Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/4-nH0cXz35lPijSNOR93BOjsPs0.roa
File: 4-nH0cXz35lPijSNOR93BOjsPs0.roa (raw, json)
Hash identifier: nnM8ymkySPWKN8AUsyoWp5iZ42gRtR8LCLfGKw1MZTw=
Subject key identifier: E3:E9:C7:D1:C5:F3:DF:99:4F:8A:34:8D:39:1F:77:04:E8:EC:3E:CD
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 08A4
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/4-nH0cXz35lPijSNOR93BOjsPs0.roa
Signing time: Sun 26 Jan 2025 14:26:39 +0000
ROA not before: Sun 26 Jan 2025 14:26:39 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2212 (0x8a4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Jan 26 14:26:39 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=E3E9C7D1C5F3DF994F8A348D391F7704E8EC3ECD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:bf:fd:73:24:e2:a8:f1:c3:53:d4:e6:52:1c:
33:84:3e:f3:99:ff:3d:28:b3:03:ad:fc:30:28:b2:
a3:ca:22:65:b6:8a:ba:d2:a5:63:79:98:18:08:3e:
7d:b9:00:71:61:fd:ec:95:0f:5b:80:2c:64:51:a5:
6e:2a:fb:47:c5:2f:63:f3:31:ed:18:11:9f:7a:22:
61:8f:2c:39:76:77:c8:e2:04:74:98:46:91:63:a5:
e9:54:43:ae:ed:65:15:fc:24:0d:55:17:40:9b:10:
f7:af:d9:6d:f1:c3:cf:5a:9f:44:60:7e:3e:79:1f:
03:02:c6:ae:eb:bd:04:24:30:8c:b6:56:fe:fe:f4:
10:29:e4:7d:50:5c:4d:8d:ca:0b:1f:61:3b:45:96:
e7:8a:a9:ba:a8:64:ef:1a:bb:49:a5:10:e1:f4:f4:
f0:8e:8e:06:dc:1a:7a:7f:95:54:6a:df:a2:0d:e4:
82:5d:75:ce:db:61:0d:13:45:2a:ec:75:22:af:7d:
06:e5:f3:7b:83:b4:ed:4b:41:0d:d8:67:e1:d7:85:
13:1e:b4:11:09:06:6e:4f:60:1e:1f:39:d1:3d:e0:
35:83:15:b9:54:bd:79:16:a4:c7:01:1f:83:d7:f5:
85:ba:f4:c0:76:22:6e:83:c8:ae:48:02:44:75:65:
11:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:E9:C7:D1:C5:F3:DF:99:4F:8A:34:8D:39:1F:77:04:E8:EC:3E:CD
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/4-nH0cXz35lPijSNOR93BOjsPs0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
20:e5:6e:82:67:5b:d0:1f:87:bf:33:b9:70:79:d4:a9:d3:cb:
c8:ad:fb:6b:c7:a7:34:bb:51:be:8c:3d:ac:78:42:84:fb:bd:
4c:47:67:da:58:a5:c7:01:da:1c:6f:70:06:8d:b0:36:55:0a:
68:6c:c2:51:8c:c1:63:58:ba:6b:a6:8b:29:10:35:7f:4d:74:
a5:52:11:98:3d:43:85:83:28:07:d8:5d:be:2a:58:57:40:f9:
56:7a:e9:a3:08:94:fc:25:26:68:6e:af:bb:7c:18:b2:1e:2f:
c0:f5:69:c4:5f:96:25:a0:70:97:0c:3e:2c:cd:1a:5d:30:3a:
65:47:1b:0e:bd:ff:fa:52:9d:4d:f3:aa:2b:06:72:0d:e0:04:
0a:b2:15:71:b8:6f:58:c9:0d:a5:b1:c1:3e:6c:fc:f2:77:87:
4e:62:8f:f3:95:27:07:75:2c:88:87:75:c8:d4:b4:7c:e8:04:
1c:32:5e:c7:37:a6:0c:ac:55:fc:cc:c6:14:04:0c:df:c7:fa:
31:f1:9b:3f:c0:05:db:ec:c0:13:30:8b:42:2d:12:7d:c4:94:
71:0a:69:0b:5e:36:2b:48:b5:8e:17:f5:5b:86:29:32:88:4a:
2d:62:61:ec:43:23:8d:11:0e:00:8f:85:6d:41:86:89:57:08:
aa:a8:62:ae
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICCKQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAxMjYx
NDI2MzlaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKEUzRTlDN0QxQzVGM0RG
OTk0RjhBMzQ4RDM5MUY3NzA0RThFQzNFQ0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCbv/1zJOKo8cNT1OZSHDOEPvOZ/z0oswOt/DAosqPKImW2irrS
pWN5mBgIPn25AHFh/eyVD1uALGRRpW4q+0fFL2PzMe0YEZ96ImGPLDl2d8jiBHSY
RpFjpelUQ67tZRX8JA1VF0CbEPev2W3xw89an0Rgfj55HwMCxq7rvQQkMIy2Vv7+
9BAp5H1QXE2NygsfYTtFlueKqbqoZO8au0mlEOH09PCOjgbcGnp/lVRq36IN5IJd
dc7bYQ0TRSrsdSKvfQbl83uDtO1LQQ3YZ+HXhRMetBEJBm5PYB4fOdE94DWDFblU
vXkWpMcBH4PX9YW69MB2Im6DyK5IAkR1ZRGTAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQU4+nH0cXz35lPijSNOR93BOjsPs0wHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwLzQtbkgwY1h6MzVsUGlq
U05PUjkzQk9qc1BzMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBACDlboJnW9Afh78zuXB51KnT
y8it+2vHpzS7Ub6MPax4QoT7vUxHZ9pYpccB2hxvcAaNsDZVCmhswlGMwWNYumum
iykQNX9NdKVSEZg9Q4WDKAfYXb4qWFdA+VZ66aMIlPwlJmhur7t8GLIeL8D1acRf
liWgcJcMPizNGl0wOmVHGw69//pSnU3zqisGcg3gBAqyFXG4b1jJDaWxwT5s/PJ3
h05ij/OVJwd1LIiHdcjUtHzoBBwyXsc3pgysVfzMxhQEDN/H+jHxmz/ABdvswBMw
i0ItEn3ElHEKaQteNitItY4X9VuGKTKISi1iYexDI40RDgCPhW1BholXCKqoYq4=
Generated at Sun Jan 26 18:23:30 2025 by rpki-client on console.sobornost.net