Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/I98QbBDApiROp6SudVKfDdwWDV8.roa
File: I98QbBDApiROp6SudVKfDdwWDV8.roa (raw, json)
Hash identifier: ikXKTBi89ZbTicBsuABQrBjfcAVF4soyPUkreHRUGTs=
Subject key identifier: 23:DF:10:6C:10:C0:A6:24:4E:A7:A4:AE:75:52:9F:0D:DC:16:0D:5F
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 0FF2
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/I98QbBDApiROp6SudVKfDdwWDV8.roa
Signing time: Tue 02 Apr 2024 11:52:45 +0000
ROA not before: Tue 02 Apr 2024 11:52:45 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4082 (0xff2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 2 11:52:45 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=23DF106C10C0A6244EA7A4AE75529F0DDC160D5F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:28:4c:00:4f:64:fd:10:e3:a9:cb:e0:7d:3e:
8f:3a:0b:85:fa:24:5a:19:97:9f:d0:d3:9a:d5:e8:
74:b6:a7:bd:82:09:18:b4:00:a8:97:29:a0:82:62:
5a:7e:8e:52:68:2b:75:1c:18:db:6b:44:40:04:e4:
4d:3b:78:92:43:d7:ba:bd:ad:62:6c:b5:83:a9:af:
01:4f:50:e3:8f:8d:7e:85:86:80:68:36:39:33:7e:
31:61:79:c6:c0:be:fe:ca:44:6a:85:4c:5e:89:4a:
fb:9f:55:38:5c:58:6d:b5:1c:d8:7c:68:ad:f5:63:
43:c1:36:a4:49:5b:f3:bb:ee:b7:db:9f:68:91:e5:
cb:f4:e1:c3:e3:96:e9:b6:ed:0b:88:78:b5:2d:7d:
88:ac:a7:30:de:89:86:5c:9d:df:b1:a4:fe:98:90:
b6:27:2a:e6:be:50:5a:07:66:d8:de:00:54:07:f1:
12:40:43:94:ec:2e:79:a3:57:84:4e:45:d5:bf:c2:
15:a7:3e:bf:e8:03:7c:41:13:81:97:97:97:6a:69:
15:39:f6:44:5e:2f:96:97:e0:9c:0f:40:22:81:89:
84:99:e7:ce:e2:a7:22:ac:f3:3e:30:ab:8a:5b:47:
61:82:2a:be:5b:c9:3c:ad:b6:65:65:44:55:2e:22:
cb:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:DF:10:6C:10:C0:A6:24:4E:A7:A4:AE:75:52:9F:0D:DC:16:0D:5F
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/I98QbBDApiROp6SudVKfDdwWDV8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
32:f0:59:36:72:70:45:9d:60:bb:d5:5b:9d:6d:72:d1:07:45:
e2:42:29:6f:fc:de:e4:44:39:f7:5b:6b:ed:81:2a:70:66:7c:
b1:18:3c:74:aa:fd:8b:23:aa:d1:bc:36:49:af:bd:c2:e4:3f:
10:5e:fc:ed:58:e5:3b:1a:e6:d9:39:34:dd:85:18:82:44:0e:
35:e8:51:bc:2b:7a:4b:43:d8:67:8e:6a:37:e9:30:ef:8f:7b:
a3:e3:d0:f8:fc:fa:84:a6:f5:e4:8a:4d:5e:76:4c:5b:be:0d:
52:b0:98:d8:66:84:7e:41:59:5c:be:70:e9:0d:af:3b:3f:af:
cf:e3:fa:29:41:e8:70:ab:52:1f:5a:90:b6:d6:ad:6f:88:c0:
58:97:d2:bf:61:c4:85:91:01:39:c1:32:0a:84:97:26:3f:d7:
b4:86:01:d0:9c:b3:61:ef:87:68:14:19:bf:c5:2f:de:d6:ec:
07:37:17:08:9f:87:fe:b9:bc:3c:31:2c:cd:b1:6c:c9:fa:86:
89:e2:f8:4f:b9:ef:1d:65:b5:99:67:da:01:6a:64:1c:37:00:
62:1d:ed:10:98:90:0a:42:6d:da:1c:3c:96:a9:ad:d8:aa:e0:
1b:8c:16:d5:fc:ce:13:b1:29:f3:96:c1:c2:aa:ee:cb:3c:f0:
35:7d:47:dc
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICD/IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MDIx
MTUyNDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDIzREYxMDZDMTBDMEE2
MjQ0RUE3QTRBRTc1NTI5RjBEREMxNjBENUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDvKEwAT2T9EOOpy+B9Po86C4X6JFoZl5/Q05rV6HS2p72CCRi0
AKiXKaCCYlp+jlJoK3UcGNtrREAE5E07eJJD17q9rWJstYOprwFPUOOPjX6FhoBo
NjkzfjFhecbAvv7KRGqFTF6JSvufVThcWG21HNh8aK31Y0PBNqRJW/O77rfbn2iR
5cv04cPjlum27QuIeLUtfYispzDeiYZcnd+xpP6YkLYnKua+UFoHZtjeAFQH8RJA
Q5TsLnmjV4RORdW/whWnPr/oA3xBE4GXl5dqaRU59kReL5aX4JwPQCKBiYSZ587i
pyKs8z4wq4pbR2GCKr5byTyttmVlRFUuIssRAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUI98QbBDApiROp6SudVKfDdwWDV8wHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL0k5OFFiQkRBcGlST3A2
U3VkVktmRGR3V0RWOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEAMvBZNnJwRZ1gu9VbnW1y0QdF4kIpb/ze
5EQ591tr7YEqcGZ8sRg8dKr9iyOq0bw2Sa+9wuQ/EF787VjlOxrm2Tk03YUYgkQO
NehRvCt6S0PYZ45qN+kw7497o+PQ+Pz6hKb15IpNXnZMW74NUrCY2GaEfkFZXL5w
6Q2vOz+vz+P6KUHocKtSH1qQttatb4jAWJfSv2HEhZEBOcEyCoSXJj/XtIYB0Jyz
Ye+HaBQZv8Uv3tbsBzcXCJ+H/rm8PDEszbFsyfqGieL4T7nvHWW1mWfaAWpkHDcA
Yh3tEJiQCkJt2hw8lqmt2KrgG4wW1fzOE7Ep85bBwqruyzzwNX1H3A==
-----END CERTIFICATE-----
Generated at Tue Apr 2 17:38:53 2024 by rpki-client on console-ams.rpki-client.org