Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/Zw2KaX1oCfh8Oypr2Z7lnaAruqM.roa
File: Zw2KaX1oCfh8Oypr2Z7lnaAruqM.roa (raw, json)
Hash identifier: FwQ2bU4wCC9hY59RqH49sneJmy5cpKVIfWwskDXIxKM=
Subject key identifier: 67:0D:8A:69:7D:68:09:F8:7C:3B:2A:6B:D9:9E:E5:9D:A0:2B:BA:A3
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 1C62
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/Zw2KaX1oCfh8Oypr2Z7lnaAruqM.roa
Signing time: Sun 05 May 2024 15:54:15 +0000
ROA not before: Sun 05 May 2024 15:54:15 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7266 (0x1c62)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: May 5 15:54:15 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=670D8A697D6809F87C3B2A6BD99EE59DA02BBAA3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:05:63:96:5c:31:77:51:65:74:52:4d:5b:2b:
93:9c:2d:3a:f3:29:90:b8:d9:c5:86:cb:d6:8a:78:
27:03:b0:10:fb:b5:f9:f4:08:e4:5f:93:0a:32:79:
7a:59:38:6f:be:f2:01:fd:d7:be:d0:a0:39:af:ff:
f3:8a:15:a5:41:45:c6:54:fe:ba:18:33:b9:22:e6:
5c:95:2b:b3:62:ea:ff:b0:c5:8d:86:15:27:5e:ce:
8c:f5:e8:72:dd:81:a7:66:a5:e1:33:e7:96:8b:00:
9e:a7:e4:8c:11:8c:94:e8:04:8a:59:ae:4c:ec:cd:
27:8b:76:61:4e:c5:43:de:6e:81:83:b0:66:da:67:
15:a2:6f:39:8a:34:6f:87:5e:16:6f:7a:87:77:08:
cb:aa:25:93:dd:74:47:4e:d3:c2:47:5d:ec:0d:67:
dc:6b:c6:f9:cc:2d:92:9f:2f:cf:56:72:f8:8c:d8:
1f:a7:f6:f9:02:af:4e:a2:46:38:03:32:15:7e:5c:
4a:1e:38:aa:61:5a:36:75:61:ac:30:82:fc:82:f0:
52:70:ff:db:e1:2c:38:b9:09:18:bb:cc:7d:dc:24:
f4:75:e6:b1:17:ae:fc:eb:8a:bc:6d:46:83:68:3c:
76:7b:31:39:9a:96:8c:1b:c8:8f:9a:5e:9e:d2:8f:
ac:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:0D:8A:69:7D:68:09:F8:7C:3B:2A:6B:D9:9E:E5:9D:A0:2B:BA:A3
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/Zw2KaX1oCfh8Oypr2Z7lnaAruqM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
09:d1:7e:5e:aa:a6:8f:8f:ff:ca:d3:38:15:f0:59:09:99:11:
4a:d2:fc:d7:8e:3c:75:42:ef:2d:a9:81:f5:9d:40:ef:e8:6d:
4a:fb:86:49:14:40:39:f4:fd:41:9c:92:0e:78:f4:c2:0e:d6:
51:e7:42:20:2a:50:a7:aa:94:db:5d:06:bf:1e:a2:22:b5:f6:
8e:41:3d:95:28:7c:bd:b1:e8:17:97:09:4c:f0:04:9f:43:5e:
63:4e:8a:ac:ce:df:61:93:4c:fb:ba:b2:b9:65:0f:08:27:9c:
1c:a8:25:ad:72:27:73:c3:21:2f:09:60:19:42:a5:cd:fe:77:
f4:12:e6:a7:01:50:9a:9e:eb:cf:ca:42:5a:86:d2:59:d4:6a:
33:c9:70:eb:ec:01:fa:f8:1f:c7:4e:7e:d9:9e:5c:86:2c:11:
af:14:d1:0d:19:ac:fe:da:17:b9:1e:ca:58:1e:e6:18:2b:2c:
54:15:2a:9d:1b:a5:77:da:f2:c4:52:f2:28:61:50:d1:e6:56:
85:9c:5f:d2:6b:b9:2d:ae:9a:b8:d8:83:6b:cc:64:8e:33:32:
32:8d:3c:e5:ca:a1:0d:a7:1a:e2:9b:78:02:60:21:57:f2:44:
5f:7f:c6:a0:42:e6:42:ab:13:78:2a:df:25:4b:c8:df:fc:00:
ae:c7:36:a9
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICHGIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA1MDUx
NTU0MTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDY3MEQ4QTY5N0Q2ODA5
Rjg3QzNCMkE2QkQ5OUVFNTlEQTAyQkJBQTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC8BWOWXDF3UWV0Uk1bK5OcLTrzKZC42cWGy9aKeCcDsBD7tfn0
CORfkwoyeXpZOG++8gH9177QoDmv//OKFaVBRcZU/roYM7ki5lyVK7Ni6v+wxY2G
FSdezoz16HLdgadmpeEz55aLAJ6n5IwRjJToBIpZrkzszSeLdmFOxUPeboGDsGba
ZxWibzmKNG+HXhZveod3CMuqJZPddEdO08JHXewNZ9xrxvnMLZKfL89WcviM2B+n
9vkCr06iRjgDMhV+XEoeOKphWjZ1YawwgvyC8FJw/9vhLDi5CRi7zH3cJPR15rEX
rvzrirxtRoNoPHZ7MTmalowbyI+aXp7Sj6xRAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUZw2KaX1oCfh8Oypr2Z7lnaAruqMwHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL1p3MkthWDFvQ2ZoOE95
cHIyWjdsbmFBcnVxTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEACdF+Xqqmj4//ytM4FfBZCZkRStL81448
dULvLamB9Z1A7+htSvuGSRRAOfT9QZySDnj0wg7WUedCICpQp6qU210Gvx6iIrX2
jkE9lSh8vbHoF5cJTPAEn0NeY06KrM7fYZNM+7qyuWUPCCecHKglrXInc8MhLwlg
GUKlzf539BLmpwFQmp7rz8pCWobSWdRqM8lw6+wB+vgfx05+2Z5chiwRrxTRDRms
/toXuR7KWB7mGCssVBUqnRuld9ryxFLyKGFQ0eZWhZxf0mu5La6auNiDa8xkjjMy
Mo085cqhDaca4pt4AmAhV/JEX3/GoELmQqsTeCrfJUvI3/wArsc2qQ==
-----END CERTIFICATE-----
Generated at Sun May 5 17:55:40 2024 by rpki-client on console-fra.rpki-client.org