Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/4GK3--f1pjNv1WcrQ4B2wWDMEZc.roa
File: 4GK3--f1pjNv1WcrQ4B2wWDMEZc.roa (raw, json)
Hash identifier: PGK4q1f11faM4Foncezv6HIEQxW/IgVQFbig5gsI5iQ=
Subject key identifier: E0:62:B7:FB:E7:F5:A6:33:6F:D5:67:2B:43:80:76:C1:60:CC:11:97
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 07AA
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/4GK3--f1pjNv1WcrQ4B2wWDMEZc.roa
Signing time: Thu 23 Jan 2025 23:56:22 +0000
ROA not before: Thu 23 Jan 2025 23:56:22 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1962 (0x7aa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Jan 23 23:56:22 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=E062B7FBE7F5A6336FD5672B438076C160CC1197
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:ac:59:ea:cd:13:d5:61:60:ba:d1:be:30:e6:
07:1b:e6:5b:be:c1:c4:fe:e9:12:87:24:f7:4e:7b:
2a:73:8d:fb:77:52:d2:bf:fb:b1:2a:fe:6b:89:5e:
55:11:60:04:5e:66:8a:e3:63:e5:d0:0b:01:3a:e2:
4a:9c:62:ca:3f:c5:f8:4b:b1:42:51:da:0a:b4:61:
91:10:00:37:09:20:8d:bc:bc:2f:73:49:bc:6d:da:
dd:cd:7b:21:86:27:5c:39:09:45:51:68:cf:b0:5b:
86:83:dd:15:23:d3:a6:99:d8:1c:a7:78:7f:13:ad:
4c:20:e2:9e:6d:54:af:35:23:69:49:a2:db:21:c5:
bd:be:a7:2d:48:0c:34:49:cf:6d:29:bd:58:27:4f:
ce:ea:82:97:fb:38:fc:d8:74:0f:0e:c8:56:6b:ad:
e0:4a:f0:1c:07:73:d2:d8:aa:c4:e1:de:9b:3b:41:
2f:e8:8d:80:d1:fc:f3:dd:88:63:3e:c1:b3:0f:80:
29:2a:50:51:ab:a6:a4:e8:34:e0:e2:69:83:21:c2:
02:43:96:e1:df:cd:c4:f8:d5:93:5f:11:e0:5c:cc:
e2:4f:f1:52:ca:a3:d9:bf:f2:98:de:c5:3c:d1:d4:
c1:2a:c4:6e:ec:24:f9:c4:69:c3:28:67:83:85:4c:
d5:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:62:B7:FB:E7:F5:A6:33:6F:D5:67:2B:43:80:76:C1:60:CC:11:97
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/4GK3--f1pjNv1WcrQ4B2wWDMEZc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
1b:63:9e:75:af:57:87:c1:2c:b2:53:e3:41:8f:6b:73:21:63:
d6:b9:d5:13:95:51:b3:5d:db:c1:52:ac:3d:c0:6d:dc:52:23:
4c:cf:d7:94:eb:65:23:3e:3e:8f:c7:68:e4:d3:9a:6b:d2:30:
90:0f:a0:60:35:40:a2:d0:ac:92:55:c7:5e:d0:6b:7d:fb:0e:
0a:7f:a4:11:25:36:47:09:72:44:ea:28:63:d6:d1:c1:ab:cc:
e2:ec:5a:26:5d:a8:43:82:1e:1d:1e:ca:52:68:5f:5c:ab:87:
24:43:71:4a:a3:db:0b:d0:0c:b0:97:07:3f:2b:81:57:83:b6:
df:dd:8e:72:00:4c:c7:79:5c:e2:fd:47:60:ca:75:85:ad:2f:
d0:60:d8:27:86:c4:1f:4d:08:80:8e:82:2f:39:eb:a5:2f:0d:
46:9a:ae:88:5c:16:18:d3:6b:87:1f:11:d9:bb:a1:08:3f:7c:
ab:a1:d2:27:4a:b7:e7:bd:7f:cb:38:27:b8:76:04:40:30:8e:
a9:69:49:71:cb:bd:e1:7c:86:50:ff:c8:40:54:aa:1d:6b:45:
b6:9a:7f:5e:da:c9:2b:05:76:43:45:a9:d1:ff:40:a3:80:4a:
74:d8:43:17:80:3e:8f:c8:19:fe:d0:be:e6:c1:4b:cc:d6:55:
38:b8:72:98
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICB6owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAxMjMy
MzU2MjJaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKEUwNjJCN0ZCRTdGNUE2
MzM2RkQ1NjcyQjQzODA3NkMxNjBDQzExOTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCxrFnqzRPVYWC60b4w5gcb5lu+wcT+6RKHJPdOeypzjft3UtK/
+7Eq/muJXlURYAReZorjY+XQCwE64kqcYso/xfhLsUJR2gq0YZEQADcJII28vC9z
Sbxt2t3NeyGGJ1w5CUVRaM+wW4aD3RUj06aZ2ByneH8TrUwg4p5tVK81I2lJotsh
xb2+py1IDDRJz20pvVgnT87qgpf7OPzYdA8OyFZrreBK8BwHc9LYqsTh3ps7QS/o
jYDR/PPdiGM+wbMPgCkqUFGrpqToNODiaYMhwgJDluHfzcT41ZNfEeBczOJP8VLK
o9m/8pjexTzR1MEqxG7sJPnEacMoZ4OFTNVLAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQU4GK3++f1pjNv1WcrQ4B2wWDMEZcwHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwLzRHSzMtLWYxcGpOdjFX
Y3JRNEIyd1dETUVaYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBABtjnnWvV4fBLLJT40GPa3Mh
Y9a51ROVUbNd28FSrD3AbdxSI0zP15TrZSM+Po/HaOTTmmvSMJAPoGA1QKLQrJJV
x17Qa337Dgp/pBElNkcJckTqKGPW0cGrzOLsWiZdqEOCHh0eylJoX1yrhyRDcUqj
2wvQDLCXBz8rgVeDtt/djnIATMd5XOL9R2DKdYWtL9Bg2CeGxB9NCICOgi8566Uv
DUaarohcFhjTa4cfEdm7oQg/fKuh0idKt+e9f8s4J7h2BEAwjqlpSXHLveF8hlD/
yEBUqh1rRbaaf17aySsFdkNFqdH/QKOASnTYQxeAPo/IGf7QvubBS8zWVTi4cpg=
Generated at Fri Jan 24 04:01:10 2025 by rpki-client on console.sobornost.net