Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/EXqndjHmj9uY-msHqD_8sDfvZdg.roa
File: EXqndjHmj9uY-msHqD_8sDfvZdg.roa (raw, json)
Hash identifier: s2bQiqVN//egtaOT9ftMqypufmrvBbt9DqOYltSV5mY=
Subject key identifier: 11:7A:A7:76:31:E6:8F:DB:98:FA:6B:07:A8:3F:FC:B0:37:EF:65:D8
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 0BA2
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/EXqndjHmj9uY-msHqD_8sDfvZdg.roa
Signing time: Mon 03 Feb 2025 13:55:36 +0000
ROA not before: Mon 03 Feb 2025 13:55:36 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2978 (0xba2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Feb 3 13:55:36 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=117AA77631E68FDB98FA6B07A83FFCB037EF65D8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:ab:82:13:15:27:35:f2:3b:e1:52:0b:e0:ad:
d8:43:5f:a7:34:55:f8:ac:99:95:4e:2c:f6:c2:4b:
15:2a:44:92:83:e1:24:cc:6a:bf:1c:03:52:96:4d:
33:a2:06:b8:ca:0e:d2:ef:c8:cc:df:8a:64:66:65:
d0:1c:f2:0f:c0:6e:a6:1c:46:cc:d1:4f:cc:23:14:
23:e7:4c:b9:a0:f5:44:c8:77:86:7a:bb:59:95:1d:
d0:24:ea:d4:71:95:f5:9a:eb:cb:ba:6b:b0:46:47:
86:38:17:4f:cc:b8:26:f3:e3:d5:80:e6:18:26:f1:
f1:e8:6b:f8:1f:77:5b:55:44:25:16:dd:b2:1e:3a:
2b:e2:30:86:5d:2d:d6:01:97:61:3a:2f:81:13:c5:
66:a8:2a:86:4c:b0:28:0e:af:37:f0:7d:a3:9b:de:
72:87:27:86:cc:00:97:5c:b4:2c:be:4f:c3:ac:ac:
3a:7b:de:d6:ed:82:c7:7e:4f:ca:bb:68:33:68:7d:
8c:dd:c6:b0:47:71:77:ed:9c:ad:ec:7a:c1:bb:fc:
ad:c2:6e:8f:17:72:9c:f1:4a:43:a0:cf:21:99:3e:
22:4f:f2:5a:4c:c5:05:ef:b2:c2:d1:79:c8:a2:11:
ef:36:bb:63:77:7d:83:cb:28:e7:19:5d:0e:73:64:
44:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:7A:A7:76:31:E6:8F:DB:98:FA:6B:07:A8:3F:FC:B0:37:EF:65:D8
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/EXqndjHmj9uY-msHqD_8sDfvZdg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
a3:6c:87:af:d7:65:5c:4d:4b:c2:2f:1e:33:f4:62:28:cc:1f:
c3:14:f5:94:c9:ff:91:2e:9c:05:2c:be:81:f2:ff:c8:69:37:
ec:80:85:54:70:02:03:9b:fa:e6:25:d2:d4:6d:bd:30:78:fb:
9e:65:11:d5:88:ce:df:49:3e:20:28:00:0d:74:82:a5:57:5d:
61:67:00:66:4c:28:eb:93:51:d3:d0:6a:35:4b:b7:59:57:16:
92:99:6e:e3:ba:5e:69:b7:0c:4c:1e:7d:af:6b:48:5c:d6:98:
36:cf:fd:00:5a:6e:a7:ec:83:80:76:ed:17:1d:fa:b2:3a:00:
b0:0f:b5:29:56:d6:03:4b:c1:40:dc:1a:e4:ac:02:9e:d1:ae:
9c:1e:57:55:d1:71:7b:47:cd:5a:b8:3b:6f:35:43:f1:6e:d8:
83:d4:ce:f8:fc:99:85:da:e4:87:44:fd:fc:55:43:8e:1e:c8:
fd:f4:83:15:f5:b9:41:a6:e8:64:87:88:26:d3:0d:ea:68:4a:
58:7d:55:ed:c1:c1:43:a0:36:ad:67:ef:3a:c6:81:56:b8:32:
b8:8f:d5:a2:cb:c7:8c:48:50:0a:c8:d6:c5:b9:e5:02:64:98:
ef:74:bd:c9:b3:c2:15:5e:ce:07:ff:fa:e1:fd:38:a0:6a:31:
99:07:96:83
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICC6IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAyMDMx
MzU1MzZaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDExN0FBNzc2MzFFNjhG
REI5OEZBNkIwN0E4M0ZGQ0IwMzdFRjY1RDgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDBq4ITFSc18jvhUgvgrdhDX6c0VfismZVOLPbCSxUqRJKD4STM
ar8cA1KWTTOiBrjKDtLvyMzfimRmZdAc8g/AbqYcRszRT8wjFCPnTLmg9UTId4Z6
u1mVHdAk6tRxlfWa68u6a7BGR4Y4F0/MuCbz49WA5hgm8fHoa/gfd1tVRCUW3bIe
OiviMIZdLdYBl2E6L4ETxWaoKoZMsCgOrzfwfaOb3nKHJ4bMAJdctCy+T8OsrDp7
3tbtgsd+T8q7aDNofYzdxrBHcXftnK3sesG7/K3Cbo8XcpzxSkOgzyGZPiJP8lpM
xQXvssLReciiEe82u2N3fYPLKOcZXQ5zZERvAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUEXqndjHmj9uY+msHqD/8sDfvZdgwHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL0VYcW5kakhtajl1WS1t
c0hxRF84c0RmdlpkZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAKNsh6/XZVxNS8IvHjP0YijM
H8MU9ZTJ/5EunAUsvoHy/8hpN+yAhVRwAgOb+uYl0tRtvTB4+55lEdWIzt9JPiAo
AA10gqVXXWFnAGZMKOuTUdPQajVLt1lXFpKZbuO6Xmm3DEwefa9rSFzWmDbP/QBa
bqfsg4B27Rcd+rI6ALAPtSlW1gNLwUDcGuSsAp7RrpweV1XRcXtHzVq4O281Q/Fu
2IPUzvj8mYXa5IdE/fxVQ44eyP30gxX1uUGm6GSHiCbTDepoSlh9Ve3BwUOgNq1n
7zrGgVa4MriP1aLLx4xIUArI1sW55QJkmO90vcmzwhVezgf/+uH9OKBqMZkHloM=
-----END CERTIFICATE-----
Generated at Mon Feb 3 17:54:07 2025 by rpki-client on console.sobornost.net