Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/IesDLZakB4EJtsz__SbofBNNc1w.roa
File: IesDLZakB4EJtsz__SbofBNNc1w.roa (raw, json)
Hash identifier: NqjQFu3y1u1Zpl6Jm2zrKDKXJP3KoM0fW0NZrbBJ01U=
Subject key identifier: 21:EB:03:2D:96:A4:07:81:09:B6:CC:FF:FD:26:E8:7C:13:4D:73:5C
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 108C
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/IesDLZakB4EJtsz__SbofBNNc1w.roa
Signing time: Thu 04 Apr 2024 02:22:44 +0000
ROA not before: Thu 04 Apr 2024 02:22:44 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4236 (0x108c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 4 02:22:44 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=21EB032D96A4078109B6CCFFFD26E87C134D735C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:9b:6d:5e:11:6f:bf:4c:78:5b:1b:98:24:6b:
74:9a:d2:36:40:02:03:f7:14:ce:0c:34:9b:e5:7e:
ac:09:88:23:56:a7:9c:31:e8:03:63:01:a9:8f:95:
a6:cf:cd:ce:b1:d2:88:5a:ac:00:72:50:33:d9:0d:
55:31:6c:5e:01:11:6f:4a:08:e1:36:35:38:56:1e:
9d:cc:66:27:ab:0b:02:b3:59:10:e4:08:63:7b:1f:
5d:db:31:60:a3:a0:9b:3a:62:66:5a:1f:ef:05:c5:
86:f0:de:e3:c8:5d:65:a2:20:f6:84:93:aa:e9:37:
29:6d:10:0b:1f:e4:ff:bb:14:38:4b:cd:da:0c:04:
df:9b:21:d9:39:62:65:7a:7e:01:dd:4b:08:2f:ba:
e1:18:ed:54:27:d2:e8:c1:4d:72:d2:dd:bc:16:16:
45:05:4d:8b:18:97:7d:c3:fe:b4:9e:d5:d4:b3:0c:
6b:fe:71:03:25:6c:06:f5:49:1a:8a:fa:0f:94:b9:
b3:fa:ba:2f:e6:47:ae:18:6f:26:c7:b1:87:e8:9f:
74:ce:53:26:13:9d:a8:ea:b7:b4:6a:9f:cd:76:c2:
e5:82:72:4c:f7:60:b9:f2:01:da:75:a0:a1:93:b7:
1c:4c:ec:20:6e:5d:04:8e:0d:0f:a3:fb:43:4c:1b:
b3:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:EB:03:2D:96:A4:07:81:09:B6:CC:FF:FD:26:E8:7C:13:4D:73:5C
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/IesDLZakB4EJtsz__SbofBNNc1w.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
c6:52:34:73:a5:0d:f1:d7:3b:cd:ce:40:e3:9a:6f:4c:1a:7d:
49:a2:ec:af:2a:7c:db:83:45:06:57:ad:84:43:13:88:34:ab:
c9:7e:b1:2d:8e:cc:1e:cf:d1:55:5f:74:00:c8:47:05:a9:70:
cd:c6:0a:97:93:f7:a5:33:42:b0:4e:19:11:cb:90:dc:4b:8a:
8c:f6:ef:16:46:d0:5d:94:6a:0e:af:3f:29:ca:04:9b:3f:9b:
55:1c:8c:d1:35:1b:38:34:6d:ba:4c:e2:70:90:8e:56:fe:9c:
bd:e5:4f:5b:05:63:3b:65:0f:42:9b:b2:79:83:79:be:cd:d1:
9c:26:74:2b:5e:31:70:91:56:ea:df:1b:f8:17:49:83:4c:46:
1f:80:61:27:e5:e3:35:b5:5b:09:dd:b8:20:eb:c6:35:77:7d:
75:31:4b:67:29:2e:ce:a2:b6:d6:08:67:e4:0a:fb:4f:b8:68:
02:f3:d5:a5:09:4b:6a:24:50:15:00:45:6c:f0:ab:98:39:90:
c1:31:4a:17:0d:b7:45:d4:5b:eb:8e:03:42:9e:df:22:55:1d:
52:e7:bd:4e:ee:92:05:08:03:16:c1:79:15:e2:af:0f:20:51:
07:cd:06:3f:42:70:ad:a7:02:44:37:d1:5e:dd:39:dc:32:3b:
48:25:36:5d
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICEIwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MDQw
MjIyNDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDIxRUIwMzJEOTZBNDA3
ODEwOUI2Q0NGRkZEMjZFODdDMTM0RDczNUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9m21eEW+/THhbG5gka3Sa0jZAAgP3FM4MNJvlfqwJiCNWp5wx
6ANjAamPlabPzc6x0oharAByUDPZDVUxbF4BEW9KCOE2NThWHp3MZierCwKzWRDk
CGN7H13bMWCjoJs6YmZaH+8FxYbw3uPIXWWiIPaEk6rpNyltEAsf5P+7FDhLzdoM
BN+bIdk5YmV6fgHdSwgvuuEY7VQn0ujBTXLS3bwWFkUFTYsYl33D/rSe1dSzDGv+
cQMlbAb1SRqK+g+UubP6ui/mR64YbybHsYfon3TOUyYTnajqt7Rqn812wuWCckz3
YLnyAdp1oKGTtxxM7CBuXQSODQ+j+0NMG7PTAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUIesDLZakB4EJtsz//SbofBNNc1wwHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL0llc0RMWmFrQjRFSnRz
el9fU2JvZkJOTmMxdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEAxlI0c6UN8dc7zc5A45pvTBp9SaLsryp8
24NFBlethEMTiDSryX6xLY7MHs/RVV90AMhHBalwzcYKl5P3pTNCsE4ZEcuQ3EuK
jPbvFkbQXZRqDq8/KcoEmz+bVRyM0TUbODRtukzicJCOVv6cveVPWwVjO2UPQpuy
eYN5vs3RnCZ0K14xcJFW6t8b+BdJg0xGH4BhJ+XjNbVbCd24IOvGNXd9dTFLZyku
zqK21ghn5Ar7T7hoAvPVpQlLaiRQFQBFbPCrmDmQwTFKFw23RdRb644DQp7fIlUd
Uue9Tu6SBQgDFsF5FeKvDyBRB80GP0JwracCRDfRXt053DI7SCU2XQ==
-----END CERTIFICATE-----
Generated at Thu Apr 4 03:35:22 2024 by rpki-client on console-ams.rpki-client.org