Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/w8EJDZ6DN-lwA1rsIQnzfExonWA.roa
File: w8EJDZ6DN-lwA1rsIQnzfExonWA.roa (raw, json)
Hash identifier: wubkvL3DlzclswTomoYH3oiHumbACj/xIsJvfmA8uaE=
Subject key identifier: C3:C1:09:0D:9E:83:37:E9:70:03:5A:EC:21:09:F3:7C:4C:68:9D:60
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 1AA2
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/w8EJDZ6DN-lwA1rsIQnzfExonWA.roa
Signing time: Tue 30 Apr 2024 23:54:00 +0000
ROA not before: Tue 30 Apr 2024 23:54:00 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6818 (0x1aa2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 30 23:54:00 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C3C1090D9E8337E970035AEC2109F37C4C689D60
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:01:32:d2:5b:97:28:6c:86:e7:c8:50:4e:e7:
b0:27:b8:5b:35:a6:ab:bd:d1:e1:f8:1c:1a:67:85:
fd:82:15:6b:4e:c0:01:86:bf:37:51:6a:69:20:e4:
15:23:ee:d0:9d:ae:e9:39:f3:a5:28:b1:cf:f3:0a:
f2:fb:a2:a4:08:38:14:8d:4e:3e:97:3d:ac:7e:91:
67:28:b6:91:34:8e:20:20:cb:e8:eb:c5:8d:6f:13:
62:ac:1d:11:56:2e:4d:58:a3:b6:1a:3e:94:c0:2d:
cd:b7:97:1e:be:7b:5a:40:be:21:cd:29:01:3c:50:
bc:2f:de:76:49:06:d5:b4:d9:29:f0:ab:1f:74:66:
e7:cc:17:c4:8a:25:91:9b:46:88:85:c1:ff:88:3c:
c7:1b:57:4d:e4:95:09:ea:20:3b:4d:41:b3:71:ae:
a5:41:02:a6:95:d0:55:b6:f7:47:3d:e5:d8:0b:ed:
0d:57:48:12:b2:c6:76:4d:07:21:73:62:ef:16:ac:
6c:be:ee:49:c0:1d:4e:ed:9a:6d:0a:50:54:4d:16:
69:fe:3d:cb:0c:76:48:ee:de:45:a0:a9:fe:9d:97:
67:63:c0:90:5a:26:5c:13:5b:f1:13:c6:c3:bb:65:
cb:43:fb:63:72:c2:b0:f6:ce:c3:e6:a6:16:6f:6b:
6b:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C3:C1:09:0D:9E:83:37:E9:70:03:5A:EC:21:09:F3:7C:4C:68:9D:60
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/w8EJDZ6DN-lwA1rsIQnzfExonWA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
cc:33:65:f0:08:59:6d:49:e8:9c:62:6d:54:33:ad:ee:0f:f4:
db:5e:ca:45:ba:dc:40:ba:7d:56:59:da:a3:f8:58:8c:16:69:
1a:bc:38:b2:ba:6e:00:39:74:3c:ce:33:1f:db:49:3e:9c:26:
49:3e:a4:46:dc:a1:7c:92:2c:e1:eb:ab:1d:9b:ee:92:ee:00:
00:03:35:de:75:5d:a4:c7:fd:11:ef:bf:d2:06:35:e4:35:be:
91:50:a6:03:ad:d8:01:16:cd:8d:ff:0e:aa:29:aa:ca:ce:b2:
29:7a:93:ec:c9:fe:21:70:b8:80:a0:05:81:0e:7a:2f:1b:7e:
39:ca:0c:62:3b:55:b5:d0:41:b2:ba:82:85:1d:99:cd:85:4d:
c7:86:61:0b:b1:ca:8b:1e:80:99:8d:fd:ed:31:5f:75:34:ae:
9d:4a:62:4d:59:6e:fc:9e:f7:df:55:21:7c:dd:22:39:68:ce:
bc:3d:05:00:14:3b:dd:0a:a2:bb:70:52:42:10:e3:04:6f:ad:
82:35:64:2e:3b:29:e7:5e:e3:96:4f:bd:2a:4c:a2:c7:47:57:
20:80:29:f5:bb:cd:c9:42:81:d1:4c:7a:06:ed:56:4e:aa:ff:
b1:2a:22:c7:78:16:e3:2d:d0:ed:a0:71:b2:8f:8a:55:6e:10:
b4:e4:9f:c6
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICGqIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MzAy
MzU0MDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEMzQzEwOTBEOUU4MzM3
RTk3MDAzNUFFQzIxMDlGMzdDNEM2ODlENjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCaATLSW5cobIbnyFBO57AnuFs1pqu90eH4HBpnhf2CFWtOwAGG
vzdRamkg5BUj7tCdruk586Uosc/zCvL7oqQIOBSNTj6XPax+kWcotpE0jiAgy+jr
xY1vE2KsHRFWLk1Yo7YaPpTALc23lx6+e1pAviHNKQE8ULwv3nZJBtW02Snwqx90
ZufMF8SKJZGbRoiFwf+IPMcbV03klQnqIDtNQbNxrqVBAqaV0FW290c95dgL7Q1X
SBKyxnZNByFzYu8WrGy+7knAHU7tmm0KUFRNFmn+PcsMdkju3kWgqf6dl2djwJBa
JlwTW/ETxsO7ZctD+2NywrD2zsPmphZva2u/AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUw8EJDZ6DN+lwA1rsIQnzfExonWAwHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL3c4RUpEWjZETi1sd0Ex
cnNJUW56ZkV4b25XQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEAzDNl8AhZbUnonGJtVDOt7g/0217KRbrc
QLp9Vlnao/hYjBZpGrw4srpuADl0PM4zH9tJPpwmST6kRtyhfJIs4eurHZvuku4A
AAM13nVdpMf9Ee+/0gY15DW+kVCmA63YARbNjf8Oqimqys6yKXqT7Mn+IXC4gKAF
gQ56Lxt+OcoMYjtVtdBBsrqChR2ZzYVNx4ZhC7HKix6AmY397TFfdTSunUpiTVlu
/J7331UhfN0iOWjOvD0FABQ73Qqiu3BSQhDjBG+tgjVkLjsp517jlk+9Kkyix0dX
IIAp9bvNyUKB0Ux6Bu1WTqr/sSoix3gW4y3Q7aBxso+KVW4QtOSfxg==
-----END CERTIFICATE-----
Generated at Wed May 1 01:27:20 2024 by rpki-client on console-fra.rpki-client.org