Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/0zrs5Wni3nQ0pEip7EkEgPEOj1Y.roa
File: 0zrs5Wni3nQ0pEip7EkEgPEOj1Y.roa (raw, json)
Hash identifier: ipoZSgC3fk8iLh//M9WuRCU6fQ6kGzKrVButsTo2Nlw=
Subject key identifier: D3:3A:EC:E5:69:E2:DE:74:34:A4:48:A9:EC:49:04:80:F1:0E:8F:56
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 066C
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/0zrs5Wni3nQ0pEip7EkEgPEOj1Y.roa
Signing time: Mon 20 Jan 2025 16:24:55 +0000
ROA not before: Mon 20 Jan 2025 16:24:55 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1644 (0x66c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Jan 20 16:24:55 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=D33AECE569E2DE7434A448A9EC490480F10E8F56
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:31:b2:f3:69:d5:cc:07:48:7f:79:72:eb:bf:
f0:32:d5:f9:96:89:3a:07:f0:f3:0d:9a:31:77:fe:
e0:68:da:a5:fe:28:12:42:f6:35:b1:d6:7a:f4:c6:
99:5d:6c:5b:ab:00:27:57:94:28:6f:a4:bd:68:d3:
31:9e:b0:a7:f7:57:8d:5b:6b:b2:04:13:cf:c4:d5:
a9:a4:dd:02:13:66:98:9a:7f:2e:a8:04:cc:f1:a6:
1a:ff:0e:30:8b:60:2d:aa:fd:27:88:f6:1c:3b:72:
48:3a:84:8f:95:3c:73:00:46:a8:43:e8:4a:44:6c:
c0:29:50:7c:d0:b1:bd:2f:37:9f:cf:aa:a6:8d:89:
e8:ba:a0:0f:db:ca:7f:dc:52:ed:98:73:1f:27:80:
26:f2:c8:27:75:e3:4d:db:8a:58:75:57:18:50:73:
ef:f3:b3:7d:72:7c:77:f2:66:86:c8:f0:13:9d:b9:
62:3f:5b:52:cc:33:3c:18:95:5b:43:d3:55:d7:4f:
43:7d:93:1b:3d:f6:05:4c:d9:03:e4:5a:49:37:63:
15:31:da:61:9f:01:43:77:02:47:b8:c5:a9:d3:48:
66:9d:b8:dc:87:32:92:e6:15:23:68:68:4f:0d:67:
70:03:80:fd:7e:bb:3d:80:6e:0f:db:9e:8f:86:f5:
09:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:3A:EC:E5:69:E2:DE:74:34:A4:48:A9:EC:49:04:80:F1:0E:8F:56
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/0zrs5Wni3nQ0pEip7EkEgPEOj1Y.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
6d:a3:5b:82:67:56:0b:4d:24:52:4f:d3:d7:c8:48:f8:d0:e5:
59:7e:d2:59:48:f9:64:ac:03:3c:ad:80:08:21:a6:07:7f:42:
20:d8:ce:93:f3:89:fa:d0:b4:50:d0:4f:55:7c:13:9b:d9:7c:
e3:b5:07:02:80:95:e7:a3:d9:15:bd:6b:27:4c:a1:28:e7:15:
2d:f5:2a:9c:2e:8d:63:ad:a6:0a:00:aa:c8:c0:d4:46:6e:e5:
f2:7c:08:a5:02:43:2a:d3:6f:13:6d:22:e6:4e:6e:b9:65:ad:
aa:51:97:57:82:a7:16:43:30:41:ed:75:65:36:99:6c:c0:c1:
2b:d4:c5:ac:0d:b2:22:65:a7:e7:85:98:97:6d:6d:2f:d5:ba:
4a:b6:61:78:b2:aa:5d:a5:a3:27:9f:d8:25:40:b3:96:61:9a:
78:50:75:72:df:b7:4d:6c:63:73:9b:df:5e:1b:0b:04:d8:2c:
84:d8:a3:b7:a5:68:7a:6a:e1:c8:22:fc:01:17:e2:5b:e6:5c:
57:bc:05:c6:79:c7:ee:a6:2f:3f:e4:ad:68:13:af:15:f5:b6:
f7:57:af:00:c6:1b:65:ca:ab:fc:fd:59:95:35:64:0d:af:a9:
c1:21:07:31:a5:c5:51:8a:f8:a1:36:bc:2a:15:81:51:2b:c6:
42:b1:fe:37
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICBmwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAxMjAx
NjI0NTVaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKEQzM0FFQ0U1NjlFMkRF
NzQzNEE0NDhBOUVDNDkwNDgwRjEwRThGNTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCcMbLzadXMB0h/eXLrv/Ay1fmWiToH8PMNmjF3/uBo2qX+KBJC
9jWx1nr0xpldbFurACdXlChvpL1o0zGesKf3V41ba7IEE8/E1amk3QITZpiafy6o
BMzxphr/DjCLYC2q/SeI9hw7ckg6hI+VPHMARqhD6EpEbMApUHzQsb0vN5/PqqaN
iei6oA/byn/cUu2Ycx8ngCbyyCd1403bilh1VxhQc+/zs31yfHfyZobI8BOduWI/
W1LMMzwYlVtD01XXT0N9kxs99gVM2QPkWkk3YxUx2mGfAUN3Ake4xanTSGaduNyH
MpLmFSNoaE8NZ3ADgP1+uz2Abg/bno+G9QknAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQU0zrs5Wni3nQ0pEip7EkEgPEOj1YwHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwLzB6cnM1V25pM25RMHBF
aXA3RWtFZ1BFT2oxWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAG2jW4JnVgtNJFJP09fISPjQ
5Vl+0llI+WSsAzytgAghpgd/QiDYzpPzifrQtFDQT1V8E5vZfOO1BwKAleej2RW9
aydMoSjnFS31KpwujWOtpgoAqsjA1EZu5fJ8CKUCQyrTbxNtIuZObrllrapRl1eC
pxZDMEHtdWU2mWzAwSvUxawNsiJlp+eFmJdtbS/Vukq2YXiyql2loyef2CVAs5Zh
mnhQdXLft01sY3Ob314bCwTYLITYo7elaHpq4cgi/AEX4lvmXFe8BcZ5x+6mLz/k
rWgTrxX1tvdXrwDGG2XKq/z9WZU1ZA2vqcEhBzGlxVGK+KE2vCoVgVErxkKx/jc=
Generated at Mon Jan 20 22:03:23 2025 by rpki-client on console.sobornost.net