Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/I27ES-nJYIud35aA0kewacbWqsM.roa
File: I27ES-nJYIud35aA0kewacbWqsM.roa (raw, json)
Hash identifier: Mt+gCYl9DHf/wuBdLyyw6+IdtpSSXlhcl7pqeAUFyRs=
Subject key identifier: 23:6E:C4:4B:E9:C9:60:8B:9D:DF:96:80:D2:47:B0:69:C6:D6:AA:C3
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 1BD6
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/I27ES-nJYIud35aA0kewacbWqsM.roa
Signing time: Sat 04 May 2024 04:54:26 +0000
ROA not before: Sat 04 May 2024 04:54:26 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7126 (0x1bd6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: May 4 04:54:26 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=236EC44BE9C9608B9DDF9680D247B069C6D6AAC3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:1b:24:a8:4a:52:d8:de:08:ca:9f:ca:0e:65:
a4:03:03:2b:e4:d2:df:c2:a3:5e:16:85:db:0c:33:
0b:f3:26:54:b0:b5:92:ad:5e:c5:81:58:25:bc:0d:
09:fc:03:16:d3:c3:40:6e:d1:e5:e8:43:29:00:fd:
33:6b:ec:ae:0e:f7:af:04:70:70:5c:af:e0:84:59:
62:1c:72:f1:ab:cb:40:df:68:54:3f:f1:98:67:5d:
d2:df:46:19:7a:f2:01:f3:b5:de:78:91:2c:f7:f8:
a5:c2:dd:cd:b5:cc:e7:98:14:7c:cd:eb:54:9f:ab:
c2:e7:53:90:8f:b6:03:13:cf:05:bc:cd:0c:e1:06:
b0:03:b2:10:e3:f1:c7:cd:18:1a:80:3b:80:27:c3:
9e:b3:56:80:9b:22:cb:13:53:60:27:49:a7:1d:29:
d9:3a:04:9f:2a:24:ff:c1:b5:b7:df:87:5e:49:db:
a5:98:05:2d:dd:5c:ec:66:6c:6f:3f:ed:82:54:b7:
5c:4b:6a:ac:96:ee:61:6f:57:c1:53:d5:82:08:60:
e8:23:b3:7a:46:bd:0c:45:46:f6:76:8c:4a:7e:be:
41:e5:70:84:cb:77:4a:18:12:94:1c:fd:4f:6f:56:
55:45:3d:e8:2a:4b:79:cf:01:bd:ae:b5:be:a7:ed:
c2:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:6E:C4:4B:E9:C9:60:8B:9D:DF:96:80:D2:47:B0:69:C6:D6:AA:C3
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/I27ES-nJYIud35aA0kewacbWqsM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
30:8b:30:59:5e:6b:0f:e6:8a:59:f6:58:4b:bc:e0:ed:03:3b:
8d:23:cd:36:26:ae:85:f4:19:37:e5:3e:3c:b4:07:bb:e2:23:
4e:91:8b:e9:7f:14:46:b7:bd:69:50:c0:f6:f3:14:69:38:00:
74:18:07:46:f8:a8:c7:45:c1:8a:38:a6:82:d4:c0:6a:1d:2e:
5d:7b:32:a7:55:fb:69:73:26:6a:17:12:70:61:de:4b:b3:82:
86:b9:b7:63:5f:49:20:0d:68:41:54:dc:cb:44:49:23:24:aa:
96:4f:da:6e:68:24:7b:24:5d:b8:63:70:d2:81:59:5b:ee:aa:
cc:db:27:f0:6f:4f:93:55:ab:73:f7:f5:80:f4:63:5d:ba:28:
2c:c8:fc:b5:e3:b1:98:4e:40:26:37:d7:02:93:0b:29:2d:2d:
64:46:40:48:72:a5:40:5f:4d:9d:31:12:bf:1b:d1:d7:98:1b:
02:b0:a6:60:47:2f:87:01:89:13:69:08:3e:37:80:c0:8c:03:
bb:4c:0b:3c:32:9f:97:c3:97:8d:05:a7:ac:c0:02:b8:42:3c:
b6:93:7f:59:21:e7:3b:22:d4:63:34:de:6b:93:2f:5a:4b:ca:
54:8c:e7:94:ad:08:50:75:c5:1f:b4:c0:7a:2e:ce:2d:09:e0:
c2:ce:73:ba
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICG9YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA1MDQw
NDU0MjZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDIzNkVDNDRCRTlDOTYw
OEI5RERGOTY4MEQyNDdCMDY5QzZENkFBQzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDAGySoSlLY3gjKn8oOZaQDAyvk0t/Co14WhdsMMwvzJlSwtZKt
XsWBWCW8DQn8AxbTw0Bu0eXoQykA/TNr7K4O968EcHBcr+CEWWIccvGry0DfaFQ/
8ZhnXdLfRhl68gHztd54kSz3+KXC3c21zOeYFHzN61Sfq8LnU5CPtgMTzwW8zQzh
BrADshDj8cfNGBqAO4Anw56zVoCbIssTU2AnSacdKdk6BJ8qJP/Btbffh15J26WY
BS3dXOxmbG8/7YJUt1xLaqyW7mFvV8FT1YIIYOgjs3pGvQxFRvZ2jEp+vkHlcITL
d0oYEpQc/U9vVlVFPegqS3nPAb2utb6n7cLBAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUI27ES+nJYIud35aA0kewacbWqsMwHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL0kyN0VTLW5KWUl1ZDM1
YUEwa2V3YWNiV3FzTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEAMIswWV5rD+aKWfZYS7zg7QM7jSPNNiau
hfQZN+U+PLQHu+IjTpGL6X8URre9aVDA9vMUaTgAdBgHRviox0XBijimgtTAah0u
XXsyp1X7aXMmahcScGHeS7OChrm3Y19JIA1oQVTcy0RJIySqlk/abmgkeyRduGNw
0oFZW+6qzNsn8G9Pk1Wrc/f1gPRjXbooLMj8teOxmE5AJjfXApMLKS0tZEZASHKl
QF9NnTESvxvR15gbArCmYEcvhwGJE2kIPjeAwIwDu0wLPDKfl8OXjQWnrMACuEI8
tpN/WSHnOyLUYzTea5MvWkvKVIznlK0IUHXFH7TAei7OLQngws5zug==
-----END CERTIFICATE-----
Generated at Sat May 4 06:18:47 2024 by rpki-client on console-fra.rpki-client.org