Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/0t35i5whHDvibJ1McLfKt7TH6-g.roa
File: 0t35i5whHDvibJ1McLfKt7TH6-g.roa (raw, json)
Hash identifier: zuhl0arZb+VC5Shjd6ymjMP/XG4hU18Q+hkMrDz8IiQ=
Subject key identifier: D2:DD:F9:8B:9C:21:1C:3B:E2:6C:9D:4C:70:B7:CA:B7:B4:C7:EB:E8
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 0D78
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/0t35i5whHDvibJ1McLfKt7TH6-g.roa
Signing time: Sat 08 Feb 2025 11:25:52 +0000
ROA not before: Sat 08 Feb 2025 11:25:52 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3448 (0xd78)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Feb 8 11:25:52 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=D2DDF98B9C211C3BE26C9D4C70B7CAB7B4C7EBE8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:6c:2d:f1:ae:e1:b9:2d:be:62:5a:30:e7:c0:
ea:3b:b1:37:83:f5:a7:fa:a4:47:13:48:2a:cc:1a:
e1:81:9a:d9:52:a7:b4:bb:8a:b2:4a:63:c0:90:37:
93:dc:fe:86:2a:32:06:32:78:44:a3:fd:85:b2:a2:
d0:36:db:a2:d4:1a:71:b7:a1:77:8c:8d:88:8f:54:
4b:78:e4:06:70:d9:4f:c2:1b:ca:99:97:24:17:69:
f1:9f:ac:68:94:53:07:83:2c:bf:b1:df:16:1b:35:
62:34:97:f8:46:b6:e1:66:9b:e9:36:c2:e2:25:37:
65:5d:8d:06:3d:38:30:1f:b2:0b:64:55:d7:c3:0c:
ea:ad:8f:08:2d:13:60:12:b5:4b:55:f7:17:ca:3f:
9b:96:f2:57:53:3a:47:da:06:3b:11:b1:49:81:4d:
11:3c:e2:47:73:40:b9:12:86:82:5b:ef:0b:55:1e:
74:d6:de:46:1a:de:c6:e9:d8:32:ce:d3:b3:e1:a8:
f5:4f:f3:66:6b:86:4b:78:e3:ef:1b:50:e1:ea:2f:
ff:fe:4d:3d:f8:4e:4a:16:f5:24:ad:4f:97:28:08:
58:79:a5:f3:d5:5f:68:53:85:72:67:2a:32:62:54:
84:88:ae:f6:68:15:81:f9:99:a3:cc:d4:61:98:ba:
a2:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:DD:F9:8B:9C:21:1C:3B:E2:6C:9D:4C:70:B7:CA:B7:B4:C7:EB:E8
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/0t35i5whHDvibJ1McLfKt7TH6-g.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
44:b1:0e:08:64:d7:49:08:f7:0a:4b:ad:d7:87:ef:1c:68:60:
e5:99:47:0b:d5:f0:c2:71:98:d6:72:e5:d4:b8:43:a9:f6:35:
b8:d7:c7:45:b5:12:91:aa:f7:3c:48:69:4e:55:6a:4e:b9:83:
ab:ac:e8:af:cd:0a:07:6d:2b:f0:31:5f:3a:08:e8:ca:53:03:
8e:5a:46:61:08:42:51:0c:93:35:f0:8e:f6:3f:fc:6d:1e:28:
d3:1f:d7:7d:a7:c8:6e:c2:8f:6e:f2:54:b7:bd:a1:f2:a2:c1:
7d:7d:49:31:d5:4b:69:fe:da:68:ab:e1:8e:bd:38:18:4a:f8:
18:da:80:49:cb:09:4d:5c:9c:7e:c7:28:92:5f:d9:e8:31:fb:
ad:da:b3:7c:5c:13:8f:3b:a6:f9:03:49:fe:29:72:85:7a:47:
dc:4a:73:d9:e0:c4:ec:f7:7c:da:77:05:e2:3b:6c:4e:5f:db:
ea:16:18:e9:fd:3e:16:82:ef:d2:ee:f8:6b:bd:c3:32:6a:b0:
ba:04:72:56:d7:03:29:3f:72:bf:84:0a:b1:3a:bc:a2:59:3b:
f4:ec:04:5f:3e:cf:d3:a7:76:c7:ec:d1:60:aa:05:11:90:40:
ea:7e:79:d3:8b:f4:9d:8b:2e:c0:00:cc:63:c0:f9:ae:0e:85:
72:e5:a7:87
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICDXgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAyMDgx
MTI1NTJaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKEQyRERGOThCOUMyMTFD
M0JFMjZDOUQ0QzcwQjdDQUI3QjRDN0VCRTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHbC3xruG5Lb5iWjDnwOo7sTeD9af6pEcTSCrMGuGBmtlSp7S7
irJKY8CQN5Pc/oYqMgYyeESj/YWyotA226LUGnG3oXeMjYiPVEt45AZw2U/CG8qZ
lyQXafGfrGiUUweDLL+x3xYbNWI0l/hGtuFmm+k2wuIlN2VdjQY9ODAfsgtkVdfD
DOqtjwgtE2AStUtV9xfKP5uW8ldTOkfaBjsRsUmBTRE84kdzQLkShoJb7wtVHnTW
3kYa3sbp2DLO07PhqPVP82Zrhkt44+8bUOHqL//+TT34TkoW9SStT5coCFh5pfPV
X2hThXJnKjJiVISIrvZoFYH5maPM1GGYuqI5AgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQU0t35i5whHDvibJ1McLfKt7TH6+gwHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwLzB0MzVpNXdoSER2aWJK
MU1jTGZLdDdUSDYtZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAESxDghk10kI9wpLrdeH7xxo
YOWZRwvV8MJxmNZy5dS4Q6n2NbjXx0W1EpGq9zxIaU5Vak65g6us6K/NCgdtK/Ax
XzoI6MpTA45aRmEIQlEMkzXwjvY//G0eKNMf132nyG7Cj27yVLe9ofKiwX19STHV
S2n+2mir4Y69OBhK+BjagEnLCU1cnH7HKJJf2egx+63as3xcE487pvkDSf4pcoV6
R9xKc9ngxOz3fNp3BeI7bE5f2+oWGOn9PhaC79Lu+Gu9wzJqsLoEclbXAyk/cr+E
CrE6vKJZO/TsBF8+z9Ondsfs0WCqBRGQQOp+edOL9J2LLsAAzGPA+a4OhXLlp4c=
-----END CERTIFICATE-----
Generated at Tue Feb 11 03:42:41 2025 by rpki-client on console.sobornost.net