Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/a8TK9YRMhXYGQgJwi3TnBrt6lNY.roa
File: a8TK9YRMhXYGQgJwi3TnBrt6lNY.roa (raw, json)
Hash identifier: TXalbBWgBzbeGD4tvC8Yi6e05Wk9Q+6ym6SlqVUy8Qs=
Subject key identifier: 6B:C4:CA:F5:84:4C:85:76:06:42:02:70:8B:74:E7:06:BB:7A:94:D6
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 14AC
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/a8TK9YRMhXYGQgJwi3TnBrt6lNY.roa
Signing time: Mon 15 Apr 2024 02:23:17 +0000
ROA not before: Mon 15 Apr 2024 02:23:17 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5292 (0x14ac)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 15 02:23:17 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=6BC4CAF5844C8576064202708B74E706BB7A94D6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:8b:77:37:92:06:33:67:5f:9d:b8:c3:bf:93:
23:f5:b9:b7:ca:26:09:b7:d8:6f:6a:46:15:da:f2:
55:5c:b8:86:15:f2:c7:84:a1:ec:c5:2c:c5:8d:55:
32:be:d1:d8:29:7d:0b:ef:fc:a9:aa:6a:bd:59:fc:
9d:c4:25:2a:cc:8d:91:59:7a:5d:b7:bf:4f:42:eb:
b5:84:92:88:d2:68:b2:bf:00:d4:20:43:79:5c:09:
a8:a4:59:a0:a6:34:ca:19:25:31:c0:a1:0f:90:17:
a4:48:16:89:6b:6c:72:9a:af:78:9c:d6:c3:00:a1:
08:ce:7a:30:f1:88:0c:f6:86:c9:18:07:b6:ba:48:
f2:c3:50:a3:6f:27:56:5c:2e:27:b4:7a:f1:3b:da:
78:29:2d:80:fb:f4:d9:df:4f:bb:5a:9c:ee:64:6f:
c4:4c:79:eb:f4:84:fd:14:a8:88:eb:68:cb:10:92:
1f:5e:0e:ec:ac:98:d3:cd:38:18:04:80:4b:eb:dc:
b5:47:0c:38:1a:59:52:d6:ba:ca:e4:64:72:ce:28:
3b:9b:6d:c4:55:f8:6d:09:69:3c:57:11:00:c1:af:
1a:be:bf:58:ee:54:55:68:cb:fa:8c:5f:3f:fc:c5:
5d:9b:0b:3f:4e:0b:79:82:98:ce:e4:39:04:5b:a0:
6f:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:C4:CA:F5:84:4C:85:76:06:42:02:70:8B:74:E7:06:BB:7A:94:D6
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/a8TK9YRMhXYGQgJwi3TnBrt6lNY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
b2:e0:8c:be:37:fe:ce:ba:cf:ec:8d:91:02:78:aa:a9:76:a4:
70:5f:0b:03:fb:3f:f5:0e:48:4a:6b:2e:42:10:c6:c9:7a:ed:
e3:e3:18:88:7c:ea:97:8c:30:c8:52:4a:db:7d:bf:cc:4d:d7:
7a:8b:bb:8f:65:ab:42:59:af:9b:54:26:74:4a:03:2d:af:80:
94:d8:55:27:28:3a:10:76:58:71:87:e1:33:12:ca:ab:f9:64:
e6:c7:5a:ba:fd:56:7b:cb:e0:9f:6e:1f:19:32:42:f4:d8:6b:
aa:3a:64:b4:90:5d:b4:16:bc:99:81:dd:6f:5a:24:98:db:a1:
c0:1a:0d:3a:7c:b2:0f:fb:f5:57:de:39:a6:c6:77:73:20:a5:
bd:13:ab:f8:6f:a0:a5:47:9b:ef:f7:37:10:61:31:5d:ac:37:
2d:93:7d:34:cf:56:22:01:6c:e7:1f:da:09:d6:87:48:22:6c:
4e:48:45:10:69:cf:1d:67:6e:0b:af:ce:1e:03:9d:bd:18:fe:
31:20:31:0f:43:66:6f:c5:c2:0b:24:43:a4:95:3f:ae:44:34:
9e:3d:00:65:38:b8:a1:d7:83:0e:70:9a:5f:10:31:0e:da:bf:
93:7e:3a:d0:d4:d1:54:70:7b:13:60:ff:68:82:cb:3d:68:6e:
8a:d3:af:50
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICFKwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MTUw
MjIzMTdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDZCQzRDQUY1ODQ0Qzg1
NzYwNjQyMDI3MDhCNzRFNzA2QkI3QTk0RDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCri3c3kgYzZ1+duMO/kyP1ubfKJgm32G9qRhXa8lVcuIYV8seE
oezFLMWNVTK+0dgpfQvv/Kmqar1Z/J3EJSrMjZFZel23v09C67WEkojSaLK/ANQg
Q3lcCaikWaCmNMoZJTHAoQ+QF6RIFolrbHKar3ic1sMAoQjOejDxiAz2hskYB7a6
SPLDUKNvJ1ZcLie0evE72ngpLYD79NnfT7tanO5kb8RMeev0hP0UqIjraMsQkh9e
DuysmNPNOBgEgEvr3LVHDDgaWVLWusrkZHLOKDubbcRV+G0JaTxXEQDBrxq+v1ju
VFVoy/qMXz/8xV2bCz9OC3mCmM7kOQRboG8tAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUa8TK9YRMhXYGQgJwi3TnBrt6lNYwHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL2E4VEs5WVJNaFhZR1Fn
SndpM1RuQnJ0NmxOWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEAsuCMvjf+zrrP7I2RAniqqXakcF8LA/s/
9Q5ISmsuQhDGyXrt4+MYiHzql4wwyFJK232/zE3Xeou7j2WrQlmvm1QmdEoDLa+A
lNhVJyg6EHZYcYfhMxLKq/lk5sdauv1We8vgn24fGTJC9NhrqjpktJBdtBa8mYHd
b1okmNuhwBoNOnyyD/v1V945psZ3cyClvROr+G+gpUeb7/c3EGExXaw3LZN9NM9W
IgFs5x/aCdaHSCJsTkhFEGnPHWduC6/OHgOdvRj+MSAxD0Nmb8XCCyRDpJU/rkQ0
nj0AZTi4odeDDnCaXxAxDtq/k3460NTRVHB7E2D/aILLPWhuitOvUA==
-----END CERTIFICATE-----
Generated at Mon Apr 15 03:46:08 2024 by rpki-client on console-fra.rpki-client.org