Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/iZyIH6DNt6CfcXqvn6a-3FuI3NE.roa
File: iZyIH6DNt6CfcXqvn6a-3FuI3NE.roa (raw, json)
Hash identifier: +e0buy0AtKKFbGJ+AJJekikigXJgExylrP+FeD4ecK8=
Subject key identifier: 89:9C:88:1F:A0:CD:B7:A0:9F:71:7A:AF:9F:A6:BE:DC:5B:88:DC:D1
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 0642
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/iZyIH6DNt6CfcXqvn6a-3FuI3NE.roa
Signing time: Mon 20 Jan 2025 05:54:50 +0000
ROA not before: Mon 20 Jan 2025 05:54:50 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1602 (0x642)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Jan 20 05:54:50 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=899C881FA0CDB7A09F717AAF9FA6BEDC5B88DCD1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:78:e3:70:b2:77:73:6b:5f:aa:74:2e:14:4e:
43:00:4f:3e:21:db:e8:26:fd:8b:75:99:88:2f:bf:
88:91:27:61:4b:0b:db:30:56:4f:8a:3d:e6:66:2e:
1b:6c:61:bc:5b:45:14:d2:57:49:50:38:98:59:c1:
4e:56:a5:25:b2:27:6b:b8:51:c7:77:8b:bb:9d:ac:
04:7b:50:cf:98:56:f6:50:1a:79:e8:a5:d7:80:54:
44:43:28:e0:de:f8:cd:8f:5d:a5:4a:8f:97:c9:97:
3e:f0:59:9e:86:8d:73:7a:38:44:8c:52:fc:db:f0:
f9:6b:f3:77:72:51:d2:e4:ac:5b:a3:87:fe:1a:a2:
67:bc:5f:dd:d2:c1:7f:31:0a:b0:01:58:7c:63:fa:
fc:ac:e8:61:03:b0:d2:e3:cd:54:57:2d:46:f1:d9:
c5:27:0d:64:b8:af:1d:00:b1:09:36:22:c9:e4:ff:
64:b1:76:cf:74:41:83:2f:6e:d6:76:1c:3a:52:bc:
47:5c:02:5e:6b:2f:05:d0:7a:62:1e:09:37:4b:47:
61:39:60:74:ed:06:5c:76:07:26:ec:60:5c:5b:06:
46:6a:0e:34:c1:07:22:c2:97:86:34:af:58:10:3f:
f7:14:d5:25:52:f1:9c:08:4d:ce:a6:21:b6:09:88:
e2:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:9C:88:1F:A0:CD:B7:A0:9F:71:7A:AF:9F:A6:BE:DC:5B:88:DC:D1
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/iZyIH6DNt6CfcXqvn6a-3FuI3NE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
86:09:33:29:7e:90:1a:f1:2b:38:57:54:ea:ef:cb:ae:82:8d:
53:2b:11:9a:29:43:ed:07:4c:54:e7:34:6e:fb:c2:d4:96:c3:
5c:70:ec:ef:08:d0:ef:d6:7d:20:f1:bf:c2:f0:10:48:29:5f:
7d:30:55:a1:84:7e:6c:5e:b7:e6:18:70:78:23:45:1b:93:62:
80:65:7f:6b:c6:a4:3d:cd:df:05:2c:8d:bb:25:10:1e:d3:36:
04:37:6a:87:24:9a:39:af:62:9a:78:80:4f:29:69:52:ba:c0:
5e:d7:a1:03:8c:ac:54:37:40:ba:86:af:a2:8d:51:38:ab:78:
a6:41:0b:79:af:36:5b:74:1a:77:b5:07:bd:38:ff:8d:7f:2f:
2a:e9:80:83:68:da:27:51:e8:9c:31:5b:37:4f:0c:de:36:82:
fe:99:3d:9f:14:65:f9:62:b3:23:db:e6:e4:33:1f:80:ae:d0:
29:68:e3:0b:f5:eb:8f:91:9a:fa:9b:53:d7:fc:dc:13:9a:ef:
50:b6:eb:cb:16:8b:fc:8a:02:01:32:50:73:8f:e9:33:99:38:
da:f2:70:c1:b6:0c:15:79:10:8f:08:68:ee:98:e0:e4:3a:60:
53:88:9e:53:c8:fe:fc:cb:fa:a7:f1:dc:9c:61:fd:b5:af:2c:
22:b4:fb:f5
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICBkIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAxMjAw
NTU0NTBaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDg5OUM4ODFGQTBDREI3
QTA5RjcxN0FBRjlGQTZCRURDNUI4OERDRDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJeONwsndza1+qdC4UTkMATz4h2+gm/Yt1mYgvv4iRJ2FLC9sw
Vk+KPeZmLhtsYbxbRRTSV0lQOJhZwU5WpSWyJ2u4Ucd3i7udrAR7UM+YVvZQGnno
pdeAVERDKODe+M2PXaVKj5fJlz7wWZ6GjXN6OESMUvzb8Plr83dyUdLkrFujh/4a
ome8X93SwX8xCrABWHxj+vys6GEDsNLjzVRXLUbx2cUnDWS4rx0AsQk2Isnk/2Sx
ds90QYMvbtZ2HDpSvEdcAl5rLwXQemIeCTdLR2E5YHTtBlx2BybsYFxbBkZqDjTB
ByLCl4Y0r1gQP/cU1SVS8ZwITc6mIbYJiOKNAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUiZyIH6DNt6CfcXqvn6a+3FuI3NEwHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL2laeUlINkROdDZDZmNY
cXZuNmEtM0Z1STNORS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAIYJMyl+kBrxKzhXVOrvy66C
jVMrEZopQ+0HTFTnNG77wtSWw1xw7O8I0O/WfSDxv8LwEEgpX30wVaGEfmxet+YY
cHgjRRuTYoBlf2vGpD3N3wUsjbslEB7TNgQ3aockmjmvYpp4gE8paVK6wF7XoQOM
rFQ3QLqGr6KNUTireKZBC3mvNlt0Gne1B704/41/LyrpgINo2idR6JwxWzdPDN42
gv6ZPZ8UZflisyPb5uQzH4Cu0Clo4wv164+RmvqbU9f83BOa71C268sWi/yKAgEy
UHOP6TOZONrycMG2DBV5EI8IaO6Y4OQ6YFOInlPI/vzL+qfx3Jxh/bWvLCK0+/U=
-----END CERTIFICATE-----
Generated at Mon Jan 20 11:25:34 2025 by rpki-client on console.sobornost.net