Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/UKxDTe5o7FfIDV_ZF3NFYNwIwPk.roa
File: UKxDTe5o7FfIDV_ZF3NFYNwIwPk.roa (raw, json)
Hash identifier: awi2Kk/Vc9myh1wtMo/C4aomZtbOjN+l+N8vLfh1dgc=
Subject key identifier: 50:AC:43:4D:EE:68:EC:57:C8:0D:5F:D9:17:73:45:60:DC:08:C0:F9
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 0FAA
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/UKxDTe5o7FfIDV_ZF3NFYNwIwPk.roa
Signing time: Mon 01 Apr 2024 17:52:37 +0000
ROA not before: Mon 01 Apr 2024 17:52:37 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4010 (0xfaa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 1 17:52:37 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=50AC434DEE68EC57C80D5FD917734560DC08C0F9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:70:50:ad:6b:40:42:88:88:c1:bf:56:6e:05:
3a:54:c6:78:7f:ec:50:b4:c3:28:bf:5d:c8:a2:52:
21:94:fe:3f:91:63:0d:d9:d8:e8:8c:ad:b2:5e:a1:
e6:27:64:0b:78:23:4c:7e:72:07:a9:0d:b5:04:63:
e5:1d:28:0f:d2:7d:27:3a:68:06:16:23:6b:0d:00:
f9:8f:6c:12:dc:b0:69:51:f7:75:93:4a:c3:0c:05:
2e:7a:9a:ee:f0:f4:fd:ed:20:b2:c5:f8:4d:fe:e7:
6e:09:86:64:d2:2f:c3:4a:4a:c2:26:cd:ed:0d:c0:
61:19:5b:98:d9:01:12:a2:b5:29:57:a0:05:d3:e7:
db:eb:ef:f9:de:fe:8a:27:66:fd:7e:a5:37:2a:ca:
b3:c1:3f:4f:72:79:32:e2:12:52:0e:f1:d3:06:f3:
d2:71:b1:07:16:52:7a:6a:32:e0:85:31:64:c4:67:
5f:0c:31:70:54:20:e8:ec:a6:51:b3:a9:ed:0f:84:
6f:73:ea:2b:12:0f:39:d5:49:8f:20:e1:77:3f:1d:
31:e8:5c:53:a1:7f:22:ca:33:cb:cf:d8:e1:5e:62:
77:08:6c:f1:7f:c9:5d:0e:a9:38:27:1c:80:cb:b1:
e5:55:5f:09:9e:6e:4e:fb:05:96:f4:1e:14:af:e5:
a9:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
50:AC:43:4D:EE:68:EC:57:C8:0D:5F:D9:17:73:45:60:DC:08:C0:F9
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/UKxDTe5o7FfIDV_ZF3NFYNwIwPk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
0d:64:d0:c5:e5:d3:1f:81:5f:86:3d:e6:48:b4:ff:a3:3f:ce:
1c:07:bd:8f:85:88:6d:b9:28:35:83:a4:1a:cd:19:62:ae:b9:
fc:fd:5e:35:97:7f:dc:61:fd:88:c5:75:d8:e9:7a:80:cd:96:
d3:32:44:95:2d:10:e9:93:e5:b2:3b:13:3b:52:3f:88:b1:a3:
3f:c6:01:0f:af:a3:ba:ef:8e:4f:25:ad:5c:97:bc:06:e6:58:
f3:d9:a6:58:d5:b8:c7:2a:10:4c:1a:c7:ca:35:49:f2:6c:96:
b5:2b:37:29:af:ce:75:5b:09:35:81:f5:93:f0:93:45:9a:51:
c0:b8:9f:6b:7f:67:19:64:f1:4a:ac:51:1f:39:a0:8f:80:86:
76:6c:7b:df:36:44:d2:42:ee:1d:e4:8b:a6:e4:7f:7f:ce:69:
f9:3a:50:b8:10:9e:09:21:f3:d1:76:32:75:2a:f4:a4:c5:db:
e8:72:20:05:74:87:32:c2:f3:04:65:cd:be:c3:97:ee:e1:b6:
5b:10:0d:5d:d7:d5:e2:6c:bd:37:21:dc:1c:0e:3f:03:fa:d7:
9c:03:69:ed:d6:81:c2:8b:91:44:95:ea:b0:6a:39:1d:9a:31:
16:cf:ec:59:20:8b:0e:71:5d:b6:cb:21:09:d4:b5:62:2f:78:
ba:f5:27:f6
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICD6owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MDEx
NzUyMzdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDUwQUM0MzRERUU2OEVD
NTdDODBENUZEOTE3NzM0NTYwREMwOEMwRjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDjcFCta0BCiIjBv1ZuBTpUxnh/7FC0wyi/XciiUiGU/j+RYw3Z
2OiMrbJeoeYnZAt4I0x+cgepDbUEY+UdKA/SfSc6aAYWI2sNAPmPbBLcsGlR93WT
SsMMBS56mu7w9P3tILLF+E3+524JhmTSL8NKSsImze0NwGEZW5jZARKitSlXoAXT
59vr7/ne/oonZv1+pTcqyrPBP09yeTLiElIO8dMG89JxsQcWUnpqMuCFMWTEZ18M
MXBUIOjsplGzqe0PhG9z6isSDznVSY8g4Xc/HTHoXFOhfyLKM8vP2OFeYncIbPF/
yV0OqTgnHIDLseVVXwmebk77BZb0HhSv5al1AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUUKxDTe5o7FfIDV/ZF3NFYNwIwPkwHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL1VLeERUZTVvN0ZmSURW
X1pGM05GWU53SXdQay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEADWTQxeXTH4Ffhj3mSLT/oz/OHAe9j4WI
bbkoNYOkGs0ZYq65/P1eNZd/3GH9iMV12Ol6gM2W0zJElS0Q6ZPlsjsTO1I/iLGj
P8YBD6+juu+OTyWtXJe8BuZY89mmWNW4xyoQTBrHyjVJ8myWtSs3Ka/OdVsJNYH1
k/CTRZpRwLifa39nGWTxSqxRHzmgj4CGdmx73zZE0kLuHeSLpuR/f85p+TpQuBCe
CSHz0XYydSr0pMXb6HIgBXSHMsLzBGXNvsOX7uG2WxANXdfV4my9NyHcHA4/A/rX
nANp7daBwouRRJXqsGo5HZoxFs/sWSCLDnFdtsshCdS1Yi94uvUn9g==
-----END CERTIFICATE-----
Generated at Mon Apr 1 19:41:25 2024 by rpki-client on console-ams.rpki-client.org