Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/hmsnjTeveSbLBKVsTRofCQZqcNI.roa
File: hmsnjTeveSbLBKVsTRofCQZqcNI.roa (raw, json)
Hash identifier: hPgz+Jek4BB/vpUTvhs548xeLcAFNfytgJtEuSSnLr4=
Subject key identifier: 86:6B:27:8D:37:AF:79:26:CB:04:A5:6C:4D:1A:1F:09:06:6A:70:D2
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 13DC
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/hmsnjTeveSbLBKVsTRofCQZqcNI.roa
Signing time: Fri 12 Apr 2024 22:23:15 +0000
ROA not before: Fri 12 Apr 2024 22:23:15 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5084 (0x13dc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 12 22:23:15 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=866B278D37AF7926CB04A56C4D1A1F09066A70D2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:7c:81:35:7a:d4:1e:11:ec:14:70:97:57:de:
50:29:a6:7f:98:82:16:c9:6e:c0:68:fb:9d:eb:f8:
b2:3a:8f:04:68:87:a8:fb:64:4b:90:15:48:bc:55:
79:46:10:47:45:de:8c:69:42:81:ab:a8:28:f1:cd:
a7:5c:5c:9e:1b:28:28:67:9e:e2:8e:ae:e4:23:df:
1f:f4:4a:a4:a8:85:54:ee:d9:58:0e:bb:0f:b7:b7:
2f:11:f0:e0:43:7d:81:a2:db:b4:5e:ee:93:cd:28:
d6:a4:c5:79:4f:76:7a:01:7f:70:3f:22:1f:2f:2f:
6a:d0:68:7e:10:50:a5:99:c1:58:ef:bb:38:5a:e8:
d9:85:c4:32:57:19:34:cf:40:87:04:2a:e6:f1:17:
5b:a2:0a:8f:86:24:3c:10:f2:4b:a2:99:d4:44:82:
e0:30:7b:a3:fb:4a:2c:06:cb:68:28:ad:f1:63:fe:
b6:7a:98:7f:cf:eb:af:44:b1:85:9d:07:cd:90:0c:
d5:9c:be:60:04:7a:79:bb:b1:5c:d6:54:4e:37:37:
b4:75:1a:5b:43:19:25:ab:b6:f9:7c:05:8e:5f:f7:
d7:95:32:7d:31:ec:3b:5c:92:6b:6a:94:02:0f:b4:
01:b0:e4:f9:b0:ee:e3:7a:63:3e:89:c8:93:e7:40:
88:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:6B:27:8D:37:AF:79:26:CB:04:A5:6C:4D:1A:1F:09:06:6A:70:D2
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/hmsnjTeveSbLBKVsTRofCQZqcNI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
48:f1:99:06:fa:f5:54:0b:5e:ba:16:8a:70:0e:05:12:87:0b:
ea:72:89:47:e6:7f:92:56:ad:7b:cf:96:eb:90:a9:80:50:9e:
91:39:b8:03:63:cd:ae:8f:bb:35:27:17:d8:a0:8e:2e:7e:69:
4b:8c:ce:dd:6b:05:26:66:e4:5b:b4:ee:0e:ba:a3:80:4a:fe:
bf:6d:53:90:f6:c5:1d:32:35:1f:ae:a8:01:63:65:c6:6b:ce:
d8:fe:ad:28:c4:b0:32:84:8d:c7:62:25:11:41:c3:fe:dd:1f:
ad:99:a3:f6:a7:98:4f:8b:5c:0f:37:49:24:ce:60:81:25:35:
67:89:c9:5b:6e:01:90:4d:8d:ef:fe:1c:56:7c:05:be:58:65:
de:80:7c:d6:79:e2:2f:6c:a2:6c:50:d0:24:27:f0:b9:1d:c4:
f7:52:4a:ea:70:ce:9e:db:5a:bc:c5:45:d9:83:2f:22:25:b6:
8b:33:92:df:11:f4:f9:6e:14:43:67:26:c4:e3:e8:28:05:8f:
29:16:b6:e3:8c:d6:30:34:52:f1:aa:07:60:fb:50:16:48:aa:
6e:04:3b:61:2d:e0:27:f1:20:49:c5:55:ce:0c:65:13:7d:13:
d9:01:74:7a:80:8c:fc:0b:4e:86:23:4c:2e:5c:58:e0:89:fe:
0d:c7:28:db
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICE9wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MTIy
MjIzMTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDg2NkIyNzhEMzdBRjc5
MjZDQjA0QTU2QzREMUExRjA5MDY2QTcwRDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC0fIE1etQeEewUcJdX3lAppn+YghbJbsBo+53r+LI6jwRoh6j7
ZEuQFUi8VXlGEEdF3oxpQoGrqCjxzadcXJ4bKChnnuKOruQj3x/0SqSohVTu2VgO
uw+3ty8R8OBDfYGi27Re7pPNKNakxXlPdnoBf3A/Ih8vL2rQaH4QUKWZwVjvuzha
6NmFxDJXGTTPQIcEKubxF1uiCo+GJDwQ8kuimdREguAwe6P7SiwGy2gorfFj/rZ6
mH/P669EsYWdB82QDNWcvmAEenm7sVzWVE43N7R1GltDGSWrtvl8BY5f99eVMn0x
7DtckmtqlAIPtAGw5Pmw7uN6Yz6JyJPnQIgnAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUhmsnjTeveSbLBKVsTRofCQZqcNIwHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL2htc25qVGV2ZVNiTEJL
VnNUUm9mQ1FacWNOSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEASPGZBvr1VAteuhaKcA4FEocL6nKJR+Z/
klate8+W65CpgFCekTm4A2PNro+7NScX2KCOLn5pS4zO3WsFJmbkW7TuDrqjgEr+
v21TkPbFHTI1H66oAWNlxmvO2P6tKMSwMoSNx2IlEUHD/t0frZmj9qeYT4tcDzdJ
JM5ggSU1Z4nJW24BkE2N7/4cVnwFvlhl3oB81nniL2yibFDQJCfwuR3E91JK6nDO
nttavMVF2YMvIiW2izOS3xH0+W4UQ2cmxOPoKAWPKRa244zWMDRS8aoHYPtQFkiq
bgQ7YS3gJ/EgScVVzgxlE30T2QF0eoCM/AtOhiNMLlxY4In+Dcco2w==
-----END CERTIFICATE-----
Generated at Fri Apr 12 23:43:48 2024 by rpki-client on console-fra.rpki-client.org