Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/toQFE13Jatu5SQtMCQVD-rKkrBs.roa
File: toQFE13Jatu5SQtMCQVD-rKkrBs.roa (raw, json)
Hash identifier: /CHZFcIEt+wJvktkSb0qsgSVPYPnCfAF2V4pvHvV31s=
Subject key identifier: B6:84:05:13:5D:C9:6A:DB:B9:49:0B:4C:09:05:43:FA:B2:A4:AC:1B
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 14A6
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/toQFE13Jatu5SQtMCQVD-rKkrBs.roa
Signing time: Mon 15 Apr 2024 00:53:24 +0000
ROA not before: Mon 15 Apr 2024 00:53:24 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5286 (0x14a6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 15 00:53:24 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B68405135DC96ADBB9490B4C090543FAB2A4AC1B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:fd:ef:af:e2:95:9b:23:2f:4c:7d:a9:fb:bc:
0b:06:d2:61:c1:b0:1a:65:15:30:31:6e:1d:19:5b:
9c:7c:21:e1:e8:33:18:25:c2:1f:b0:d0:43:e8:70:
b4:7a:25:78:c7:6e:94:94:5d:01:8c:3a:53:e7:e6:
80:2f:3f:96:45:c6:a9:e1:73:ce:02:3a:ed:f9:8c:
7b:dd:94:39:df:d5:66:0a:e3:e0:77:ef:88:38:cc:
b8:65:b6:ea:71:63:27:3e:47:6f:80:c4:82:06:40:
a4:93:61:15:04:0d:59:2a:ac:cf:f4:a4:c1:72:d7:
d7:01:ab:5f:fd:f0:2a:22:7e:58:8c:50:0e:36:27:
88:94:74:31:ba:24:1a:7c:e5:92:f9:c2:01:5b:1d:
fc:26:db:a1:dc:b6:17:0b:1d:07:b0:55:cd:47:ab:
dc:e7:50:72:e2:f2:a5:47:36:c5:ec:88:a3:a9:e6:
c0:0b:95:bb:a1:9e:70:73:53:fb:a5:73:43:2f:57:
20:47:a2:f8:f2:5b:c1:a0:d5:9c:dd:49:83:1b:2e:
e3:06:ce:5e:6f:6c:df:a1:ca:23:4c:f8:f6:27:5d:
2a:dd:df:92:f8:34:fc:74:65:92:75:c9:58:78:3e:
75:9a:a2:f0:ae:49:a6:f0:de:d2:74:c5:a8:ae:36:
d4:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:84:05:13:5D:C9:6A:DB:B9:49:0B:4C:09:05:43:FA:B2:A4:AC:1B
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/toQFE13Jatu5SQtMCQVD-rKkrBs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
61:a2:da:34:af:eb:ab:c5:bc:9c:60:68:92:bb:86:04:e4:9a:
04:05:35:0e:9f:c4:db:b6:01:e4:76:91:0b:0c:55:30:01:0a:
5b:39:d8:23:aa:39:de:66:b3:6a:af:77:17:a7:d4:75:b7:9b:
b8:45:98:ff:6e:40:c0:63:f8:0a:ea:76:24:e8:12:28:15:d7:
41:f5:76:70:37:d3:28:76:ba:60:e7:c2:e2:5a:40:97:92:8b:
40:03:44:98:ff:fe:f5:ec:9c:47:98:a5:da:c3:ab:fe:4e:a5:
fd:0d:ea:7f:c2:27:32:4b:5b:34:08:16:a5:02:e9:6a:a7:9c:
0b:80:c4:a8:e3:88:1b:49:b4:79:87:59:21:c1:67:7c:e5:b5:
06:c2:0a:91:06:fb:71:14:6a:7e:03:cb:8c:3a:d0:6f:1a:e4:
9e:d8:e2:e8:97:71:7c:de:fa:c6:93:18:41:04:e6:c7:77:27:
c1:87:90:6c:26:09:6d:38:17:02:67:5a:98:f6:c0:b8:df:f5:
dc:8b:0f:9a:53:13:a6:10:ce:9b:99:72:98:eb:26:f3:8d:1a:
00:a8:75:f4:b0:1f:ec:25:a8:89:7e:e0:8e:d2:27:d9:af:b8:
cd:bf:a5:7d:46:07:f0:e2:71:82:eb:fa:87:61:ac:1f:e0:4a:
ce:81:a0:00
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICFKYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MTUw
MDUzMjRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEI2ODQwNTEzNURDOTZB
REJCOTQ5MEI0QzA5MDU0M0ZBQjJBNEFDMUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC5/e+v4pWbIy9Mfan7vAsG0mHBsBplFTAxbh0ZW5x8IeHoMxgl
wh+w0EPocLR6JXjHbpSUXQGMOlPn5oAvP5ZFxqnhc84COu35jHvdlDnf1WYK4+B3
74g4zLhltupxYyc+R2+AxIIGQKSTYRUEDVkqrM/0pMFy19cBq1/98CoifliMUA42
J4iUdDG6JBp85ZL5wgFbHfwm26HcthcLHQewVc1Hq9znUHLi8qVHNsXsiKOp5sAL
lbuhnnBzU/ulc0MvVyBHovjyW8Gg1ZzdSYMbLuMGzl5vbN+hyiNM+PYnXSrd35L4
NPx0ZZJ1yVh4PnWaovCuSabw3tJ0xaiuNtTDAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUtoQFE13Jatu5SQtMCQVD+rKkrBswHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL3RvUUZFMTNKYXR1NVNR
dE1DUVZELXJLa3JCcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEAYaLaNK/rq8W8nGBokruGBOSaBAU1Dp/E
27YB5HaRCwxVMAEKWznYI6o53mazaq93F6fUdbebuEWY/25AwGP4Cup2JOgSKBXX
QfV2cDfTKHa6YOfC4lpAl5KLQANEmP/+9eycR5il2sOr/k6l/Q3qf8InMktbNAgW
pQLpaqecC4DEqOOIG0m0eYdZIcFnfOW1BsIKkQb7cRRqfgPLjDrQbxrkntji6Jdx
fN76xpMYQQTmx3cnwYeQbCYJbTgXAmdamPbAuN/13IsPmlMTphDOm5lymOsm840a
AKh19LAf7CWoiX7gjtIn2a+4zb+lfUYH8OJxguv6h2GsH+BKzoGgAA==
-----END CERTIFICATE-----
Generated at Mon Apr 15 02:59:41 2024 by rpki-client on console-fra.rpki-client.org