Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/spA1PmkNUHfGmLzE-ZmqW9HFo0w.roa
File: spA1PmkNUHfGmLzE-ZmqW9HFo0w.roa (raw, json)
Hash identifier: WGzy4P6uImonjHLNEfwqMUnMtCSSJRGU8YQ07s/b8Xc=
Subject key identifier: B2:90:35:3E:69:0D:50:77:C6:98:BC:C4:F9:99:AA:5B:D1:C5:A3:4C
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 0790
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/spA1PmkNUHfGmLzE-ZmqW9HFo0w.roa
Signing time: Thu 23 Jan 2025 17:25:47 +0000
ROA not before: Thu 23 Jan 2025 17:25:47 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1936 (0x790)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Jan 23 17:25:47 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=B290353E690D5077C698BCC4F999AA5BD1C5A34C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:93:65:19:a9:c3:eb:03:e3:1f:0d:a9:1c:c7:
a1:45:20:6c:55:8a:59:24:28:ce:19:1b:92:00:fb:
25:e7:26:94:2e:a1:49:d9:ae:4d:90:98:8f:e1:86:
66:00:f5:63:ed:68:4a:a7:23:12:61:e6:31:5c:62:
39:52:eb:44:1d:ea:f7:17:73:81:09:93:13:2c:38:
9e:7d:72:ce:e6:19:53:8d:b9:c6:45:24:2d:aa:7d:
e5:cd:e5:46:ab:ee:4d:23:cc:79:c9:ea:4d:f6:de:
d7:2d:df:8a:d1:80:43:56:36:08:92:ac:18:0d:7e:
f7:91:fa:78:60:eb:06:db:1b:dd:5a:cf:b4:1c:cc:
d6:c4:36:32:a4:21:ae:5f:4d:c3:fc:9e:c2:f3:70:
5d:12:59:95:8c:06:86:3c:8f:13:fd:cc:d1:5d:26:
86:da:33:17:cf:55:17:44:05:b6:72:2a:81:de:4d:
c3:0a:68:d5:fc:22:bf:60:91:4a:18:13:ba:bd:ae:
c6:ef:9a:14:e4:c7:49:97:14:43:8b:c3:35:97:3e:
97:65:47:b7:3a:34:81:54:e5:f7:4a:b2:16:e9:43:
ed:e7:74:e2:2a:da:fd:be:68:d2:23:b5:04:ba:ad:
61:ba:53:0a:e6:d4:31:e2:23:74:dd:b3:0d:5c:ac:
2f:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:90:35:3E:69:0D:50:77:C6:98:BC:C4:F9:99:AA:5B:D1:C5:A3:4C
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/spA1PmkNUHfGmLzE-ZmqW9HFo0w.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
85:4f:35:96:3b:25:cc:bd:22:c5:a4:49:1f:cc:0e:b7:e1:8f:
4c:21:c2:8a:ea:d2:f0:3a:b7:a1:dd:8c:5a:c8:8e:74:ee:05:
a5:05:87:38:82:86:99:97:ac:37:18:23:80:c1:4e:15:b3:b1:
2b:27:36:3f:71:16:66:b1:02:84:e4:c1:f9:98:fb:1a:98:e3:
c6:af:ec:34:4a:39:69:7d:e2:3c:ef:7c:92:5e:0c:55:e6:f0:
e1:b9:b7:bf:27:5e:93:d8:f3:d7:11:97:8a:67:07:a1:47:0b:
03:ed:e1:33:ac:c6:e4:4b:17:7e:c4:71:a5:7a:8f:e8:86:7e:
4a:1d:8f:14:b0:3f:1b:3d:ab:57:45:a7:8e:1d:cf:74:66:99:
66:72:b3:d7:62:a4:10:8a:ed:3a:e5:04:eb:4d:be:7d:7a:39:
ab:f1:68:73:fd:68:18:dc:3f:c8:e5:56:d5:f9:43:e2:70:cd:
b0:20:b7:4a:e9:6b:e0:e1:c5:9d:91:4d:a2:ea:ba:04:cf:13:
5a:56:00:c1:bd:9d:5e:18:19:cb:48:18:9c:46:85:b0:8f:e9:
5e:3c:79:8f:91:27:22:d2:41:2f:3c:83:cb:3b:a8:a3:6f:64:
48:de:90:77:16:11:ef:2c:b4:ed:a5:e5:d3:0e:6b:1d:d8:b3:
55:e3:c5:8b
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICB5AwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAxMjMx
NzI1NDdaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKEIyOTAzNTNFNjkwRDUw
NzdDNjk4QkNDNEY5OTlBQTVCRDFDNUEzNEMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDEk2UZqcPrA+MfDakcx6FFIGxVilkkKM4ZG5IA+yXnJpQuoUnZ
rk2QmI/hhmYA9WPtaEqnIxJh5jFcYjlS60Qd6vcXc4EJkxMsOJ59cs7mGVONucZF
JC2qfeXN5Uar7k0jzHnJ6k323tct34rRgENWNgiSrBgNfveR+nhg6wbbG91az7Qc
zNbENjKkIa5fTcP8nsLzcF0SWZWMBoY8jxP9zNFdJobaMxfPVRdEBbZyKoHeTcMK
aNX8Ir9gkUoYE7q9rsbvmhTkx0mXFEOLwzWXPpdlR7c6NIFU5fdKshbpQ+3ndOIq
2v2+aNIjtQS6rWG6Uwrm1DHiI3Tdsw1crC+zAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUspA1PmkNUHfGmLzE+ZmqW9HFo0wwHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL3NwQTFQbWtOVUhmR21M
ekUtWm1xVzlIRm8wdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAIVPNZY7Jcy9IsWkSR/MDrfh
j0whworq0vA6t6HdjFrIjnTuBaUFhziChpmXrDcYI4DBThWzsSsnNj9xFmaxAoTk
wfmY+xqY48av7DRKOWl94jzvfJJeDFXm8OG5t78nXpPY89cRl4pnB6FHCwPt4TOs
xuRLF37EcaV6j+iGfkodjxSwPxs9q1dFp44dz3RmmWZys9dipBCK7TrlBOtNvn16
OavxaHP9aBjcP8jlVtX5Q+JwzbAgt0rpa+DhxZ2RTaLqugTPE1pWAMG9nV4YGctI
GJxGhbCP6V48eY+RJyLSQS88g8s7qKNvZEjekHcWEe8stO2l5dMOax3Ys1XjxYs=
Generated at Thu Jan 23 21:29:29 2025 by rpki-client on console.sobornost.net