Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/OQUJ-sbyHwVxoaSakzX4Z9GsQIU.roa
File: OQUJ-sbyHwVxoaSakzX4Z9GsQIU.roa (raw, json)
Hash identifier: //oaFQOgA+K0zLAJQkGPhVjmalRyzpXleUs7MkCy+54=
Subject key identifier: 39:05:09:FA:C6:F2:1F:05:71:A1:A4:9A:93:35:F8:67:D1:AC:40:85
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 06F6
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/OQUJ-sbyHwVxoaSakzX4Z9GsQIU.roa
Signing time: Wed 22 Jan 2025 02:55:40 +0000
ROA not before: Wed 22 Jan 2025 02:55:40 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1782 (0x6f6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Jan 22 02:55:40 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=390509FAC6F21F0571A1A49A9335F867D1AC4085
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:ba:f2:9e:49:d6:e5:9a:0c:11:6d:cb:f8:66:
8e:f9:b1:a7:68:c6:2d:74:c9:f9:40:a3:eb:08:be:
11:f7:07:f7:5a:21:6e:d8:44:f5:4b:6b:0f:57:52:
38:69:ca:71:79:9e:07:e4:c4:1f:42:c8:5a:bc:b8:
c5:f7:0b:6f:53:a9:6d:1f:1d:76:d2:91:f9:8b:44:
9a:8e:4c:3c:07:5b:5a:01:20:48:76:63:c6:9e:87:
1d:02:ea:57:ea:42:d2:e2:6e:13:5b:d0:92:de:00:
c5:1c:32:f5:cb:be:d8:11:38:ad:a8:2c:ee:a1:87:
70:54:25:7f:b2:94:3f:6b:fd:b1:d7:a6:2f:c6:e4:
63:ae:ab:9c:81:16:11:38:a2:0e:e2:15:79:28:02:
ee:ef:6c:5c:5a:28:e6:09:4d:e0:a9:9e:52:9e:22:
54:95:18:2c:50:ca:6e:16:b9:da:99:3e:4b:61:5f:
ae:0c:87:6f:bc:e7:18:b6:fb:b9:73:53:3b:a0:02:
c0:24:39:62:e0:7b:fb:0f:c8:c0:33:7b:68:b2:a2:
a1:0a:74:a5:ad:2b:f1:81:ce:15:fb:0f:5e:ed:c5:
dc:76:77:46:b0:6b:4e:d0:86:51:23:58:5e:9e:d1:
3b:cc:7e:eb:f1:73:49:a6:a1:dd:a9:25:d2:92:5b:
b7:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:05:09:FA:C6:F2:1F:05:71:A1:A4:9A:93:35:F8:67:D1:AC:40:85
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/OQUJ-sbyHwVxoaSakzX4Z9GsQIU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
4f:eb:6c:35:62:f0:e6:bf:df:6b:c3:c4:41:4d:ae:e2:71:4a:
3e:06:9a:f8:96:95:3c:59:18:11:92:9d:b9:35:12:7e:4a:9a:
e6:3e:9d:e5:60:8b:20:31:9c:93:e7:ad:b4:07:f5:e9:c7:e0:
22:40:0f:f5:0e:38:41:8d:71:39:56:f0:29:ae:6d:2b:bb:2b:
d2:99:42:58:ec:b7:0b:be:b7:f1:6d:b3:a3:d0:a8:62:72:93:
02:1b:24:14:76:17:b6:16:03:a8:c3:a2:5d:6a:11:4e:31:6b:
11:cb:93:e2:d7:f3:e8:48:cb:54:87:9e:9a:9d:7f:b4:ee:49:
c9:cf:71:eb:f9:67:94:05:3c:6b:6c:b7:cc:36:6f:4d:9f:4d:
58:fa:8d:19:3b:57:f6:e7:b7:8d:c3:30:0c:10:ea:66:37:16:
27:09:91:53:0d:33:27:7b:b9:20:d0:02:38:18:d6:ef:63:69:
1f:b1:ad:ba:a7:86:38:fd:cd:72:8e:a9:6f:b0:29:4f:d1:db:
6d:60:8b:17:d9:41:9b:48:c4:09:8d:e3:b8:29:9c:81:8d:02:
76:a6:ef:69:64:46:0b:53:80:e0:a8:35:61:4d:a1:79:a0:56:
9b:09:af:ff:c5:de:c1:3d:6d:44:32:ce:92:0f:d6:39:fa:9a:
43:f6:1c:15
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICBvYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAxMjIw
MjU1NDBaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDM5MDUwOUZBQzZGMjFG
MDU3MUExQTQ5QTkzMzVGODY3RDFBQzQwODUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCkuvKeSdblmgwRbcv4Zo75sadoxi10yflAo+sIvhH3B/daIW7Y
RPVLaw9XUjhpynF5ngfkxB9CyFq8uMX3C29TqW0fHXbSkfmLRJqOTDwHW1oBIEh2
Y8aehx0C6lfqQtLibhNb0JLeAMUcMvXLvtgROK2oLO6hh3BUJX+ylD9r/bHXpi/G
5GOuq5yBFhE4og7iFXkoAu7vbFxaKOYJTeCpnlKeIlSVGCxQym4WudqZPkthX64M
h2+85xi2+7lzUzugAsAkOWLge/sPyMAze2iyoqEKdKWtK/GBzhX7D17txdx2d0aw
a07QhlEjWF6e0TvMfuvxc0mmod2pJdKSW7ehAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUOQUJ+sbyHwVxoaSakzX4Z9GsQIUwHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL09RVUotc2J5SHdWeG9h
U2Frelg0WjlHc1FJVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAE/rbDVi8Oa/32vDxEFNruJx
Sj4GmviWlTxZGBGSnbk1En5KmuY+neVgiyAxnJPnrbQH9enH4CJAD/UOOEGNcTlW
8CmubSu7K9KZQljstwu+t/Fts6PQqGJykwIbJBR2F7YWA6jDol1qEU4xaxHLk+LX
8+hIy1SHnpqdf7TuScnPcev5Z5QFPGtst8w2b02fTVj6jRk7V/bnt43DMAwQ6mY3
FicJkVMNMyd7uSDQAjgY1u9jaR+xrbqnhjj9zXKOqW+wKU/R221gixfZQZtIxAmN
47gpnIGNAnam72lkRgtTgOCoNWFNoXmgVpsJr//F3sE9bUQyzpIP1jn6mkP2HBU=
-----END CERTIFICATE-----
Generated at Wed Jan 22 14:45:28 2025 by rpki-client on console.sobornost.net