Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/OIwQzHC9QKiyphvhxWBw2epk7kM.roa
File: OIwQzHC9QKiyphvhxWBw2epk7kM.roa (raw, json)
Hash identifier: e4DapUo3KxLKugdgsgX5ka4iArprlGlcQwWpE+M2PBg=
Subject key identifier: 38:8C:10:CC:70:BD:40:A8:B2:A6:1B:E1:C5:60:70:D9:EA:64:EE:43
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 1434
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/OIwQzHC9QKiyphvhxWBw2epk7kM.roa
Signing time: Sat 13 Apr 2024 20:24:11 +0000
ROA not before: Sat 13 Apr 2024 20:24:11 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5172 (0x1434)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 13 20:24:11 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=388C10CC70BD40A8B2A61BE1C56070D9EA64EE43
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:a9:db:09:1a:81:e2:50:aa:e3:82:c9:4d:06:
ef:12:52:a8:ee:a0:b1:5b:01:ba:d3:16:8b:03:e0:
9f:24:db:23:98:72:82:dd:b3:e9:a1:74:0d:44:a6:
31:98:e2:f3:3a:aa:75:40:50:52:1c:bd:5e:12:9f:
8d:bd:f6:a0:87:aa:38:68:39:ea:54:97:46:2a:67:
3f:c1:2b:13:99:b8:26:4a:97:7c:29:47:6f:1d:70:
44:2f:c6:2e:15:91:32:fa:65:89:0e:f5:91:b5:6b:
f9:0b:3f:15:07:8d:86:ae:c3:2d:39:21:0e:27:d8:
f3:98:15:99:b6:d8:62:64:22:37:a4:cb:eb:a1:bb:
f8:5d:3c:be:10:5d:20:de:2c:be:d8:2f:c0:53:b3:
4e:81:b4:96:a7:e9:d4:22:9e:e6:41:ae:92:7c:78:
7a:8e:5d:c7:c4:a4:4e:8f:b4:5b:d7:68:1d:a0:50:
2c:d3:3f:8b:dd:66:4c:8c:d4:35:fb:c7:63:7e:f4:
90:07:9f:b3:7d:99:c5:61:90:83:1b:5a:42:57:ab:
b5:fd:9a:cb:56:97:f0:8c:d5:93:a5:b7:5e:e7:56:
60:63:f8:b2:cf:65:05:d2:a8:7c:1b:ba:c6:29:58:
9c:59:64:84:0a:0a:ad:41:94:ab:de:18:00:fe:cb:
3b:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:8C:10:CC:70:BD:40:A8:B2:A6:1B:E1:C5:60:70:D9:EA:64:EE:43
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/OIwQzHC9QKiyphvhxWBw2epk7kM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
8d:49:8a:40:46:fc:66:78:83:9e:4e:f9:96:d2:8b:f9:60:cb:
7b:bd:b6:c2:b8:b8:8e:7e:42:d2:71:a0:4c:09:99:89:96:ae:
31:21:be:90:90:46:97:92:40:c3:f0:ff:5c:bc:8a:d9:68:b6:
cf:06:b2:be:13:75:22:42:9f:76:18:ee:b7:6d:88:d8:1c:46:
51:a4:9f:60:23:43:bd:43:ed:23:f5:79:dc:5c:84:b5:ba:fc:
36:66:8d:bc:54:1e:11:65:91:1d:c1:f6:ae:3c:00:99:95:3c:
37:1a:9d:5c:54:aa:ed:e9:ca:08:b5:dc:77:25:1b:cf:c4:6b:
d5:4e:00:ce:77:ee:ce:1a:11:06:75:e8:53:21:2a:38:e8:28:
0a:39:ac:5e:a3:b3:6e:95:1d:f7:b6:b8:6e:86:08:3f:95:f3:
b6:9e:b0:d3:75:31:89:84:7a:df:ab:09:46:8d:40:7a:2a:08:
91:39:f7:06:4a:ca:5f:e8:ad:3c:d3:7f:f1:01:72:28:ce:24:
50:3e:66:50:34:66:05:17:10:e7:9f:91:94:a0:94:0b:47:cc:
7b:b6:82:30:f6:6f:c5:3e:17:12:88:53:28:37:60:47:7d:46:
38:15:69:bf:45:9b:f0:37:78:f6:89:b6:08:7c:0c:0e:11:25:
f8:b3:df:89
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICFDQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MTMy
MDI0MTFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDM4OEMxMENDNzBCRDQw
QThCMkE2MUJFMUM1NjA3MEQ5RUE2NEVFNDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDGqdsJGoHiUKrjgslNBu8SUqjuoLFbAbrTFosD4J8k2yOYcoLd
s+mhdA1EpjGY4vM6qnVAUFIcvV4Sn4299qCHqjhoOepUl0YqZz/BKxOZuCZKl3wp
R28dcEQvxi4VkTL6ZYkO9ZG1a/kLPxUHjYauwy05IQ4n2POYFZm22GJkIjeky+uh
u/hdPL4QXSDeLL7YL8BTs06BtJan6dQinuZBrpJ8eHqOXcfEpE6PtFvXaB2gUCzT
P4vdZkyM1DX7x2N+9JAHn7N9mcVhkIMbWkJXq7X9mstWl/CM1ZOlt17nVmBj+LLP
ZQXSqHwbusYpWJxZZIQKCq1BlKveGAD+yztPAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUOIwQzHC9QKiyphvhxWBw2epk7kMwHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL09Jd1F6SEM5UUtpeXBo
dmh4V0J3MmVwazdrTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEAjUmKQEb8ZniDnk75ltKL+WDLe722wri4
jn5C0nGgTAmZiZauMSG+kJBGl5JAw/D/XLyK2Wi2zwayvhN1IkKfdhjut22I2BxG
UaSfYCNDvUPtI/V53FyEtbr8NmaNvFQeEWWRHcH2rjwAmZU8NxqdXFSq7enKCLXc
dyUbz8Rr1U4AznfuzhoRBnXoUyEqOOgoCjmsXqOzbpUd97a4boYIP5Xztp6w03Ux
iYR636sJRo1AeioIkTn3BkrKX+itPNN/8QFyKM4kUD5mUDRmBRcQ55+RlKCUC0fM
e7aCMPZvxT4XEohTKDdgR31GOBVpv0Wb8Dd49om2CHwMDhEl+LPfiQ==
-----END CERTIFICATE-----
Generated at Sat Apr 13 23:26:38 2024 by rpki-client on console-fra.rpki-client.org