Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/ivxMOaICaHZONIM6d__ozJfKq8o.roa
File: ivxMOaICaHZONIM6d__ozJfKq8o.roa (raw, json)
Hash identifier: UTbqwpIfSC+dBATO7GPC2eAuaeK+2+nXFjl1oFyaeeU=
Subject key identifier: 8A:FC:4C:39:A2:02:68:76:4E:34:83:3A:77:FF:E8:CC:97:CA:AB:CA
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 1C6A
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/ivxMOaICaHZONIM6d__ozJfKq8o.roa
Signing time: Sun 05 May 2024 17:54:16 +0000
ROA not before: Sun 05 May 2024 17:54:16 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7274 (0x1c6a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: May 5 17:54:16 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8AFC4C39A20268764E34833A77FFE8CC97CAABCA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:3f:52:20:c5:1b:10:be:81:0d:bd:3f:09:94:
45:39:59:61:6c:86:d0:80:f5:7a:5e:4e:46:01:58:
15:6e:4b:47:55:48:ae:86:d6:ba:56:04:21:6e:9f:
bf:cb:b8:5a:26:e9:1a:d0:1e:26:1c:97:f7:72:72:
1c:48:b2:91:e1:e7:1a:94:b3:9c:70:3d:cc:79:46:
7a:d6:53:80:c9:5b:31:c6:99:e7:82:82:57:a7:79:
03:35:a8:07:fc:f4:ae:6f:c0:68:d0:d9:23:9d:c6:
76:16:4f:83:6b:ea:74:f1:a2:28:38:08:d6:98:ca:
1c:77:2e:ab:ba:91:42:5a:b7:c7:3f:e7:46:2f:0d:
e3:aa:1a:0c:57:4e:91:8a:41:d9:83:47:23:0d:6f:
b0:c7:bc:fa:18:0f:b8:12:d6:8e:f7:39:f5:dc:21:
25:6d:40:d5:b6:c5:f1:8c:49:bf:86:a8:68:15:1f:
93:a9:1a:2f:ec:c9:33:36:fc:1f:59:73:3c:01:33:
c6:52:bf:95:f4:19:fa:99:ed:85:97:f7:8f:11:7b:
17:ff:b5:24:43:d0:bd:fc:28:1f:d7:bd:34:6f:53:
e5:df:14:23:61:6a:62:f9:69:0a:c9:76:8f:76:19:
89:8e:b0:47:57:14:28:1c:4c:01:11:e5:ca:74:59:
bc:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:FC:4C:39:A2:02:68:76:4E:34:83:3A:77:FF:E8:CC:97:CA:AB:CA
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/ivxMOaICaHZONIM6d__ozJfKq8o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
8d:0a:cd:6b:8b:2c:ca:3a:4a:9d:21:b2:a1:33:a6:cf:b0:94:
8b:65:ea:e7:77:ee:12:42:f0:ed:70:d5:9b:32:20:dd:64:40:
9b:94:3c:08:a7:5c:e3:c2:53:83:da:6b:51:9c:af:ce:60:d8:
ab:7b:75:de:c4:9e:8e:b9:c2:77:1d:28:05:9d:2f:ae:df:87:
63:3e:c2:ac:40:fe:44:a3:53:99:55:0e:ad:91:0f:6e:29:3d:
a2:0c:fc:85:1e:a8:dc:8c:ce:b0:f6:fa:18:c5:65:e8:fb:b2:
14:85:f8:65:fe:0f:b7:0e:38:e9:7a:de:e4:10:e3:6f:65:48:
ee:db:c7:0f:00:dc:3c:bc:3c:87:de:92:2f:29:9d:e2:63:bb:
8f:9f:31:d7:a8:e5:9f:bc:2e:08:5a:86:ee:6a:8f:99:43:a3:
80:81:d8:e5:4a:27:6a:12:8d:2b:c1:37:d7:2f:d7:f6:fc:27:
2d:ce:57:66:a9:42:3f:db:a3:51:04:2d:02:89:26:89:a6:e8:
fc:0e:b5:a1:c3:ca:17:4c:a3:2c:8b:2f:99:5c:32:44:af:1b:
d3:53:ac:d9:3c:e3:b8:da:9c:1d:9c:5b:4b:a2:a3:f2:cb:13:
b5:d3:03:a5:48:4a:02:14:b6:f0:a9:4e:e2:db:de:ef:ee:bd:
37:ba:71:06
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICHGowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA1MDUx
NzU0MTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhBRkM0QzM5QTIwMjY4
NzY0RTM0ODMzQTc3RkZFOENDOTdDQUFCQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDUP1IgxRsQvoENvT8JlEU5WWFshtCA9XpeTkYBWBVuS0dVSK6G
1rpWBCFun7/LuFom6RrQHiYcl/dychxIspHh5xqUs5xwPcx5RnrWU4DJWzHGmeeC
gleneQM1qAf89K5vwGjQ2SOdxnYWT4Nr6nTxoig4CNaYyhx3Lqu6kUJat8c/50Yv
DeOqGgxXTpGKQdmDRyMNb7DHvPoYD7gS1o73OfXcISVtQNW2xfGMSb+GqGgVH5Op
Gi/syTM2/B9ZczwBM8ZSv5X0GfqZ7YWX948Rexf/tSRD0L38KB/XvTRvU+XfFCNh
amL5aQrJdo92GYmOsEdXFCgcTAER5cp0Wbz3AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUivxMOaICaHZONIM6d//ozJfKq8owHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL2l2eE1PYUlDYUhaT05J
TTZkX19vekpmS3E4by5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEAjQrNa4ssyjpKnSGyoTOmz7CUi2Xq53fu
EkLw7XDVmzIg3WRAm5Q8CKdc48JTg9prUZyvzmDYq3t13sSejrnCdx0oBZ0vrt+H
Yz7CrED+RKNTmVUOrZEPbik9ogz8hR6o3IzOsPb6GMVl6PuyFIX4Zf4Ptw446Xre
5BDjb2VI7tvHDwDcPLw8h96SLymd4mO7j58x16jln7wuCFqG7mqPmUOjgIHY5Uon
ahKNK8E31y/X9vwnLc5XZqlCP9ujUQQtAokmiabo/A61ocPKF0yjLIsvmVwyRK8b
01Os2TzjuNqcHZxbS6Kj8ssTtdMDpUhKAhS28KlO4tve7+69N7pxBg==
-----END CERTIFICATE-----
Generated at Sun May 5 21:26:40 2024 by rpki-client on console-fra.rpki-client.org