Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/D-XtiV0xWogGrvu56BfDKRUKyCo.roa
File: D-XtiV0xWogGrvu56BfDKRUKyCo.roa (raw, json)
Hash identifier: zgq38XU6i6Bq+BtFmemeiAPDtUY5k9Sar5Id9654W7s=
Subject key identifier: 0F:E5:ED:89:5D:31:5A:88:06:AE:FB:B9:E8:17:C3:29:15:0A:C8:2A
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 1586
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/D-XtiV0xWogGrvu56BfDKRUKyCo.roa
Signing time: Wed 17 Apr 2024 08:53:23 +0000
ROA not before: Wed 17 Apr 2024 08:53:23 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5510 (0x1586)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 17 08:53:23 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=0FE5ED895D315A8806AEFBB9E817C329150AC82A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:db:ec:40:e7:9d:b3:5d:b6:b3:73:53:40:e7:
6b:6f:e0:22:62:cc:0b:fb:25:d4:02:75:61:b6:7d:
34:67:fd:5d:dc:c1:ff:35:bb:ce:93:ac:e8:25:7e:
28:de:f2:d9:f1:a9:ee:60:58:b9:17:8d:dd:ba:9f:
b5:f5:64:a0:79:4e:b5:a4:b7:34:dd:38:81:ca:93:
f0:1d:3e:69:3e:f8:e5:be:6f:51:f0:df:84:c2:8f:
4e:b7:dd:82:53:05:6f:44:89:05:bf:25:82:ee:5c:
80:68:11:33:64:1b:48:85:3a:93:5a:c4:11:40:1a:
93:75:11:7c:92:35:86:a5:10:96:76:24:37:84:7a:
fc:2d:71:14:fa:89:5e:ef:0d:d0:90:eb:fd:df:5b:
70:08:97:de:ca:16:aa:75:ac:45:3e:d8:0b:89:e6:
77:4a:1e:fc:41:20:c3:13:c9:25:a4:5d:64:d3:24:
98:5c:61:06:74:85:7b:38:b5:18:27:79:16:6c:06:
fd:87:0d:8b:da:03:34:95:d4:d7:76:28:05:80:76:
8b:ca:1c:69:9e:91:9a:83:78:ba:5f:81:81:31:95:
9f:23:af:c0:5d:bd:4f:ea:f0:09:52:55:73:73:13:
f8:ac:28:c7:f1:30:cd:b2:c9:fc:df:d7:68:12:a4:
4d:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:E5:ED:89:5D:31:5A:88:06:AE:FB:B9:E8:17:C3:29:15:0A:C8:2A
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/D-XtiV0xWogGrvu56BfDKRUKyCo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
d2:e3:6d:b5:8f:0a:f4:51:dc:b6:dd:25:5a:f9:86:eb:56:a8:
85:bc:16:e6:56:c7:ef:c1:07:e6:8b:cb:29:44:d2:90:68:bc:
fa:a0:f2:f0:89:12:94:dc:c4:5c:41:01:78:69:b3:05:a3:d3:
10:e6:55:69:0c:05:18:52:96:3b:51:6d:a1:94:d5:06:50:2b:
89:c9:ce:62:92:85:18:87:8f:74:49:67:d3:59:3c:c7:f0:d2:
5f:42:f3:9f:6a:9b:40:74:b1:dd:1f:92:44:e1:37:3a:20:76:
28:f6:c8:45:7c:3b:b1:12:94:8f:04:c8:e1:75:3a:ee:ca:5f:
a0:fe:fd:84:2d:d3:b3:b6:b6:a5:21:16:6f:a6:cf:b7:61:d9:
cd:3d:59:18:0a:ee:af:a9:f2:44:e5:2f:87:bb:6e:76:ea:6d:
5d:97:9c:cd:fd:d7:d0:8e:bc:53:ce:57:80:c0:97:27:86:e3:
47:bd:e4:40:cc:c6:15:e1:89:0d:82:ba:8c:4e:06:8a:ba:22:
2b:da:aa:4d:d3:4e:32:12:41:fc:ef:e4:41:e7:3c:ac:b5:af:
f2:14:fe:68:f2:a3:97:5e:70:23:25:9b:90:43:b3:09:db:14:
92:1a:fc:e1:d2:32:39:9c:d8:53:53:64:71:bf:08:80:f6:4b:
fe:78:58:ff
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICFYYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MTcw
ODUzMjNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDBGRTVFRDg5NUQzMTVB
ODgwNkFFRkJCOUU4MTdDMzI5MTUwQUM4MkEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC52+xA552zXbazc1NA52tv4CJizAv7JdQCdWG2fTRn/V3cwf81
u86TrOglfije8tnxqe5gWLkXjd26n7X1ZKB5TrWktzTdOIHKk/AdPmk++OW+b1Hw
34TCj0633YJTBW9EiQW/JYLuXIBoETNkG0iFOpNaxBFAGpN1EXySNYalEJZ2JDeE
evwtcRT6iV7vDdCQ6/3fW3AIl97KFqp1rEU+2AuJ5ndKHvxBIMMTySWkXWTTJJhc
YQZ0hXs4tRgneRZsBv2HDYvaAzSV1Nd2KAWAdovKHGmekZqDeLpfgYExlZ8jr8Bd
vU/q8AlSVXNzE/isKMfxMM2yyfzf12gSpE1FAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUD+XtiV0xWogGrvu56BfDKRUKyCowHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL0QtWHRpVjB4V29nR3J2
dTU2QmZES1JVS3lDby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEA0uNttY8K9FHctt0lWvmG61aohbwW5lbH
78EH5ovLKUTSkGi8+qDy8IkSlNzEXEEBeGmzBaPTEOZVaQwFGFKWO1FtoZTVBlAr
icnOYpKFGIePdEln01k8x/DSX0Lzn2qbQHSx3R+SROE3OiB2KPbIRXw7sRKUjwTI
4XU67spfoP79hC3Ts7a2pSEWb6bPt2HZzT1ZGArur6nyROUvh7tuduptXZeczf3X
0I68U85XgMCXJ4bjR73kQMzGFeGJDYK6jE4GiroiK9qqTdNOMhJB/O/kQec8rLWv
8hT+aPKjl15wIyWbkEOzCdsUkhr84dIyOZzYU1Nkcb8IgPZL/nhY/w==
-----END CERTIFICATE-----
Generated at Wed Apr 17 12:51:55 2024 by rpki-client on console-fra.rpki-client.org