Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/dyi59upa1Zep90LtWULwkMkHIP0.roa
File: dyi59upa1Zep90LtWULwkMkHIP0.roa (raw, json)
Hash identifier: ZM7IjG9gO/g26eq7DnDfauKhS8EjzMoRiSEiFbe6II8=
Subject key identifier: 77:28:B9:F6:EA:5A:D5:97:A9:F7:42:ED:59:42:F0:90:C9:07:20:FD
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 0CD6
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/dyi59upa1Zep90LtWULwkMkHIP0.roa
Signing time: Thu 06 Feb 2025 18:55:46 +0000
ROA not before: Thu 06 Feb 2025 18:55:46 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3286 (0xcd6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Feb 6 18:55:46 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=7728B9F6EA5AD597A9F742ED5942F090C90720FD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:0c:fd:dd:94:7b:ad:e7:72:13:05:2b:71:40:
66:d2:e0:65:e2:f9:1e:f9:d5:61:57:ab:45:6d:5a:
e7:d0:bc:e3:63:9d:bf:0d:6b:c1:46:1f:1e:d6:01:
3e:b9:37:9a:d1:23:44:18:4b:38:56:2c:f9:68:8c:
ef:e7:d6:f4:6c:22:7c:50:af:b5:76:09:2e:7d:a3:
a9:ce:0e:f4:3c:fa:78:f8:a1:d6:3a:2a:d4:9b:68:
e4:61:1b:b3:e8:8e:76:87:80:a6:db:00:87:c7:92:
6d:71:07:e7:2b:ea:c1:30:67:c8:a5:c3:b6:31:f1:
4d:0a:f4:d3:1d:64:eb:a8:ce:4c:78:4e:49:93:fa:
78:98:ad:b7:cd:4b:31:c7:c6:a5:ca:43:b8:cb:4e:
75:6f:1e:7e:d2:7d:9a:5c:d2:ee:b1:ed:98:64:da:
ab:90:29:d5:06:ad:51:1b:ff:f0:a6:32:b2:c3:d4:
2c:a6:af:da:7b:74:8f:c7:95:c8:f7:21:5e:b5:cd:
8d:e5:0b:e1:e1:94:13:fd:08:8f:d9:86:7f:d0:34:
76:92:8b:39:3f:c3:e8:3d:d3:85:44:ac:2e:fd:31:
53:76:24:76:99:f4:4e:10:97:da:d9:e6:bc:9a:72:
cd:60:fb:e0:a8:03:31:27:05:b6:5c:95:af:7f:df:
cc:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:28:B9:F6:EA:5A:D5:97:A9:F7:42:ED:59:42:F0:90:C9:07:20:FD
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/dyi59upa1Zep90LtWULwkMkHIP0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
9d:09:49:67:36:8d:86:2c:aa:c9:9c:17:26:56:6a:ff:98:83:
2d:4e:e0:8a:9f:09:e3:5d:99:30:a0:e2:75:78:7a:26:9e:40:
8d:ad:e0:5f:0b:a9:19:f3:bf:04:94:5d:c1:06:0c:9f:87:2a:
af:cd:7e:f9:c4:7d:4e:74:be:4a:20:2a:d8:c0:28:54:7e:bb:
19:5b:ce:f5:c9:00:6e:a0:23:2d:4c:30:11:b0:88:fe:86:6d:
7b:b9:4d:07:fc:55:e1:e9:44:bb:45:89:f6:1d:30:d0:d0:c6:
73:92:f2:c3:c1:7e:cf:b3:53:10:e6:4c:99:3d:d9:98:9b:20:
7e:6a:aa:b2:1f:24:85:b6:38:ca:3d:41:05:5a:c4:7a:3c:54:
db:1d:0f:71:01:df:f3:bc:49:c0:aa:87:2d:f4:14:96:2a:98:
e2:39:0d:44:41:29:a7:b7:0f:9f:1f:3d:7e:a6:9c:e1:d5:b8:
41:53:dd:68:ec:52:98:1c:16:b1:12:83:08:23:eb:de:bc:09:
24:00:8f:11:9c:9d:6e:8c:bd:d0:ca:93:74:25:2a:74:d3:eb:
9d:b7:57:43:b6:46:a7:17:d8:18:7b:d6:73:66:4b:d1:26:bb:
15:a1:18:e5:af:1a:92:b9:94:1e:1a:5f:a2:9d:00:1d:83:cc:
01:e6:ff:fd
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICDNYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAyMDYx
ODU1NDZaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDc3MjhCOUY2RUE1QUQ1
OTdBOUY3NDJFRDU5NDJGMDkwQzkwNzIwRkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDGDP3dlHut53ITBStxQGbS4GXi+R751WFXq0VtWufQvONjnb8N
a8FGHx7WAT65N5rRI0QYSzhWLPlojO/n1vRsInxQr7V2CS59o6nODvQ8+nj4odY6
KtSbaORhG7PojnaHgKbbAIfHkm1xB+cr6sEwZ8ilw7Yx8U0K9NMdZOuozkx4TkmT
+niYrbfNSzHHxqXKQ7jLTnVvHn7SfZpc0u6x7Zhk2quQKdUGrVEb//CmMrLD1Cym
r9p7dI/Hlcj3IV61zY3lC+HhlBP9CI/Zhn/QNHaSizk/w+g904VErC79MVN2JHaZ
9E4Ql9rZ5ryacs1g++CoAzEnBbZcla9/38wjAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUdyi59upa1Zep90LtWULwkMkHIP0wHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL2R5aTU5dXBhMVplcDkw
THRXVUx3a01rSElQMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAJ0JSWc2jYYsqsmcFyZWav+Y
gy1O4IqfCeNdmTCg4nV4eiaeQI2t4F8LqRnzvwSUXcEGDJ+HKq/NfvnEfU50vkog
KtjAKFR+uxlbzvXJAG6gIy1MMBGwiP6GbXu5TQf8VeHpRLtFifYdMNDQxnOS8sPB
fs+zUxDmTJk92ZibIH5qqrIfJIW2OMo9QQVaxHo8VNsdD3EB3/O8ScCqhy30FJYq
mOI5DURBKae3D58fPX6mnOHVuEFT3WjsUpgcFrESgwgj6968CSQAjxGcnW6MvdDK
k3QlKnTT6523V0O2RqcX2Bh71nNmS9EmuxWhGOWvGpK5lB4aX6KdAB2DzAHm//0=
Generated at Thu Feb 6 22:45:04 2025 by rpki-client on console.sobornost.net