Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/8NXn-r85dOLnxTprz9myTFQtsXk.roa
File: 8NXn-r85dOLnxTprz9myTFQtsXk.roa (raw, json)
Hash identifier: x1+qCIq79161a34fAHn9DL9QZrqPiG1tCIG8HiAa7ik=
Subject key identifier: F0:D5:E7:FA:BF:39:74:E2:E7:C5:3A:6B:CF:D9:B2:4C:54:2D:B1:79
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 0728
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/8NXn-r85dOLnxTprz9myTFQtsXk.roa
Signing time: Wed 22 Jan 2025 15:24:59 +0000
ROA not before: Wed 22 Jan 2025 15:24:59 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1832 (0x728)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Jan 22 15:24:59 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=F0D5E7FABF3974E2E7C53A6BCFD9B24C542DB179
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:cd:0e:36:44:7b:b8:6a:f2:28:22:38:a8:bd:
49:7f:31:36:d8:24:da:0a:19:9d:42:5b:8a:93:30:
cf:56:f1:07:e3:2c:6b:bc:30:00:f3:e9:7b:86:e2:
59:9c:63:a6:ab:2f:5b:81:ca:d9:83:9d:f7:58:ad:
e5:4a:77:02:3a:98:de:67:43:0e:2e:01:7f:e7:dd:
c3:52:f5:e1:f0:d7:8b:32:43:50:8c:0c:09:15:c7:
13:8d:cb:ed:92:9a:49:74:e5:39:1f:75:6b:1e:9c:
04:52:ef:a3:bb:03:47:f8:c1:e2:e0:41:f6:4e:92:
0c:c8:53:94:da:13:18:ed:12:e3:98:cd:c5:3f:98:
11:82:2a:b9:d0:df:6c:0f:b7:ca:a0:b3:52:b6:6f:
54:a8:54:dd:a1:b5:e4:83:b9:e2:b6:b0:16:5a:9d:
c8:ca:dc:be:6e:6e:ef:e8:9a:7d:87:d4:80:80:18:
73:06:a6:92:6c:0c:05:62:52:95:b2:d5:66:d4:c1:
63:5d:f5:e6:44:00:23:4b:ea:d5:3e:fb:ef:21:4c:
35:ef:70:86:aa:a7:2d:9a:45:7e:f6:5d:28:43:d2:
7b:36:c6:72:39:05:2c:53:80:4e:85:f6:cd:42:ed:
72:75:42:9d:5b:5a:92:07:9e:6d:d9:fc:04:4b:2c:
e2:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:D5:E7:FA:BF:39:74:E2:E7:C5:3A:6B:CF:D9:B2:4C:54:2D:B1:79
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/8NXn-r85dOLnxTprz9myTFQtsXk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
73:5b:68:38:d8:86:7b:d2:41:28:b4:40:b8:f4:45:2f:7e:36:
fd:3d:f9:38:df:0c:b0:dc:70:09:6d:aa:2b:d3:21:e4:2f:96:
75:00:f4:f1:7e:50:4e:b4:39:13:f3:5c:de:47:2b:02:92:ef:
bd:d4:be:a0:6b:fd:f4:7e:0e:77:07:9f:0f:07:72:46:31:16:
f8:5c:6f:df:40:f1:1f:a8:32:70:ba:75:fa:9e:61:ab:76:3d:
61:0b:ce:b5:e6:f1:26:7d:18:50:88:ef:e8:28:8a:0e:76:01:
2b:21:41:3c:2d:b6:16:0e:fd:b2:d1:80:01:be:44:b1:68:51:
17:b9:07:b8:b6:88:86:01:05:63:02:af:ab:62:3e:60:12:f8:
cd:3d:b6:5e:58:42:e1:c6:0d:8a:35:81:ae:1a:4a:07:db:7b:
b7:bf:60:22:27:38:ca:82:a3:23:c3:0d:7e:15:81:90:78:9f:
70:ee:d6:ae:4e:50:42:0b:42:74:10:c8:c8:31:96:82:cb:57:
89:12:a9:2d:b3:f9:f2:7e:cb:60:a8:5e:d6:b1:65:40:13:0d:
18:37:58:c6:89:1c:61:c7:0d:5a:48:c0:95:96:53:1e:83:93:
b4:58:4c:e5:ab:b5:f7:9a:8f:b6:e7:96:52:38:58:87:33:fa:
7d:d3:dd:5f
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICBygwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAxMjIx
NTI0NTlaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKEYwRDVFN0ZBQkYzOTc0
RTJFN0M1M0E2QkNGRDlCMjRDNTQyREIxNzkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCvzQ42RHu4avIoIjiovUl/MTbYJNoKGZ1CW4qTMM9W8QfjLGu8
MADz6XuG4lmcY6arL1uBytmDnfdYreVKdwI6mN5nQw4uAX/n3cNS9eHw14syQ1CM
DAkVxxONy+2Smkl05TkfdWsenARS76O7A0f4weLgQfZOkgzIU5TaExjtEuOYzcU/
mBGCKrnQ32wPt8qgs1K2b1SoVN2hteSDueK2sBZancjK3L5ubu/omn2H1ICAGHMG
ppJsDAViUpWy1WbUwWNd9eZEACNL6tU+++8hTDXvcIaqpy2aRX72XShD0ns2xnI5
BSxTgE6F9s1C7XJ1Qp1bWpIHnm3Z/ARLLOLjAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQU8NXn+r85dOLnxTprz9myTFQtsXkwHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwLzhOWG4tcjg1ZE9MbnhU
cHJ6OW15VEZRdHNYay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAHNbaDjYhnvSQSi0QLj0RS9+
Nv09+TjfDLDccAltqivTIeQvlnUA9PF+UE60ORPzXN5HKwKS773UvqBr/fR+DncH
nw8HckYxFvhcb99A8R+oMnC6dfqeYat2PWELzrXm8SZ9GFCI7+goig52ASshQTwt
thYO/bLRgAG+RLFoURe5B7i2iIYBBWMCr6tiPmAS+M09tl5YQuHGDYo1ga4aSgfb
e7e/YCInOMqCoyPDDX4VgZB4n3Du1q5OUEILQnQQyMgxloLLV4kSqS2z+fJ+y2Co
XtaxZUATDRg3WMaJHGHHDVpIwJWWUx6Dk7RYTOWrtfeaj7bnllI4WIcz+n3T3V8=
Generated at Wed Jan 22 19:43:58 2025 by rpki-client on console.sobornost.net