Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/_QNQ2Fsy9TsT-PLvPV2qgdh4am0.roa
File: _QNQ2Fsy9TsT-PLvPV2qgdh4am0.roa (raw, json)
Hash identifier: xukSbcVTMrOLPlz4jvFLO+R7pZUd6f50yWt0usfwR+o=
Subject key identifier: FD:03:50:D8:5B:32:F5:3B:13:F8:F2:EF:3D:5D:AA:81:D8:78:6A:6D
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 0BAA
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/_QNQ2Fsy9TsT-PLvPV2qgdh4am0.roa
Signing time: Mon 03 Feb 2025 15:55:36 +0000
ROA not before: Mon 03 Feb 2025 15:55:36 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2986 (0xbaa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Feb 3 15:55:36 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=FD0350D85B32F53B13F8F2EF3D5DAA81D8786A6D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:51:9d:65:dc:c9:92:8e:85:dc:ac:ae:f1:e2:
2f:7c:93:e0:88:5f:27:c1:d9:dc:8e:69:07:c5:51:
44:4c:c6:17:94:37:67:fc:aa:03:17:4b:0d:53:35:
f0:18:5a:2b:d7:f0:d1:46:47:91:0e:98:d1:c1:0b:
de:35:84:84:2d:2e:eb:22:09:28:f1:ff:7c:c6:ae:
19:0e:e9:74:1f:b5:30:7c:ff:c2:32:b9:62:6b:89:
38:9c:bf:e1:da:9a:78:3b:00:f9:01:30:9a:ce:e0:
8c:13:1e:8d:38:fa:79:2d:b7:23:8d:dd:b1:02:9a:
20:d9:5f:e7:f4:ee:0c:e1:4a:82:4a:da:fd:10:1c:
de:05:04:59:e0:71:f5:92:7a:b1:56:e9:92:a5:51:
ee:c9:50:76:e0:a8:d6:f4:c7:2d:11:e9:ac:63:3e:
9c:ee:b0:38:3d:51:4e:0f:a8:32:18:42:49:33:d4:
f0:ca:76:fe:35:19:c5:e1:5b:f0:f0:0e:33:af:66:
36:cf:e9:12:04:ce:db:a6:24:c2:80:98:c2:ee:c4:
08:76:0f:83:87:be:65:0d:d6:bf:2f:9c:fb:2d:ce:
35:de:7c:f2:83:3a:89:19:ce:8c:1f:09:0a:af:47:
70:1f:01:20:9f:db:3b:34:14:a4:44:9b:d3:47:c2:
3c:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:03:50:D8:5B:32:F5:3B:13:F8:F2:EF:3D:5D:AA:81:D8:78:6A:6D
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/_QNQ2Fsy9TsT-PLvPV2qgdh4am0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
80:29:49:14:4f:9b:49:fc:f1:af:61:67:4a:90:2c:18:51:2e:
79:61:51:de:d1:93:26:90:d6:b8:43:3c:9a:48:b6:b0:fc:b7:
8f:d2:da:ed:6a:83:cc:c8:05:74:a0:29:63:6c:d9:19:66:58:
8c:c4:58:05:a3:10:16:18:30:c4:e8:b4:a8:78:39:25:4e:87:
2c:47:e8:68:2a:1d:23:38:28:b5:a6:56:5b:19:5c:c1:6b:6b:
c0:fa:59:49:31:dc:aa:b0:f4:ee:fe:d9:50:64:6a:81:5f:f6:
a0:ab:0d:0d:ee:9c:da:de:ba:14:ea:a3:ef:6b:a3:b9:66:1c:
cc:27:1a:5a:1a:14:0c:03:51:21:2c:09:f9:da:84:24:b4:c1:
29:4a:11:a5:96:01:b9:84:bc:63:77:74:43:d0:aa:2a:ff:7e:
8a:d0:a9:08:67:db:74:74:9b:c2:27:30:e6:bc:24:bd:40:91:
2a:49:d5:1b:15:04:24:c1:cb:a5:e3:b6:e5:49:f8:ca:c6:c4:
a3:fc:d8:07:9d:c6:07:a3:0b:8c:e4:a4:b4:67:00:b7:59:08:
ed:06:7f:a3:8c:3e:25:ec:b2:65:f1:8b:8a:93:e6:1a:cc:5b:
e7:fc:37:b9:62:5b:6b:1e:ab:48:81:64:27:ec:66:67:25:49:
7a:ee:a2:93
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICC6owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAyMDMx
NTU1MzZaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKEZEMDM1MEQ4NUIzMkY1
M0IxM0Y4RjJFRjNENURBQTgxRDg3ODZBNkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJUZ1l3MmSjoXcrK7x4i98k+CIXyfB2dyOaQfFUURMxheUN2f8
qgMXSw1TNfAYWivX8NFGR5EOmNHBC941hIQtLusiCSjx/3zGrhkO6XQftTB8/8Iy
uWJriTicv+Hamng7APkBMJrO4IwTHo04+nkttyON3bECmiDZX+f07gzhSoJK2v0Q
HN4FBFngcfWSerFW6ZKlUe7JUHbgqNb0xy0R6axjPpzusDg9UU4PqDIYQkkz1PDK
dv41GcXhW/DwDjOvZjbP6RIEztumJMKAmMLuxAh2D4OHvmUN1r8vnPstzjXefPKD
OokZzowfCQqvR3AfASCf2zs0FKREm9NHwjzDAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQU/QNQ2Fsy9TsT+PLvPV2qgdh4am0wHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL19RTlEyRnN5OVRzVC1Q
THZQVjJxZ2RoNGFtMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAIApSRRPm0n88a9hZ0qQLBhR
LnlhUd7RkyaQ1rhDPJpItrD8t4/S2u1qg8zIBXSgKWNs2RlmWIzEWAWjEBYYMMTo
tKh4OSVOhyxH6GgqHSM4KLWmVlsZXMFra8D6WUkx3Kqw9O7+2VBkaoFf9qCrDQ3u
nNreuhTqo+9ro7lmHMwnGloaFAwDUSEsCfnahCS0wSlKEaWWAbmEvGN3dEPQqir/
forQqQhn23R0m8InMOa8JL1AkSpJ1RsVBCTBy6XjtuVJ+MrGxKP82AedxgejC4zk
pLRnALdZCO0Gf6OMPiXssmXxi4qT5hrMW+f8N7liW2seq0iBZCfsZmclSXruopM=
-----END CERTIFICATE-----
Generated at Mon Feb 3 20:00:55 2025 by rpki-client on console.sobornost.net