Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/q-YtxtIwan2mHeNw3braxNuEWbA.roa
File: q-YtxtIwan2mHeNw3braxNuEWbA.roa (raw, json)
Hash identifier: FbvmcTcprpYTyXR5tSsj/gcZybEnRppPOA60qnsTZrY=
Subject key identifier: AB:E6:2D:C6:D2:30:6A:7D:A6:1D:E3:70:DD:BA:DA:C4:DB:84:59:B0
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 15B8
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/q-YtxtIwan2mHeNw3braxNuEWbA.roa
Signing time: Wed 17 Apr 2024 21:23:22 +0000
ROA not before: Wed 17 Apr 2024 21:23:22 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5560 (0x15b8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 17 21:23:22 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=ABE62DC6D2306A7DA61DE370DDBADAC4DB8459B0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:10:c9:2a:0b:4b:2a:79:c7:42:51:59:45:0f:
a4:98:6a:38:83:87:3e:11:e0:c2:95:57:69:e8:b6:
76:51:64:26:67:ff:55:3d:0f:eb:79:38:e3:df:ec:
41:92:e5:ab:6f:cd:5d:24:b5:39:c3:fb:6e:29:21:
d3:19:f1:27:71:9c:d3:a5:d8:9c:f7:9b:39:b4:a2:
42:94:97:96:be:70:40:59:49:17:cd:f0:13:36:52:
32:6a:1b:a8:ca:a7:4d:21:63:07:39:b8:46:4b:f7:
d8:b1:cb:f9:2c:65:0f:05:45:8e:f6:a7:7b:14:81:
70:20:81:c8:a2:0d:4d:a4:9c:e5:46:13:78:b3:15:
aa:c4:ad:8b:14:66:76:ab:57:56:b8:04:44:05:cd:
a8:b3:aa:0a:05:13:81:22:e6:b7:84:24:67:df:71:
7b:28:c4:78:bb:c3:36:d9:49:37:e0:05:62:18:f2:
ca:bf:85:00:00:78:7a:27:9f:8b:8b:53:17:5d:a6:
28:79:fa:f8:db:45:22:2b:de:7d:f1:4d:b6:34:d8:
9d:5e:e2:60:77:34:74:d9:7c:b4:46:48:33:09:e9:
3f:4f:e1:f9:4c:dd:d2:3a:99:d1:6c:0a:d7:5f:c8:
16:bc:8c:3d:1e:e5:75:d0:ea:54:6a:71:e2:f4:49:
db:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:E6:2D:C6:D2:30:6A:7D:A6:1D:E3:70:DD:BA:DA:C4:DB:84:59:B0
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/q-YtxtIwan2mHeNw3braxNuEWbA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a5:21:16:8f:cc:7f:64:80:31:d0:e1:86:03:38:ae:21:aa:60:
b4:46:01:d4:27:93:66:c8:77:0c:06:33:49:8a:08:3a:32:81:
c9:de:3d:ea:67:35:97:59:b2:0d:5f:22:df:0e:b5:20:73:9c:
3d:2c:df:2b:6b:b1:ac:5e:d7:d3:c3:f6:a1:52:91:40:9f:ec:
8e:ea:ff:1e:24:fa:2c:fc:a3:f1:11:3b:bc:24:38:ab:0f:0a:
51:4a:f5:05:5a:92:ea:7f:a7:ca:17:e6:d9:b3:4b:24:82:d4:
bc:86:9b:5f:4c:d2:6c:8b:90:38:2f:55:25:34:fb:88:08:eb:
2b:32:5e:93:8a:42:57:78:9c:67:22:10:a3:ec:36:b1:82:f0:
f1:c7:30:71:3b:e7:f3:68:3b:6c:a3:ff:de:86:a2:ce:a9:e1:
7d:63:c1:1d:5d:d1:af:f5:56:9c:73:67:8e:2c:77:c5:c3:eb:
b9:b7:1c:fb:94:4c:91:b9:61:de:34:2a:ea:75:20:7c:f6:37:
c4:5b:3d:7f:3e:d8:5d:4c:cf:b3:39:0e:b4:c5:2f:b7:e7:a2:
2c:20:12:76:d7:24:c7:ad:e0:ed:49:f2:84:38:e7:18:ee:24:
e7:81:12:bf:54:dd:92:37:dc:ec:e2:dd:2d:ff:91:b7:04:90:
e5:95:1b:3d
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICFbgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MTcy
MTIzMjJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFCRTYyREM2RDIzMDZB
N0RBNjFERTM3MEREQkFEQUM0REI4NDU5QjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDdEMkqC0sqecdCUVlFD6SYajiDhz4R4MKVV2notnZRZCZn/1U9
D+t5OOPf7EGS5atvzV0ktTnD+24pIdMZ8SdxnNOl2Jz3mzm0okKUl5a+cEBZSRfN
8BM2UjJqG6jKp00hYwc5uEZL99ixy/ksZQ8FRY72p3sUgXAggciiDU2knOVGE3iz
FarErYsUZnarV1a4BEQFzaizqgoFE4Ei5reEJGffcXsoxHi7wzbZSTfgBWIY8sq/
hQAAeHonn4uLUxddpih5+vjbRSIr3n3xTbY02J1e4mB3NHTZfLRGSDMJ6T9P4flM
3dI6mdFsCtdfyBa8jD0e5XXQ6lRqceL0SdsbAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUq+YtxtIwan2mHeNw3braxNuEWbAwHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL3EtWXR4dEl3YW4ybUhl
TnczYnJheE51RVdiQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEApSEWj8x/ZIAx0OGGAziuIapgtEYB1CeT
Zsh3DAYzSYoIOjKByd496mc1l1myDV8i3w61IHOcPSzfK2uxrF7X08P2oVKRQJ/s
jur/HiT6LPyj8RE7vCQ4qw8KUUr1BVqS6n+nyhfm2bNLJILUvIabX0zSbIuQOC9V
JTT7iAjrKzJek4pCV3icZyIQo+w2sYLw8ccwcTvn82g7bKP/3oaizqnhfWPBHV3R
r/VWnHNnjix3xcPrubcc+5RMkblh3jQq6nUgfPY3xFs9fz7YXUzPszkOtMUvt+ei
LCASdtckx63g7UnyhDjnGO4k54ESv1Tdkjfc7OLdLf+RtwSQ5ZUbPQ==
-----END CERTIFICATE-----
Generated at Wed Apr 17 22:36:40 2024 by rpki-client on console-fra.rpki-client.org