Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/CKi2vfGxz9voWt7c5bhVW2zPCK4.roa
File: CKi2vfGxz9voWt7c5bhVW2zPCK4.roa (raw, json)
Hash identifier: A2LGydPb7YoyD1/YZ6qKBM9rd68wvLq22jWasngHPFI=
Subject key identifier: 08:A8:B6:BD:F1:B1:CF:DB:E8:5A:DE:DC:E5:B8:55:5B:6C:CF:08:AE
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 0B00
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/CKi2vfGxz9voWt7c5bhVW2zPCK4.roa
Signing time: Sat 01 Feb 2025 21:25:32 +0000
ROA not before: Sat 01 Feb 2025 21:25:32 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2816 (0xb00)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Feb 1 21:25:32 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=08A8B6BDF1B1CFDBE85ADEDCE5B8555B6CCF08AE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:35:5f:1f:a6:6f:06:e2:88:dc:bc:29:c5:38:
c5:6a:0a:c2:77:5d:f6:79:a0:4e:a1:9c:35:f2:c8:
67:14:ba:f7:f2:2d:8b:c2:f4:4b:1a:35:45:15:76:
d9:4a:6b:17:64:ea:58:bb:16:2a:64:d1:64:0d:3d:
af:6e:6c:aa:c3:91:fe:97:b8:0f:98:53:13:04:1b:
3a:44:e6:19:d5:1b:6e:00:f9:c5:2b:47:f8:c0:8b:
90:ae:0d:21:48:a4:5d:13:cd:ed:47:f0:da:e1:51:
f0:69:11:99:e3:af:13:53:1c:a3:ad:6d:f4:91:86:
1d:5c:fd:f8:60:63:3e:94:57:f8:ae:59:a6:5e:a7:
fd:f0:9b:25:21:df:20:7d:ba:88:15:16:37:53:33:
17:3e:3d:d2:7f:e2:1a:d2:6b:7d:80:c2:98:92:17:
85:b8:0b:8f:fd:16:68:7d:ac:a7:ff:47:d1:e4:12:
ac:a4:0e:4e:e1:47:18:f3:be:c2:d7:96:17:49:66:
00:dd:fa:c4:f7:9b:b8:c9:df:d4:1e:66:86:66:cf:
4b:79:90:0d:53:a2:85:74:b2:df:d3:aa:19:2e:a1:
09:30:c4:b6:99:69:79:f6:fe:4c:58:28:99:1e:1b:
d1:40:dd:1a:79:89:6e:c5:73:bd:d7:12:ee:fa:e4:
2a:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:A8:B6:BD:F1:B1:CF:DB:E8:5A:DE:DC:E5:B8:55:5B:6C:CF:08:AE
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/CKi2vfGxz9voWt7c5bhVW2zPCK4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
38:30:b2:48:c4:1d:5f:12:ac:2a:44:e5:00:bf:84:26:f9:77:
7e:92:34:6a:d0:4f:1d:3b:8a:ae:a2:de:7f:0a:b3:06:7f:92:
0e:43:71:d2:e1:4c:31:6d:7a:36:4c:2b:94:cc:61:de:e8:c1:
b9:fc:a6:25:c9:20:29:17:d9:cc:97:3c:99:be:0c:a7:8e:8f:
4c:1d:52:90:ea:f0:67:c9:c0:66:94:25:bd:89:8c:55:4b:9d:
f2:e2:92:74:9b:c2:54:18:ba:90:9c:d3:5c:ad:cb:68:57:d8:
c2:b6:63:15:74:ce:56:60:38:30:e1:58:cc:89:29:90:88:c4:
08:d3:73:6b:11:58:aa:08:00:fa:42:1a:a7:9a:68:23:a9:a2:
18:0f:6d:13:ae:d8:ca:7c:0c:4d:cf:b1:bf:f5:7a:e6:31:30:
2f:ac:80:e5:69:47:62:d1:98:d2:f3:c1:06:86:b0:65:4e:c3:
d6:9d:e2:51:3c:bf:f7:05:1c:8c:4d:17:69:01:87:11:bb:a0:
d8:74:04:b6:f8:8f:a0:7e:8d:94:ac:52:ae:c3:ff:57:8e:0c:
06:34:03:c9:93:28:35:44:ce:d7:1f:98:e7:f7:7e:2e:44:f6:
8d:37:a1:6b:c2:10:cd:14:b6:fb:4c:26:26:55:dc:84:45:bf:
10:60:83:59
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICCwAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAyMDEy
MTI1MzJaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDA4QThCNkJERjFCMUNG
REJFODVBREVEQ0U1Qjg1NTVCNkNDRjA4QUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJNV8fpm8G4ojcvCnFOMVqCsJ3XfZ5oE6hnDXyyGcUuvfyLYvC
9EsaNUUVdtlKaxdk6li7Fipk0WQNPa9ubKrDkf6XuA+YUxMEGzpE5hnVG24A+cUr
R/jAi5CuDSFIpF0Tze1H8NrhUfBpEZnjrxNTHKOtbfSRhh1c/fhgYz6UV/iuWaZe
p/3wmyUh3yB9uogVFjdTMxc+PdJ/4hrSa32AwpiSF4W4C4/9Fmh9rKf/R9HkEqyk
Dk7hRxjzvsLXlhdJZgDd+sT3m7jJ39QeZoZmz0t5kA1TooV0st/TqhkuoQkwxLaZ
aXn2/kxYKJkeG9FA3Rp5iW7Fc73XEu765CppAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUCKi2vfGxz9voWt7c5bhVW2zPCK4wHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL0NLaTJ2Zkd4ejl2b1d0
N2M1YmhWVzJ6UENLNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBADgwskjEHV8SrCpE5QC/hCb5
d36SNGrQTx07iq6i3n8KswZ/kg5DcdLhTDFtejZMK5TMYd7owbn8piXJICkX2cyX
PJm+DKeOj0wdUpDq8GfJwGaUJb2JjFVLnfLiknSbwlQYupCc01yty2hX2MK2YxV0
zlZgODDhWMyJKZCIxAjTc2sRWKoIAPpCGqeaaCOpohgPbROu2Mp8DE3Psb/1euYx
MC+sgOVpR2LRmNLzwQaGsGVOw9ad4lE8v/cFHIxNF2kBhxG7oNh0BLb4j6B+jZSs
Uq7D/1eODAY0A8mTKDVEztcfmOf3fi5E9o03oWvCEM0UtvtMJiZV3IRFvxBgg1k=
Generated at Sun Feb 2 01:14:28 2025 by rpki-client on console.sobornost.net