Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/NtHi7tJ7kdDtbQJphTyH--DfCZM.roa
File: NtHi7tJ7kdDtbQJphTyH--DfCZM.roa (raw, json)
Hash identifier: ldFzDhqoUk3P+fIdm4gRXPZ7uJgekiMmaCGdBsDiEHQ=
Subject key identifier: 36:D1:E2:EE:D2:7B:91:D0:ED:6D:02:69:85:3C:87:FB:E0:DF:09:93
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 16A2
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/NtHi7tJ7kdDtbQJphTyH--DfCZM.roa
Signing time: Sat 20 Apr 2024 07:53:40 +0000
ROA not before: Sat 20 Apr 2024 07:53:40 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5794 (0x16a2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 20 07:53:40 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=36D1E2EED27B91D0ED6D0269853C87FBE0DF0993
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:ec:d9:d1:4d:26:51:35:18:fe:31:d6:b2:00:
a7:a2:35:7e:8e:e0:63:b5:e2:a3:fb:8d:e1:a0:51:
77:bf:e1:87:ec:60:47:fd:38:bf:8a:7a:87:5b:c5:
2f:7f:dd:90:9f:2c:f6:a7:cd:04:56:fa:cd:e5:ac:
37:00:37:4a:ab:0d:a4:63:6b:c0:5f:24:3c:7c:06:
94:ca:09:52:f9:2a:36:bf:64:d8:f6:25:53:74:84:
0f:5e:81:3d:bb:40:51:7c:12:29:d5:82:62:6e:24:
17:c1:cb:34:b9:d7:f4:85:49:ca:61:14:65:1c:b3:
ca:a5:39:65:1b:43:5f:8e:eb:40:e9:58:b4:a1:18:
5b:9a:5b:de:f4:49:eb:16:b1:82:3f:74:4b:23:16:
fe:19:58:eb:fb:b7:15:8a:62:27:4d:27:40:31:f9:
6c:93:a1:76:cd:04:0f:62:85:9f:b7:8c:cd:4a:2b:
e6:d1:92:21:8b:46:d6:fe:d4:61:71:1d:10:5f:b3:
f7:3f:f6:ff:b0:26:f9:be:e9:c2:f1:cb:55:e6:4b:
b1:08:9f:f3:28:20:98:ca:fa:c0:a2:9f:9d:a4:c6:
cd:31:df:41:b4:6c:3d:41:1c:ed:8d:c8:c1:49:ab:
5a:08:6e:d5:e9:2d:3c:a8:22:c9:f1:df:40:ae:73:
cf:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:D1:E2:EE:D2:7B:91:D0:ED:6D:02:69:85:3C:87:FB:E0:DF:09:93
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/NtHi7tJ7kdDtbQJphTyH--DfCZM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
31:4f:6f:70:6c:c0:1f:29:ef:b2:ae:7c:5b:78:d9:0f:57:9e:
9f:64:e6:49:89:ad:d3:36:05:96:dc:d7:85:54:0f:3a:02:e1:
8f:ad:6c:b1:dc:a6:cc:34:db:81:ee:2f:f0:ee:b8:42:64:81:
99:d4:28:61:09:b2:15:7e:5a:00:f4:a0:44:80:2a:10:96:8e:
6a:72:b9:27:88:41:13:90:f5:84:61:89:9f:1a:6d:8a:ad:d3:
3d:f8:b4:18:8d:88:6c:63:75:70:7b:ff:95:a6:cf:f3:0a:a0:
6e:de:75:f7:9a:3b:5a:43:83:c1:ef:6e:24:40:f0:31:38:0e:
1f:af:1b:78:a1:05:dd:f8:cd:8e:82:3a:0f:08:14:b0:21:86:
2d:7c:9e:50:48:3b:b9:e4:e8:cd:76:42:a6:8c:54:bd:06:4e:
7a:2a:02:e4:bb:0f:ce:61:a8:61:89:18:d7:13:69:83:00:4f:
4b:86:40:13:ca:9d:06:a9:1b:58:d4:57:da:b3:ce:9a:0d:3f:
fa:9e:97:dd:a6:66:ce:97:47:67:bc:9b:6d:a3:d3:42:49:bf:
5e:0f:cc:47:ca:9d:97:0f:e2:ca:f2:27:97:b7:fe:45:1b:ed:
d9:9f:e5:2e:c6:be:dc:f1:8a:34:11:e1:69:e5:d5:ba:c4:5f:
e8:a1:3c:89
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICFqIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MjAw
NzUzNDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDM2RDFFMkVFRDI3Qjkx
RDBFRDZEMDI2OTg1M0M4N0ZCRTBERjA5OTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC67NnRTSZRNRj+MdayAKeiNX6O4GO14qP7jeGgUXe/4YfsYEf9
OL+KeodbxS9/3ZCfLPanzQRW+s3lrDcAN0qrDaRja8BfJDx8BpTKCVL5Kja/ZNj2
JVN0hA9egT27QFF8EinVgmJuJBfByzS51/SFScphFGUcs8qlOWUbQ1+O60DpWLSh
GFuaW970SesWsYI/dEsjFv4ZWOv7txWKYidNJ0Ax+WyToXbNBA9ihZ+3jM1KK+bR
kiGLRtb+1GFxHRBfs/c/9v+wJvm+6cLxy1XmS7EIn/MoIJjK+sCin52kxs0x30G0
bD1BHO2NyMFJq1oIbtXpLTyoIsnx30Cuc885AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUNtHi7tJ7kdDtbQJphTyH++DfCZMwHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL050SGk3dEo3a2REdGJR
SnBoVHlILS1EZkNaTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEAMU9vcGzAHynvsq58W3jZD1een2TmSYmt
0zYFltzXhVQPOgLhj61ssdymzDTbge4v8O64QmSBmdQoYQmyFX5aAPSgRIAqEJaO
anK5J4hBE5D1hGGJnxptiq3TPfi0GI2IbGN1cHv/labP8wqgbt5195o7WkODwe9u
JEDwMTgOH68beKEF3fjNjoI6DwgUsCGGLXyeUEg7ueTozXZCpoxUvQZOeioC5LsP
zmGoYYkY1xNpgwBPS4ZAE8qdBqkbWNRX2rPOmg0/+p6X3aZmzpdHZ7ybbaPTQkm/
Xg/MR8qdlw/iyvInl7f+RRvt2Z/lLsa+3PGKNBHhaeXVusRf6KE8iQ==
-----END CERTIFICATE-----
Generated at Sat Apr 20 08:51:42 2024 by rpki-client on console-fra.rpki-client.org