Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/W_643KSbHzwL3xbulOsvllH5zDs.roa
File: W_643KSbHzwL3xbulOsvllH5zDs.roa (raw, json)
Hash identifier: 5/wum7QrYGOmimVc/W9JumbOC4dBgQwUDSbN6TYM080=
Subject key identifier: 5B:FE:B8:DC:A4:9B:1F:3C:0B:DF:16:EE:94:EB:2F:96:51:F9:CC:3B
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 1440
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/W_643KSbHzwL3xbulOsvllH5zDs.roa
Signing time: Sat 13 Apr 2024 23:23:17 +0000
ROA not before: Sat 13 Apr 2024 23:23:17 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5184 (0x1440)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 13 23:23:17 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5BFEB8DCA49B1F3C0BDF16EE94EB2F9651F9CC3B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f8:35:19:40:ba:b0:fc:28:23:0e:9c:30:85:52:
a3:0c:30:d7:24:60:ab:2c:7f:07:63:4e:91:d9:ae:
d1:75:88:1b:f7:80:ad:41:69:19:9c:14:63:60:c9:
fb:89:7f:b9:12:7a:b5:b4:b0:ad:0f:e0:d9:3c:79:
7a:a8:5a:a1:b5:6f:96:21:3e:f7:bf:00:07:7d:22:
dd:cd:bd:68:26:ad:e9:e4:8f:10:37:4b:6e:13:d0:
1f:2c:02:c1:dd:de:9f:81:83:4d:f0:7a:21:31:c3:
ba:80:f3:6c:63:b5:60:ba:61:6f:81:ac:7b:51:76:
b3:2d:e2:7a:8d:67:28:fb:ca:f4:1b:54:70:7c:85:
69:69:f4:77:51:d0:65:d5:e4:8d:f9:d3:7d:d5:22:
d1:cf:d6:fd:b6:87:4b:36:a2:75:31:3a:61:a3:7e:
c6:f8:06:ad:59:a1:42:6a:6a:37:28:a0:3a:1e:25:
b3:39:e2:c1:df:23:f8:9f:59:b9:aa:27:6e:35:bf:
80:79:bb:14:f1:5f:40:6a:35:37:89:7c:0e:ed:48:
4b:bd:06:14:01:d8:98:c4:2c:cd:b7:ef:8f:6b:3e:
e7:ad:d2:7e:37:b8:14:23:7a:fb:c1:e5:1e:aa:06:
19:1c:be:5b:4c:ae:33:8b:eb:69:91:c1:16:97:5a:
ea:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:FE:B8:DC:A4:9B:1F:3C:0B:DF:16:EE:94:EB:2F:96:51:F9:CC:3B
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/W_643KSbHzwL3xbulOsvllH5zDs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a7:c0:50:86:12:f5:7d:70:01:14:23:cf:4b:ed:1e:61:22:c8:
6a:d3:9c:21:17:2f:2e:2f:71:68:dd:64:72:a1:3a:1a:95:e6:
6b:4a:4c:ed:8a:78:53:14:0a:a7:7e:33:11:f2:f5:e6:da:e7:
41:b8:6c:a5:3f:b5:a2:ff:46:84:e8:22:d9:e8:44:72:87:c9:
e7:e5:0d:72:43:e7:4e:18:90:07:a5:fd:a2:41:a0:b1:92:27:
55:24:97:69:79:38:bd:5f:8c:96:e4:12:36:24:99:db:7b:00:
67:5c:a8:a3:c0:0f:47:a4:8d:c4:8d:5a:ce:5f:29:4e:0e:45:
0b:af:13:5e:cd:4e:43:72:b4:16:81:58:24:4a:92:ec:74:19:
d4:1b:c4:c1:1f:2d:03:d4:55:90:dd:66:4b:b9:9d:d3:63:e8:
e4:75:97:03:63:e5:ab:4c:51:ab:5f:94:56:78:b1:0d:45:cf:
0d:36:a6:b1:3d:9d:36:14:85:bc:ff:01:99:ff:6b:85:40:c9:
a5:e6:5c:ad:ac:30:d9:bc:89:6c:ca:82:7a:a8:1e:f3:3b:d0:
d6:63:0c:1a:9d:2d:42:c8:56:cc:11:d4:c0:93:59:66:e7:7d:
76:d4:2d:d6:75:bc:1c:1b:5c:83:f9:eb:33:e9:8a:02:7a:ce:
5a:92:17:89
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICFEAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MTMy
MzIzMTdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDVCRkVCOERDQTQ5QjFG
M0MwQkRGMTZFRTk0RUIyRjk2NTFGOUNDM0IwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD4NRlAurD8KCMOnDCFUqMMMNckYKssfwdjTpHZrtF1iBv3gK1B
aRmcFGNgyfuJf7kSerW0sK0P4Nk8eXqoWqG1b5YhPve/AAd9It3NvWgmrenkjxA3
S24T0B8sAsHd3p+Bg03weiExw7qA82xjtWC6YW+BrHtRdrMt4nqNZyj7yvQbVHB8
hWlp9HdR0GXV5I35033VItHP1v22h0s2onUxOmGjfsb4Bq1ZoUJqajcooDoeJbM5
4sHfI/ifWbmqJ241v4B5uxTxX0BqNTeJfA7tSEu9BhQB2JjELM23749rPuet0n43
uBQjevvB5R6qBhkcvltMrjOL62mRwRaXWupfAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUW/643KSbHzwL3xbulOsvllH5zDswHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL1dfNjQzS1NiSHp3TDN4
YnVsT3N2bGxINXpEcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEAp8BQhhL1fXABFCPPS+0eYSLIatOcIRcv
Li9xaN1kcqE6GpXma0pM7Yp4UxQKp34zEfL15trnQbhspT+1ov9GhOgi2ehEcofJ
5+UNckPnThiQB6X9okGgsZInVSSXaXk4vV+MluQSNiSZ23sAZ1yoo8APR6SNxI1a
zl8pTg5FC68TXs1OQ3K0FoFYJEqS7HQZ1BvEwR8tA9RVkN1mS7md02Po5HWXA2Pl
q0xRq1+UVnixDUXPDTamsT2dNhSFvP8Bmf9rhUDJpeZcraww2byJbMqCeqge8zvQ
1mMMGp0tQshWzBHUwJNZZud9dtQt1nW8HBtcg/nrM+mKAnrOWpIXiQ==
-----END CERTIFICATE-----
Generated at Sun Apr 14 03:21:09 2024 by rpki-client on console-fra.rpki-client.org