Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/la9UKAXr7M81k-yVgWAvufIjRk8.roa
File: la9UKAXr7M81k-yVgWAvufIjRk8.roa (raw, json)
Hash identifier: vES1ddGy246FxMrEG0fL4P1hSRiQq1xGXbixetUn+qE=
Subject key identifier: 95:AF:54:28:05:EB:EC:CF:35:93:EC:95:81:60:2F:B9:F2:23:46:4F
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 16E0
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/la9UKAXr7M81k-yVgWAvufIjRk8.roa
Signing time: Sat 20 Apr 2024 23:23:31 +0000
ROA not before: Sat 20 Apr 2024 23:23:31 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5856 (0x16e0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 20 23:23:31 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=95AF542805EBECCF3593EC9581602FB9F223464F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:68:07:ad:45:56:31:d9:9d:60:f2:1e:86:fa:
88:0f:0b:ca:cf:15:49:46:5d:dd:93:47:77:d6:64:
36:6a:84:51:fd:12:e0:af:27:d8:08:a9:7f:01:f7:
ed:bb:7d:23:ed:de:ca:f3:85:22:ee:82:c4:2d:d6:
24:fb:fd:8f:83:89:d7:9f:a6:d3:2b:ce:0c:66:fc:
03:b2:ed:4c:29:4c:65:d4:44:11:72:7b:e0:54:37:
ac:98:d6:32:44:4b:1a:ff:67:d2:a9:f5:00:4a:37:
cf:2b:01:a2:cc:bc:62:bb:44:e9:97:8e:61:00:f7:
f9:6e:87:fa:40:2a:66:52:02:5f:62:b5:a3:43:a8:
29:2f:0a:bd:0b:d5:ee:ba:4b:a1:5b:87:eb:66:a5:
93:80:f9:d5:d9:80:2e:ef:01:a9:cf:e9:fb:3c:a0:
62:34:22:1d:11:d7:d7:45:ce:c7:f6:47:1f:59:ff:
e9:a2:93:93:48:9f:b1:8c:21:e4:2c:b0:13:5c:f1:
d3:74:66:78:ae:ae:8c:6c:04:10:08:64:d9:37:d8:
62:32:e5:ea:95:27:ed:67:79:bb:2b:39:f4:b8:64:
a6:7c:ff:97:bd:1a:a2:f6:ff:36:5e:df:ee:95:d5:
44:c0:71:35:f0:1e:d5:98:d9:ba:8c:22:2e:67:f0:
dc:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:AF:54:28:05:EB:EC:CF:35:93:EC:95:81:60:2F:B9:F2:23:46:4F
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/la9UKAXr7M81k-yVgWAvufIjRk8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
4f:e0:f6:f6:61:bb:79:2a:5a:16:da:3b:4c:9c:4b:16:96:63:
fb:36:d6:8c:cd:f9:e8:f2:a0:26:d3:32:2d:dd:02:c0:0c:83:
8b:de:63:65:25:d7:05:ee:27:71:4e:87:70:ce:ef:97:68:00:
65:d3:99:52:a9:79:3f:b5:5b:98:56:1e:11:c1:06:c5:58:b9:
2f:83:a4:fa:fa:2c:05:27:57:d8:33:ad:f2:6e:88:0c:b1:cc:
9b:61:55:00:e1:bf:52:33:12:8c:01:8b:12:c2:9f:49:6c:e7:
dd:dd:78:6e:1b:3d:8d:95:47:0a:82:b1:15:db:74:6e:b3:a6:
a5:cd:7e:ac:e0:04:21:34:13:1c:ba:0a:51:da:42:c3:69:94:
7e:13:a4:52:f8:5c:cc:57:6c:65:dd:78:d6:a2:cc:33:b5:9f:
e4:30:23:9d:c5:fb:c2:cd:d2:6a:f7:4c:29:20:e1:87:03:f6:
75:d5:3b:ec:68:de:9f:ed:69:10:2b:eb:81:00:3d:b6:0d:7a:
b5:1c:36:86:e1:07:6b:8b:04:ed:e5:12:f7:0e:29:16:4a:79:
aa:4e:4d:39:1e:da:7d:6f:98:11:83:47:69:4a:19:23:a5:2f:
94:34:73:de:fa:ce:1e:56:d7:b4:9e:d5:6b:80:18:7d:e3:17:
8f:75:81:90
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICFuAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MjAy
MzIzMzFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDk1QUY1NDI4MDVFQkVD
Q0YzNTkzRUM5NTgxNjAyRkI5RjIyMzQ2NEYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCZaAetRVYx2Z1g8h6G+ogPC8rPFUlGXd2TR3fWZDZqhFH9EuCv
J9gIqX8B9+27fSPt3srzhSLugsQt1iT7/Y+DidefptMrzgxm/AOy7UwpTGXURBFy
e+BUN6yY1jJESxr/Z9Kp9QBKN88rAaLMvGK7ROmXjmEA9/luh/pAKmZSAl9itaND
qCkvCr0L1e66S6Fbh+tmpZOA+dXZgC7vAanP6fs8oGI0Ih0R19dFzsf2Rx9Z/+mi
k5NIn7GMIeQssBNc8dN0ZniuroxsBBAIZNk32GIy5eqVJ+1nebsrOfS4ZKZ8/5e9
GqL2/zZe3+6V1UTAcTXwHtWY2bqMIi5n8NzTAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUla9UKAXr7M81k+yVgWAvufIjRk8wHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL2xhOVVLQVhyN004MWst
eVZnV0F2dWZJalJrOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEAT+D29mG7eSpaFto7TJxLFpZj+zbWjM35
6PKgJtMyLd0CwAyDi95jZSXXBe4ncU6HcM7vl2gAZdOZUql5P7VbmFYeEcEGxVi5
L4Ok+vosBSdX2DOt8m6IDLHMm2FVAOG/UjMSjAGLEsKfSWzn3d14bhs9jZVHCoKx
Fdt0brOmpc1+rOAEITQTHLoKUdpCw2mUfhOkUvhczFdsZd141qLMM7Wf5DAjncX7
ws3SavdMKSDhhwP2ddU77Gjen+1pECvrgQA9tg16tRw2huEHa4sE7eUS9w4pFkp5
qk5NOR7afW+YEYNHaUoZI6UvlDRz3vrOHlbXtJ7Va4AYfeMXj3WBkA==
-----END CERTIFICATE-----
Generated at Sat Apr 20 23:47:41 2024 by rpki-client on console-fra.rpki-client.org