Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/OjfFo5129OYDNbQE2pm5iVSj4U4.roa
File: OjfFo5129OYDNbQE2pm5iVSj4U4.roa (raw, json)
Hash identifier: uKHJT1+XCvbrWQoeMZmJm6s2lBxhKpq9pCTpcC2Iyjk=
Subject key identifier: 3A:37:C5:A3:9D:76:F4:E6:03:35:B4:04:DA:99:B9:89:54:A3:E1:4E
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 08B6
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/OjfFo5129OYDNbQE2pm5iVSj4U4.roa
Signing time: Sun 26 Jan 2025 18:55:33 +0000
ROA not before: Sun 26 Jan 2025 18:55:33 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2230 (0x8b6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Jan 26 18:55:33 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=3A37C5A39D76F4E60335B404DA99B98954A3E14E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:a0:4f:ba:a4:b7:4d:78:36:c2:ec:21:6b:e2:
b2:d4:7e:88:ec:a6:00:06:aa:73:d9:a7:88:52:57:
a8:21:c9:e4:90:35:fe:d8:de:20:df:a9:d8:70:26:
af:b6:c5:8b:5e:fe:0a:a2:2e:32:e9:01:46:e5:a6:
3e:3e:89:36:65:76:64:ce:53:dd:ab:5e:7a:4b:07:
73:43:a5:a3:71:37:3e:a6:b9:62:d9:b9:2c:17:a1:
fc:ae:dc:3e:d4:aa:1b:f9:3c:a0:4a:6a:55:1d:3e:
bb:a1:ac:9e:3f:8c:bd:ed:79:bc:ec:ae:15:66:46:
b3:19:d8:bd:a4:a1:27:95:b9:44:9e:f1:c0:0f:21:
a0:b1:6b:a5:c0:e9:03:b0:f8:9d:c4:44:a5:a0:9f:
ef:cc:3d:53:6a:cf:17:2a:9e:02:1a:ac:ff:71:99:
70:5f:89:2d:50:a8:c6:ee:c4:d7:1a:ab:9d:93:d0:
70:54:36:fb:d5:72:00:1f:60:fb:4b:5f:b9:d3:7a:
81:77:ce:fd:a3:34:16:dd:87:e5:a0:2b:31:22:66:
3e:4d:ec:6b:10:bb:0d:ce:72:d9:e2:57:88:aa:7b:
8c:2d:af:2e:2c:e1:52:f6:7b:fd:0e:e3:37:49:9e:
c1:91:03:75:08:c3:dc:a6:bc:ab:29:08:95:eb:e7:
7b:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:37:C5:A3:9D:76:F4:E6:03:35:B4:04:DA:99:B9:89:54:A3:E1:4E
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/OjfFo5129OYDNbQE2pm5iVSj4U4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
a9:c2:e6:52:3c:ec:75:6b:8c:78:c2:21:de:6b:5c:88:6e:6f:
a4:cc:a4:ab:e0:48:80:fc:d4:15:08:d4:7c:85:66:b9:e3:03:
62:7f:80:bd:64:69:f6:10:13:78:3f:db:af:b8:2c:f7:05:40:
5a:4a:10:e4:fb:0d:ac:b3:47:db:56:d3:65:5b:aa:60:e1:04:
6d:7d:d0:27:e0:d4:8d:9a:c0:52:bd:61:0b:0e:32:6e:b1:07:
81:04:d6:34:02:5c:54:63:ed:bb:91:d7:49:f7:48:55:b2:de:
b0:a5:c2:b6:3c:73:02:58:e6:b1:1a:7a:4c:b2:2f:c9:2e:b3:
ec:44:9c:f0:5a:f2:9a:0f:90:92:91:04:0f:4f:f9:5a:f1:1a:
80:63:2c:1f:ca:0b:73:b5:69:85:d0:3a:86:5c:a2:3f:af:97:
e6:85:34:fc:34:6b:b1:67:ef:2d:f1:73:f5:c6:82:ae:e4:af:
5f:76:1a:c1:ff:65:39:5d:cb:35:44:e5:30:4f:47:09:b1:e2:
66:7a:42:3d:89:5d:70:76:f7:93:91:45:08:ab:1b:20:dd:89:
17:76:22:6c:f3:a2:ca:75:61:c4:5f:e6:4a:64:6d:55:c6:60:
0e:d4:8f:8a:aa:35:6f:1f:2a:67:44:47:71:d0:51:b5:8a:36:
3b:e9:4c:d0
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICCLYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAxMjYx
ODU1MzNaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDNBMzdDNUEzOUQ3NkY0
RTYwMzM1QjQwNERBOTlCOTg5NTRBM0UxNEUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCzoE+6pLdNeDbC7CFr4rLUfojspgAGqnPZp4hSV6ghyeSQNf7Y
3iDfqdhwJq+2xYte/gqiLjLpAUblpj4+iTZldmTOU92rXnpLB3NDpaNxNz6muWLZ
uSwXofyu3D7Uqhv5PKBKalUdPruhrJ4/jL3tebzsrhVmRrMZ2L2koSeVuUSe8cAP
IaCxa6XA6QOw+J3ERKWgn+/MPVNqzxcqngIarP9xmXBfiS1QqMbuxNcaq52T0HBU
NvvVcgAfYPtLX7nTeoF3zv2jNBbdh+WgKzEiZj5N7GsQuw3OctniV4iqe4wtry4s
4VL2e/0O4zdJnsGRA3UIw9ymvKspCJXr53ulAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUOjfFo5129OYDNbQE2pm5iVSj4U4wHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL09qZkZvNTEyOU9ZRE5i
UUUycG01aVZTajRVNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAKnC5lI87HVrjHjCId5rXIhu
b6TMpKvgSID81BUI1HyFZrnjA2J/gL1kafYQE3g/26+4LPcFQFpKEOT7DayzR9tW
02VbqmDhBG190Cfg1I2awFK9YQsOMm6xB4EE1jQCXFRj7buR10n3SFWy3rClwrY8
cwJY5rEaekyyL8kus+xEnPBa8poPkJKRBA9P+VrxGoBjLB/KC3O1aYXQOoZcoj+v
l+aFNPw0a7Fn7y3xc/XGgq7kr192GsH/ZTldyzVE5TBPRwmx4mZ6Qj2JXXB295OR
RQirGyDdiRd2Imzzosp1YcRf5kpkbVXGYA7Uj4qqNW8fKmdER3HQUbWKNjvpTNA=
Generated at Sun Jan 26 22:54:27 2025 by rpki-client on console.sobornost.net