Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/u3B8q9SGy4NNVWY6OhfGHAi90hs.roa
File: u3B8q9SGy4NNVWY6OhfGHAi90hs.roa (raw, json)
Hash identifier: mUzhL6iwigUTysJE0GfCSqmUBQoJpiPtafC5maCWgHQ=
Subject key identifier: BB:70:7C:AB:D4:86:CB:83:4D:55:66:3A:3A:17:C6:1C:08:BD:D2:1B
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 05EA
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/u3B8q9SGy4NNVWY6OhfGHAi90hs.roa
Signing time: Sun 19 Jan 2025 07:54:49 +0000
ROA not before: Sun 19 Jan 2025 07:54:49 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1514 (0x5ea)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Jan 19 07:54:49 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=BB707CABD486CB834D55663A3A17C61C08BDD21B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:ac:47:b0:e4:5a:ea:60:6f:ac:fc:8f:b6:6c:
80:a8:e8:6f:d7:22:63:03:36:ea:8e:b1:79:a2:7c:
93:e2:ee:76:3d:a7:0a:c3:64:70:70:14:e4:06:e2:
79:99:da:4a:fb:79:59:2b:04:65:ab:f4:eb:81:a3:
6b:c8:57:1c:36:db:02:dd:58:bf:a7:16:9e:19:f7:
1c:4c:71:a8:e4:0d:5b:da:f8:f2:9b:e8:0a:0d:54:
98:1a:82:b0:22:5e:c6:ff:e8:e9:11:c6:81:d8:09:
70:d3:95:fd:a5:8b:34:00:65:02:eb:bb:ff:34:be:
ec:3f:3e:c8:ab:62:99:8f:e6:3b:66:00:28:37:1e:
c3:66:28:f5:3d:e7:56:51:5d:26:f0:a6:6b:d1:6f:
96:7f:d3:22:e8:a6:88:46:2d:3c:7f:69:ea:d1:b0:
b5:39:44:6a:19:b9:b5:0c:d9:43:2c:63:7c:91:96:
ba:0a:5c:92:44:e9:56:25:ba:bd:57:11:c5:cb:88:
e6:97:fb:e8:bf:d5:30:65:57:e0:9a:28:38:7d:a8:
f1:8d:0b:6b:ba:07:e5:32:a6:e9:a1:26:18:a2:ae:
4f:5e:1d:5d:36:47:2c:8b:c1:6f:98:7d:78:48:bd:
a0:8d:5c:99:0d:eb:18:e5:f5:ae:b3:9d:79:88:a4:
e7:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:70:7C:AB:D4:86:CB:83:4D:55:66:3A:3A:17:C6:1C:08:BD:D2:1B
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/u3B8q9SGy4NNVWY6OhfGHAi90hs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
14:49:0e:8d:a2:e8:1c:7c:c4:ea:2c:e9:10:2c:ba:04:ff:8e:
98:9a:8a:15:05:4b:63:f8:f3:62:63:b5:c5:19:8b:b1:32:da:
de:73:a3:9e:35:3a:87:06:a4:03:34:27:30:68:22:53:0f:21:
ec:58:f9:32:af:cc:10:a5:77:3e:46:61:70:46:fc:1c:ef:c2:
07:79:2d:74:a2:50:09:64:9d:1b:ef:87:cb:7f:11:6b:a0:d4:
4b:7e:c0:de:d4:00:a6:2b:34:f0:1d:3e:ca:26:2c:ae:43:22:
ea:72:a3:64:5c:43:05:56:ea:4b:1f:2c:dd:b1:26:73:b1:1d:
ff:7a:d8:10:1f:b1:02:d7:f1:1c:f0:31:aa:69:e1:dd:cf:d2:
00:76:7e:0e:c0:24:9b:3f:ca:aa:23:a4:62:ba:57:af:b9:7f:
89:ea:30:5f:32:56:06:cf:8a:13:79:04:b0:a3:ac:4a:1d:83:
d5:f1:f8:0b:38:88:d4:bb:d2:9f:7d:87:fd:7f:e5:ea:06:6f:
86:dc:3e:27:ea:ae:61:92:89:4e:07:82:28:46:23:6d:5d:21:
d6:aa:49:fc:56:2b:11:a4:bd:ad:0e:61:14:c7:bd:58:e1:80:
5f:68:61:7c:78:53:d7:27:91:57:e3:01:88:81:78:21:8a:97:
9c:55:d1:bc
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICBeowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAxMTkw
NzU0NDlaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKEJCNzA3Q0FCRDQ4NkNC
ODM0RDU1NjYzQTNBMTdDNjFDMDhCREQyMUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDSrEew5FrqYG+s/I+2bICo6G/XImMDNuqOsXmifJPi7nY9pwrD
ZHBwFOQG4nmZ2kr7eVkrBGWr9OuBo2vIVxw22wLdWL+nFp4Z9xxMcajkDVva+PKb
6AoNVJgagrAiXsb/6OkRxoHYCXDTlf2lizQAZQLru/80vuw/PsirYpmP5jtmACg3
HsNmKPU951ZRXSbwpmvRb5Z/0yLopohGLTx/aerRsLU5RGoZubUM2UMsY3yRlroK
XJJE6VYlur1XEcXLiOaX++i/1TBlV+CaKDh9qPGNC2u6B+UypumhJhiirk9eHV02
RyyLwW+YfXhIvaCNXJkN6xjl9a6znXmIpOdNAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUu3B8q9SGy4NNVWY6OhfGHAi90hswHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL3UzQjhxOVNHeTROTlZX
WTZPaGZHSEFpOTBocy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBABRJDo2i6Bx8xOos6RAsugT/
jpiaihUFS2P482JjtcUZi7Ey2t5zo541OocGpAM0JzBoIlMPIexY+TKvzBCldz5G
YXBG/Bzvwgd5LXSiUAlknRvvh8t/EWug1Et+wN7UAKYrNPAdPsomLK5DIupyo2Rc
QwVW6ksfLN2xJnOxHf962BAfsQLX8RzwMapp4d3P0gB2fg7AJJs/yqojpGK6V6+5
f4nqMF8yVgbPihN5BLCjrEodg9Xx+As4iNS70p99h/1/5eoGb4bcPifqrmGSiU4H
gihGI21dIdaqSfxWKxGkva0OYRTHvVjhgF9oYXx4U9cnkVfjAYiBeCGKl5xV0bw=
-----END CERTIFICATE-----
Generated at Sun Jan 19 12:39:04 2025 by rpki-client on console.sobornost.net