Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/KdmijwsLclPG_bcfF54ilzJnA08.roa
File: KdmijwsLclPG_bcfF54ilzJnA08.roa (raw, json)
Hash identifier: ImkXgiIC2b1mCADuX0kNmqPuTG72qwNFC42aN90HPk4=
Subject key identifier: 29:D9:A2:8F:0B:0B:72:53:C6:FD:B7:1F:17:9E:22:97:32:67:03:4F
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 0A8A
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/KdmijwsLclPG_bcfF54ilzJnA08.roa
Signing time: Fri 31 Jan 2025 15:55:31 +0000
ROA not before: Fri 31 Jan 2025 15:55:31 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2698 (0xa8a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Jan 31 15:55:31 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=29D9A28F0B0B7253C6FDB71F179E22973267034F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:ee:e3:0b:5d:65:d4:0a:b1:d4:5d:ba:23:c8:
89:66:d5:0d:af:12:f2:c6:be:a9:59:90:59:76:52:
c7:b2:a6:26:e5:51:24:dd:22:c0:88:5d:af:a7:52:
14:c4:2e:64:2f:e0:29:8d:89:20:04:e3:9e:9c:a0:
17:65:5b:d8:be:ba:5b:a7:97:1a:66:10:66:e1:ed:
c9:ea:f4:20:e2:58:93:59:45:d2:8a:bc:49:70:37:
a0:a7:cf:03:d0:54:fe:82:29:04:d8:9c:07:ff:dc:
b9:89:ae:4e:9e:a4:10:3d:36:23:55:46:f4:8a:b4:
24:66:0c:af:97:da:0b:ef:67:25:14:58:5f:59:d0:
a3:8e:5a:07:79:2c:8e:22:50:21:1d:80:6e:7e:9b:
e8:24:66:33:8a:fa:83:70:74:65:1c:f6:99:c7:da:
41:cd:e2:5a:72:df:e8:17:23:d7:34:37:d0:cf:ea:
06:7a:cb:be:c6:7c:a7:48:ba:ea:c1:6f:72:a0:70:
f1:8a:6f:45:b7:13:0c:43:20:03:f6:01:ac:c9:d0:
66:61:40:57:d0:e2:58:e2:15:01:e4:b7:55:46:de:
f9:d8:e3:8d:71:fe:76:cd:16:82:ed:fc:e5:54:a0:
28:3d:59:83:6b:9f:30:d7:15:8f:ec:9c:f5:1a:da:
9b:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:D9:A2:8F:0B:0B:72:53:C6:FD:B7:1F:17:9E:22:97:32:67:03:4F
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/KdmijwsLclPG_bcfF54ilzJnA08.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
04:cf:ab:c0:be:d0:62:86:24:f0:2e:66:a0:0c:e9:a8:2a:26:
99:44:ed:5f:19:ae:d3:a3:2b:37:5c:22:a3:c4:ab:12:43:37:
f3:51:db:34:0d:21:e8:e3:50:aa:58:34:af:0f:21:2b:d9:33:
7c:e2:77:8b:9c:08:24:2d:60:e6:86:94:f4:04:63:f2:d8:00:
db:bb:34:1f:6e:fe:df:cb:b1:0f:15:29:a5:a2:1e:f6:55:f6:
ab:0a:82:85:7b:17:98:f4:68:d3:fd:2c:b5:c2:65:c2:84:aa:
ff:1c:35:89:b0:70:92:5d:59:b1:3f:e1:dd:95:93:3f:b8:94:
51:f1:3a:89:3b:4c:13:7c:ea:8e:09:cd:e3:52:14:32:2c:91:
4c:70:2d:ef:3a:3e:5f:c6:a7:3d:6c:6d:54:f5:a9:76:5c:b7:
d6:98:08:e8:76:27:32:96:49:ef:7e:39:3a:12:6e:e0:71:0a:
ec:13:3d:e6:fc:c2:04:ce:da:07:95:c3:43:ee:77:dd:12:a0:
77:e2:85:e9:50:ed:32:0d:73:4f:4a:b2:ff:70:33:fe:df:91:
23:76:d3:ba:b5:34:16:a9:3f:1b:df:13:8b:08:2a:21:47:3f:
e1:4f:06:80:88:1f:4b:9c:61:92:db:58:44:c2:d0:79:1e:61:
fe:c4:94:a6
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICCoowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAxMzEx
NTU1MzFaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDI5RDlBMjhGMEIwQjcy
NTNDNkZEQjcxRjE3OUUyMjk3MzI2NzAzNEYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDe7uMLXWXUCrHUXbojyIlm1Q2vEvLGvqlZkFl2UseypiblUSTd
IsCIXa+nUhTELmQv4CmNiSAE456coBdlW9i+ulunlxpmEGbh7cnq9CDiWJNZRdKK
vElwN6CnzwPQVP6CKQTYnAf/3LmJrk6epBA9NiNVRvSKtCRmDK+X2gvvZyUUWF9Z
0KOOWgd5LI4iUCEdgG5+m+gkZjOK+oNwdGUc9pnH2kHN4lpy3+gXI9c0N9DP6gZ6
y77GfKdIuurBb3KgcPGKb0W3EwxDIAP2AazJ0GZhQFfQ4ljiFQHkt1VG3vnY441x
/nbNFoLt/OVUoCg9WYNrnzDXFY/snPUa2ptzAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUKdmijwsLclPG/bcfF54ilzJnA08wHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL0tkbWlqd3NMY2xQR19i
Y2ZGNTRpbHpKbkEwOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAATPq8C+0GKGJPAuZqAM6agq
JplE7V8ZrtOjKzdcIqPEqxJDN/NR2zQNIejjUKpYNK8PISvZM3zid4ucCCQtYOaG
lPQEY/LYANu7NB9u/t/LsQ8VKaWiHvZV9qsKgoV7F5j0aNP9LLXCZcKEqv8cNYmw
cJJdWbE/4d2Vkz+4lFHxOok7TBN86o4JzeNSFDIskUxwLe86Pl/Gpz1sbVT1qXZc
t9aYCOh2JzKWSe9+OToSbuBxCuwTPeb8wgTO2geVw0Pud90SoHfihelQ7TINc09K
sv9wM/7fkSN207q1NBapPxvfE4sIKiFHP+FPBoCIH0ucYZLbWETC0HkeYf7ElKY=
-----END CERTIFICATE-----
Generated at Fri Jan 31 20:04:05 2025 by rpki-client on console.sobornost.net