Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/A0rRkE7JfqZ8hr0Th0Rc1_HK9l0.roa
File: A0rRkE7JfqZ8hr0Th0Rc1_HK9l0.roa (raw, json)
Hash identifier: y8nzISpp8d5vvdXE0nzuDbtK+ZCZwFNUZyiBvmVPQFU=
Subject key identifier: 03:4A:D1:90:4E:C9:7E:A6:7C:86:BD:13:87:44:5C:D7:F1:CA:F6:5D
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 0A54
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/A0rRkE7JfqZ8hr0Th0Rc1_HK9l0.roa
Signing time: Fri 31 Jan 2025 02:25:30 +0000
ROA not before: Fri 31 Jan 2025 02:25:30 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2644 (0xa54)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Jan 31 02:25:30 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=034AD1904EC97EA67C86BD1387445CD7F1CAF65D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:fa:b3:12:72:3c:25:14:e1:0e:47:f8:9f:3c:
75:0d:b9:6a:49:03:96:bf:0b:df:aa:4b:fe:17:b5:
5d:9f:d9:75:7f:b7:50:62:31:20:f0:95:c3:cb:b9:
ec:6f:3d:d6:ce:56:b9:ba:4d:94:64:70:e1:da:bc:
66:1c:e0:86:da:51:b6:cb:05:c3:f8:6f:d2:f4:97:
45:b9:4a:2a:63:55:13:13:63:87:ab:a0:42:30:d8:
51:7c:10:e5:f8:bd:3f:e8:3f:8b:59:33:76:41:82:
8b:4f:6e:3d:b9:30:43:4b:8a:9e:1c:1c:c8:99:02:
46:ad:be:81:03:0c:e1:48:3d:c3:2b:b9:9a:9d:90:
9b:36:08:b8:89:62:9d:06:98:1a:9b:11:cb:16:dc:
ee:20:45:30:85:fd:8d:05:c3:36:22:e7:06:e3:33:
b1:8d:c8:b7:01:54:6b:ad:ae:7d:6e:91:19:b9:62:
a3:4a:47:33:c6:70:de:ad:b6:0a:7b:80:9b:25:c0:
f1:00:a3:a0:43:e6:3e:cb:f9:65:51:34:0b:45:da:
a1:5a:4c:96:ee:3f:71:ca:31:73:d4:ce:d4:43:85:
e6:88:ff:70:cc:6d:da:fa:7a:ee:80:bf:86:e1:79:
f3:21:fe:61:5e:bf:66:e8:23:7a:7a:92:4b:e0:59:
62:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:4A:D1:90:4E:C9:7E:A6:7C:86:BD:13:87:44:5C:D7:F1:CA:F6:5D
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/A0rRkE7JfqZ8hr0Th0Rc1_HK9l0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
4d:2a:cc:2c:f6:09:7a:f3:39:02:44:34:52:79:db:0e:14:3a:
18:85:8d:45:1e:b8:55:e2:66:32:de:b1:fc:f6:2b:8e:50:af:
34:70:ea:e4:c1:85:08:02:0b:7b:65:d9:69:47:5e:45:a7:5f:
5c:37:72:73:ad:da:84:c4:12:8a:11:58:4f:b9:2d:d6:3c:10:
38:69:fa:37:4f:38:0b:ab:1a:12:9b:33:57:64:a8:51:6e:0c:
0b:27:91:2d:3e:f2:d5:f5:25:da:e7:c0:6f:d3:33:af:08:cb:
df:f1:37:16:11:09:0b:66:1d:96:91:a2:b6:46:51:b0:d0:ab:
d4:ae:ca:fa:e3:d3:df:79:b9:7b:3f:65:b0:b2:66:c1:eb:08:
1e:46:86:65:9f:0e:e7:c0:ed:01:74:70:a6:3f:31:7a:6a:68:
7f:bb:ca:f6:53:9a:de:56:33:d0:d0:85:0b:63:52:6a:f1:7b:
41:e1:b9:85:a4:26:5e:75:66:64:cb:d3:2d:06:3b:7a:7d:41:
b1:7c:37:84:43:90:45:a3:ac:8b:8e:36:88:66:ed:e8:32:30:
85:81:0d:f4:e1:eb:91:b9:f0:28:25:58:b6:88:4b:63:33:13:
e4:63:48:51:40:92:83:1f:f3:a4:d8:d3:d3:13:b1:7c:4d:c5:
79:16:45:55
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICClQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAxMzEw
MjI1MzBaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDAzNEFEMTkwNEVDOTdF
QTY3Qzg2QkQxMzg3NDQ1Q0Q3RjFDQUY2NUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDX+rMScjwlFOEOR/ifPHUNuWpJA5a/C9+qS/4XtV2f2XV/t1Bi
MSDwlcPLuexvPdbOVrm6TZRkcOHavGYc4IbaUbbLBcP4b9L0l0W5SipjVRMTY4er
oEIw2FF8EOX4vT/oP4tZM3ZBgotPbj25MENLip4cHMiZAkatvoEDDOFIPcMruZqd
kJs2CLiJYp0GmBqbEcsW3O4gRTCF/Y0FwzYi5wbjM7GNyLcBVGutrn1ukRm5YqNK
RzPGcN6ttgp7gJslwPEAo6BD5j7L+WVRNAtF2qFaTJbuP3HKMXPUztRDheaI/3DM
bdr6eu6Av4bhefMh/mFev2boI3p6kkvgWWLHAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUA0rRkE7JfqZ8hr0Th0Rc1/HK9l0wHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL0EwclJrRTdKZnFaOGhy
MFRoMFJjMV9ISzlsMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAE0qzCz2CXrzOQJENFJ52w4U
OhiFjUUeuFXiZjLesfz2K45QrzRw6uTBhQgCC3tl2WlHXkWnX1w3cnOt2oTEEooR
WE+5LdY8EDhp+jdPOAurGhKbM1dkqFFuDAsnkS0+8tX1JdrnwG/TM68Iy9/xNxYR
CQtmHZaRorZGUbDQq9Suyvrj0995uXs/ZbCyZsHrCB5GhmWfDufA7QF0cKY/MXpq
aH+7yvZTmt5WM9DQhQtjUmrxe0HhuYWkJl51ZmTL0y0GO3p9QbF8N4RDkEWjrIuO
Nohm7egyMIWBDfTh65G58CglWLaIS2MzE+RjSFFAkoMf86TY09MTsXxNxXkWRVU=
Generated at Fri Jan 31 07:28:25 2025 by rpki-client on console.sobornost.net