Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/cRESHTp5NhZHBm4nRc18CODM6fo.roa
File: cRESHTp5NhZHBm4nRc18CODM6fo.roa (raw, json)
Hash identifier: CRhifffQXZKwS0NuJvhn7uIKpPtRiDccgPw6r7zg9qg=
Subject key identifier: 71:11:12:1D:3A:79:36:16:47:06:6E:27:45:CD:7C:08:E0:CC:E9:FA
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 16E4
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/cRESHTp5NhZHBm4nRc18CODM6fo.roa
Signing time: Sun 21 Apr 2024 00:23:30 +0000
ROA not before: Sun 21 Apr 2024 00:23:30 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5860 (0x16e4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 21 00:23:30 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=7111121D3A79361647066E2745CD7C08E0CCE9FA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:69:bb:6b:1f:53:fd:44:2a:5d:d7:68:92:97:
06:24:f8:ca:82:9a:b0:4e:d7:92:91:d1:d6:eb:c1:
54:64:1b:b3:6e:9f:12:04:dd:b4:54:ae:cb:bc:7c:
2b:92:f3:16:2b:81:27:9d:4c:3c:d8:18:b7:85:50:
b8:3a:c8:0a:93:ef:b6:cf:88:a4:40:2c:2b:91:68:
ec:ae:ea:34:ea:2c:e9:9e:bc:23:40:ae:1f:2e:30:
06:ee:ab:0e:e3:8a:0f:df:a3:e2:dd:fd:22:3a:54:
35:01:91:b7:d1:87:1e:ed:d2:82:e3:2a:45:b1:1a:
6a:d8:99:e2:20:ab:47:ab:3c:15:40:c5:59:ed:ef:
d1:2c:63:52:e3:31:85:be:f0:27:28:f4:40:39:5e:
b0:8f:41:2a:15:96:db:1c:48:3d:cd:29:96:ee:ed:
9c:87:6a:71:3f:06:57:e4:52:70:03:1d:4a:ab:40:
23:97:18:32:b8:33:87:5e:b8:d6:52:67:1a:15:b5:
d6:c9:66:12:4d:88:d1:f6:e9:e4:eb:db:dd:25:68:
17:fc:19:c3:91:ee:92:ef:1a:d5:d1:6d:95:61:67:
84:fa:8a:2c:9d:3f:fa:5f:c5:3d:56:fb:16:df:97:
e4:b4:82:c1:ed:1a:97:05:12:1d:67:25:ee:3d:4f:
fd:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:11:12:1D:3A:79:36:16:47:06:6E:27:45:CD:7C:08:E0:CC:E9:FA
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/cRESHTp5NhZHBm4nRc18CODM6fo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
2a:30:63:d1:80:7f:64:19:45:7a:6b:d8:a6:68:2a:a7:16:94:
ff:29:78:f0:5f:52:ae:63:bf:12:e4:dc:73:02:44:90:2e:3d:
7d:35:f9:a2:58:09:42:e9:ab:a0:25:83:fc:3e:2b:5d:2a:f8:
60:15:54:1d:7a:dd:4c:bd:a7:20:94:6d:19:16:e7:ea:f1:26:
eb:45:d6:65:65:d0:4e:c8:e4:5d:6b:1d:4a:c7:89:9b:80:1f:
db:b9:8f:db:d5:bf:95:9f:49:aa:26:4d:f9:0b:50:f6:d5:76:
a1:32:ca:f3:68:53:b5:49:a3:74:bf:28:90:aa:aa:e2:a3:89:
8f:fb:73:de:97:f6:c1:e9:8b:8e:22:83:04:61:37:58:8d:99:
dc:e9:40:20:b9:d0:c3:37:ef:4e:36:b0:a7:67:39:ea:44:7b:
3f:28:a5:16:36:8c:07:a9:04:11:5e:97:0b:29:97:3a:b2:ed:
c5:43:25:0d:d1:cd:13:1f:5e:85:58:55:69:ab:78:21:24:e5:
a4:04:08:e8:3a:df:4b:b9:f7:9d:c1:f6:bc:31:f8:97:5e:62:
24:88:45:0d:28:11:ff:eb:ce:70:69:ed:a7:60:20:21:ad:e6:
af:ee:f5:81:91:f0:4a:84:b5:8b:75:e6:a4:61:49:00:11:b8:
38:b5:e1:ac
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICFuQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MjEw
MDIzMzBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDcxMTExMjFEM0E3OTM2
MTY0NzA2NkUyNzQ1Q0Q3QzA4RTBDQ0U5RkEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJabtrH1P9RCpd12iSlwYk+MqCmrBO15KR0dbrwVRkG7NunxIE
3bRUrsu8fCuS8xYrgSedTDzYGLeFULg6yAqT77bPiKRALCuRaOyu6jTqLOmevCNA
rh8uMAbuqw7jig/fo+Ld/SI6VDUBkbfRhx7t0oLjKkWxGmrYmeIgq0erPBVAxVnt
79EsY1LjMYW+8Cco9EA5XrCPQSoVltscSD3NKZbu7ZyHanE/BlfkUnADHUqrQCOX
GDK4M4deuNZSZxoVtdbJZhJNiNH26eTr290laBf8GcOR7pLvGtXRbZVhZ4T6iiyd
P/pfxT1W+xbfl+S0gsHtGpcFEh1nJe49T/3vAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUcRESHTp5NhZHBm4nRc18CODM6fowHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL2NSRVNIVHA1TmhaSEJt
NG5SYzE4Q09ETTZmby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEAKjBj0YB/ZBlFemvYpmgqpxaU/yl48F9S
rmO/EuTccwJEkC49fTX5olgJQumroCWD/D4rXSr4YBVUHXrdTL2nIJRtGRbn6vEm
60XWZWXQTsjkXWsdSseJm4Af27mP29W/lZ9JqiZN+QtQ9tV2oTLK82hTtUmjdL8o
kKqq4qOJj/tz3pf2wemLjiKDBGE3WI2Z3OlAILnQwzfvTjawp2c56kR7PyilFjaM
B6kEEV6XCymXOrLtxUMlDdHNEx9ehVhVaat4ISTlpAQI6DrfS7n3ncH2vDH4l15i
JIhFDSgR/+vOcGntp2AgIa3mr+71gZHwSoS1i3XmpGFJABG4OLXhrA==
-----END CERTIFICATE-----
Generated at Sun Apr 21 00:57:31 2024 by rpki-client on console-fra.rpki-client.org