Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/HZfsD7oOsqLR3sU5oVjynvRh2KE.roa
File: HZfsD7oOsqLR3sU5oVjynvRh2KE.roa (raw, json)
Hash identifier: C0iZXiFVqtSFO+4Cs71ztOAe0/fQvWdoVitY8KWLQJw=
Subject key identifier: 1D:97:EC:0F:BA:0E:B2:A2:D1:DE:C5:39:A1:58:F2:9E:F4:61:D8:A1
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 0A22
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/HZfsD7oOsqLR3sU5oVjynvRh2KE.roa
Signing time: Thu 30 Jan 2025 13:55:28 +0000
ROA not before: Thu 30 Jan 2025 13:55:28 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2594 (0xa22)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Jan 30 13:55:28 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=1D97EC0FBA0EB2A2D1DEC539A158F29EF461D8A1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:9d:c1:a1:d7:cc:fc:83:ab:f2:ff:cc:55:8c:
41:53:fc:60:4d:e5:1a:de:1e:b1:2c:a4:d4:55:01:
56:17:d8:a0:63:80:a8:04:72:35:79:95:8e:36:44:
45:8d:7f:c0:59:c5:a2:52:e8:8d:95:1a:14:a0:13:
c4:26:a6:78:dd:b0:ff:41:98:47:71:8c:8e:e9:ab:
97:8f:86:a5:87:b1:ef:32:b6:69:5d:25:ec:e1:f2:
90:15:74:44:58:c7:42:9b:e3:88:7a:0a:ef:43:36:
98:a1:cd:3a:f8:2a:06:54:8b:1f:b6:49:9d:ee:7e:
1a:db:c4:a2:eb:f8:62:1d:f4:43:1c:ba:90:23:ff:
8f:e8:3d:7b:cf:9d:4c:0a:dd:c0:74:a3:21:d5:c1:
0a:bc:82:06:65:49:26:e5:2a:e9:65:44:87:e7:66:
21:4b:10:e6:f8:21:2a:30:5c:44:a7:fa:7d:b2:e3:
7c:0a:49:f2:55:ea:c7:94:f1:1e:d2:d8:50:de:cc:
f7:d9:0d:6f:35:a1:33:75:5f:13:31:45:8c:f9:4e:
d9:69:ed:03:2b:7e:4e:fd:2d:3e:61:2b:66:5d:80:
c5:c3:2e:eb:50:48:7d:23:3c:4d:5a:0c:c0:2e:e9:
d4:56:41:d5:4f:73:6a:fc:fe:f1:3e:1e:5e:e5:84:
0d:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:97:EC:0F:BA:0E:B2:A2:D1:DE:C5:39:A1:58:F2:9E:F4:61:D8:A1
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/HZfsD7oOsqLR3sU5oVjynvRh2KE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
86:10:4f:ce:db:2e:8a:86:04:c1:3f:42:bf:56:ed:ab:ad:69:
41:88:d6:c1:0d:38:0f:b5:b2:6d:31:8d:3b:2c:25:c2:b6:d3:
7d:10:a6:ed:b0:23:ed:24:a9:b3:bb:df:79:68:bf:a0:64:f0:
ac:e8:ab:2f:90:09:30:a1:ad:20:76:67:61:49:ee:b8:0c:85:
ea:db:66:fe:2d:3f:06:11:96:13:aa:17:25:a9:51:5c:ce:44:
c0:b8:3c:9f:bc:e7:b3:0f:02:f9:82:a5:f8:39:f0:71:c8:8f:
c3:e3:76:e0:71:fb:d4:18:e7:e2:0f:bf:d9:bc:49:93:46:2a:
7c:1e:9b:fd:96:5e:c0:f8:06:e5:4b:72:fc:c3:47:23:45:2f:
ac:98:40:87:1a:bf:6f:d2:64:e3:d9:b9:de:ff:45:bf:52:80:
5f:6f:1c:e5:f0:05:d9:06:21:3f:c1:27:9b:7c:97:f4:6b:71:
ff:d1:dd:06:3a:1f:2d:91:e5:57:97:1f:64:ae:cd:49:61:1f:
81:67:65:9d:ea:93:4c:5f:53:40:73:03:39:24:0f:cb:d4:78:
24:82:6b:ce:d5:48:f9:90:de:e2:04:27:fc:2a:35:0b:85:c9:
f5:49:6c:2a:60:bd:8a:2e:55:7f:5a:a3:3a:2b:9f:12:f4:99:
2e:d7:cd:fd
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICCiIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAxMzAx
MzU1MjhaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDFEOTdFQzBGQkEwRUIy
QTJEMURFQzUzOUExNThGMjlFRjQ2MUQ4QTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDUncGh18z8g6vy/8xVjEFT/GBN5RreHrEspNRVAVYX2KBjgKgE
cjV5lY42REWNf8BZxaJS6I2VGhSgE8QmpnjdsP9BmEdxjI7pq5ePhqWHse8ytmld
Jezh8pAVdERYx0Kb44h6Cu9DNpihzTr4KgZUix+2SZ3ufhrbxKLr+GId9EMcupAj
/4/oPXvPnUwK3cB0oyHVwQq8ggZlSSblKullRIfnZiFLEOb4ISowXESn+n2y43wK
SfJV6seU8R7S2FDezPfZDW81oTN1XxMxRYz5Ttlp7QMrfk79LT5hK2ZdgMXDLutQ
SH0jPE1aDMAu6dRWQdVPc2r8/vE+Hl7lhA3rAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUHZfsD7oOsqLR3sU5oVjynvRh2KEwHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL0haZnNEN29Pc3FMUjNz
VTVvVmp5bnZSaDJLRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAIYQT87bLoqGBME/Qr9W7aut
aUGI1sENOA+1sm0xjTssJcK2030Qpu2wI+0kqbO733lov6Bk8Kzoqy+QCTChrSB2
Z2FJ7rgMherbZv4tPwYRlhOqFyWpUVzORMC4PJ+857MPAvmCpfg58HHIj8PjduBx
+9QY5+IPv9m8SZNGKnwem/2WXsD4BuVLcvzDRyNFL6yYQIcav2/SZOPZud7/Rb9S
gF9vHOXwBdkGIT/BJ5t8l/Rrcf/R3QY6Hy2R5VeXH2SuzUlhH4FnZZ3qk0xfU0Bz
AzkkD8vUeCSCa87VSPmQ3uIEJ/wqNQuFyfVJbCpgvYouVX9aozornxL0mS7Xzf0=
Generated at Thu Jan 30 17:30:53 2025 by rpki-client on console.sobornost.net