Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/rKpiwwjXlePFNs1mGI98aiRhgto.roa
File: rKpiwwjXlePFNs1mGI98aiRhgto.roa (raw, json)
Hash identifier: u9dKTfGrCW85lAtLx4z9+GJ2f0vn79nwk8fw2ISMWyw=
Subject key identifier: AC:AA:62:C3:08:D7:95:E3:C5:36:CD:66:18:8F:7C:6A:24:61:82:DA
Certificate issuer: /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial: 11A8
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/rKpiwwjXlePFNs1mGI98aiRhgto.roa
Signing time: Sun 07 Apr 2024 01:22:57 +0000
ROA not before: Sun 07 Apr 2024 01:22:57 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 55995
IP address blocks: 112.75.0.0/16 maxlen: 24
112.75.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4520 (0x11a8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Validity
Not Before: Apr 7 01:22:57 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=ACAA62C308D795E3C536CD66188F7C6A246182DA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:a9:6f:8c:61:cf:4e:a9:2b:8c:71:41:65:38:
17:b1:8c:0c:58:9a:00:d8:19:3d:29:fd:f9:66:e3:
2a:21:6b:db:56:8c:ea:0a:79:f4:43:c3:fa:3a:9f:
d4:1c:29:fc:b8:63:bd:c3:a0:f4:19:bc:e0:95:92:
ca:c0:35:a4:06:7e:ff:5a:47:54:9c:66:a4:f6:61:
90:61:91:aa:ec:b7:07:f8:c7:62:5a:d4:b7:6e:ac:
e0:5f:74:f4:c5:a0:70:10:69:2f:6c:00:e8:62:71:
b3:25:ae:91:c3:87:43:5d:10:cd:32:39:f0:b5:5d:
a7:31:d5:43:89:e7:98:40:c5:6a:a1:d0:91:4d:9b:
df:3a:5e:26:1b:6d:3c:ef:9e:26:72:56:b5:38:0e:
83:7a:14:73:c3:c4:09:f5:10:60:02:e4:34:14:e7:
fb:bb:4f:29:40:8f:6c:c3:5f:23:51:61:c8:4f:d2:
47:9a:ba:94:d7:b5:a1:5c:55:d1:e2:2f:87:75:22:
9b:7b:1d:45:65:c9:47:97:da:9c:a5:20:ff:63:34:
a6:cf:f7:90:fa:da:66:8c:65:89:06:6b:a9:72:0c:
86:61:92:15:60:a4:30:ff:4c:43:1f:f5:fa:3c:49:
f5:92:97:a0:a4:72:f5:49:75:7c:46:9e:67:6b:16:
05:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:AA:62:C3:08:D7:95:E3:C5:36:CD:66:18:8F:7C:6A:24:61:82:DA
X509v3 Authority Key Identifier:
keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/rKpiwwjXlePFNs1mGI98aiRhgto.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
112.75.0.0/16
Signature Algorithm: sha256WithRSAEncryption
9c:d2:5e:07:a8:4d:52:e6:51:b2:fe:b4:27:46:a2:0a:4d:07:
83:a6:34:37:b1:a0:92:36:c9:51:ba:43:16:d8:8d:5a:4a:5c:
e9:6e:e9:1c:4a:bb:95:ae:d6:ab:2f:c4:4d:e0:86:7d:ac:1c:
eb:68:91:f2:3c:27:a7:69:50:53:39:01:42:15:67:ce:6a:22:
10:44:af:2c:9f:b5:9a:5f:0d:ef:4a:ff:04:0b:fb:01:94:6b:
a1:48:bb:f2:58:4e:1e:ce:79:cb:f0:4f:07:8f:0c:84:05:91:
fc:a3:39:00:90:8f:05:1a:30:b6:02:3f:0a:ce:87:b8:cd:2b:
5c:9c:0e:87:c8:4a:20:5a:ea:78:67:bf:92:93:f1:ed:68:1c:
9f:a8:1a:c5:85:3f:cb:f4:21:89:61:3e:de:7e:4c:0c:d0:e5:
27:cf:ba:c1:a3:af:28:f1:79:d9:c9:7a:40:20:d3:b8:3a:e9:
c7:42:60:7d:16:55:e6:e8:48:34:ad:50:2f:37:27:36:34:d6:
c5:be:3c:92:35:a3:a0:30:46:e3:68:ce:2e:ed:d5:78:3e:ef:
68:21:7f:43:15:ec:f2:eb:3d:94:7e:6e:ec:dc:70:58:59:93:
aa:c7:bc:34:df:d6:23:30:35:00:a9:a4:b5:90:4a:fd:40:7b:
b0:0a:ba:30
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICEagwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yNDA0MDcw
MTIyNTdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFDQUE2MkMzMDhENzk1
RTNDNTM2Q0Q2NjE4OEY3QzZBMjQ2MTgyREEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCmqW+MYc9OqSuMcUFlOBexjAxYmgDYGT0p/flm4yoha9tWjOoK
efRDw/o6n9QcKfy4Y73DoPQZvOCVksrANaQGfv9aR1ScZqT2YZBhkarstwf4x2Ja
1LdurOBfdPTFoHAQaS9sAOhicbMlrpHDh0NdEM0yOfC1Xacx1UOJ55hAxWqh0JFN
m986XiYbbTzvniZyVrU4DoN6FHPDxAn1EGAC5DQU5/u7TylAj2zDXyNRYchP0kea
upTXtaFcVdHiL4d1Ipt7HUVlyUeX2pylIP9jNKbP95D62maMZYkGa6lyDIZhkhVg
pDD/TEMf9fo8SfWSl6CkcvVJdXxGnmdrFgXJAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUrKpiwwjXlePFNs1mGI98aiRhgtowHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL3JLcGl3d2pYbGVQRk5z
MW1HSTk4YWlSaGd0by5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwBwSzANBgkqhkiG9w0BAQsFAAOCAQEAnNJeB6hNUuZRsv60J0aiCk0Hg6Y0N7Gg
kjbJUbpDFtiNWkpc6W7pHEq7la7Wqy/ETeCGfawc62iR8jwnp2lQUzkBQhVnzmoi
EESvLJ+1ml8N70r/BAv7AZRroUi78lhOHs55y/BPB48MhAWR/KM5AJCPBRowtgI/
Cs6HuM0rXJwOh8hKIFrqeGe/kpPx7Wgcn6gaxYU/y/QhiWE+3n5MDNDlJ8+6waOv
KPF52cl6QCDTuDrpx0JgfRZV5uhINK1QLzcnNjTWxb48kjWjoDBG42jOLu3VeD7v
aCF/QxXs8us9lH5u7NxwWFmTqse8NN/WIzA1AKmktZBK/UB7sAq6MA==
-----END CERTIFICATE-----
Generated at Sun Apr 7 09:00:19 2024 by rpki-client on console.sobornost.net