Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/SKNqJMUYr6nv9R3WuK_DJvkitc0.roa
File: SKNqJMUYr6nv9R3WuK_DJvkitc0.roa (raw, json)
Hash identifier: 834h7gcZ0RfrvF/nrGLLW0GbFCkYC6hWE85TcN5ZRJ0=
Subject key identifier: 48:A3:6A:24:C5:18:AF:A9:EF:F5:1D:D6:B8:AF:C3:26:F9:22:B5:CD
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 056A
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/SKNqJMUYr6nv9R3WuK_DJvkitc0.roa
Signing time: Fri 17 Jan 2025 23:54:47 +0000
ROA not before: Fri 17 Jan 2025 23:54:47 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1386 (0x56a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Jan 17 23:54:47 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=48A36A24C518AFA9EFF51DD6B8AFC326F922B5CD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:3a:99:46:26:c3:c6:c6:f1:68:f4:f3:15:5b:
94:5f:3c:d0:63:44:e0:83:42:0e:91:ac:75:86:31:
88:f3:34:3c:92:33:ac:6c:bf:b1:23:c4:f6:82:da:
57:42:55:e9:cc:a3:7e:95:ce:f0:ed:f9:b0:32:9f:
93:a7:a7:16:43:b2:44:cf:6d:0a:61:69:2c:00:25:
32:18:32:f2:7e:fb:66:58:8f:40:08:3d:1f:ff:2c:
25:3e:12:db:9a:57:63:88:46:d8:05:8e:69:71:46:
81:6b:1e:f0:02:0c:5e:3b:ea:87:ed:b6:32:9d:92:
1c:d0:8f:d1:65:5e:ee:e3:8c:8a:12:b3:7c:bc:d8:
01:89:71:1c:50:52:9c:44:84:1d:f1:b3:97:b4:22:
01:74:f1:08:d2:2a:84:fe:32:dc:87:e0:63:cc:39:
bf:c9:3b:38:ac:e6:20:7c:66:62:22:4b:b7:72:2f:
9e:31:5c:ca:7f:41:6e:61:d6:62:1f:b8:80:aa:e9:
4e:76:54:f0:ba:d9:79:0b:ad:5a:0c:5c:d4:ee:0f:
8d:31:74:cd:de:93:6d:b4:85:11:e2:b1:85:7e:7f:
9b:a7:57:5f:e8:f2:91:5c:e0:51:34:8a:38:11:85:
8f:eb:29:96:f1:ff:7f:5a:8e:9e:b2:fb:ba:b9:1c:
0e:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:A3:6A:24:C5:18:AF:A9:EF:F5:1D:D6:B8:AF:C3:26:F9:22:B5:CD
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/SKNqJMUYr6nv9R3WuK_DJvkitc0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
a1:06:22:58:b4:b4:df:bd:e9:72:1f:a8:fe:ef:e9:9f:c3:f1:
6a:ef:26:05:54:23:dc:59:00:9b:88:a5:6a:ae:10:c0:47:a0:
cd:a2:32:6f:5a:2f:cf:0b:7e:40:0a:36:a6:68:36:f2:fd:ae:
ed:d4:09:4f:a7:b4:31:a8:c3:8e:62:4e:73:60:02:dd:86:9d:
72:1d:ee:6e:e5:ce:31:dd:b8:f1:89:ca:76:0d:2e:3f:29:9d:
be:77:9d:a1:88:61:7d:9c:0d:c7:7b:79:f2:ff:55:6e:ec:ac:
ce:97:ee:4e:65:07:44:0e:65:0f:4c:6e:1d:a5:49:dd:e3:ad:
66:e1:21:98:ed:0c:44:de:57:55:28:18:c9:ac:67:4a:be:37:
c0:bf:d8:4b:9b:12:e6:55:47:96:a8:c6:77:71:14:fa:c1:31:
78:96:17:fb:55:0a:f4:04:9f:3a:5b:32:d9:94:03:0d:88:7c:
1d:03:17:8f:3e:bb:e5:7b:92:45:73:b6:92:37:ef:1a:57:9e:
60:02:b1:8b:33:ed:f8:c7:a4:85:55:50:1d:7a:0b:95:04:5f:
58:29:8d:fe:bf:f8:3c:a7:04:93:d1:f9:49:4f:87:72:6c:72:
76:1b:a8:ab:eb:fd:3c:da:2a:39:63:d7:09:a0:05:df:00:64:
30:ea:c2:a6
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICBWowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAxMTcy
MzU0NDdaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDQ4QTM2QTI0QzUxOEFG
QTlFRkY1MURENkI4QUZDMzI2RjkyMkI1Q0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCOplGJsPGxvFo9PMVW5RfPNBjROCDQg6RrHWGMYjzNDySM6xs
v7EjxPaC2ldCVenMo36VzvDt+bAyn5OnpxZDskTPbQphaSwAJTIYMvJ++2ZYj0AI
PR//LCU+EtuaV2OIRtgFjmlxRoFrHvACDF476ofttjKdkhzQj9FlXu7jjIoSs3y8
2AGJcRxQUpxEhB3xs5e0IgF08QjSKoT+MtyH4GPMOb/JOzis5iB8ZmIiS7dyL54x
XMp/QW5h1mIfuICq6U52VPC62XkLrVoMXNTuD40xdM3ek220hRHisYV+f5unV1/o
8pFc4FE0ijgRhY/rKZbx/39ajp6y+7q5HA77AgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUSKNqJMUYr6nv9R3WuK/DJvkitc0wHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL1NLTnFKTVVZcjZudjlS
M1d1S19ESnZraXRjMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAKEGIli0tN+96XIfqP7v6Z/D
8WrvJgVUI9xZAJuIpWquEMBHoM2iMm9aL88LfkAKNqZoNvL9ru3UCU+ntDGow45i
TnNgAt2GnXId7m7lzjHduPGJynYNLj8pnb53naGIYX2cDcd7efL/VW7srM6X7k5l
B0QOZQ9Mbh2lSd3jrWbhIZjtDETeV1UoGMmsZ0q+N8C/2EubEuZVR5aoxndxFPrB
MXiWF/tVCvQEnzpbMtmUAw2IfB0DF48+u+V7kkVztpI37xpXnmACsYsz7fjHpIVV
UB16C5UEX1gpjf6/+DynBJPR+UlPh3JscnYbqKvr/TzaKjlj1wmgBd8AZDDqwqY=
Generated at Sat Jan 18 03:26:36 2025 by rpki-client on console.sobornost.net