Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/OC-xDppbdYrP90BjbtoQnSQP5u0.roa
File: OC-xDppbdYrP90BjbtoQnSQP5u0.roa (raw, json)
Hash identifier: C5ZtXEtBLFpyv6Hive0fejWmeacTLkcYM8vi4Kt0qU4=
Subject key identifier: 38:2F:B1:0E:9A:5B:75:8A:CF:F7:40:63:6E:DA:10:9D:24:0F:E6:ED
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 067B
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/OC-xDppbdYrP90BjbtoQnSQP5u0.roa
Signing time: Wed 19 Apr 2023 01:35:50 +0000
ROA not before: Wed 19 Apr 2023 01:35:50 +0000
ROA not after: Wed 27 Mar 2024 01:13:10 +0000
asID: 7018
IP address blocks: 112.75.132.0/22 maxlen: 24
112.75.140.0/22 maxlen: 24
112.75.148.0/22 maxlen: 24
112.75.156.0/22 maxlen: 24
112.75.164.0/22 maxlen: 24
112.75.172.0/22 maxlen: 24
112.75.180.0/22 maxlen: 24
112.75.188.0/22 maxlen: 24
112.75.196.0/22 maxlen: 24
112.75.204.0/22 maxlen: 24
112.75.212.0/22 maxlen: 24
112.75.220.0/22 maxlen: 24
112.75.228.0/22 maxlen: 24
112.75.236.0/22 maxlen: 24
112.75.244.0/22 maxlen: 24
112.75.252.0/22 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1659 (0x67b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 19 01:35:50 2023 GMT
Not After : Mar 27 01:13:10 2024 GMT
Subject: CN=382FB10E9A5B758ACFF740636EDA109D240FE6ED
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:dd:f4:9c:08:bf:86:ba:42:3c:a6:bb:ff:73:
31:4f:f8:83:39:1b:7a:97:d9:f6:13:db:51:5a:f3:
8c:bd:94:9d:6d:1d:dc:f0:2f:ae:00:20:57:0f:cb:
25:12:27:ac:b1:7a:b3:c5:0e:e9:03:b8:de:21:dc:
b7:4a:82:d1:c8:a9:93:33:3f:fe:e7:26:8c:c1:1a:
2c:84:6c:90:7c:a2:db:be:63:db:10:2e:df:49:8f:
a7:a7:d5:7d:33:46:c5:45:af:86:46:c6:30:6c:4a:
9e:0b:91:c0:12:b8:4f:a4:fe:98:dd:3f:6c:ba:6f:
3d:83:32:09:84:5d:b7:0a:4c:6f:27:5c:d4:a1:e6:
0e:09:1c:2f:27:21:e8:06:36:ca:e8:32:ab:48:71:
2f:7b:e2:d7:6a:26:a9:fa:b0:b8:ce:85:c1:de:dd:
90:ef:3e:01:32:af:85:72:4d:0d:de:c6:1a:12:aa:
31:cb:13:a1:34:80:62:07:fe:b2:fa:60:d5:78:53:
48:43:7c:0d:d7:83:42:21:8c:7b:aa:f2:0d:da:5c:
d2:3a:5e:d2:22:71:62:04:f4:0a:3f:38:6e:14:ce:
09:b6:38:54:9e:10:e1:49:b9:5b:3f:ee:dd:bb:b2:
04:35:d1:83:f0:4f:1b:71:0d:3e:62:24:15:06:9c:
58:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:2F:B1:0E:9A:5B:75:8A:CF:F7:40:63:6E:DA:10:9D:24:0F:E6:ED
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/OC-xDppbdYrP90BjbtoQnSQP5u0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.132.0/22
112.75.140.0/22
112.75.148.0/22
112.75.156.0/22
112.75.164.0/22
112.75.172.0/22
112.75.180.0/22
112.75.188.0/22
112.75.196.0/22
112.75.204.0/22
112.75.212.0/22
112.75.220.0/22
112.75.228.0/22
112.75.236.0/22
112.75.244.0/22
112.75.252.0/22
Signature Algorithm: sha256WithRSAEncryption
56:72:ce:9b:f1:f1:d9:74:d1:4f:1f:7b:1a:f2:35:31:57:53:
5a:f6:ff:48:c6:c1:3b:be:c5:ef:c9:db:ce:d8:64:72:d7:47:
e9:55:94:68:2c:4b:5d:cc:c8:40:b8:d6:4c:15:ae:9c:4d:82:
99:d0:2c:76:a8:c6:a6:72:03:82:83:31:c1:6d:69:23:d8:da:
23:ba:1a:d3:cc:ea:61:39:81:24:e1:ab:91:1d:a9:ec:33:c6:
fa:15:da:ce:41:ef:72:ee:ad:d0:c6:bf:90:31:6c:ad:f3:be:
34:b3:10:b5:bf:ec:a7:66:19:36:74:d0:9e:ce:23:b6:65:e1:
f2:7f:24:7c:23:b3:76:1a:5b:e9:29:ba:aa:64:21:9d:dd:08:
66:e2:bd:da:72:e5:ae:ae:aa:b5:ff:8e:e8:da:9b:6f:e7:d9:
74:a2:6c:34:c9:c0:d7:dc:c4:3c:08:af:4c:48:fa:e6:99:ad:
44:dc:88:42:b5:f0:c6:23:de:3a:53:f8:c3:df:ec:67:8c:ed:
58:d2:cf:1f:17:b6:ea:7b:01:5d:fb:f0:d7:98:91:3a:d2:54:
a0:a2:13:6e:ed:fb:0c:a2:4d:ea:29:1f:28:4e:dd:86:15:f7:
73:73:e3:3f:9f:c4:f6:d5:ca:27:d9:f1:f0:f5:ee:c1:28:51:
ce:68:43:e7
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgICBnswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yMzA0MTkw
MTM1NTBaFw0yNDAzMjcwMTEzMTBaMDMxMTAvBgNVBAMTKDM4MkZCMTBFOUE1Qjc1
OEFDRkY3NDA2MzZFREExMDlEMjQwRkU2RUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDD3fScCL+GukI8prv/czFP+IM5G3qX2fYT21Fa84y9lJ1tHdzw
L64AIFcPyyUSJ6yxerPFDukDuN4h3LdKgtHIqZMzP/7nJozBGiyEbJB8otu+Y9sQ
Lt9Jj6en1X0zRsVFr4ZGxjBsSp4LkcASuE+k/pjdP2y6bz2DMgmEXbcKTG8nXNSh
5g4JHC8nIegGNsroMqtIcS974tdqJqn6sLjOhcHe3ZDvPgEyr4VyTQ3exhoSqjHL
E6E0gGIH/rL6YNV4U0hDfA3Xg0IhjHuq8g3aXNI6XtIicWIE9Ao/OG4Uzgm2OFSe
EOFJuVs/7t27sgQ10YPwTxtxDT5iJBUGnFirAgMBAAGjggJLMIICRzAdBgNVHQ4E
FgQUOC+xDppbdYrP90BjbtoQnSQP5u0wHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL09DLXhEcHBiZFlyUDkw
QmpidG9RblNRUDV1MC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwweQYIKwYBBQUHAQcBAf8EajBoMGYEAgABMGAD
BAJwS4QDBAJwS4wDBAJwS5QDBAJwS5wDBAJwS6QDBAJwS6wDBAJwS7QDBAJwS7wD
BAJwS8QDBAJwS8wDBAJwS9QDBAJwS9wDBAJwS+QDBAJwS+wDBAJwS/QDBAJwS/ww
DQYJKoZIhvcNAQELBQADggEBAFZyzpvx8dl00U8fexryNTFXU1r2/0jGwTu+xe/J
287YZHLXR+lVlGgsS13MyEC41kwVrpxNgpnQLHaoxqZyA4KDMcFtaSPY2iO6GtPM
6mE5gSThq5EdqewzxvoV2s5B73LurdDGv5AxbK3zvjSzELW/7KdmGTZ00J7OI7Zl
4fJ/JHwjs3YaW+kpuqpkIZ3dCGbivdpy5a6uqrX/jujam2/n2XSibDTJwNfcxDwI
r0xI+uaZrUTciEK18MYj3jpT+MPf7GeM7VjSzx8Xtup7AV378NeYkTrSVKCiE27t
+wyiTeopHyhO3YYV93Nz4z+fxPbVyifZ8fD17sEoUc5oQ+c=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:18 2023 by rpki-client on console-ams.rpki-client.org