Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/QnaaxKJAqZEjEn-CJ4cr9cT05lU.roa
File: QnaaxKJAqZEjEn-CJ4cr9cT05lU.roa (raw, json)
Hash identifier: LkIaz4g79JGqZOdUk/03SFjZGLeNVnIrGjQGVkaJgXQ=
Subject key identifier: 42:76:9A:C4:A2:40:A9:91:23:12:7F:82:27:87:2B:F5:C4:F4:E6:55
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 1190
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/QnaaxKJAqZEjEn-CJ4cr9cT05lU.roa
Signing time: Sat 06 Apr 2024 19:22:53 +0000
ROA not before: Sat 06 Apr 2024 19:22:53 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4496 (0x1190)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 6 19:22:53 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=42769AC4A240A99123127F8227872BF5C4F4E655
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:c3:29:38:73:73:99:74:0e:eb:9e:2c:1d:3f:
a8:fd:25:b5:7c:2c:8a:72:83:15:1a:48:79:2e:b5:
1b:e5:11:b2:36:ef:5e:40:cb:26:cf:58:99:b0:00:
85:ff:55:97:2e:a9:52:6f:8e:5e:17:ac:56:40:a8:
59:a7:15:3e:e0:5b:bd:67:68:37:37:d0:31:05:b1:
61:a4:01:da:0d:c4:8e:fb:0c:d2:1f:e4:d2:20:8b:
6d:1c:38:7a:a0:e4:4e:55:7e:54:1f:b5:90:54:80:
64:ab:b3:27:81:47:aa:69:83:96:c9:d5:97:ce:3c:
c1:e7:49:e9:c2:b4:c7:22:6e:68:1b:54:57:45:45:
f7:ed:31:4b:4c:5a:f0:fd:97:b7:84:5d:88:ad:42:
08:96:ae:ba:2d:c1:86:97:34:ff:2a:21:88:f2:cd:
98:92:d2:58:e5:42:47:11:42:7f:99:b6:bb:52:dd:
b3:c1:ec:cd:f0:de:a2:0a:77:21:8b:64:75:2b:5b:
12:7a:4d:18:6c:87:03:39:a1:2d:70:21:f7:3d:31:
46:6b:c6:04:f5:3e:33:db:3b:77:fa:77:cd:db:2d:
f7:5c:4d:18:f3:88:32:cf:77:33:54:ae:00:db:a1:
5c:70:78:cb:5b:9e:40:c5:15:79:ac:53:aa:30:43:
04:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:76:9A:C4:A2:40:A9:91:23:12:7F:82:27:87:2B:F5:C4:F4:E6:55
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/QnaaxKJAqZEjEn-CJ4cr9cT05lU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
cc:6b:83:a5:ba:49:25:73:e0:5b:23:be:cd:72:1f:14:9c:74:
79:86:db:88:3a:8e:fd:4b:82:63:ab:f1:c8:0d:36:f7:32:fc:
87:85:f9:3f:d0:5b:2c:51:6c:2c:b4:63:55:2b:21:10:97:67:
25:28:24:88:ef:1b:90:65:f1:d9:4e:36:8e:8f:d5:11:91:94:
22:64:22:f6:c5:ea:c3:5b:9e:4e:cd:df:dd:84:de:38:50:ec:
bf:16:09:bf:8f:9a:80:ce:85:42:08:a8:f3:a1:6e:71:f1:cb:
1c:5c:52:8f:78:3f:f1:1b:22:9b:69:fc:7c:8d:b3:4e:9e:39:
fb:66:fc:9d:20:e4:9a:9a:9d:86:d7:b6:be:92:95:e9:29:34:
0a:0d:e5:95:95:54:c7:54:76:df:71:b3:31:00:c3:a5:5f:62:
32:f0:78:0f:8c:8a:f8:6f:95:7a:ae:ed:fd:56:a6:11:3d:12:
47:f9:03:7e:b2:57:ab:bd:5e:0b:72:dc:b6:73:76:3f:6c:c3:
da:62:d6:82:f7:75:47:c7:a0:27:0b:f8:18:3b:d7:aa:e9:2c:
fe:b1:0f:66:85:fc:f0:7b:bc:76:e7:55:d1:4f:4d:1f:9d:75:
c9:f9:13:a8:68:d4:c0:4f:9b:3e:88:44:a3:c3:cf:44:cd:ca:
ad:1e:7d:a6
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICEZAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MDYx
OTIyNTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQyNzY5QUM0QTI0MEE5
OTEyMzEyN0Y4MjI3ODcyQkY1QzRGNEU2NTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOwyk4c3OZdA7rniwdP6j9JbV8LIpygxUaSHkutRvlEbI2715A
yybPWJmwAIX/VZcuqVJvjl4XrFZAqFmnFT7gW71naDc30DEFsWGkAdoNxI77DNIf
5NIgi20cOHqg5E5VflQftZBUgGSrsyeBR6ppg5bJ1ZfOPMHnSenCtMcibmgbVFdF
RfftMUtMWvD9l7eEXYitQgiWrrotwYaXNP8qIYjyzZiS0ljlQkcRQn+ZtrtS3bPB
7M3w3qIKdyGLZHUrWxJ6TRhshwM5oS1wIfc9MUZrxgT1PjPbO3f6d83bLfdcTRjz
iDLPdzNUrgDboVxweMtbnkDFFXmsU6owQwQdAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUQnaaxKJAqZEjEn+CJ4cr9cT05lUwHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL1FuYWF4S0pBcVpFakVu
LUNKNGNyOWNUMDVsVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEAzGuDpbpJJXPgWyO+zXIfFJx0eYbbiDqO
/UuCY6vxyA029zL8h4X5P9BbLFFsLLRjVSshEJdnJSgkiO8bkGXx2U42jo/VEZGU
ImQi9sXqw1ueTs3f3YTeOFDsvxYJv4+agM6FQgio86FucfHLHFxSj3g/8Rsim2n8
fI2zTp45+2b8nSDkmpqdhte2vpKV6Sk0Cg3llZVUx1R233GzMQDDpV9iMvB4D4yK
+G+Veq7t/VamET0SR/kDfrJXq71eC3LctnN2P2zD2mLWgvd1R8egJwv4GDvXquks
/rEPZoX88Hu8dudV0U9NH511yfkTqGjUwE+bPohEo8PPRM3KrR59pg==
-----END CERTIFICATE-----
Generated at Sat Apr 6 22:38:20 2024 by rpki-client on console-fra.rpki-client.org