Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/TzP747kSm0KRh1g-J4gmO_lY0nA.roa
File: TzP747kSm0KRh1g-J4gmO_lY0nA.roa (raw, json)
Hash identifier: /cZQuxRqFpJPZ0+zB0zkoX2II+yEw9mA6wmCDKE1hf0=
Subject key identifier: 4F:33:FB:E3:B9:12:9B:42:91:87:58:3E:27:88:26:3B:F9:58:D2:70
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 08D0
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/TzP747kSm0KRh1g-J4gmO_lY0nA.roa
Signing time: Mon 27 Jan 2025 01:25:15 +0000
ROA not before: Mon 27 Jan 2025 01:25:15 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2256 (0x8d0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Jan 27 01:25:15 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=4F33FBE3B9129B429187583E2788263BF958D270
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:74:c1:b3:73:ef:0a:51:16:90:a9:e4:fe:1e:
bd:75:0b:29:ea:c7:4c:07:06:61:88:06:8d:c7:e9:
a8:e8:f1:1e:20:b9:00:ff:62:e8:7c:26:81:6d:71:
84:a7:05:5a:78:ba:90:04:ac:69:4d:1b:9f:19:7c:
44:e2:b9:5e:88:b9:aa:c3:1e:53:21:03:95:73:7b:
fa:7f:42:e3:d2:36:f2:dc:2d:24:be:69:81:3c:f1:
19:b0:6d:2f:08:01:96:77:bd:2c:95:c1:a6:e8:4e:
cc:53:66:38:b1:ad:15:61:52:a8:9c:d1:25:7e:a9:
47:7f:a2:6b:5e:c3:31:b9:e7:97:ab:80:ef:59:4d:
b3:de:8c:2b:b8:db:6d:c5:55:7d:ba:08:55:8b:13:
7c:c3:3a:e1:e0:39:f9:35:b8:76:5f:9d:37:d5:d9:
fc:e1:3e:22:7d:f9:d0:54:8e:25:fe:2d:26:bf:d1:
3d:b6:f8:22:5b:46:e9:c0:b0:df:06:9f:18:0f:8d:
32:f1:55:35:02:ad:66:50:b4:68:e2:3e:a8:d1:ba:
34:7f:08:af:68:9b:5f:b9:d2:e3:eb:04:15:6f:3f:
cb:e9:12:f8:73:a7:9a:ae:c4:5b:f5:7b:d4:c4:80:
7b:1c:01:74:c6:f0:c1:2a:f4:43:b5:c8:dd:39:52:
99:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:33:FB:E3:B9:12:9B:42:91:87:58:3E:27:88:26:3B:F9:58:D2:70
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/TzP747kSm0KRh1g-J4gmO_lY0nA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
7d:81:b8:90:7b:86:49:64:19:35:64:18:c7:c5:bb:3d:b2:2b:
70:46:63:fe:20:1a:56:89:30:e4:46:b2:f6:b1:57:33:ee:31:
89:01:ad:cd:96:03:fa:8d:08:d8:ea:6d:1b:8e:fd:d3:b9:56:
7a:dd:c7:5f:ba:4a:97:9b:1e:79:e9:3b:a3:e2:17:5e:15:f5:
10:58:33:d0:53:4e:c1:45:d2:cb:e5:dc:15:eb:33:7e:a4:a4:
52:1f:9c:7d:09:53:ee:38:e2:b9:a8:ce:d4:19:e1:14:bd:60:
cc:c4:2f:76:a7:38:cf:f5:a4:25:7a:6a:ac:24:03:86:79:58:
fe:e6:42:1a:1a:d4:94:78:d3:e1:e2:57:00:6d:4c:ec:9f:55:
2b:ac:fc:ba:45:7a:56:e1:8c:87:29:75:22:77:52:71:e9:38:
74:f4:f5:aa:43:09:bb:56:f4:70:15:5b:e2:e0:33:a3:bd:82:
3c:38:2c:42:3d:96:85:dd:ce:b9:17:d2:62:1a:c7:3b:67:f7:
0d:43:96:a2:f5:e4:43:87:0d:ae:2e:50:d2:ea:bd:c4:6a:ca:
cb:b2:14:01:5b:6a:5d:12:7b:99:fc:c7:c5:62:3b:a4:35:5a:
7e:09:5a:7b:c2:3d:80:6f:54:95:11:39:01:d6:9d:41:8b:1e:
53:bf:c2:e0
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICCNAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAxMjcw
MTI1MTVaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDRGMzNGQkUzQjkxMjlC
NDI5MTg3NTgzRTI3ODgyNjNCRjk1OEQyNzAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCUdMGzc+8KURaQqeT+Hr11Cynqx0wHBmGIBo3H6ajo8R4guQD/
Yuh8JoFtcYSnBVp4upAErGlNG58ZfETiuV6IuarDHlMhA5Vze/p/QuPSNvLcLSS+
aYE88RmwbS8IAZZ3vSyVwaboTsxTZjixrRVhUqic0SV+qUd/omtewzG555ergO9Z
TbPejCu4223FVX26CFWLE3zDOuHgOfk1uHZfnTfV2fzhPiJ9+dBUjiX+LSa/0T22
+CJbRunAsN8GnxgPjTLxVTUCrWZQtGjiPqjRujR/CK9om1+50uPrBBVvP8vpEvhz
p5quxFv1e9TEgHscAXTG8MEq9EO1yN05UplfAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUTzP747kSm0KRh1g+J4gmO/lY0nAwHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL1R6UDc0N2tTbTBLUmgx
Zy1KNGdtT19sWTBuQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAH2BuJB7hklkGTVkGMfFuz2y
K3BGY/4gGlaJMORGsvaxVzPuMYkBrc2WA/qNCNjqbRuO/dO5Vnrdx1+6SpebHnnp
O6PiF14V9RBYM9BTTsFF0svl3BXrM36kpFIfnH0JU+444rmoztQZ4RS9YMzEL3an
OM/1pCV6aqwkA4Z5WP7mQhoa1JR40+HiVwBtTOyfVSus/LpFelbhjIcpdSJ3UnHp
OHT09apDCbtW9HAVW+LgM6O9gjw4LEI9loXdzrkX0mIaxztn9w1DlqL15EOHDa4u
UNLqvcRqysuyFAFbal0Se5n8x8ViO6Q1Wn4JWnvCPYBvVJUROQHWnUGLHlO/wuA=
-----END CERTIFICATE-----
Generated at Mon Jan 27 05:48:33 2025 by rpki-client on console.sobornost.net