Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/Iuydkq8xLf7yMoJEXwzoS1fpZOU.roa
File: Iuydkq8xLf7yMoJEXwzoS1fpZOU.roa (raw, json)
Hash identifier: iOpTXYkS3X5HAMyGTaiHvRpfxC2xeRoFOEPFLmdSR4A=
Subject key identifier: 22:EC:9D:92:AF:31:2D:FE:F2:32:82:44:5F:0C:E8:4B:57:E9:64:E5
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 0B1A
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/Iuydkq8xLf7yMoJEXwzoS1fpZOU.roa
Signing time: Sun 02 Feb 2025 03:55:34 +0000
ROA not before: Sun 02 Feb 2025 03:55:34 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2842 (0xb1a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Feb 2 03:55:34 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=22EC9D92AF312DFEF23282445F0CE84B57E964E5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:9e:e6:02:b0:2b:ed:72:70:67:4b:b7:21:4a:
ea:a4:27:f7:7e:b7:3e:3d:53:da:bb:01:75:11:33:
af:51:fb:fa:fd:7d:0a:36:34:63:84:85:56:fa:45:
10:19:78:18:56:15:1c:39:09:46:06:e0:25:cc:d6:
f3:64:dd:e7:ae:1a:1f:99:d3:d4:2c:61:f0:92:17:
ee:89:d9:b3:ae:11:bd:51:62:eb:f1:a1:65:50:02:
ad:a4:2e:ab:cd:b7:db:cb:fd:eb:d1:b6:cb:64:89:
9d:59:67:0b:d3:a0:76:30:c9:32:05:9a:9e:87:7b:
f1:0c:1b:3e:1c:14:77:70:b6:0b:3a:c4:a6:fd:34:
dd:01:5a:f5:1e:73:35:9e:27:3d:a5:17:a0:9c:79:
48:e2:06:b4:5e:2e:87:bc:0d:68:44:29:82:19:5d:
33:82:f8:c4:46:78:f3:b9:22:8a:01:5c:51:b7:29:
94:82:01:ce:f4:c9:ae:de:0b:6f:00:8f:21:a5:04:
a6:bc:75:02:87:1d:f6:43:6e:90:39:4d:19:5c:70:
c8:77:49:ac:6f:c7:ca:46:83:cd:49:b8:a8:5c:bd:
6c:7f:5a:dc:38:d0:93:44:e8:87:e8:0d:ee:fc:91:
31:9a:01:89:b0:57:8b:cb:41:a9:2a:96:3e:3e:fb:
6e:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:EC:9D:92:AF:31:2D:FE:F2:32:82:44:5F:0C:E8:4B:57:E9:64:E5
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/Iuydkq8xLf7yMoJEXwzoS1fpZOU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
19:41:af:aa:f7:5e:b9:8c:12:c7:cc:99:d1:fc:f3:3f:6f:ba:
34:ec:03:96:85:96:54:07:a0:1f:96:17:78:3b:e4:2d:36:9d:
3d:f3:ca:3a:b2:88:51:fa:36:35:e9:00:b8:2c:40:76:11:25:
18:54:be:7e:36:42:f0:65:d5:b5:9d:5d:8a:28:dd:b5:96:d2:
9a:93:32:5a:eb:39:b0:76:25:3a:d9:65:be:01:a0:d8:db:95:
ec:9c:80:9e:d5:af:17:82:ce:e5:8a:53:f8:75:72:2b:80:b4:
42:b9:fe:6e:ea:31:ae:a7:6d:08:c7:d6:4e:5c:eb:5a:48:39:
7b:e7:a6:8a:60:27:7d:94:0b:a1:9d:74:46:5e:8d:c7:0b:d2:
27:db:3c:fa:8d:68:9b:01:79:42:8a:bd:ee:fa:a1:f7:ad:f1:
ad:fb:71:cd:cc:b6:af:a6:02:cb:86:d3:5a:89:d8:44:d1:a2:
98:f0:b2:5b:3a:97:05:b1:e5:ba:bb:7f:48:42:b9:9b:f3:7f:
87:4b:5e:aa:56:92:90:0b:c5:7d:1b:2c:63:37:40:1a:47:cb:
81:3a:97:b0:29:55:5f:d1:a6:e0:56:f4:23:27:7f:89:21:e8:
27:68:2f:ed:3d:81:53:26:29:db:f9:55:52:59:22:0b:73:46:
b3:8b:15:3d
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICCxowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAyMDIw
MzU1MzRaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDIyRUM5RDkyQUYzMTJE
RkVGMjMyODI0NDVGMENFODRCNTdFOTY0RTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDInuYCsCvtcnBnS7chSuqkJ/d+tz49U9q7AXURM69R+/r9fQo2
NGOEhVb6RRAZeBhWFRw5CUYG4CXM1vNk3eeuGh+Z09QsYfCSF+6J2bOuEb1RYuvx
oWVQAq2kLqvNt9vL/evRtstkiZ1ZZwvToHYwyTIFmp6He/EMGz4cFHdwtgs6xKb9
NN0BWvUeczWeJz2lF6CceUjiBrReLoe8DWhEKYIZXTOC+MRGePO5IooBXFG3KZSC
Ac70ya7eC28AjyGlBKa8dQKHHfZDbpA5TRlccMh3Saxvx8pGg81JuKhcvWx/Wtw4
0JNE6IfoDe78kTGaAYmwV4vLQakqlj4++24bAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUIuydkq8xLf7yMoJEXwzoS1fpZOUwHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL0l1eWRrcTh4TGY3eU1v
SkVYd3pvUzFmcFpPVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBABlBr6r3XrmMEsfMmdH88z9v
ujTsA5aFllQHoB+WF3g75C02nT3zyjqyiFH6NjXpALgsQHYRJRhUvn42QvBl1bWd
XYoo3bWW0pqTMlrrObB2JTrZZb4BoNjbleycgJ7VrxeCzuWKU/h1ciuAtEK5/m7q
Ma6nbQjH1k5c61pIOXvnpopgJ32UC6GddEZejccL0ifbPPqNaJsBeUKKve76ofet
8a37cc3Mtq+mAsuG01qJ2ETRopjwsls6lwWx5bq7f0hCuZvzf4dLXqpWkpALxX0b
LGM3QBpHy4E6l7ApVV/RpuBW9CMnf4kh6CdoL+09gVMmKdv5VVJZIgtzRrOLFT0=
Generated at Sun Feb 2 11:57:12 2025 by rpki-client on console.sobornost.net