Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/lNixd51JVbGmCsuI3Aa30NKDAXg.roa
File: lNixd51JVbGmCsuI3Aa30NKDAXg.roa (raw, json)
Hash identifier: DKBtCT/UTpeQZAXkNNy+Q03VGVVoIWOYiP9D0nPTy24=
Subject key identifier: 94:D8:B1:77:9D:49:55:B1:A6:0A:CB:88:DC:06:B7:D0:D2:83:01:78
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 1338
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/lNixd51JVbGmCsuI3Aa30NKDAXg.roa
Signing time: Thu 11 Apr 2024 05:23:11 +0000
ROA not before: Thu 11 Apr 2024 05:23:11 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4920 (0x1338)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 11 05:23:11 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=94D8B1779D4955B1A60ACB88DC06B7D0D2830178
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:8e:82:ed:bd:63:da:27:e5:df:79:e6:38:d6:
b4:6f:65:8b:5d:14:95:b1:7f:d5:96:83:ca:33:57:
13:67:3e:e3:7a:9c:9b:38:43:02:aa:25:05:72:ca:
9a:ee:06:aa:f9:af:a5:7f:e2:c8:1e:cd:d2:5f:21:
1b:92:d5:62:f5:cd:e4:a3:6f:ec:94:95:97:99:56:
37:7e:ae:55:34:37:9a:f9:a6:55:4e:13:c0:f5:9f:
80:b5:96:a0:78:31:c9:55:d6:30:78:5b:67:2e:61:
74:7d:8f:94:bf:9f:ed:8e:8e:0f:a6:05:41:d6:85:
97:7d:2f:ec:3f:2a:d0:e3:4c:73:ec:b7:3d:bc:08:
bd:7d:a7:cd:68:8e:82:b2:31:01:4a:c6:58:d2:8e:
dd:c0:75:22:3f:b7:ad:d5:51:84:af:0b:3b:09:b7:
4e:50:00:0e:92:2e:c1:d9:5a:b3:de:87:f5:fd:7d:
1f:57:95:8e:92:88:5e:43:16:c6:74:cd:8d:ab:3f:
92:cc:70:2c:36:29:cf:dd:54:e0:40:88:b5:2f:0f:
c7:75:25:53:60:af:8c:c7:2f:8f:ff:fd:b6:05:fa:
92:6c:59:42:48:2c:00:08:7a:48:a4:6b:47:87:ff:
9d:71:25:27:5f:dc:81:2d:50:9e:b3:0c:5b:4c:63:
ea:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:D8:B1:77:9D:49:55:B1:A6:0A:CB:88:DC:06:B7:D0:D2:83:01:78
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/lNixd51JVbGmCsuI3Aa30NKDAXg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
60:ec:e6:4d:5c:0d:49:4f:24:61:9e:83:8d:97:18:d7:d6:8c:
d2:d9:49:37:58:5c:b1:53:e5:02:8e:5f:1f:51:f7:30:0f:89:
e4:43:0e:e2:a2:7b:6f:63:b4:83:c2:eb:55:f4:ff:ca:f2:5f:
32:82:6b:b3:bc:1b:88:ab:b0:06:8f:59:66:1b:3d:01:57:59:
63:65:18:4f:da:90:a8:78:a5:b7:9d:dd:66:20:e5:66:77:68:
9f:72:5e:c4:fd:c0:06:34:42:47:3f:29:11:65:48:6b:8c:cf:
74:9c:08:2f:e3:69:33:07:ac:fd:7e:f5:f5:86:4f:e5:0b:34:
c0:27:35:b9:8b:9e:65:0d:cf:06:44:d5:4c:22:c0:5f:37:64:
b6:aa:37:87:cb:6a:46:34:33:29:8e:cc:ca:0e:63:b8:77:64:
66:c8:cb:4a:1a:71:d3:ce:e8:73:29:16:21:b7:9c:f5:c8:f3:
d5:ed:a7:f0:f5:60:64:ff:cf:99:87:bd:01:68:7f:7c:2e:44:
bf:f2:4c:0f:ac:51:a8:a2:40:ef:04:f6:04:d2:15:9e:62:de:
c0:bb:9c:57:1a:70:f4:fb:14:fa:b5:ab:40:5e:2e:17:4e:91:
fe:9c:cd:fb:c1:9c:70:64:d7:8a:26:57:05:c5:85:d5:11:fd:
d1:d8:87:70
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICEzgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MTEw
NTIzMTFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDk0RDhCMTc3OUQ0OTU1
QjFBNjBBQ0I4OERDMDZCN0QwRDI4MzAxNzgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC3joLtvWPaJ+XfeeY41rRvZYtdFJWxf9WWg8ozVxNnPuN6nJs4
QwKqJQVyypruBqr5r6V/4sgezdJfIRuS1WL1zeSjb+yUlZeZVjd+rlU0N5r5plVO
E8D1n4C1lqB4MclV1jB4W2cuYXR9j5S/n+2Ojg+mBUHWhZd9L+w/KtDjTHPstz28
CL19p81ojoKyMQFKxljSjt3AdSI/t63VUYSvCzsJt05QAA6SLsHZWrPeh/X9fR9X
lY6SiF5DFsZ0zY2rP5LMcCw2Kc/dVOBAiLUvD8d1JVNgr4zHL4///bYF+pJsWUJI
LAAIekika0eH/51xJSdf3IEtUJ6zDFtMY+onAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUlNixd51JVbGmCsuI3Aa30NKDAXgwHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL2xOaXhkNTFKVmJHbUNz
dUkzQWEzME5LREFYZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEAYOzmTVwNSU8kYZ6DjZcY19aM0tlJN1hc
sVPlAo5fH1H3MA+J5EMO4qJ7b2O0g8LrVfT/yvJfMoJrs7wbiKuwBo9ZZhs9AVdZ
Y2UYT9qQqHilt53dZiDlZndon3JexP3ABjRCRz8pEWVIa4zPdJwIL+NpMwes/X71
9YZP5Qs0wCc1uYueZQ3PBkTVTCLAXzdktqo3h8tqRjQzKY7Myg5juHdkZsjLShpx
087ocykWIbec9cjz1e2n8PVgZP/PmYe9AWh/fC5Ev/JMD6xRqKJA7wT2BNIVnmLe
wLucVxpw9PsU+rWrQF4uF06R/pzN+8GccGTXiiZXBcWF1RH90diHcA==
-----END CERTIFICATE-----
Generated at Thu Apr 11 11:10:55 2024 by rpki-client on console-fra.rpki-client.org