Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/qXK8eT4-huPtVSlUgmroohDYr9w.roa
File: qXK8eT4-huPtVSlUgmroohDYr9w.roa (raw, json)
Hash identifier: MknUC26N+XW2LdULURLTlfDcfNq9/eFGH4eMxDsj1L8=
Subject key identifier: A9:72:BC:79:3E:3E:86:E3:ED:55:29:54:82:6A:E8:A2:10:D8:AF:DC
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 11DE
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/qXK8eT4-huPtVSlUgmroohDYr9w.roa
Signing time: Sun 07 Apr 2024 14:52:56 +0000
ROA not before: Sun 07 Apr 2024 14:52:56 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4574 (0x11de)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 7 14:52:56 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A972BC793E3E86E3ED552954826AE8A210D8AFDC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:5a:2a:d3:e1:f1:3a:2f:21:9c:2f:9b:f2:ef:
8d:34:b3:2a:ff:4f:c7:0e:40:93:a3:5b:b1:6c:6a:
90:57:9b:fd:78:34:a1:09:6a:4a:f8:45:55:63:2d:
49:86:97:20:17:f6:3a:c6:23:72:e0:39:21:c0:26:
f4:38:0d:e5:c8:e6:66:86:66:26:fc:5c:e0:40:46:
9a:58:a9:7f:a8:c2:0a:a1:aa:bb:5a:d0:2f:6a:6d:
69:85:b1:66:25:07:b7:70:0f:ec:c8:d9:f0:28:73:
ca:d4:06:52:41:cb:41:5e:cd:0f:e8:9e:52:31:38:
90:70:ac:12:e0:ec:d5:f1:8b:c6:db:be:8b:e7:2a:
01:14:4c:7f:d5:a5:a4:2b:43:4a:1a:aa:6d:b8:75:
65:25:77:23:a5:11:de:da:b4:38:6b:7c:57:76:6c:
0a:a5:4b:89:42:7d:2e:f5:66:07:19:d0:51:36:17:
7a:10:70:d4:27:16:df:cc:65:73:2b:c4:26:72:66:
4f:27:e0:cf:9a:24:b9:df:83:79:91:a0:f1:90:fc:
27:d4:2d:ae:3f:fd:57:c4:1b:cf:d2:cd:a8:f1:5d:
3b:91:7d:7a:75:79:61:38:97:2d:8b:37:d9:ec:da:
65:31:eb:2c:bc:c4:65:13:b4:14:10:b9:4c:e4:0d:
14:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:72:BC:79:3E:3E:86:E3:ED:55:29:54:82:6A:E8:A2:10:D8:AF:DC
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/qXK8eT4-huPtVSlUgmroohDYr9w.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
53:9f:34:d5:15:39:e2:2c:6e:ca:bd:45:93:79:ed:3e:eb:53:
b9:60:f4:be:ec:e8:6b:45:c2:2d:7b:87:ff:55:29:a4:d5:e3:
2e:51:06:0e:f5:6d:ab:ee:3b:8d:c5:4f:bd:7f:96:18:26:0c:
8d:2b:48:0f:cc:13:13:ed:49:88:e5:af:dc:a8:4d:eb:da:76:
38:67:84:75:c5:0b:53:e7:af:51:0b:10:ea:3a:63:15:63:fb:
2c:92:31:a2:a9:c7:1f:81:2c:ee:69:37:bf:dd:1b:97:cd:a7:
bb:7b:16:a9:d0:c0:1f:4a:11:8c:e6:72:03:62:25:9f:0d:09:
5e:54:c1:23:63:86:ef:df:e9:67:01:da:a0:75:0e:9c:71:ae:
72:6e:4d:30:a0:27:1b:e7:02:3a:31:a5:71:5e:d9:fe:d3:33:
67:2f:4f:6a:e2:47:c2:2e:6e:e8:35:6e:32:5b:e5:d6:b2:b3:
58:79:15:a3:77:1f:d0:f6:43:30:42:29:47:05:cd:e2:11:55:
da:bf:18:cb:ef:7e:60:da:cd:55:33:ff:55:b3:3e:2f:65:cb:
66:7e:e1:04:f7:ce:c7:0b:c4:3a:73:7b:13:c9:00:24:47:33:
a1:f3:bf:1b:be:b2:e0:2a:ee:45:a3:39:74:53:44:be:f1:25:
c8:78:a0:15
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICEd4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MDcx
NDUyNTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEE5NzJCQzc5M0UzRTg2
RTNFRDU1Mjk1NDgyNkFFOEEyMTBEOEFGREMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCiWirT4fE6LyGcL5vy7400syr/T8cOQJOjW7FsapBXm/14NKEJ
akr4RVVjLUmGlyAX9jrGI3LgOSHAJvQ4DeXI5maGZib8XOBARppYqX+owgqhqrta
0C9qbWmFsWYlB7dwD+zI2fAoc8rUBlJBy0FezQ/onlIxOJBwrBLg7NXxi8bbvovn
KgEUTH/VpaQrQ0oaqm24dWUldyOlEd7atDhrfFd2bAqlS4lCfS71ZgcZ0FE2F3oQ
cNQnFt/MZXMrxCZyZk8n4M+aJLnfg3mRoPGQ/CfULa4//VfEG8/SzajxXTuRfXp1
eWE4ly2LN9ns2mUx6yy8xGUTtBQQuUzkDRQ1AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUqXK8eT4+huPtVSlUgmroohDYr9wwHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL3FYSzhlVDQtaHVQdFZT
bFVnbXJvb2hEWXI5dy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEAU5801RU54ixuyr1Fk3ntPutTuWD0vuzo
a0XCLXuH/1UppNXjLlEGDvVtq+47jcVPvX+WGCYMjStID8wTE+1JiOWv3KhN69p2
OGeEdcULU+evUQsQ6jpjFWP7LJIxoqnHH4Es7mk3v90bl82nu3sWqdDAH0oRjOZy
A2Ilnw0JXlTBI2OG79/pZwHaoHUOnHGucm5NMKAnG+cCOjGlcV7Z/tMzZy9PauJH
wi5u6DVuMlvl1rKzWHkVo3cf0PZDMEIpRwXN4hFV2r8Yy+9+YNrNVTP/VbM+L2XL
Zn7hBPfOxwvEOnN7E8kAJEczofO/G76y4CruRaM5dFNEvvElyHigFQ==
-----END CERTIFICATE-----
Generated at Sun Apr 7 16:16:47 2024 by rpki-client on console-fra.rpki-client.org