Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/Ouan8JN_LTZuUEmH15fDlTh2du0.roa
File: Ouan8JN_LTZuUEmH15fDlTh2du0.roa (raw, json)
Hash identifier: GPXEPegYfqFvdAo2umaiXSzX6x0QSHxQeSNGrWreW6Q=
Subject key identifier: 3A:E6:A7:F0:93:7F:2D:36:6E:50:49:87:D7:97:C3:95:38:76:76:ED
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 1032
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/Ouan8JN_LTZuUEmH15fDlTh2du0.roa
Signing time: Wed 03 Apr 2024 03:52:40 +0000
ROA not before: Wed 03 Apr 2024 03:52:40 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4146 (0x1032)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 3 03:52:40 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3AE6A7F0937F2D366E504987D797C395387676ED
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:73:90:fb:43:7e:33:31:37:3a:96:c3:59:a9:
e1:47:0e:5d:74:a5:18:ee:ac:f2:c1:3c:01:2c:d6:
80:84:44:33:aa:09:63:00:58:e4:c6:b4:ce:ab:f9:
ed:e7:18:2c:0d:ac:59:c7:14:a4:25:ff:be:6f:a7:
b5:a7:63:6e:d3:0c:bf:b0:e5:fa:a3:66:eb:76:64:
06:20:11:3c:a4:e5:30:1f:6f:a6:cc:ad:29:99:a3:
b1:6d:0c:0d:7d:0a:ab:84:24:c3:7d:32:fd:c3:be:
ae:8e:c3:b7:16:14:e7:d7:ad:0e:d1:88:16:8a:8c:
e6:cb:e5:1f:b9:4a:94:63:9a:db:d2:68:a5:29:da:
c9:10:dd:b3:f1:db:e8:ba:6f:e5:b1:f8:ee:9d:28:
52:31:45:9c:28:25:eb:09:09:02:36:65:b1:c6:47:
cc:75:0a:51:47:9e:bd:5f:d4:9c:44:ce:17:3e:4c:
d3:c6:9b:9e:17:b7:93:ba:3d:80:9d:1f:2e:49:0c:
90:ac:02:66:9c:94:bf:3a:ec:fd:cc:f9:c3:0f:a1:
c9:4d:a3:c1:41:2d:ec:0c:1f:1f:3a:71:e2:0f:ec:
19:d5:a2:a8:31:06:f4:46:90:87:8f:7d:a7:32:cf:
23:a3:68:e5:36:31:9b:de:87:e0:b7:03:b4:5a:e1:
78:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:E6:A7:F0:93:7F:2D:36:6E:50:49:87:D7:97:C3:95:38:76:76:ED
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/Ouan8JN_LTZuUEmH15fDlTh2du0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
c5:c9:7b:12:4e:2a:4e:f6:7e:f8:9b:41:d9:01:d0:1c:6b:1c:
1f:15:d8:75:f7:ed:54:66:f0:05:5e:66:48:91:21:ed:69:9c:
5c:81:de:e2:8a:86:21:93:71:9a:0e:c2:dc:47:46:eb:e3:c5:
52:4f:04:1b:8d:38:7e:9d:f8:7e:59:32:c7:16:f1:cc:60:51:
af:69:23:6b:21:26:6c:c5:13:93:19:7f:88:68:5c:d0:97:9b:
73:38:9e:e3:44:d9:78:3a:b1:75:b3:fd:f5:a9:0f:b2:4f:fb:
07:eb:76:fe:46:04:d7:d3:14:8e:28:b5:09:62:65:4c:7e:03:
62:1d:82:65:cf:b5:e8:14:2a:11:0a:43:fd:30:9f:e2:17:e5:
50:11:c8:32:05:f1:b9:9e:29:ac:cf:64:6d:fa:5f:c1:f1:23:
89:d3:2c:60:11:c8:d8:17:99:ff:bf:69:f0:e8:cd:03:b3:8d:
23:ec:9f:01:cf:cc:48:3a:83:f5:4e:9a:1b:aa:6b:e5:88:28:
b5:8e:d3:4e:f0:44:f7:99:11:0a:d5:15:c0:16:18:04:f0:be:
c4:57:b8:50:50:ef:0f:dc:c3:c9:18:4f:5e:a8:77:22:66:a1:
ff:7c:6c:ac:b8:03:a8:fb:b1:84:1f:28:91:06:f4:cc:c4:48:
75:ce:2e:48
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICEDIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MDMw
MzUyNDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDNBRTZBN0YwOTM3RjJE
MzY2RTUwNDk4N0Q3OTdDMzk1Mzg3Njc2RUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCvc5D7Q34zMTc6lsNZqeFHDl10pRjurPLBPAEs1oCERDOqCWMA
WOTGtM6r+e3nGCwNrFnHFKQl/75vp7WnY27TDL+w5fqjZut2ZAYgETyk5TAfb6bM
rSmZo7FtDA19CquEJMN9Mv3Dvq6Ow7cWFOfXrQ7RiBaKjObL5R+5SpRjmtvSaKUp
2skQ3bPx2+i6b+Wx+O6dKFIxRZwoJesJCQI2ZbHGR8x1ClFHnr1f1JxEzhc+TNPG
m54Xt5O6PYCdHy5JDJCsAmaclL867P3M+cMPoclNo8FBLewMHx86ceIP7BnVoqgx
BvRGkIePfacyzyOjaOU2MZveh+C3A7Ra4XgnAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUOuan8JN/LTZuUEmH15fDlTh2du0wHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL091YW44Sk5fTFRadVVF
bUgxNWZEbFRoMmR1MC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEAxcl7Ek4qTvZ++JtB2QHQHGscHxXYdfft
VGbwBV5mSJEh7WmcXIHe4oqGIZNxmg7C3EdG6+PFUk8EG404fp34flkyxxbxzGBR
r2kjayEmbMUTkxl/iGhc0Jebczie40TZeDqxdbP99akPsk/7B+t2/kYE19MUjii1
CWJlTH4DYh2CZc+16BQqEQpD/TCf4hflUBHIMgXxuZ4prM9kbfpfwfEjidMsYBHI
2BeZ/79p8OjNA7ONI+yfAc/MSDqD9U6aG6pr5YgotY7TTvBE95kRCtUVwBYYBPC+
xFe4UFDvD9zDyRhPXqh3Imah/3xsrLgDqPuxhB8okQb0zMRIdc4uSA==
-----END CERTIFICATE-----
Generated at Wed Apr 3 05:30:08 2024 by rpki-client on console-ams.rpki-client.org