Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/-Wcg-zfoIqZvJc3fp1p97bRRRXc.roa
File: -Wcg-zfoIqZvJc3fp1p97bRRRXc.roa (raw, json)
Hash identifier: CdpjPOQI/lXj++t7vYNb2fQP7DEweFB+f2YvJlW3ge4=
Subject key identifier: F9:67:20:FB:37:E8:22:A6:6F:25:CD:DF:A7:5A:7D:ED:B4:51:45:77
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 08BE
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/-Wcg-zfoIqZvJc3fp1p97bRRRXc.roa
Signing time: Sun 26 Jan 2025 20:55:16 +0000
ROA not before: Sun 26 Jan 2025 20:55:16 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2238 (0x8be)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Jan 26 20:55:16 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=F96720FB37E822A66F25CDDFA75A7DEDB4514577
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:49:55:bc:c1:3c:bd:55:ee:90:04:4e:83:ae:
1b:2e:3c:fa:29:9a:25:5b:f2:4a:55:b9:a7:81:28:
92:99:80:b6:1b:71:5a:6b:ed:7b:4d:7b:82:fd:ab:
03:26:7c:26:b9:45:6d:7b:6c:a9:85:8f:10:b1:ff:
0c:a6:a2:01:21:83:02:33:9a:c9:a4:b1:9f:b9:ae:
3f:7c:c0:a7:20:a3:06:55:18:b1:95:f7:10:41:14:
a1:41:c2:ca:db:b9:2e:3b:9d:56:99:aa:75:f9:84:
78:1d:62:91:fb:04:d8:a5:10:53:34:d4:35:a4:5f:
8e:10:05:05:00:25:a5:44:f3:9a:08:67:95:01:35:
ac:40:e3:3a:81:85:ee:72:91:b9:a1:33:5e:5b:e4:
cc:7e:8f:bb:1b:e3:a8:4b:31:ef:9f:97:30:51:7f:
70:d2:5a:22:37:3b:cf:7c:1a:b1:1a:ba:1b:3f:9f:
62:c6:32:8b:c4:6f:25:a5:72:6c:a1:af:4f:eb:2c:
46:46:54:b7:52:03:0e:15:21:66:45:76:26:a6:c7:
83:10:72:3c:83:f9:b1:2f:62:1a:2c:1f:73:1d:8f:
45:7f:d5:f9:c0:2f:bc:3c:66:57:f5:82:ba:fc:87:
81:23:48:a8:2e:a5:c3:22:ee:b7:41:c8:aa:e3:e6:
38:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:67:20:FB:37:E8:22:A6:6F:25:CD:DF:A7:5A:7D:ED:B4:51:45:77
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/-Wcg-zfoIqZvJc3fp1p97bRRRXc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
39:fd:fb:e7:d8:2d:70:22:3d:04:2b:49:00:cd:87:74:0d:88:
76:72:4a:49:c2:95:39:64:5e:fc:54:15:2c:f5:39:8f:f7:48:
8b:af:9d:6a:65:de:d6:0d:c5:42:7b:1b:e3:03:9e:0b:b9:91:
79:49:0b:da:49:8e:d2:c0:56:18:48:c1:b5:d7:76:20:46:77:
00:35:d7:35:0a:13:06:58:fd:a2:82:ff:f6:0b:6a:b9:c9:79:
b1:1a:43:c6:f4:0e:35:93:5e:67:2d:36:9e:3b:b6:19:54:f8:
61:fc:b4:d8:ec:91:93:ad:d5:96:2d:3f:83:45:db:35:10:cf:
fd:31:d4:63:d9:74:ea:5d:7b:91:ee:f5:f4:7e:6a:e8:68:ce:
13:0b:d0:4e:02:9c:1d:dd:9e:72:6b:11:7c:9e:a5:83:fd:2c:
37:33:7b:80:70:90:f6:bd:8f:61:57:c1:42:aa:66:3e:96:be:
59:2c:6e:6d:15:c3:11:af:52:2f:2a:74:43:86:2a:42:d9:f9:
cf:6a:fe:24:b8:e3:ca:71:57:1c:cb:26:54:c9:3e:73:b4:f8:
0e:0d:bc:35:90:19:3d:c3:bd:48:ec:f7:e9:98:f3:48:95:0d:
2f:88:30:74:87:9b:cf:bc:ec:7c:0c:96:fa:75:0a:9d:80:b0:
f7:13:95:26
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICCL4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAxMjYy
MDU1MTZaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKEY5NjcyMEZCMzdFODIy
QTY2RjI1Q0RERkE3NUE3REVEQjQ1MTQ1NzcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCoSVW8wTy9Ve6QBE6DrhsuPPopmiVb8kpVuaeBKJKZgLYbcVpr
7XtNe4L9qwMmfCa5RW17bKmFjxCx/wymogEhgwIzmsmksZ+5rj98wKcgowZVGLGV
9xBBFKFBwsrbuS47nVaZqnX5hHgdYpH7BNilEFM01DWkX44QBQUAJaVE85oIZ5UB
NaxA4zqBhe5ykbmhM15b5Mx+j7sb46hLMe+flzBRf3DSWiI3O898GrEauhs/n2LG
MovEbyWlcmyhr0/rLEZGVLdSAw4VIWZFdiamx4MQcjyD+bEvYhosH3Mdj0V/1fnA
L7w8Zlf1grr8h4EjSKgupcMi7rdByKrj5jg9AgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQU+Wcg+zfoIqZvJc3fp1p97bRRRXcwHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwLy1XY2ctemZvSXFadkpj
M2ZwMXA5N2JSUlJYYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBADn9++fYLXAiPQQrSQDNh3QN
iHZySknClTlkXvxUFSz1OY/3SIuvnWpl3tYNxUJ7G+MDngu5kXlJC9pJjtLAVhhI
wbXXdiBGdwA11zUKEwZY/aKC//YLarnJebEaQ8b0DjWTXmctNp47thlU+GH8tNjs
kZOt1ZYtP4NF2zUQz/0x1GPZdOpde5Hu9fR+auhozhML0E4CnB3dnnJrEXyepYP9
LDcze4BwkPa9j2FXwUKqZj6Wvlksbm0VwxGvUi8qdEOGKkLZ+c9q/iS448pxVxzL
JlTJPnO0+A4NvDWQGT3DvUjs9+mY80iVDS+IMHSHm8+87HwMlvp1Cp2AsPcTlSY=
Generated at Mon Jan 27 00:58:29 2025 by rpki-client on console.sobornost.net