Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/FPA_I32EEjHq0rl8PbhTjF1QWsc.roa
File: FPA_I32EEjHq0rl8PbhTjF1QWsc.roa (raw, json)
Hash identifier: rpdsRmbx39g0wP5UUR7lKd27VZy3CK4U7AjcKVV7z5A=
Subject key identifier: 14:F0:3F:23:7D:84:12:31:EA:D2:B9:7C:3D:B8:53:8C:5D:50:5A:C7
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 05A4
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/FPA_I32EEjHq0rl8PbhTjF1QWsc.roa
Signing time: Sat 18 Jan 2025 14:24:48 +0000
ROA not before: Sat 18 Jan 2025 14:24:48 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1444 (0x5a4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Jan 18 14:24:48 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=14F03F237D841231EAD2B97C3DB8538C5D505AC7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:61:46:32:4b:e0:a8:5a:0e:5f:7c:5d:86:7d:
93:75:53:b6:a1:9d:ae:fe:d5:1f:48:27:41:86:1b:
74:9c:da:bb:12:f1:e5:4f:f4:71:20:7f:e2:ee:ae:
17:85:4c:be:7c:13:5c:b1:b6:a8:bb:3d:93:95:19:
26:b6:89:e4:77:9e:b4:80:06:18:7a:c1:8a:cb:07:
37:77:49:0c:51:b6:47:0f:38:68:6e:ff:47:77:8c:
be:08:09:e2:90:e6:62:e1:32:f8:72:66:a3:5c:52:
3c:b9:31:e0:1a:18:e2:a7:8d:ba:f4:f2:d9:0a:a4:
ea:06:57:7b:87:3c:05:ee:e3:56:db:10:c3:70:d6:
6c:6d:24:06:79:d3:5d:d3:57:b3:49:b2:67:2c:d8:
6d:e7:c5:cf:55:63:ae:56:8c:de:e9:8b:c8:fc:e9:
db:af:54:9c:66:e7:ef:92:98:90:e6:c3:2d:f2:e5:
94:27:24:13:3b:3a:d1:fb:e3:4f:0d:52:71:c0:f6:
07:9a:b2:50:88:0e:6c:58:0a:95:16:ad:f4:bb:4d:
0e:ea:89:70:78:d2:58:4f:86:8f:d1:f2:99:5f:58:
f9:d5:0b:19:a5:e3:21:73:56:a8:80:0a:23:a6:a7:
e3:cf:e7:e5:e6:c7:ad:5a:92:cb:b3:72:c0:57:b5:
6f:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:F0:3F:23:7D:84:12:31:EA:D2:B9:7C:3D:B8:53:8C:5D:50:5A:C7
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/FPA_I32EEjHq0rl8PbhTjF1QWsc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
6d:79:f4:90:21:54:b3:d0:be:9f:72:b2:fc:26:1a:a5:38:20:
62:d4:bd:f3:60:78:89:b1:62:f2:b4:4a:85:76:96:be:49:ba:
43:88:6e:8b:76:27:64:cb:70:b8:8d:b6:4e:1d:ea:7b:22:56:
9c:0c:5f:0c:e3:89:3e:34:02:7b:97:e1:86:ce:21:96:49:83:
a8:25:27:bc:51:df:06:23:4e:90:cb:0c:85:f4:ed:4a:97:80:
dd:1a:a5:e9:56:94:6e:ab:f0:3a:cb:97:75:59:3b:5d:4b:d9:
6f:62:89:04:f1:bf:40:d8:23:b8:67:32:df:11:45:47:df:92:
fa:fe:42:2d:13:de:f9:98:54:44:b1:c6:44:0a:67:a0:3d:b3:
e2:6f:1a:38:5d:36:01:14:1d:ef:47:40:06:56:c6:2c:a3:41:
fd:38:e0:b3:60:26:fc:bb:b1:72:d2:01:41:50:8f:54:82:c1:
21:24:d3:61:34:a9:c9:00:17:c3:cd:fa:ea:ce:76:ed:85:13:
f6:ec:f5:f9:e6:86:1a:3e:b7:39:cd:ba:58:45:fb:68:21:b1:
77:00:e4:82:22:3c:98:41:f1:3f:cb:58:c0:24:c2:ab:94:cb:
40:aa:fd:66:40:91:5c:0b:95:f2:ad:c0:5e:ed:8e:5f:23:e6:
1a:99:26:af
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICBaQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAxMTgx
NDI0NDhaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDE0RjAzRjIzN0Q4NDEy
MzFFQUQyQjk3QzNEQjg1MzhDNUQ1MDVBQzcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDkYUYyS+CoWg5ffF2GfZN1U7ahna7+1R9IJ0GGG3Sc2rsS8eVP
9HEgf+LurheFTL58E1yxtqi7PZOVGSa2ieR3nrSABhh6wYrLBzd3SQxRtkcPOGhu
/0d3jL4ICeKQ5mLhMvhyZqNcUjy5MeAaGOKnjbr08tkKpOoGV3uHPAXu41bbEMNw
1mxtJAZ5013TV7NJsmcs2G3nxc9VY65WjN7pi8j86duvVJxm5++SmJDmwy3y5ZQn
JBM7OtH7408NUnHA9geaslCIDmxYCpUWrfS7TQ7qiXB40lhPho/R8plfWPnVCxml
4yFzVqiACiOmp+PP5+Xmx61aksuzcsBXtW9PAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUFPA/I32EEjHq0rl8PbhTjF1QWscwHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL0ZQQV9JMzJFRWpIcTBy
bDhQYmhUakYxUVdzYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAG159JAhVLPQvp9ysvwmGqU4
IGLUvfNgeImxYvK0SoV2lr5JukOIbot2J2TLcLiNtk4d6nsiVpwMXwzjiT40AnuX
4YbOIZZJg6glJ7xR3wYjTpDLDIX07UqXgN0apelWlG6r8DrLl3VZO11L2W9iiQTx
v0DYI7hnMt8RRUffkvr+Qi0T3vmYVESxxkQKZ6A9s+JvGjhdNgEUHe9HQAZWxiyj
Qf044LNgJvy7sXLSAUFQj1SCwSEk02E0qckAF8PN+urOdu2FE/bs9fnmhho+tznN
ulhF+2ghsXcA5IIiPJhB8T/LWMAkwquUy0Cq/WZAkVwLlfKtwF7tjl8j5hqZJq8=
Generated at Sat Jan 18 18:11:42 2025 by rpki-client on console.sobornost.net