Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/XFL-SNXuy-HngO0GlAN9M4XImfw.roa
File: XFL-SNXuy-HngO0GlAN9M4XImfw.roa (raw, json)
Hash identifier: 2UVmwd3+MC7UHvHEb+WVeeXPR8+9Jm1pOgnMkNAnZ1E=
Subject key identifier: 5C:52:FE:48:D5:EE:CB:E1:E7:80:ED:06:94:03:7D:33:85:C8:99:FC
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 0F12
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/XFL-SNXuy-HngO0GlAN9M4XImfw.roa
Signing time: Sun 31 Mar 2024 03:52:40 +0000
ROA not before: Sun 31 Mar 2024 03:52:40 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3858 (0xf12)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Mar 31 03:52:40 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5C52FE48D5EECBE1E780ED0694037D3385C899FC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:0c:82:8b:98:e4:ec:5e:c2:73:94:a9:b1:59:
01:1e:c4:ef:59:27:d1:36:e0:db:59:5a:bf:b8:c4:
71:ab:68:0a:cf:9b:5b:29:eb:10:86:a6:eb:7b:28:
6c:47:6f:6e:ae:40:cc:cc:28:50:bd:dc:b2:6b:3c:
c8:cb:cf:5d:da:50:00:24:c6:29:92:90:52:da:2f:
95:eb:bf:8f:44:cf:cd:1c:33:f7:84:6d:d7:af:ec:
5e:e3:6b:83:91:64:83:fc:b5:9a:36:d1:69:cd:1c:
f2:96:3f:a3:07:75:a9:5e:30:b4:c7:d9:fa:c8:ae:
07:66:d4:58:40:98:d4:04:f1:a0:a6:e0:a5:91:73:
dd:27:b5:32:f2:7d:8a:8a:43:d8:7d:98:ba:07:58:
00:6b:fb:ba:e4:c9:1e:b8:27:94:6f:63:05:b5:e7:
04:b5:1a:fa:a6:4e:a4:ae:7b:0e:04:fd:11:24:4b:
00:c4:c7:4d:cf:65:29:69:6e:cd:cc:a8:e4:70:7c:
35:d9:eb:3b:8d:52:80:f7:0c:4d:a5:e9:ae:6c:49:
fa:8a:87:1d:81:a5:39:57:9c:73:fa:66:dc:5d:5d:
5a:d4:35:24:fd:28:20:e8:3e:21:ec:fa:cd:61:8c:
13:e5:cc:c4:72:20:50:fa:d1:d4:30:d5:5f:c9:5e:
b0:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:52:FE:48:D5:EE:CB:E1:E7:80:ED:06:94:03:7D:33:85:C8:99:FC
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/XFL-SNXuy-HngO0GlAN9M4XImfw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
5c:62:d2:f2:ef:4c:11:d2:30:72:01:46:01:a4:62:2c:73:6d:
88:6a:00:55:cc:5c:65:af:8c:c7:d6:ef:29:7c:eb:47:05:a7:
96:c5:c1:73:ef:26:89:32:f4:8f:3e:55:2a:ea:11:a3:96:0e:
63:10:9f:b5:ba:82:df:81:e4:96:7e:fb:8b:20:3f:8f:40:6e:
b9:d9:c3:8a:16:f0:f5:52:ac:0d:10:a3:8b:bd:c4:23:62:de:
54:50:ae:8a:ff:e7:bc:5d:8f:2d:4b:1c:cb:7c:e3:51:b3:45:
8c:e4:42:ca:96:a2:33:01:98:5b:60:d0:2c:8a:16:da:c2:d2:
c9:88:9a:7d:98:a0:07:00:e1:bd:48:4a:c1:38:69:63:9a:20:
7f:51:a9:d8:4f:bc:d3:ff:4e:27:97:77:3f:f3:7f:ba:e6:d9:
2a:f7:60:3b:13:77:cc:87:a9:b4:f7:05:60:73:aa:ba:24:0b:
24:dc:60:32:42:38:dc:2e:43:5f:a0:5d:60:86:f7:94:2a:40:
8a:32:6b:48:8f:7f:15:ed:bc:11:5a:28:2b:2c:2a:4d:58:a5:
f7:e3:20:68:dc:67:a1:7a:99:0c:db:a2:69:05:7c:e0:8a:df:
d1:03:85:84:d3:fc:35:1b:9e:4e:81:70:27:1a:f8:4a:2e:6e:
4d:4d:9f:fa
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICDxIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDAzMzEw
MzUyNDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDVDNTJGRTQ4RDVFRUNC
RTFFNzgwRUQwNjk0MDM3RDMzODVDODk5RkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDiDIKLmOTsXsJzlKmxWQEexO9ZJ9E24NtZWr+4xHGraArPm1sp
6xCGput7KGxHb26uQMzMKFC93LJrPMjLz13aUAAkximSkFLaL5Xrv49Ez80cM/eE
bdev7F7ja4ORZIP8tZo20WnNHPKWP6MHdaleMLTH2frIrgdm1FhAmNQE8aCm4KWR
c90ntTLyfYqKQ9h9mLoHWABr+7rkyR64J5RvYwW15wS1GvqmTqSuew4E/REkSwDE
x03PZSlpbs3MqORwfDXZ6zuNUoD3DE2l6a5sSfqKhx2BpTlXnHP6ZtxdXVrUNST9
KCDoPiHs+s1hjBPlzMRyIFD60dQw1V/JXrCDAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUXFL+SNXuy+HngO0GlAN9M4XImfwwHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL1hGTC1TTlh1eS1IbmdP
MEdsQU45TTRYSW1mdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEAXGLS8u9MEdIwcgFGAaRiLHNtiGoAVcxc
Za+Mx9bvKXzrRwWnlsXBc+8miTL0jz5VKuoRo5YOYxCftbqC34Hkln77iyA/j0Bu
udnDihbw9VKsDRCji73EI2LeVFCuiv/nvF2PLUscy3zjUbNFjORCypaiMwGYW2DQ
LIoW2sLSyYiafZigBwDhvUhKwThpY5ogf1Gp2E+80/9OJ5d3P/N/uubZKvdgOxN3
zIeptPcFYHOquiQLJNxgMkI43C5DX6BdYIb3lCpAijJrSI9/Fe28EVooKywqTVil
9+MgaNxnoXqZDNuiaQV84Irf0QOFhNP8NRueToFwJxr4Si5uTU2f+g==
-----END CERTIFICATE-----
Generated at Sun Mar 31 05:05:44 2024 by rpki-client on console-ams.rpki-client.org