Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/BkXXDDjeDZikNLZyEyC4f5TTA10.roa
File: BkXXDDjeDZikNLZyEyC4f5TTA10.roa (raw, json)
Hash identifier: wpdTbSic7F9UB3jDZ7VWMsa7/4Z/OfqsqPopeVcZiYg=
Subject key identifier: 06:45:D7:0C:38:DE:0D:98:A4:34:B6:72:13:20:B8:7F:94:D3:03:5D
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 0542
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/BkXXDDjeDZikNLZyEyC4f5TTA10.roa
Signing time: Fri 17 Jan 2025 13:54:42 +0000
ROA not before: Fri 17 Jan 2025 13:54:42 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1346 (0x542)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Jan 17 13:54:42 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=0645D70C38DE0D98A434B6721320B87F94D3035D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:4d:8c:b5:33:ae:f9:ea:6f:d0:5e:e4:aa:ce:
25:f9:69:f6:84:29:36:15:73:e0:aa:b4:2e:71:a0:
9d:a5:67:57:14:56:e0:94:79:35:e4:bd:44:42:98:
3d:e0:08:57:9f:b1:5e:66:99:5c:32:f0:ca:f2:22:
f3:b6:c9:36:34:35:e8:67:5f:07:49:90:ac:d0:d2:
56:b1:6e:7c:e4:81:f4:09:eb:59:e0:11:6b:a8:a1:
2a:ff:7d:dd:b7:80:ab:35:02:ca:0b:8d:b9:06:13:
be:9b:b8:ab:8d:7b:f6:11:e2:f1:06:18:dc:2f:ba:
93:92:32:06:bc:b3:37:ea:37:ab:10:cd:cf:a3:44:
73:9c:d7:5e:e8:6a:09:3f:d0:d2:4c:3b:04:5c:04:
e8:23:12:ca:35:27:30:fb:0b:2f:45:85:1f:d4:68:
5a:35:8f:97:fa:bf:ff:b1:57:b2:dd:58:4b:ac:94:
8a:78:dc:ca:8d:a8:a3:a3:16:d6:cc:38:82:71:74:
26:6c:8e:09:b6:11:dc:cb:5b:4b:3b:2b:fc:aa:cb:
7e:6b:96:51:45:ce:61:d5:54:4e:37:0c:32:35:24:
7b:66:ff:98:1d:fb:ba:d3:11:05:63:b0:e5:c4:61:
12:fd:d9:db:1b:df:3d:8c:7b:6d:24:51:51:b4:2d:
92:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:45:D7:0C:38:DE:0D:98:A4:34:B6:72:13:20:B8:7F:94:D3:03:5D
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/BkXXDDjeDZikNLZyEyC4f5TTA10.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
4b:0d:c9:00:29:82:dd:46:18:34:fb:dc:33:88:bc:1b:cb:25:
f2:51:23:44:00:db:46:53:f7:9e:c3:1c:69:72:f6:88:06:1b:
92:95:7c:3e:b5:50:bb:e6:31:2f:f1:b2:9b:58:67:29:bb:65:
6e:9e:d3:8b:30:ab:8b:ee:0e:62:30:58:20:89:32:51:f8:73:
3f:a2:16:7a:59:9a:0d:d5:ca:71:79:8c:37:e6:c5:77:2b:0e:
c8:67:1c:eb:3c:4e:49:c8:d5:e6:48:54:7b:02:1e:0d:de:57:
a2:ae:09:d9:7f:a9:45:97:28:cd:92:56:5d:94:4c:64:91:dd:
f6:a0:6e:5e:7c:11:a4:c7:4b:f3:ab:14:2f:22:a4:05:34:d9:
f4:de:34:2d:12:48:46:e3:62:45:80:fc:a6:d8:7a:d8:7d:d2:
3a:06:65:6e:ac:65:c3:0c:c2:07:29:84:dc:f0:c9:d3:82:36:
62:94:21:d0:bf:ee:1e:fd:6e:0d:87:89:ca:c5:6e:43:7f:52:
25:6a:d7:bc:39:0f:26:58:88:06:9a:41:1b:92:b9:b3:f0:54:
9f:ca:18:2e:1c:10:40:eb:30:d6:f4:dd:63:18:a5:6e:a6:dd:
fe:1b:04:72:8e:46:22:4c:9b:b5:fb:26:df:bd:5c:6c:41:3a:
50:52:26:23
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICBUIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAxMTcx
MzU0NDJaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDA2NDVENzBDMzhERTBE
OThBNDM0QjY3MjEzMjBCODdGOTREMzAzNUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCyTYy1M6756m/QXuSqziX5afaEKTYVc+CqtC5xoJ2lZ1cUVuCU
eTXkvURCmD3gCFefsV5mmVwy8MryIvO2yTY0NehnXwdJkKzQ0laxbnzkgfQJ61ng
EWuooSr/fd23gKs1AsoLjbkGE76buKuNe/YR4vEGGNwvupOSMga8szfqN6sQzc+j
RHOc117oagk/0NJMOwRcBOgjEso1JzD7Cy9FhR/UaFo1j5f6v/+xV7LdWEuslIp4
3MqNqKOjFtbMOIJxdCZsjgm2EdzLW0s7K/yqy35rllFFzmHVVE43DDI1JHtm/5gd
+7rTEQVjsOXEYRL92dsb3z2Me20kUVG0LZKBAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUBkXXDDjeDZikNLZyEyC4f5TTA10wHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL0JrWFhERGplRFppa05M
WnlFeUM0ZjVUVEExMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAEsNyQApgt1GGDT73DOIvBvL
JfJRI0QA20ZT957DHGly9ogGG5KVfD61ULvmMS/xsptYZym7ZW6e04swq4vuDmIw
WCCJMlH4cz+iFnpZmg3VynF5jDfmxXcrDshnHOs8TknI1eZIVHsCHg3eV6KuCdl/
qUWXKM2SVl2UTGSR3fagbl58EaTHS/OrFC8ipAU02fTeNC0SSEbjYkWA/KbYeth9
0joGZW6sZcMMwgcphNzwydOCNmKUIdC/7h79bg2HicrFbkN/UiVq17w5DyZYiAaa
QRuSubPwVJ/KGC4cEEDrMNb03WMYpW6m3f4bBHKORiJMm7X7Jt+9XGxBOlBSJiM=
-----END CERTIFICATE-----
Generated at Fri Jan 17 17:15:55 2025 by rpki-client on console.sobornost.net