Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/fkC8Dxmrgq1OQ1OyTzQlo4jNfEU.roa
File: fkC8Dxmrgq1OQ1OyTzQlo4jNfEU.roa (raw, json)
Hash identifier: nAm5FIlOQ8l0n5hU4xgxOP7jx/A1vSfHi1pVI0zqjJg=
Subject key identifier: 7E:40:BC:0F:19:AB:82:AD:4E:43:53:B2:4F:34:25:A3:88:CD:7C:45
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 09FE
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/fkC8Dxmrgq1OQ1OyTzQlo4jNfEU.roa
Signing time: Thu 30 Jan 2025 04:57:34 +0000
ROA not before: Thu 30 Jan 2025 04:57:34 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2558 (0x9fe)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Jan 30 04:57:34 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=7E40BC0F19AB82AD4E4353B24F3425A388CD7C45
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:e0:56:3d:2b:42:94:86:ed:2e:b0:c6:39:37:
65:b2:e3:07:6d:09:f9:99:00:91:a7:de:4e:07:ab:
de:6d:68:ce:1b:5b:5b:68:b4:60:b5:0a:79:72:49:
ea:a6:5e:4b:51:d5:87:2a:eb:21:49:57:fc:a1:c8:
6b:fa:22:8e:4e:0a:84:f2:b6:2e:ac:51:21:d7:a6:
91:5a:8e:fc:61:67:c6:55:64:10:6b:09:11:c3:3f:
e7:8b:34:dc:11:ac:c8:32:ea:b9:5b:14:0c:ae:46:
3a:f0:2b:ce:8d:12:65:f1:97:61:3d:b4:be:8c:a9:
7e:92:51:b1:b2:dc:11:2a:5b:e3:79:dc:26:14:4c:
98:f9:6a:f3:35:cb:66:de:c6:61:2c:19:e1:4a:95:
6f:44:db:31:7c:ba:22:01:75:e7:3c:07:90:41:6d:
58:08:c4:08:e6:ab:7f:d8:55:92:18:48:09:5c:ab:
0f:3b:de:53:7c:04:78:ef:a3:fe:33:e3:ad:8e:a0:
e1:9d:f8:6c:ee:36:ba:b7:a3:47:79:1d:b4:f4:f8:
be:60:4e:3e:7c:7d:4b:6c:5b:a7:5d:5e:40:44:48:
0b:3b:b7:f8:9e:29:80:66:6d:24:3b:94:d8:20:12:
c1:79:cb:7b:ee:49:6f:43:f3:43:11:3c:58:d4:b8:
f9:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:40:BC:0F:19:AB:82:AD:4E:43:53:B2:4F:34:25:A3:88:CD:7C:45
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/fkC8Dxmrgq1OQ1OyTzQlo4jNfEU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
75:1d:58:96:98:cb:49:f6:56:4c:0d:f3:79:ff:92:f6:36:81:
83:f1:3e:e0:84:2b:62:4f:c8:71:f8:f8:55:39:0f:18:1b:b2:
4c:f5:70:ba:67:e9:f1:18:05:28:a8:4a:71:32:ca:ab:f0:cd:
bd:71:13:4f:bf:dd:ec:99:ee:b0:08:5f:e2:4d:1e:09:3e:e6:
b4:5f:06:7d:22:13:5e:47:cd:17:4f:49:01:28:cf:32:4d:27:
15:00:c2:31:f6:fc:f3:4e:ce:0c:a0:01:19:52:7d:08:1b:d3:
d8:3c:7a:8f:81:2f:1b:4d:05:1f:71:da:88:7d:27:3e:97:59:
25:4e:a0:d8:00:ee:8b:7d:03:75:32:7b:9f:49:9b:e2:3e:05:
11:c7:05:da:96:46:c3:18:17:ed:12:cb:03:30:8f:fc:17:6a:
d3:38:b5:ac:74:9b:64:8d:4d:49:d0:ea:f9:dc:b7:22:f2:55:
5a:84:e4:26:e5:49:71:19:c2:82:4d:64:fe:f2:6d:d5:b5:4a:
cf:ff:a8:f1:d7:f1:39:20:2d:4e:fa:0a:c3:84:1e:5d:c8:04:
89:1d:51:62:01:6f:10:76:4c:d5:78:21:83:a6:94:a1:e3:82:
c8:a0:33:4f:f2:5a:99:a6:4c:f6:dc:ba:5e:75:05:96:2f:5d:
96:6c:eb:86
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICCf4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAxMzAw
NDU3MzRaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDdFNDBCQzBGMTlBQjgy
QUQ0RTQzNTNCMjRGMzQyNUEzODhDRDdDNDUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCy4FY9K0KUhu0usMY5N2Wy4wdtCfmZAJGn3k4Hq95taM4bW1to
tGC1CnlySeqmXktR1Ycq6yFJV/yhyGv6Io5OCoTyti6sUSHXppFajvxhZ8ZVZBBr
CRHDP+eLNNwRrMgy6rlbFAyuRjrwK86NEmXxl2E9tL6MqX6SUbGy3BEqW+N53CYU
TJj5avM1y2bexmEsGeFKlW9E2zF8uiIBdec8B5BBbVgIxAjmq3/YVZIYSAlcqw87
3lN8BHjvo/4z462OoOGd+GzuNrq3o0d5HbT0+L5gTj58fUtsW6ddXkBESAs7t/ie
KYBmbSQ7lNggEsF5y3vuSW9D80MRPFjUuPl7AgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUfkC8Dxmrgq1OQ1OyTzQlo4jNfEUwHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL2ZrQzhEeG1yZ3ExT1Ex
T3lUelFsbzRqTmZFVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAHUdWJaYy0n2VkwN83n/kvY2
gYPxPuCEK2JPyHH4+FU5Dxgbskz1cLpn6fEYBSioSnEyyqvwzb1xE0+/3eyZ7rAI
X+JNHgk+5rRfBn0iE15HzRdPSQEozzJNJxUAwjH2/PNOzgygARlSfQgb09g8eo+B
LxtNBR9x2oh9Jz6XWSVOoNgA7ot9A3Uye59Jm+I+BRHHBdqWRsMYF+0SywMwj/wX
atM4tax0m2SNTUnQ6vnctyLyVVqE5CblSXEZwoJNZP7ybdW1Ss//qPHX8TkgLU76
CsOEHl3IBIkdUWIBbxB2TNV4IYOmlKHjgsigM0/yWpmmTPbcul51BZYvXZZs64Y=
Generated at Thu Jan 30 13:11:16 2025 by rpki-client on console.sobornost.net