Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/M8v2aeBOVvsXOzQzj5hDamk5dAI.roa
File: M8v2aeBOVvsXOzQzj5hDamk5dAI.roa (raw, json)
Hash identifier: A/POpe11kR33xqJcHowGarZ93zrqpNqotlTQjZ7xOIY=
Subject key identifier: 33:CB:F6:69:E0:4E:56:FB:17:3B:34:33:8F:98:43:6A:69:39:74:02
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 0AE6
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/M8v2aeBOVvsXOzQzj5hDamk5dAI.roa
Signing time: Sat 01 Feb 2025 14:55:33 +0000
ROA not before: Sat 01 Feb 2025 14:55:33 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2790 (0xae6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Feb 1 14:55:33 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=33CBF669E04E56FB173B34338F98436A69397402
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:5d:40:09:06:41:10:0e:6b:d1:c5:9d:22:ba:
c2:c2:80:3b:40:86:c0:a7:7b:d9:2e:97:72:4b:f5:
c9:ed:8c:2d:eb:fc:28:76:fc:f0:db:8a:37:bf:a8:
31:bc:5b:db:a2:9c:4d:a7:0b:6b:c9:ad:79:cc:6a:
23:80:4a:f0:e6:da:12:07:d2:9d:e1:d9:3c:cd:8b:
4f:ac:d1:65:0a:7a:bc:c3:cb:4b:5f:bd:6b:a8:1b:
f6:ab:49:38:e8:2a:d0:4e:a5:c6:e9:01:e2:ee:c2:
8b:0d:b1:ab:cf:f5:cd:0d:b1:1a:6e:3c:61:c6:3a:
a5:e7:b2:b5:a6:8e:0c:56:e4:7d:42:83:e6:9c:36:
6d:db:6a:6c:04:98:a7:5a:a2:f0:4e:30:11:f6:99:
5a:b3:1f:e0:53:c8:33:9b:d5:f9:77:6b:e5:a9:09:
07:a6:8c:1b:0c:8d:93:98:e2:30:e5:ce:89:cc:d9:
d0:80:ad:8d:42:31:b6:0d:12:a8:62:e3:84:31:42:
0d:c7:8b:9b:84:72:93:98:89:cd:57:d4:7a:5e:94:
ab:2e:3b:68:b2:30:7c:74:9f:6d:b1:89:97:9b:8d:
81:56:6c:40:a2:b2:c3:d6:61:9b:a1:40:72:97:ca:
a9:9d:87:5c:48:e5:6f:85:2e:59:50:b0:34:ab:0e:
19:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:CB:F6:69:E0:4E:56:FB:17:3B:34:33:8F:98:43:6A:69:39:74:02
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/M8v2aeBOVvsXOzQzj5hDamk5dAI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
8f:4e:6c:03:da:45:07:37:81:27:d2:3e:e9:e9:89:cc:34:57:
f8:7c:28:27:7d:e8:dc:ab:87:d7:17:95:62:ee:9e:cf:80:0b:
ce:4b:ca:55:6e:ff:e9:91:57:7b:c7:07:05:41:32:db:57:ce:
c7:d7:73:9d:a8:76:d4:96:10:39:2a:21:ff:68:5f:66:11:d6:
49:68:fe:f7:73:bf:3b:e4:49:11:74:70:5e:7f:61:7e:d9:83:
69:26:53:35:28:1c:57:f0:74:5c:4e:59:12:7d:e1:6b:f8:e5:
e9:92:91:c0:e5:83:65:7b:1d:c9:23:0a:61:d7:d5:15:f7:71:
47:6c:be:6d:03:78:b0:c1:a7:79:cf:f8:86:da:f9:d9:1a:b9:
72:f7:e6:3a:ab:8e:2c:49:59:2a:4b:e7:80:0c:9a:82:a9:cd:
f7:47:0d:df:81:58:8d:56:a5:ab:0c:fa:58:d3:2b:f9:d8:94:
3e:18:68:03:5e:cd:6d:23:94:de:a5:13:d3:5d:cc:98:fc:b3:
44:17:19:81:1f:6a:b0:48:92:96:36:05:86:42:a8:dd:45:34:
4a:f4:84:c7:9a:a8:af:e5:1f:9b:40:fb:35:1a:10:6f:4c:bb:
f8:f6:e5:27:18:e3:01:14:96:74:0d:86:01:e1:7f:cb:a1:bf:
5f:0b:09:8b
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICCuYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAyMDEx
NDU1MzNaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDMzQ0JGNjY5RTA0RTU2
RkIxNzNCMzQzMzhGOTg0MzZBNjkzOTc0MDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJXUAJBkEQDmvRxZ0iusLCgDtAhsCne9kul3JL9cntjC3r/Ch2
/PDbije/qDG8W9uinE2nC2vJrXnMaiOASvDm2hIH0p3h2TzNi0+s0WUKerzDy0tf
vWuoG/arSTjoKtBOpcbpAeLuwosNsavP9c0NsRpuPGHGOqXnsrWmjgxW5H1Cg+ac
Nm3bamwEmKdaovBOMBH2mVqzH+BTyDOb1fl3a+WpCQemjBsMjZOY4jDlzonM2dCA
rY1CMbYNEqhi44QxQg3Hi5uEcpOYic1X1HpelKsuO2iyMHx0n22xiZebjYFWbECi
ssPWYZuhQHKXyqmdh1xI5W+FLllQsDSrDhmHAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUM8v2aeBOVvsXOzQzj5hDamk5dAIwHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL004djJhZUJPVnZzWE96
UXpqNWhEYW1rNWRBSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAI9ObAPaRQc3gSfSPunpicw0
V/h8KCd96Nyrh9cXlWLuns+AC85LylVu/+mRV3vHBwVBMttXzsfXc52odtSWEDkq
If9oX2YR1klo/vdzvzvkSRF0cF5/YX7Zg2kmUzUoHFfwdFxOWRJ94Wv45emSkcDl
g2V7HckjCmHX1RX3cUdsvm0DeLDBp3nP+Iba+dkauXL35jqrjixJWSpL54AMmoKp
zfdHDd+BWI1WpasM+ljTK/nYlD4YaANezW0jlN6lE9NdzJj8s0QXGYEfarBIkpY2
BYZCqN1FNEr0hMeaqK/lH5tA+zUaEG9Mu/j25ScY4wEUlnQNhgHhf8uhv18LCYs=
-----END CERTIFICATE-----
Generated at Sat Feb 1 18:41:38 2025 by rpki-client on console.sobornost.net