:d0:71:
b1:58:ad:72:17:9f:77:32:ab:b0:f6:44:76:98:87:2e:9b:78:
cd:2a:ef:7f:7f:e0:b7:59:5c:32:e0:16:0a:85:b1:c5:61:e8:
eb:99:6c:15:aa:b4:b7:56:db:ac:9b:70:45:59:b0:70:c6:35:
44:fc:18:3a:3f:ce:8f:dc:d2:72:0a:5f:e8:54:94:32:d0:ae:
a6:a4:e5:fa
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICEaowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MDcw
MTUyNTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDA1MTEwQjJDQTYwMjgy
MjY2ODA3MDYxOEQ4NEYyQzI2QTQzODQxRDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDPvVdAEsHpBiqHOraFMM1kJOm+irduBKcoRAb9OaRPshzuqCxn
JPV3pByJnRL/+AmxslXfF/jevFkiQZa3hIpMwlN4WmJbGXTV4XbSlvshljTbyMZx
6cqM4GOWVI517669vex5erVx4fdB0PsfyONTmQ2NoxkmDImMkAH4PfHYCRjPEo58
2/ztpRhDTThtZEElVuna5D1uQyle/N5ppicRAzQmzx9hLLS4UZngbVJcJMq6TNi9
3zypFXwjPYCmeL4bmhyiErvLiAJdFes3O/8eVfW8n7yPLgZ53Z6Q3t7E5C4SqRVB
NhOJ+JSqdy1/YHT4+5W8DO1A/b8BeloC1yvNAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUBRELLKYCgiZoBwYY2E8sJqQ4QdQwHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL0JSRUxMS1lDZ2lab0J3
WVkyRThzSnFRNFFkUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEAai9dgJ7S+4Q8JfyJmErbr2bcU1giLGQ/
MwL6kmByEDUD96IbsfbkC3c26gZ97J/6jQTLMYrn5mHjgR3GwDu52fjcKSqKhze0
Vbu0lZ8uB9MJqs2x91uFnm4wnCNnWo7Cm7ndy/YKNS+52mIDOqCajRZxYE6KTUmb
UpfHKiMtxomMNaBIprd9ELmvUfR0OgPQTc9G9P5UcMr+VAT4AkjMj/Fz1j9M64zB
SolJG3KQfBwwf9BxsVitchefdzKrsPZEdpiHLpt4zSrvf3/gt1lcMuAWCoWxxWHo
65lsFaq0t1bbrJtwRVmwcMY1RPwYOj/Oj9zScgpf6FSUMtCupqTl+g==
-----END CERTIFICATE-----
Generated at Sun Apr 7 03:10:47 2024 by rpki-client on console-fra.rpki-client.org