Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/XC9_qxdarK1MebIzTpEsVP-CKcU.roa
File: XC9_qxdarK1MebIzTpEsVP-CKcU.roa (raw, json)
Hash identifier: 9Q2iI+wdGBA/47LR9fSDFCJyON5rSGYtMeevHreDCoE=
Subject key identifier: 5C:2F:7F:AB:17:5A:AC:AD:4C:79:B2:33:4E:91:2C:54:FF:82:29:C5
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 0C9A
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/XC9_qxdarK1MebIzTpEsVP-CKcU.roa
Signing time: Thu 06 Feb 2025 03:55:44 +0000
ROA not before: Thu 06 Feb 2025 03:55:44 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3226 (0xc9a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Feb 6 03:55:44 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=5C2F7FAB175AACAD4C79B2334E912C54FF8229C5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:47:e2:4b:3e:54:30:ba:d5:a1:95:66:23:99:
22:9e:e4:85:00:6d:16:c6:db:7c:29:e5:d9:ae:38:
fc:cb:b7:4c:1f:f5:39:d0:73:de:ec:f4:f5:cc:fa:
b9:05:0c:a0:3e:34:df:6a:e8:8b:e3:37:05:dc:6b:
0b:4b:80:d0:86:cd:88:31:97:f8:23:8c:a8:53:2e:
64:18:97:cd:05:4e:f1:62:2e:c0:b0:da:90:f7:38:
4f:4f:63:e1:c9:22:3b:e9:06:7a:29:8b:e8:d9:7c:
3a:53:0b:da:9b:6c:1e:53:82:35:0a:b3:90:a4:c4:
db:77:ce:88:94:0c:20:8a:96:2a:d7:75:71:97:d1:
92:6a:f5:ef:f2:d0:83:39:e6:f2:67:59:cf:62:57:
be:d3:16:00:4a:ea:35:d9:3b:8b:f5:a4:1c:de:19:
21:35:70:56:f3:f8:1f:b2:b1:3b:f1:d7:cd:dc:22:
34:c9:84:8b:94:c0:69:f2:71:76:13:c1:5b:35:58:
d7:34:85:8d:bb:cf:d0:a0:6c:ae:5f:90:3b:bb:72:
e3:a4:68:ab:9c:27:14:2e:54:f3:f5:7f:2e:bc:1c:
31:c6:6c:be:4b:ea:a0:e2:89:a8:02:32:5b:49:b4:
90:a4:76:d9:23:3d:e5:cb:0a:95:74:ba:9b:fe:cb:
05:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:2F:7F:AB:17:5A:AC:AD:4C:79:B2:33:4E:91:2C:54:FF:82:29:C5
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/XC9_qxdarK1MebIzTpEsVP-CKcU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
99:86:98:09:8e:37:50:78:fe:f0:19:8b:06:6a:0d:50:8c:dd:
6c:24:5b:50:98:24:84:70:eb:1a:62:4d:31:4f:f2:68:a5:c7:
74:32:7c:06:2d:90:7d:54:9d:a2:1c:0b:1e:ab:10:f3:c2:c9:
99:bc:fd:28:5a:4f:d7:7c:12:83:b7:a0:97:d0:df:57:e8:78:
99:4d:79:93:af:5e:e7:a3:b5:0d:c8:7f:73:8f:c3:39:1d:5b:
1c:32:9b:8e:46:49:ad:ec:9f:7e:b4:55:f1:e6:43:a1:57:85:
95:44:09:d5:4e:11:0a:01:46:f8:50:79:7a:8e:e5:67:40:a1:
4e:5a:31:04:52:98:71:1a:d3:cf:91:53:f1:fb:41:8d:66:71:
6a:5e:70:65:c5:75:4d:93:4c:2b:07:e6:53:1b:08:6a:eb:d0:
64:cb:c0:fb:6d:25:a7:5e:8b:6e:24:e3:3d:86:e4:97:36:e6:
d0:c6:de:0a:42:4a:59:64:6c:40:40:5a:3a:e4:20:23:0b:71:
82:f7:c6:52:74:19:73:b6:7d:0a:54:04:18:42:12:15:86:ad:
59:27:b2:44:69:13:ba:54:4a:c1:cd:01:76:87:ee:64:fb:ac:
33:6e:ba:69:e9:ae:76:a2:61:26:5d:61:86:47:30:ad:15:61:
c9:c4:0e:e5
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICDJowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAyMDYw
MzU1NDRaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDVDMkY3RkFCMTc1QUFD
QUQ0Qzc5QjIzMzRFOTEyQzU0RkY4MjI5QzUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDAR+JLPlQwutWhlWYjmSKe5IUAbRbG23wp5dmuOPzLt0wf9TnQ
c97s9PXM+rkFDKA+NN9q6IvjNwXcawtLgNCGzYgxl/gjjKhTLmQYl80FTvFiLsCw
2pD3OE9PY+HJIjvpBnopi+jZfDpTC9qbbB5TgjUKs5CkxNt3zoiUDCCKlirXdXGX
0ZJq9e/y0IM55vJnWc9iV77TFgBK6jXZO4v1pBzeGSE1cFbz+B+ysTvx183cIjTJ
hIuUwGnycXYTwVs1WNc0hY27z9CgbK5fkDu7cuOkaKucJxQuVPP1fy68HDHGbL5L
6qDiiagCMltJtJCkdtkjPeXLCpV0upv+ywWLAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUXC9/qxdarK1MebIzTpEsVP+CKcUwHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL1hDOV9xeGRhcksxTWVi
SXpUcEVzVlAtQ0tjVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAJmGmAmON1B4/vAZiwZqDVCM
3WwkW1CYJIRw6xpiTTFP8milx3QyfAYtkH1UnaIcCx6rEPPCyZm8/ShaT9d8EoO3
oJfQ31foeJlNeZOvXuejtQ3If3OPwzkdWxwym45GSa3sn360VfHmQ6FXhZVECdVO
EQoBRvhQeXqO5WdAoU5aMQRSmHEa08+RU/H7QY1mcWpecGXFdU2TTCsH5lMbCGrr
0GTLwPttJadei24k4z2G5Jc25tDG3gpCSllkbEBAWjrkICMLcYL3xlJ0GXO2fQpU
BBhCEhWGrVknskRpE7pUSsHNAXaH7mT7rDNuumnprnaiYSZdYYZHMK0VYcnEDuU=
-----END CERTIFICATE-----
Generated at Thu Feb 6 09:38:59 2025 by rpki-client on console.sobornost.net