Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/KzfgMMzC32UpAvu2mfSG5Sxo7BQ.roa
File: KzfgMMzC32UpAvu2mfSG5Sxo7BQ.roa (raw, json)
Hash identifier: 1eWQdCnq+HN8noAzAj+QZmiH6nAFclBFdtb8GoI9lag=
Subject key identifier: 2B:37:E0:30:CC:C2:DF:65:29:02:FB:B6:99:F4:86:E5:2C:68:EC:14
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 140C
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/KzfgMMzC32UpAvu2mfSG5Sxo7BQ.roa
Signing time: Sat 13 Apr 2024 10:23:20 +0000
ROA not before: Sat 13 Apr 2024 10:23:20 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5132 (0x140c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 13 10:23:20 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=2B37E030CCC2DF652902FBB699F486E52C68EC14
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:8f:e9:c1:36:a3:9f:bc:1a:59:58:35:67:2a:
5b:0a:45:26:b2:68:3c:96:77:81:aa:77:a8:de:4c:
83:0e:ae:25:d2:b5:83:8d:23:53:ea:06:c0:0e:32:
6c:f1:c7:db:61:5a:05:92:69:dc:c3:00:47:54:a1:
87:a1:49:c5:50:93:95:b2:b0:7e:6c:2e:5a:83:14:
f2:34:46:d8:3a:f1:f8:72:6b:5c:1e:cc:32:ce:3e:
2d:79:3b:37:18:32:77:56:23:9f:7b:0d:fb:91:2f:
6b:eb:92:32:37:3f:66:ba:9b:ca:04:0e:d6:a9:cb:
e6:a9:3f:f6:e1:7d:36:88:4b:bd:18:5f:79:1f:96:
1e:d2:32:29:e8:79:ff:33:bb:8f:22:6a:ac:3e:be:
d5:a2:c3:0a:0c:98:28:61:ba:32:c0:f7:84:a4:71:
e3:9c:68:77:df:19:9f:fb:c4:9c:33:82:51:68:f8:
04:db:e3:59:16:e0:a4:b9:c4:48:4d:5b:1f:4f:27:
b8:88:62:f7:de:53:27:84:01:e5:1c:c2:74:36:08:
89:bb:a3:36:e8:48:da:c4:7a:4a:10:cb:03:4c:d9:
c7:a8:d2:5d:c3:50:3c:c2:4e:40:73:39:e3:20:99:
de:38:d4:75:d8:d4:68:cb:c6:8b:ca:ae:47:47:ef:
62:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:37:E0:30:CC:C2:DF:65:29:02:FB:B6:99:F4:86:E5:2C:68:EC:14
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/KzfgMMzC32UpAvu2mfSG5Sxo7BQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
cd:ab:fc:6d:bc:bc:14:f1:bd:43:dd:23:b6:e9:69:ad:f2:59:
75:2d:d5:80:20:5a:11:d6:1e:fd:c8:4c:6a:49:14:8a:c1:52:
12:c9:07:d5:37:1b:4d:41:e9:f7:34:f3:ad:1d:53:61:11:41:
b6:7d:fc:44:83:c0:30:66:0e:11:13:9c:8f:af:7a:8f:26:27:
d9:1a:48:f4:d1:b2:e2:70:ce:d6:c6:9b:27:27:71:9e:91:09:
bf:f9:f7:8e:47:87:d0:56:88:75:56:9c:42:57:86:a1:76:57:
8c:c9:1e:94:ab:9f:5f:7c:11:cb:95:ec:6d:57:2c:68:82:0f:
0e:11:48:f2:3c:c3:bf:af:e6:02:3f:da:ef:18:a2:e4:ad:95:
e3:34:ef:ed:f1:a7:e0:bc:4b:eb:23:16:b8:19:3a:a5:ae:61:
77:f6:31:38:8b:81:80:ad:2b:e3:fd:e6:af:cf:95:e3:f6:ba:
ea:c8:5f:1f:93:d6:4f:bc:20:39:10:aa:bd:25:8c:03:49:ea:
95:26:7b:5a:40:d0:14:47:05:a4:ce:e3:57:73:f4:db:23:74:
c4:b6:13:9c:55:79:06:b5:37:dc:f4:a2:20:d0:03:9c:3f:87:
3b:cf:f9:ff:2a:65:55:1b:fb:5a:19:43:74:95:3e:f5:92:2f:
ff:e6:76:94
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICFAwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MTMx
MDIzMjBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDJCMzdFMDMwQ0NDMkRG
NjUyOTAyRkJCNjk5RjQ4NkU1MkM2OEVDMTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDBj+nBNqOfvBpZWDVnKlsKRSayaDyWd4Gqd6jeTIMOriXStYON
I1PqBsAOMmzxx9thWgWSadzDAEdUoYehScVQk5WysH5sLlqDFPI0Rtg68fhya1we
zDLOPi15OzcYMndWI597DfuRL2vrkjI3P2a6m8oEDtapy+apP/bhfTaIS70YX3kf
lh7SMinoef8zu48iaqw+vtWiwwoMmChhujLA94SkceOcaHffGZ/7xJwzglFo+ATb
41kW4KS5xEhNWx9PJ7iIYvfeUyeEAeUcwnQ2CIm7ozboSNrEekoQywNM2ceo0l3D
UDzCTkBzOeMgmd441HXY1GjLxovKrkdH72I/AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUKzfgMMzC32UpAvu2mfSG5Sxo7BQwHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL0t6ZmdNTXpDMzJVcEF2
dTJtZlNHNVN4bzdCUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEAzav8bby8FPG9Q90jtulprfJZdS3VgCBa
EdYe/chMakkUisFSEskH1TcbTUHp9zTzrR1TYRFBtn38RIPAMGYOEROcj696jyYn
2RpI9NGy4nDO1sabJydxnpEJv/n3jkeH0FaIdVacQleGoXZXjMkelKufX3wRy5Xs
bVcsaIIPDhFI8jzDv6/mAj/a7xii5K2V4zTv7fGn4LxL6yMWuBk6pa5hd/YxOIuB
gK0r4/3mr8+V4/a66shfH5PWT7wgORCqvSWMA0nqlSZ7WkDQFEcFpM7jV3P02yN0
xLYTnFV5BrU33PSiINADnD+HO8/5/yplVRv7WhlDdJU+9ZIv/+Z2lA==
-----END CERTIFICATE-----
Generated at Sat Apr 13 13:34:43 2024 by rpki-client on console-fra.rpki-client.org