Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/xdVXXNlPk_ELYy0v77XirKmA824.roa
File: xdVXXNlPk_ELYy0v77XirKmA824.roa (raw, json)
Hash identifier: 1wDxlDWVxKock2M5rOlYGIftO5gLQsqXNRdOjIfvqTU=
Subject key identifier: C5:D5:57:5C:D9:4F:93:F1:0B:63:2D:2F:EF:B5:E2:AC:A9:80:F3:6E
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 17EA
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/xdVXXNlPk_ELYy0v77XirKmA824.roa
Signing time: Tue 23 Apr 2024 17:53:35 +0000
ROA not before: Tue 23 Apr 2024 17:53:35 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6122 (0x17ea)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 23 17:53:35 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C5D5575CD94F93F10B632D2FEFB5E2ACA980F36E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:fc:04:e1:6d:8a:67:00:f0:e0:8e:4a:65:ba:
1e:9b:6c:77:f7:68:f4:b3:25:f1:d2:1e:56:bc:1c:
7d:67:64:24:e0:2e:c8:6d:1f:9d:a3:28:88:b2:f0:
a3:8e:b6:18:8b:32:a9:c5:da:bf:e1:6a:0b:1f:71:
b4:b3:f5:c7:7e:36:64:fe:f5:28:e7:a5:e0:93:d3:
96:00:a9:44:10:5f:88:aa:8d:30:03:cb:94:e5:dd:
ef:5b:18:a9:5a:b4:36:7c:90:7b:a9:5b:48:1f:fb:
73:65:09:d6:2a:d7:0a:d7:b6:7e:84:68:19:21:cb:
dd:27:15:f0:1c:5a:57:fe:8c:4b:97:f2:03:db:d2:
c1:1e:57:40:bf:e5:ca:6f:70:28:6a:1a:b7:e5:10:
20:d2:8a:1d:6f:5a:fb:82:6b:7e:26:df:bb:c4:27:
cd:1c:84:57:a1:82:bd:54:37:c5:86:f9:8f:82:73:
73:99:50:da:b4:e7:1d:af:98:85:57:8b:a7:e4:92:
78:fd:3d:9f:11:15:ed:6f:14:17:2b:6b:f8:22:30:
b6:a8:87:ca:32:48:62:37:0a:30:f8:af:1b:97:0b:
92:38:80:7d:92:b7:d7:0c:51:61:1a:4c:f2:49:b9:
ea:24:9e:47:b9:7f:73:c3:06:c1:12:12:25:39:6a:
f3:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:D5:57:5C:D9:4F:93:F1:0B:63:2D:2F:EF:B5:E2:AC:A9:80:F3:6E
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/xdVXXNlPk_ELYy0v77XirKmA824.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
19:06:4f:40:d8:8e:e2:41:13:83:51:d8:79:15:3a:d6:b9:4c:
50:ea:72:7f:7d:11:21:ec:87:19:c0:ec:a9:a1:d9:b8:a3:14:
98:c5:3d:60:ae:35:2e:f8:5e:5b:c1:27:94:88:d6:0b:3e:5c:
97:47:89:4f:b4:37:07:6e:df:09:dd:3f:6b:cc:62:8d:3b:15:
fc:f1:03:55:a0:61:ba:b8:5f:61:85:e2:e6:8e:02:24:dc:34:
44:5b:79:78:99:4f:3f:a0:70:66:db:bf:bd:1c:95:0b:4c:ed:
00:c1:2a:91:7d:15:b2:ac:2f:bb:67:e4:17:a8:80:de:00:02:
71:8a:fa:ac:d2:11:c3:35:95:a3:2d:28:21:68:ac:38:2b:ce:
dd:38:c3:ae:e5:71:4a:a0:d5:3c:ab:4e:e6:c3:48:c6:76:22:
22:82:ca:47:7e:9b:ce:57:d8:e3:70:32:2b:c1:3a:1a:cb:63:
88:93:7c:72:f6:c2:18:45:57:93:54:2e:b3:2d:e5:a3:4f:81:
7e:2e:0d:65:e9:3e:13:7a:13:9b:99:40:11:d5:a0:96:76:57:
ee:ff:9a:2f:a6:b3:25:e2:a4:14:a0:7e:31:62:81:62:e4:a9:
ad:e2:a3:96:0c:bc:0b:ff:be:1d:37:0e:c1:2e:45:31:0a:28:
0b:ba:a0:3d
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICF+owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MjMx
NzUzMzVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEM1RDU1NzVDRDk0Rjkz
RjEwQjYzMkQyRkVGQjVFMkFDQTk4MEYzNkUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDH/AThbYpnAPDgjkpluh6bbHf3aPSzJfHSHla8HH1nZCTgLsht
H52jKIiy8KOOthiLMqnF2r/hagsfcbSz9cd+NmT+9SjnpeCT05YAqUQQX4iqjTAD
y5Tl3e9bGKlatDZ8kHupW0gf+3NlCdYq1wrXtn6EaBkhy90nFfAcWlf+jEuX8gPb
0sEeV0C/5cpvcChqGrflECDSih1vWvuCa34m37vEJ80chFehgr1UN8WG+Y+Cc3OZ
UNq05x2vmIVXi6fkknj9PZ8RFe1vFBcra/giMLaoh8oySGI3CjD4rxuXC5I4gH2S
t9cMUWEaTPJJueoknke5f3PDBsESEiU5avPbAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUxdVXXNlPk/ELYy0v77XirKmA824wHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL3hkVlhYTmxQa19FTFl5
MHY3N1hpckttQTgyNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEAGQZPQNiO4kETg1HYeRU61rlMUOpyf30R
IeyHGcDsqaHZuKMUmMU9YK41LvheW8EnlIjWCz5cl0eJT7Q3B27fCd0/a8xijTsV
/PEDVaBhurhfYYXi5o4CJNw0RFt5eJlPP6BwZtu/vRyVC0ztAMEqkX0Vsqwvu2fk
F6iA3gACcYr6rNIRwzWVoy0oIWisOCvO3TjDruVxSqDVPKtO5sNIxnYiIoLKR36b
zlfY43AyK8E6GstjiJN8cvbCGEVXk1Qusy3lo0+Bfi4NZek+E3oTm5lAEdWglnZX
7v+aL6azJeKkFKB+MWKBYuSpreKjlgy8C/++HTcOwS5FMQooC7qgPQ==
-----END CERTIFICATE-----
Generated at Tue Apr 23 21:00:44 2024 by rpki-client on console-fra.rpki-client.org