Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/BKwLm_uaC2RNZJc39OM0R1swKd0.roa
File: BKwLm_uaC2RNZJc39OM0R1swKd0.roa (raw, json)
Hash identifier: YBSf6vWNA4JSVsqnKfue54Ozmw7taBdVN1vfKsCOJBE=
Subject key identifier: 04:AC:0B:9B:FB:9A:0B:64:4D:64:97:37:F4:E3:34:47:5B:30:29:DD
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 06DA
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/BKwLm_uaC2RNZJc39OM0R1swKd0.roa
Signing time: Tue 21 Jan 2025 19:54:56 +0000
ROA not before: Tue 21 Jan 2025 19:54:56 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1754 (0x6da)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Jan 21 19:54:56 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=04AC0B9BFB9A0B644D649737F4E334475B3029DD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:1a:b5:78:18:44:22:37:c9:c5:0b:c6:5f:74:
75:3c:37:24:26:8c:8a:cd:ac:3e:5a:c0:4d:36:60:
b7:d4:8c:20:11:40:38:fd:ce:49:11:e1:15:53:af:
76:f3:be:0a:d7:05:ae:54:4a:1f:c5:9a:99:48:b1:
19:ac:22:17:2d:96:fa:ee:eb:9a:a7:28:92:38:75:
7a:3e:55:9e:95:f3:51:8f:99:19:69:cf:5b:fe:d5:
64:b1:5f:36:5d:44:b3:2d:f7:6c:b7:50:68:4d:c8:
28:5d:79:b1:2d:11:ed:56:4b:80:52:94:95:d1:10:
65:44:02:36:b3:6f:fc:7c:9e:71:dd:ff:43:5c:09:
5c:40:ba:6e:76:72:91:66:50:75:64:62:95:f3:fa:
54:c6:a7:92:94:d4:d2:ee:f6:e0:eb:79:4e:fe:a4:
0c:8e:19:9d:9f:6a:9e:ea:d7:df:9d:30:e6:b1:2f:
3c:cf:1b:7f:fa:48:93:0f:01:ed:e7:5d:2c:f2:78:
6f:0f:81:0a:64:91:be:f8:33:b9:c9:68:ee:5a:08:
d0:3c:67:46:e7:05:cd:9b:be:8c:7e:13:b7:f7:7b:
dc:f0:b3:a4:67:a9:72:11:d7:ca:36:53:41:fc:65:
87:c0:77:3c:9c:d8:8b:9f:bf:65:b8:5e:77:a3:9a:
47:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:AC:0B:9B:FB:9A:0B:64:4D:64:97:37:F4:E3:34:47:5B:30:29:DD
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/BKwLm_uaC2RNZJc39OM0R1swKd0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
a6:c6:7b:6f:d4:7e:f6:ae:75:3e:07:b3:fd:af:f2:40:cc:47:
4e:68:d5:a2:39:a8:8e:dd:7a:72:17:b0:80:3e:a8:9c:1c:2a:
cd:d9:92:8e:ce:46:c9:b0:7a:90:68:79:c9:14:a4:16:39:a2:
2b:4f:ec:99:5f:a1:41:2e:9f:bc:cf:f5:6b:48:a7:83:a0:13:
fb:90:3c:6c:ed:83:e2:d4:43:3c:b9:b0:01:9d:39:03:97:76:
86:8c:ea:5e:e2:40:75:1f:0b:04:c8:d3:a4:c9:cc:3a:e8:9f:
55:e6:e9:b4:17:46:fb:54:2d:df:a2:67:3f:bf:47:e1:00:3c:
c5:18:14:e5:f2:7f:8f:4a:8f:e9:f7:1a:b3:26:a2:0f:d0:69:
8d:fd:c8:cb:01:a4:84:1f:b2:7c:14:75:da:65:fc:af:4e:4f:
c3:80:9b:12:de:8f:67:cf:d5:c3:ab:09:b2:7e:49:e4:2a:1c:
8a:ea:c5:78:2f:4c:ad:79:b8:59:25:0f:af:b4:2c:99:35:a3:
22:fe:5e:82:84:ca:ac:bc:59:65:7e:7c:29:e8:3f:ef:03:78:
fd:70:c0:e8:22:59:e5:66:2b:40:19:7c:ae:b9:96:2e:e5:1f:
7d:23:85:7a:42:0a:e2:44:04:3b:fa:c9:2d:39:3e:f3:31:14:
2b:50:a7:a3
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICBtowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAxMjEx
OTU0NTZaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDA0QUMwQjlCRkI5QTBC
NjQ0RDY0OTczN0Y0RTMzNDQ3NUIzMDI5REQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCGrV4GEQiN8nFC8ZfdHU8NyQmjIrNrD5awE02YLfUjCARQDj9
zkkR4RVTr3bzvgrXBa5USh/FmplIsRmsIhctlvru65qnKJI4dXo+VZ6V81GPmRlp
z1v+1WSxXzZdRLMt92y3UGhNyChdebEtEe1WS4BSlJXREGVEAjazb/x8nnHd/0Nc
CVxAum52cpFmUHVkYpXz+lTGp5KU1NLu9uDreU7+pAyOGZ2fap7q19+dMOaxLzzP
G3/6SJMPAe3nXSzyeG8PgQpkkb74M7nJaO5aCNA8Z0bnBc2bvox+E7f3e9zws6Rn
qXIR18o2U0H8ZYfAdzyc2Iufv2W4Xnejmkd5AgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUBKwLm/uaC2RNZJc39OM0R1swKd0wHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL0JLd0xtX3VhQzJSTlpK
YzM5T00wUjFzd0tkMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAKbGe2/UfvaudT4Hs/2v8kDM
R05o1aI5qI7denIXsIA+qJwcKs3Zko7ORsmwepBoeckUpBY5oitP7JlfoUEun7zP
9WtIp4OgE/uQPGztg+LUQzy5sAGdOQOXdoaM6l7iQHUfCwTI06TJzDron1Xm6bQX
RvtULd+iZz+/R+EAPMUYFOXyf49Kj+n3GrMmog/QaY39yMsBpIQfsnwUddpl/K9O
T8OAmxLej2fP1cOrCbJ+SeQqHIrqxXgvTK15uFklD6+0LJk1oyL+XoKEyqy8WWV+
fCnoP+8DeP1wwOgiWeVmK0AZfK65li7lH30jhXpCCuJEBDv6yS05PvMxFCtQp6M=
-----END CERTIFICATE-----
Generated at Wed Jan 22 02:04:44 2025 by rpki-client on console.sobornost.net