Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/krpQpEUNhfBOoVSDwqkBnh35nwU.roa
File: krpQpEUNhfBOoVSDwqkBnh35nwU.roa (raw, json)
Hash identifier: w9WH8v790QUAdxn5zmnHM/HxONVl8BXMVpG7a0NEjxE=
Subject key identifier: 92:BA:50:A4:45:0D:85:F0:4E:A1:54:83:C2:A9:01:9E:1D:F9:9F:05
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 0AF8
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/krpQpEUNhfBOoVSDwqkBnh35nwU.roa
Signing time: Sat 01 Feb 2025 19:25:35 +0000
ROA not before: Sat 01 Feb 2025 19:25:35 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2808 (0xaf8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Feb 1 19:25:35 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=92BA50A4450D85F04EA15483C2A9019E1DF99F05
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:30:c4:5c:29:e7:72:9c:94:dd:c4:fe:00:82:
85:07:91:9f:51:e2:49:7d:f4:bc:a5:5b:d8:3a:80:
60:b2:ca:e4:38:12:3a:f7:96:34:0d:dc:5b:d6:9d:
51:9b:0e:0c:91:7b:ff:54:51:1f:c3:70:16:36:81:
d7:e5:f0:8c:55:61:7a:05:43:44:b7:29:ac:72:d2:
eb:ed:80:15:95:a5:a3:f3:7f:bd:a4:0c:0a:77:53:
36:c8:89:eb:f5:59:85:3e:45:17:ab:13:34:c8:0e:
7f:44:36:87:6b:91:42:30:7a:af:e3:59:e2:17:60:
5b:66:5c:b8:1d:c3:ef:8f:26:33:78:0c:a6:5a:5d:
d1:1e:f9:77:62:35:65:e3:15:ef:58:f9:42:95:ab:
81:59:76:a8:4c:e0:c5:f9:c4:ee:7c:1b:2a:6a:77:
d3:57:93:04:2c:e2:bf:c2:2b:bd:07:1d:64:4b:a0:
13:28:72:fe:df:61:67:6b:d0:24:58:59:16:e4:4e:
d0:c5:bf:2d:93:d8:6b:de:a7:d6:fd:54:63:4f:a3:
2a:4a:3f:e9:16:58:5c:19:20:d9:c7:ba:6b:34:dc:
36:10:a4:6b:17:68:31:cd:3e:ee:4f:0b:a5:31:00:
48:40:c7:c3:5f:a7:ec:95:66:26:62:06:74:31:64:
88:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:BA:50:A4:45:0D:85:F0:4E:A1:54:83:C2:A9:01:9E:1D:F9:9F:05
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/krpQpEUNhfBOoVSDwqkBnh35nwU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
38:a3:1e:20:82:35:e2:32:dc:96:2b:58:34:c2:af:40:8f:0d:
1d:95:09:96:ed:15:d1:23:53:bc:86:82:76:a2:e1:e8:62:02:
a1:26:d8:5f:29:e5:79:1a:41:92:ea:4f:18:54:d9:c3:6c:f0:
47:6b:6e:ea:ea:0a:75:ba:5f:d0:4a:25:43:76:9c:1c:32:76:
4e:0e:97:f6:c6:62:ae:0d:df:4d:fc:6b:ec:b8:33:df:b7:ab:
5d:5f:b1:f7:7f:72:2b:8e:a7:ca:97:1f:82:2e:66:ee:81:9d:
6a:60:4a:67:21:ef:3c:00:41:6f:2e:6c:b6:2e:d2:47:5a:c3:
88:2c:a1:a9:d1:eb:bb:9f:60:2a:89:bd:df:55:2e:08:e2:1b:
31:ac:23:1f:1e:41:97:30:cc:99:97:d6:a2:e0:db:5c:1d:0a:
21:51:7f:ed:ce:a0:d7:64:8b:94:45:cd:d1:78:f9:e5:32:4c:
b7:17:e1:06:35:a7:79:f2:dc:1f:9d:43:a0:cd:b7:a0:b4:9c:
58:0d:78:61:86:fd:3d:8c:e6:11:5b:45:8e:be:78:b3:98:20:
d7:61:53:02:eb:3b:8b:91:a8:50:80:26:4b:09:d5:8c:d0:bf:
f3:5a:e9:46:f6:1a:d5:da:d9:83:dd:2d:91:d8:65:44:20:cb:
49:53:31:92
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICCvgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAyMDEx
OTI1MzVaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDkyQkE1MEE0NDUwRDg1
RjA0RUExNTQ4M0MyQTkwMTlFMURGOTlGMDUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDsMMRcKedynJTdxP4AgoUHkZ9R4kl99LylW9g6gGCyyuQ4Ejr3
ljQN3FvWnVGbDgyRe/9UUR/DcBY2gdfl8IxVYXoFQ0S3Kaxy0uvtgBWVpaPzf72k
DAp3UzbIiev1WYU+RRerEzTIDn9ENodrkUIweq/jWeIXYFtmXLgdw++PJjN4DKZa
XdEe+XdiNWXjFe9Y+UKVq4FZdqhM4MX5xO58Gypqd9NXkwQs4r/CK70HHWRLoBMo
cv7fYWdr0CRYWRbkTtDFvy2T2Gvep9b9VGNPoypKP+kWWFwZINnHums03DYQpGsX
aDHNPu5PC6UxAEhAx8Nfp+yVZiZiBnQxZIhtAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUkrpQpEUNhfBOoVSDwqkBnh35nwUwHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL2tycFFwRVVOaGZCT29W
U0R3cWtCbmgzNW53VS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBADijHiCCNeIy3JYrWDTCr0CP
DR2VCZbtFdEjU7yGgnai4ehiAqEm2F8p5XkaQZLqTxhU2cNs8EdrburqCnW6X9BK
JUN2nBwydk4Ol/bGYq4N3038a+y4M9+3q11fsfd/ciuOp8qXH4IuZu6BnWpgSmch
7zwAQW8ubLYu0kdaw4gsoanR67ufYCqJvd9VLgjiGzGsIx8eQZcwzJmX1qLg21wd
CiFRf+3OoNdki5RFzdF4+eUyTLcX4QY1p3ny3B+dQ6DNt6C0nFgNeGGG/T2M5hFb
RY6+eLOYINdhUwLrO4uRqFCAJksJ1YzQv/Na6Ub2GtXa2YPdLZHYZUQgy0lTMZI=
Generated at Sat Feb 1 22:59:35 2025 by rpki-client on console.sobornost.net