Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/crstSOdRaJe7MGqyvuCvq3nDwRA.roa
File: crstSOdRaJe7MGqyvuCvq3nDwRA.roa (raw, json)
Hash identifier: XFOLx3pGUrt23kbx4Rb3sKTWa3au8Z+sZbJVQft3ZGU=
Subject key identifier: 72:BB:2D:48:E7:51:68:97:BB:30:6A:B2:BE:E0:AF:AB:79:C3:C1:10
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 1BEC
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/crstSOdRaJe7MGqyvuCvq3nDwRA.roa
Signing time: Sat 04 May 2024 10:24:10 +0000
ROA not before: Sat 04 May 2024 10:24:10 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7148 (0x1bec)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: May 4 10:24:10 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=72BB2D48E7516897BB306AB2BEE0AFAB79C3C110
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:af:70:c8:62:b2:1f:23:54:56:68:d5:1c:1d:
a3:32:7c:a8:63:6b:6e:dd:d2:5f:a5:7f:25:fd:83:
d3:46:2b:05:90:7b:05:8d:9d:19:cd:8c:18:8e:e4:
b2:57:f6:c8:b6:ce:50:19:d7:04:58:03:e6:fd:0b:
4c:de:f4:25:be:19:d2:3a:9d:28:6a:a4:9a:32:c9:
f2:d6:dc:b4:f9:bd:3f:a8:0a:ff:33:89:d1:9b:90:
9b:b6:27:dc:87:d2:a6:f5:d6:8d:d5:c3:57:dc:9e:
db:39:75:d5:dd:1a:5e:ed:39:d5:fd:64:f9:6c:c8:
7f:6a:b8:cf:23:2f:6d:b5:c4:e6:c7:6e:97:97:1b:
b7:37:fd:fd:72:0a:7a:d5:b7:59:87:12:0d:d5:82:
31:95:7a:35:e8:81:a2:7d:75:6e:0d:d8:88:a8:d3:
ef:66:a1:69:23:f7:3a:f8:1c:df:78:50:af:a6:0d:
17:6c:06:94:a9:13:61:b0:c7:38:30:e8:c6:a5:7e:
b2:5c:de:9c:03:98:f3:f7:0b:63:9c:09:5a:75:a7:
1d:c5:93:ff:d7:98:5d:2c:27:c2:96:36:d6:30:6b:
77:d4:4f:cf:51:61:42:40:28:40:d2:b5:b0:e4:02:
72:e9:e2:f9:22:a1:95:fa:94:75:78:a0:01:50:fc:
b0:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:BB:2D:48:E7:51:68:97:BB:30:6A:B2:BE:E0:AF:AB:79:C3:C1:10
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/crstSOdRaJe7MGqyvuCvq3nDwRA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
4b:54:55:a4:61:d7:9e:21:6b:de:1e:fd:35:5a:de:a4:34:a3:
40:e4:c7:41:c2:e5:a5:31:63:60:ac:36:a2:d6:d1:23:70:3a:
8d:02:c3:7f:5b:a2:7a:5c:44:d6:bc:94:ca:8e:5d:2e:b0:e5:
66:86:47:78:da:a9:59:c9:fc:5e:19:68:f8:4b:1d:b0:eb:96:
4c:5c:3c:73:c5:f3:6d:1e:79:2d:fd:49:50:2e:b2:bc:36:7a:
9f:c4:4b:f0:1b:06:43:f5:0c:67:f8:71:7a:46:6d:14:0a:57:
29:04:13:a3:ef:55:8b:94:33:e0:6f:97:e4:65:98:ac:fa:b6:
c2:b2:28:1d:dd:12:d7:19:9a:59:38:89:57:a5:27:b9:02:a1:
92:e1:a0:95:24:8b:2d:c7:4f:5d:08:cd:0d:0e:60:62:5d:fe:
0c:64:1b:ef:8a:d7:9e:6d:da:c5:10:3b:d3:21:1d:8a:92:be:
25:6a:7f:90:f7:e8:6f:86:2d:46:c3:7e:70:cd:bb:59:3b:c9:
4f:54:7e:98:cb:24:e9:5e:e7:73:a3:4a:b8:df:03:f6:07:63:
53:23:29:ad:fe:72:b0:56:48:aa:33:52:4e:4f:4c:58:40:4a:
44:04:b6:3c:46:9d:50:80:a0:d7:02:85:fe:c8:ce:96:96:b9:
e6:c5:90:4e
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICG+wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA1MDQx
MDI0MTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDcyQkIyRDQ4RTc1MTY4
OTdCQjMwNkFCMkJFRTBBRkFCNzlDM0MxMTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCRr3DIYrIfI1RWaNUcHaMyfKhja27d0l+lfyX9g9NGKwWQewWN
nRnNjBiO5LJX9si2zlAZ1wRYA+b9C0ze9CW+GdI6nShqpJoyyfLW3LT5vT+oCv8z
idGbkJu2J9yH0qb11o3Vw1fcnts5ddXdGl7tOdX9ZPlsyH9quM8jL221xObHbpeX
G7c3/f1yCnrVt1mHEg3VgjGVejXogaJ9dW4N2Iio0+9moWkj9zr4HN94UK+mDRds
BpSpE2Gwxzgw6MalfrJc3pwDmPP3C2OcCVp1px3Fk//XmF0sJ8KWNtYwa3fUT89R
YUJAKEDStbDkAnLp4vkioZX6lHV4oAFQ/LCVAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUcrstSOdRaJe7MGqyvuCvq3nDwRAwHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL2Nyc3RTT2RSYUplN01H
cXl2dUN2cTNuRHdSQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEAS1RVpGHXniFr3h79NVrepDSjQOTHQcLl
pTFjYKw2otbRI3A6jQLDf1uielxE1ryUyo5dLrDlZoZHeNqpWcn8Xhlo+EsdsOuW
TFw8c8XzbR55Lf1JUC6yvDZ6n8RL8BsGQ/UMZ/hxekZtFApXKQQTo+9Vi5Qz4G+X
5GWYrPq2wrIoHd0S1xmaWTiJV6UnuQKhkuGglSSLLcdPXQjNDQ5gYl3+DGQb74rX
nm3axRA70yEdipK+JWp/kPfob4YtRsN+cM27WTvJT1R+mMsk6V7nc6NKuN8D9gdj
UyMprf5ysFZIqjNSTk9MWEBKRAS2PEadUICg1wKF/sjOlpa55sWQTg==
-----END CERTIFICATE-----
Generated at Sat May 4 12:14:24 2024 by rpki-client on console-ams.rpki-client.org