Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/kqpUmrp15KYRdSsizPUBWoiQbYA.roa
File: kqpUmrp15KYRdSsizPUBWoiQbYA.roa (raw, json)
Hash identifier: wNSMRJnccVIS7yURsx/eVnxx63EYrJvx1Oj7yNjxbRc=
Subject key identifier: 92:AA:54:9A:BA:75:E4:A6:11:75:2B:22:CC:F5:01:5A:88:90:6D:80
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 0A4C
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/kqpUmrp15KYRdSsizPUBWoiQbYA.roa
Signing time: Fri 31 Jan 2025 00:27:36 +0000
ROA not before: Fri 31 Jan 2025 00:27:36 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2636 (0xa4c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Jan 31 00:27:36 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=92AA549ABA75E4A611752B22CCF5015A88906D80
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:a9:d5:27:55:4c:89:a8:71:be:bc:9b:a3:b1:
0b:e6:0f:c1:cd:17:1e:6a:4b:5b:32:40:5d:4f:76:
a0:03:08:0a:2e:68:87:dd:9f:c2:cd:51:1a:91:c8:
7a:1b:04:01:5b:1e:7d:7a:91:40:5b:03:d8:12:6a:
48:6e:b3:85:d7:05:31:a1:e7:9c:19:dd:c6:95:20:
a7:29:bf:44:58:04:20:03:92:ac:c4:7f:89:13:61:
e1:b3:4b:8f:5a:3a:2a:9d:cf:b8:c4:b0:05:3e:5c:
d3:ee:63:76:32:14:45:74:2e:27:b3:7d:88:8f:51:
76:df:94:07:93:d3:ab:f8:36:ef:ee:4e:18:5f:24:
fa:4e:26:51:fd:f5:1b:74:a0:34:b6:8e:94:80:5f:
8e:7a:d4:0d:04:71:96:e6:81:62:b1:d8:c0:ed:8d:
f9:de:ac:07:b4:c5:bb:83:c6:4e:b3:c4:17:de:8f:
98:ef:29:04:cb:a4:38:ce:44:73:5e:7c:13:45:b2:
62:c0:c4:f7:ac:ba:74:e4:af:8c:32:35:bc:f0:aa:
e2:26:52:67:71:f4:08:0b:70:2f:54:ee:bc:07:00:
0e:4c:57:91:0f:54:40:5a:b5:de:f6:5e:64:3b:8f:
91:56:ec:b8:93:44:4b:84:3a:e2:f2:70:32:5d:77:
92:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:AA:54:9A:BA:75:E4:A6:11:75:2B:22:CC:F5:01:5A:88:90:6D:80
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/kqpUmrp15KYRdSsizPUBWoiQbYA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
0b:b5:7a:97:5f:c3:95:84:28:3d:ea:c3:be:fb:62:3c:d5:c4:
af:95:bc:42:0e:7b:88:d2:f2:bd:25:f3:7f:04:da:1b:d9:2d:
2d:35:f9:91:d6:94:63:2d:3a:26:d2:49:e4:05:35:81:e1:41:
b2:bf:2f:84:d8:f2:ff:c1:91:14:cf:ac:c9:c4:89:ef:e0:cd:
44:5a:61:79:3c:05:05:79:1b:66:69:74:38:53:a2:78:af:23:
2c:88:a2:ed:6d:42:61:f2:38:f8:f5:a2:30:a1:1f:10:ae:5d:
e4:90:73:cd:d3:01:af:33:28:dc:90:c2:a9:e8:33:fc:48:2d:
17:e3:18:57:95:dd:d5:63:cb:60:0e:bf:6b:80:91:05:09:10:
de:a9:00:bc:75:1d:85:dd:76:3e:d9:b7:5d:80:ba:db:68:f5:
dc:c3:6f:2e:2c:54:38:8a:20:db:b5:b9:69:59:7f:7d:48:17:
ac:44:e1:07:53:db:b5:7b:3a:e9:3c:f8:12:25:b2:f5:c0:54:
38:6a:f4:f8:ac:0d:85:f5:dd:83:40:3d:b8:51:50:a9:fc:8d:
e8:c3:63:2d:eb:f3:8b:ee:eb:2c:de:ca:42:e8:1a:1a:38:4d:
f6:f6:f6:04:d9:cc:69:59:4e:c2:0a:49:28:f8:1e:2e:d0:17:
24:d0:f2:ea
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICCkwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAxMzEw
MDI3MzZaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDkyQUE1NDlBQkE3NUU0
QTYxMTc1MkIyMkNDRjUwMTVBODg5MDZEODAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDNqdUnVUyJqHG+vJujsQvmD8HNFx5qS1syQF1PdqADCAouaIfd
n8LNURqRyHobBAFbHn16kUBbA9gSakhus4XXBTGh55wZ3caVIKcpv0RYBCADkqzE
f4kTYeGzS49aOiqdz7jEsAU+XNPuY3YyFEV0LiezfYiPUXbflAeT06v4Nu/uThhf
JPpOJlH99Rt0oDS2jpSAX4561A0EcZbmgWKx2MDtjfnerAe0xbuDxk6zxBfej5jv
KQTLpDjORHNefBNFsmLAxPesunTkr4wyNbzwquImUmdx9AgLcC9U7rwHAA5MV5EP
VEBatd72XmQ7j5FW7LiTREuEOuLycDJdd5IfAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUkqpUmrp15KYRdSsizPUBWoiQbYAwHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL2txcFVtcnAxNUtZUmRT
c2l6UFVCV29pUWJZQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAAu1epdfw5WEKD3qw777YjzV
xK+VvEIOe4jS8r0l838E2hvZLS01+ZHWlGMtOibSSeQFNYHhQbK/L4TY8v/BkRTP
rMnEie/gzURaYXk8BQV5G2ZpdDhTonivIyyIou1tQmHyOPj1ojChHxCuXeSQc83T
Aa8zKNyQwqnoM/xILRfjGFeV3dVjy2AOv2uAkQUJEN6pALx1HYXddj7Zt12Autto
9dzDby4sVDiKINu1uWlZf31IF6xE4QdT27V7Ouk8+BIlsvXAVDhq9PisDYX13YNA
PbhRUKn8jejDYy3r84vu6yzeykLoGho4Tfb29gTZzGlZTsIKSSj4Hi7QFyTQ8uo=
-----END CERTIFICATE-----
Generated at Fri Jan 31 04:26:55 2025 by rpki-client on console.sobornost.net