Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/Unqn5Zn0OTBs2Z9OK-VfHEHkVs0.roa
File: Unqn5Zn0OTBs2Z9OK-VfHEHkVs0.roa (raw, json)
Hash identifier: 030bKHSUMNcM0mGfIrpFRjazK0ZKVCCScboY/8sQqB8=
Subject key identifier: 52:7A:A7:E5:99:F4:39:30:6C:D9:9F:4E:2B:E5:5F:1C:41:E4:56:CD
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 0504
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/Unqn5Zn0OTBs2Z9OK-VfHEHkVs0.roa
Signing time: Thu 16 Jan 2025 22:24:43 +0000
ROA not before: Thu 16 Jan 2025 22:24:43 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1284 (0x504)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Jan 16 22:24:43 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=527AA7E599F439306CD99F4E2BE55F1C41E456CD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:bf:f3:13:36:64:e9:18:b4:99:cc:9f:ac:da:
13:be:00:84:2e:80:8f:33:72:c5:4b:59:63:cf:55:
6b:dc:01:05:1a:82:b5:b6:3a:be:1a:0a:72:b5:64:
4d:47:2a:2d:b5:1c:ec:22:b9:9a:b6:95:e2:97:c3:
4d:22:c2:f7:b5:d7:64:ae:1b:c9:8a:4e:79:ce:e9:
1e:7c:14:36:09:8d:15:c7:33:fd:6d:b7:b0:1b:a6:
b1:2a:56:94:67:31:97:64:d9:cc:a9:ec:a6:d6:42:
82:bd:38:53:6b:00:f9:db:cd:77:f5:79:1a:d4:94:
2a:55:03:6b:48:e3:e7:83:6e:40:4f:6f:a8:e4:46:
a7:e8:2e:4f:e6:de:40:78:f5:7f:b6:60:bd:4b:74:
a7:c9:b8:b2:1c:7f:0a:36:54:48:26:40:69:04:45:
ae:13:bd:cf:09:fb:65:6d:5a:ec:72:0c:e2:1a:ff:
41:ed:2c:05:c9:36:e2:99:31:1c:90:79:d9:5f:67:
47:ce:3b:16:1b:fe:1c:58:84:f7:e2:09:f9:81:9d:
38:a9:64:4e:65:47:06:c4:8f:55:1a:9f:ce:2e:d6:
5a:58:56:82:4d:6e:b8:e9:fa:a1:a5:e7:71:a9:37:
3a:5c:57:aa:3f:e0:05:bc:9e:0d:27:d9:e4:03:e6:
2b:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:7A:A7:E5:99:F4:39:30:6C:D9:9F:4E:2B:E5:5F:1C:41:E4:56:CD
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/Unqn5Zn0OTBs2Z9OK-VfHEHkVs0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
81:3c:27:3c:88:6d:30:00:20:e6:d0:d6:b2:d1:be:68:98:64:
45:5e:0b:93:f9:9b:8f:2d:c4:d9:fd:96:39:b8:da:1b:b6:96:
23:ec:93:d9:1e:c0:7e:bb:71:f1:00:16:4f:f1:4f:84:e1:b5:
7e:2e:57:8a:53:bd:15:a8:cc:b2:e1:c5:5c:ad:3b:72:6f:da:
ff:47:5c:75:0d:51:7c:de:4c:b8:ed:33:7f:9c:13:44:c4:6e:
cb:bc:6d:e4:ea:1a:a5:68:28:00:bf:44:2a:8e:aa:ad:12:52:
b7:ca:26:e5:c2:8c:b3:74:1d:41:b6:2a:d0:73:41:e0:75:05:
07:4a:ab:54:45:d0:4e:da:c4:b9:e5:68:c7:ca:20:ee:3c:33:
4c:ab:b9:c5:e7:d8:df:cc:42:88:ac:97:5e:33:ff:a6:86:6e:
bf:68:11:28:97:62:00:47:c6:1b:c2:38:eb:44:be:92:ca:61:
3c:2d:b3:2a:67:98:75:4f:01:cf:15:18:7e:9f:ef:4b:9e:18:
64:8b:8f:69:87:64:3e:1c:a4:5e:69:26:b7:50:01:ab:30:18:
9a:2f:db:e6:d1:e5:a5:7e:4a:89:01:24:38:0d:76:a3:32:46:
ad:24:77:ad:b7:07:e3:c1:6f:f5:c7:fc:4e:ba:20:c8:26:02:
0d:5b:0a:b3
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICBQQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAxMTYy
MjI0NDNaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDUyN0FBN0U1OTlGNDM5
MzA2Q0Q5OUY0RTJCRTU1RjFDNDFFNDU2Q0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC1v/MTNmTpGLSZzJ+s2hO+AIQugI8zcsVLWWPPVWvcAQUagrW2
Or4aCnK1ZE1HKi21HOwiuZq2leKXw00iwve112SuG8mKTnnO6R58FDYJjRXHM/1t
t7AbprEqVpRnMZdk2cyp7KbWQoK9OFNrAPnbzXf1eRrUlCpVA2tI4+eDbkBPb6jk
RqfoLk/m3kB49X+2YL1LdKfJuLIcfwo2VEgmQGkERa4Tvc8J+2VtWuxyDOIa/0Ht
LAXJNuKZMRyQedlfZ0fOOxYb/hxYhPfiCfmBnTipZE5lRwbEj1Uan84u1lpYVoJN
brjp+qGl53GpNzpcV6o/4AW8ng0n2eQD5isdAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUUnqn5Zn0OTBs2Z9OK+VfHEHkVs0wHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL1VucW41Wm4wT1RCczJa
OU9LLVZmSEVIa1ZzMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAIE8JzyIbTAAIObQ1rLRvmiY
ZEVeC5P5m48txNn9ljm42hu2liPsk9kewH67cfEAFk/xT4ThtX4uV4pTvRWozLLh
xVytO3Jv2v9HXHUNUXzeTLjtM3+cE0TEbsu8beTqGqVoKAC/RCqOqq0SUrfKJuXC
jLN0HUG2KtBzQeB1BQdKq1RF0E7axLnlaMfKIO48M0yrucXn2N/MQoisl14z/6aG
br9oESiXYgBHxhvCOOtEvpLKYTwtsypnmHVPAc8VGH6f70ueGGSLj2mHZD4cpF5p
JrdQAaswGJov2+bR5aV+SokBJDgNdqMyRq0kd623B+PBb/XH/E66IMgmAg1bCrM=
-----END CERTIFICATE-----
Generated at Fri Jan 17 01:53:07 2025 by rpki-client on console.sobornost.net