Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/F_tEOasMWNGtnON3Q4SzkRRks20.roa
File: F_tEOasMWNGtnON3Q4SzkRRks20.roa (raw, json)
Hash identifier: 4oFmy352/1Nr1mOo0lAPGgMf9ufu88vWgarmNMHsqEM=
Subject key identifier: 17:FB:44:39:AB:0C:58:D1:AD:9C:E3:77:43:84:B3:91:14:64:B3:6D
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 114C
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/F_tEOasMWNGtnON3Q4SzkRRks20.roa
Signing time: Sat 06 Apr 2024 02:22:51 +0000
ROA not before: Sat 06 Apr 2024 02:22:51 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4428 (0x114c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 6 02:22:51 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=17FB4439AB0C58D1AD9CE3774384B3911464B36D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:fa:0a:80:1c:1a:39:d3:89:60:dc:a9:ec:82:6e:
80:3f:46:a1:dc:a8:69:6b:31:4c:5d:28:30:6c:71:
a5:76:f0:d9:65:8f:0d:86:45:27:49:71:45:c6:62:
68:5a:6b:43:49:d9:b4:e4:7c:a5:b7:a9:28:1c:5f:
bd:82:55:39:4e:5f:70:4f:32:05:00:8d:57:7e:8f:
b7:d3:8e:2a:86:c3:27:c6:c8:a9:3a:ba:9a:0b:15:
32:bf:11:f4:ad:4f:ae:75:62:79:4b:77:e7:01:a0:
5d:af:bc:33:2b:cc:f8:81:7d:a2:d5:48:77:c3:dd:
3d:c0:84:9c:b1:fe:a8:b8:fb:9c:c5:8d:08:0a:10:
b7:c3:35:c2:3b:7a:eb:b2:a1:99:ae:a1:bb:39:09:
1d:ed:61:2e:f9:4a:be:43:3a:67:a0:6e:51:a7:52:
10:68:79:c0:bf:94:0a:4e:0f:fd:6c:a5:b2:a8:6e:
f9:e7:7a:bb:db:a2:e2:d9:95:38:06:03:9d:fa:bf:
95:ea:3b:f5:2e:8e:d2:fc:1e:55:62:b9:fb:33:00:
0f:ad:a9:23:28:70:f0:3b:3a:0b:71:0b:89:cd:da:
82:55:ca:79:ef:db:ae:0b:a8:16:9d:d2:56:bd:de:
1e:63:0a:93:dc:0d:55:d0:c8:46:80:99:5a:96:be:
f8:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
17:FB:44:39:AB:0C:58:D1:AD:9C:E3:77:43:84:B3:91:14:64:B3:6D
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/F_tEOasMWNGtnON3Q4SzkRRks20.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
db:71:ba:dd:ae:a2:b2:e3:5e:fe:9d:d4:86:3b:cb:d6:ac:5e:
45:c4:32:1f:f5:90:1b:df:27:57:8e:aa:d2:ea:5e:2e:c6:1f:
c8:2a:de:fb:5f:2c:d1:cb:ec:92:05:8e:8d:a9:29:d5:65:c0:
30:ff:e8:30:14:3d:cf:49:45:71:65:68:7a:84:3e:e0:40:a9:
ba:ba:04:95:5d:f9:7a:d8:df:c8:cf:91:4b:ed:e6:1f:8f:56:
17:ba:ec:34:c8:5f:b5:90:d9:c1:c4:16:2d:c3:e4:bb:f3:cc:
9b:f6:7e:90:bc:37:f3:dd:65:77:44:4a:40:f7:c4:d9:18:5f:
25:e3:37:f3:b7:55:ac:c6:df:5c:60:a4:f0:23:d3:e0:0c:39:
2d:45:da:ea:bd:ca:df:2c:b7:57:18:d7:cc:7f:ef:2e:7b:7d:
45:76:96:42:90:94:3f:f2:bb:da:65:7d:c0:27:55:01:47:f1:
ca:c0:30:2f:56:46:86:7a:33:5f:a0:be:1b:d2:8b:70:6f:ca:
cd:28:ff:51:37:28:71:ce:70:ae:37:35:fe:2b:99:37:f1:e8:
43:0d:28:28:7a:d7:12:29:58:31:86:a2:9b:2f:a4:5d:95:cd:
b1:27:8a:7d:ad:62:b7:61:37:71:6c:f5:3d:6d:76:a8:06:77:
83:41:9d:ae
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICEUwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MDYw
MjIyNTFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDE3RkI0NDM5QUIwQzU4
RDFBRDlDRTM3NzQzODRCMzkxMTQ2NEIzNkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD6CoAcGjnTiWDcqeyCboA/RqHcqGlrMUxdKDBscaV28Nlljw2G
RSdJcUXGYmhaa0NJ2bTkfKW3qSgcX72CVTlOX3BPMgUAjVd+j7fTjiqGwyfGyKk6
upoLFTK/EfStT651YnlLd+cBoF2vvDMrzPiBfaLVSHfD3T3AhJyx/qi4+5zFjQgK
ELfDNcI7euuyoZmuobs5CR3tYS75Sr5DOmegblGnUhBoecC/lApOD/1spbKobvnn
ervbouLZlTgGA536v5XqO/UujtL8HlViufszAA+tqSMocPA7OgtxC4nN2oJVynnv
264LqBad0la93h5jCpPcDVXQyEaAmVqWvvhXAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUF/tEOasMWNGtnON3Q4SzkRRks20wHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL0ZfdEVPYXNNV05HdG5P
TjNRNFN6a1JSa3MyMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEA23G63a6isuNe/p3UhjvL1qxeRcQyH/WQ
G98nV46q0upeLsYfyCre+18s0cvskgWOjakp1WXAMP/oMBQ9z0lFcWVoeoQ+4ECp
uroElV35etjfyM+RS+3mH49WF7rsNMhftZDZwcQWLcPku/PMm/Z+kLw3891ld0RK
QPfE2RhfJeM387dVrMbfXGCk8CPT4Aw5LUXa6r3K3yy3VxjXzH/vLnt9RXaWQpCU
P/K72mV9wCdVAUfxysAwL1ZGhnozX6C+G9KLcG/KzSj/UTcocc5wrjc1/iuZN/Ho
Qw0oKHrXEilYMYaimy+kXZXNsSeKfa1it2E3cWz1PW12qAZ3g0Gdrg==
-----END CERTIFICATE-----
Generated at Sat Apr 6 03:55:46 2024 by rpki-client on console-fra.rpki-client.org