Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/onrZyq1YPelC-hdXYz61l1t4pPc.roa
File: onrZyq1YPelC-hdXYz61l1t4pPc.roa (raw, json)
Hash identifier: psgRsoSofz1T9+365y00obh5cdcXgvGKQ+foqEHHVSA=
Subject key identifier: A2:7A:D9:CA:AD:58:3D:E9:42:FA:17:57:63:3E:B5:97:5B:78:A4:F7
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 0EEE
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/onrZyq1YPelC-hdXYz61l1t4pPc.roa
Signing time: Sat 30 Mar 2024 18:52:31 +0000
ROA not before: Sat 30 Mar 2024 18:52:31 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3822 (0xeee)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Mar 30 18:52:31 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A27AD9CAAD583DE942FA1757633EB5975B78A4F7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:67:85:8c:54:ad:43:c9:0d:dd:ac:bb:03:25:
96:fd:a2:61:aa:a3:77:7a:2c:46:61:d5:2a:13:6f:
4a:24:b2:b7:69:3b:7b:3e:2d:ae:92:01:fa:48:31:
9a:ad:89:dd:4f:33:e5:96:56:ac:3f:f1:4d:10:f7:
83:a7:4a:95:f8:c8:1f:19:d8:17:05:7a:d5:71:f9:
59:e1:f7:bb:ef:2d:29:6c:18:32:da:e1:46:ba:e0:
e8:4d:18:06:e2:37:7e:93:d5:d7:26:47:9b:78:a4:
de:db:6f:b0:35:b9:26:96:d3:38:98:f4:88:5d:47:
c3:cd:38:15:15:fb:ef:c0:31:86:ad:ac:d8:f3:91:
b3:a2:ce:a2:23:92:04:64:63:a6:a4:81:2a:d2:ac:
3e:7c:9c:d8:21:48:63:19:00:71:58:10:d2:34:3d:
5f:74:71:1c:ed:b1:f0:8d:e9:e9:c4:43:67:17:14:
61:ff:f2:f2:9b:c7:f0:78:23:3a:8d:97:9f:a6:7c:
4a:58:2d:6e:cc:69:78:02:19:39:84:c7:3c:75:09:
19:bc:08:b2:0e:39:2b:88:5d:c5:6f:51:5f:69:21:
f0:c1:58:d4:53:d3:6a:14:ed:f3:3e:66:56:da:2c:
1b:28:f2:78:c8:f2:d2:f3:c2:ab:22:59:95:f3:91:
51:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:7A:D9:CA:AD:58:3D:E9:42:FA:17:57:63:3E:B5:97:5B:78:A4:F7
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/onrZyq1YPelC-hdXYz61l1t4pPc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
72:d1:2e:e1:63:36:64:45:7b:cf:50:65:c3:f4:87:75:59:a0:
3c:c6:66:0e:0f:1a:63:73:de:32:33:5b:f3:75:95:87:70:48:
55:c2:5f:0e:c3:12:23:c7:dc:3a:1e:f9:b8:ac:59:36:fd:15:
af:0d:74:83:28:a8:2b:6a:2c:cc:3b:76:c3:d5:28:3d:55:f9:
a4:92:34:22:23:28:fc:97:6a:50:af:d4:96:e2:7d:60:0a:5e:
bf:02:83:50:b9:41:d3:46:63:2b:ca:96:73:8d:00:4f:0e:a5:
97:c0:80:70:b1:93:e8:56:b5:38:cd:81:b0:d8:2e:1f:e1:2c:
16:83:40:6c:aa:6e:ea:a7:8a:3e:93:9b:da:21:56:5e:b2:89:
0c:9a:b9:30:ff:25:d4:d2:c1:ca:81:05:4b:45:a9:68:5e:06:
6c:f7:6d:ad:1d:c7:1d:74:cb:de:c8:1f:28:d1:35:b4:35:2c:
51:69:51:09:83:a4:7d:cb:7e:75:22:6e:5c:1b:5e:04:95:d1:
11:c2:64:a3:ac:97:c2:cc:6c:93:3b:be:53:99:55:b0:c6:a2:
f0:54:0f:6b:d0:bd:a7:da:40:89:90:0f:1e:5a:dc:ec:9d:c9:
74:ff:66:c0:4f:43:51:d4:4f:af:c5:f4:f4:0b:27:29:0e:e9:
40:fa:d2:a8
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICDu4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDAzMzAx
ODUyMzFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEEyN0FEOUNBQUQ1ODNE
RTk0MkZBMTc1NzYzM0VCNTk3NUI3OEE0RjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7Z4WMVK1DyQ3drLsDJZb9omGqo3d6LEZh1SoTb0oksrdpO3s+
La6SAfpIMZqtid1PM+WWVqw/8U0Q94OnSpX4yB8Z2BcFetVx+Vnh97vvLSlsGDLa
4Ua64OhNGAbiN36T1dcmR5t4pN7bb7A1uSaW0ziY9IhdR8PNOBUV++/AMYatrNjz
kbOizqIjkgRkY6akgSrSrD58nNghSGMZAHFYENI0PV90cRztsfCN6enEQ2cXFGH/
8vKbx/B4IzqNl5+mfEpYLW7MaXgCGTmExzx1CRm8CLIOOSuIXcVvUV9pIfDBWNRT
02oU7fM+ZlbaLBso8njI8tLzwqsiWZXzkVETAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUonrZyq1YPelC+hdXYz61l1t4pPcwHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL29uclp5cTFZUGVsQy1o
ZFhZejYxbDF0NHBQYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEActEu4WM2ZEV7z1Blw/SHdVmgPMZmDg8a
Y3PeMjNb83WVh3BIVcJfDsMSI8fcOh75uKxZNv0Vrw10gyioK2oszDt2w9UoPVX5
pJI0IiMo/JdqUK/UluJ9YApevwKDULlB00ZjK8qWc40ATw6ll8CAcLGT6Fa1OM2B
sNguH+EsFoNAbKpu6qeKPpOb2iFWXrKJDJq5MP8l1NLByoEFS0WpaF4GbPdtrR3H
HXTL3sgfKNE1tDUsUWlRCYOkfct+dSJuXBteBJXREcJko6yXwsxskzu+U5lVsMai
8FQPa9C9p9pAiZAPHlrc7J3JdP9mwE9DUdRPr8X09AsnKQ7pQPrSqA==
-----END CERTIFICATE-----
Generated at Sat Mar 30 20:10:10 2024 by rpki-client on console-fra.rpki-client.org