Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/kaaWFotC9l894wxFOOHiWb7U00s.roa
File: kaaWFotC9l894wxFOOHiWb7U00s.roa (raw, json)
Hash identifier: mMHc370QHmmYiz/c5MZOaaVG0acxX/KaVmXalQbv030=
Subject key identifier: 91:A6:96:16:8B:42:F6:5F:3D:E3:0C:45:38:E1:E2:59:BE:D4:D3:4B
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 1AD6
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/kaaWFotC9l894wxFOOHiWb7U00s.roa
Signing time: Wed 01 May 2024 12:54:03 +0000
ROA not before: Wed 01 May 2024 12:54:03 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6870 (0x1ad6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: May 1 12:54:03 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=91A696168B42F65F3DE30C4538E1E259BED4D34B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:db:1d:8a:40:4c:52:e1:08:6e:ca:00:6a:05:
6f:36:af:86:f7:45:ff:14:a7:ad:9f:5f:8a:34:54:
15:74:76:d3:f6:9f:57:d9:c1:31:6f:ce:ed:02:68:
8c:f8:06:c4:a3:55:75:df:03:e5:e4:0d:d5:12:76:
4b:d9:f9:96:9f:a0:b8:99:a9:61:ff:65:57:de:72:
4b:50:cd:9d:fb:59:55:53:4c:e0:6d:74:84:ca:cf:
aa:42:1f:7b:28:94:e8:0e:22:08:35:26:d6:25:20:
fd:2b:a7:04:16:91:65:85:17:e1:89:c3:76:f1:c9:
d8:ef:82:c0:3f:8e:f0:02:cd:17:c5:17:9b:c2:ff:
63:84:fc:4b:ad:ee:29:6d:fc:7a:82:b0:70:27:39:
92:2b:5e:38:9b:26:0b:9b:e6:1c:ff:81:97:c3:31:
fa:b5:14:24:c5:24:bf:3b:87:05:33:5f:3b:db:b8:
76:3c:7a:a7:81:86:c9:56:96:97:e4:6c:cf:63:c1:
57:23:d7:3e:54:9c:06:2f:4c:45:32:81:c2:0a:81:
ed:fb:13:dc:09:83:25:32:26:09:47:11:01:92:ea:
34:f7:9a:69:fe:2d:db:20:8f:91:41:49:05:1e:c7:
14:75:a6:3b:77:a7:7e:a9:f6:34:61:45:c8:53:9c:
b6:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:A6:96:16:8B:42:F6:5F:3D:E3:0C:45:38:E1:E2:59:BE:D4:D3:4B
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/kaaWFotC9l894wxFOOHiWb7U00s.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
93:ff:ee:eb:76:79:e6:89:69:02:51:0e:d6:d6:59:fe:ae:ec:
15:46:44:41:d8:2e:76:d1:cf:31:9e:a9:ad:a7:95:2a:6e:f9:
5e:59:9d:fa:74:17:f9:4e:25:a4:ad:8d:71:ec:a8:30:88:64:
3f:3f:f8:2d:9d:59:79:03:1b:1b:35:97:87:d9:d1:4a:50:43:
18:15:3c:ed:93:32:02:82:13:b9:81:ff:78:3f:2e:46:a4:5d:
09:0c:55:57:2c:a3:28:45:5a:42:78:52:3e:23:1a:3b:2f:fa:
81:b6:74:60:3f:cd:23:39:55:f7:27:8f:fc:34:a4:28:db:a0:
e3:b6:cd:05:84:10:d5:34:51:ae:ba:e8:9c:e7:0b:30:7e:1c:
cd:93:7b:03:3e:32:27:bd:d0:36:bd:b1:94:4b:37:65:72:de:
12:bd:ed:4d:ba:50:36:c4:d2:12:29:91:1a:b1:d5:cd:ba:b2:
33:52:6e:6a:c4:b2:23:cd:ea:6c:8a:43:f2:7a:f1:3d:b4:a0:
97:55:b0:49:57:f2:5d:7f:55:4a:b5:70:d4:d7:0b:f5:ee:08:
51:19:bf:40:f9:81:a6:d4:24:79:5f:2a:e0:ce:c4:28:9c:84:
4b:95:ac:11:16:28:20:4d:d6:11:c9:f1:cd:6f:65:54:90:28:
3f:8d:ba:e3
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICGtYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA1MDEx
MjU0MDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDkxQTY5NjE2OEI0MkY2
NUYzREUzMEM0NTM4RTFFMjU5QkVENEQzNEIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDO2x2KQExS4QhuygBqBW82r4b3Rf8Up62fX4o0VBV0dtP2n1fZ
wTFvzu0CaIz4BsSjVXXfA+XkDdUSdkvZ+ZafoLiZqWH/ZVfecktQzZ37WVVTTOBt
dITKz6pCH3solOgOIgg1JtYlIP0rpwQWkWWFF+GJw3bxydjvgsA/jvACzRfFF5vC
/2OE/Eut7ilt/HqCsHAnOZIrXjibJgub5hz/gZfDMfq1FCTFJL87hwUzXzvbuHY8
eqeBhslWlpfkbM9jwVcj1z5UnAYvTEUygcIKge37E9wJgyUyJglHEQGS6jT3mmn+
Ldsgj5FBSQUexxR1pjt3p36p9jRhRchTnLbdAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUkaaWFotC9l894wxFOOHiWb7U00swHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL2thYVdGb3RDOWw4OTR3
eEZPT0hpV2I3VTAwcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEAk//u63Z55olpAlEO1tZZ/q7sFUZEQdgu
dtHPMZ6praeVKm75Xlmd+nQX+U4lpK2NceyoMIhkPz/4LZ1ZeQMbGzWXh9nRSlBD
GBU87ZMyAoITuYH/eD8uRqRdCQxVVyyjKEVaQnhSPiMaOy/6gbZ0YD/NIzlV9yeP
/DSkKNug47bNBYQQ1TRRrrronOcLMH4czZN7Az4yJ73QNr2xlEs3ZXLeEr3tTbpQ
NsTSEimRGrHVzbqyM1JuasSyI83qbIpD8nrxPbSgl1WwSVfyXX9VSrVw1NcL9e4I
URm/QPmBptQkeV8q4M7EKJyES5WsERYoIE3WEcnxzW9lVJAoP4264w==
-----END CERTIFICATE-----
Generated at Wed May 1 17:22:16 2024 by rpki-client on console-ams.rpki-client.org