Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/M7UdbREZue0leLc7KDhCfdkBrkg.roa
File: M7UdbREZue0leLc7KDhCfdkBrkg.roa (raw, json)
Hash identifier: LtwkgAMK1weHfatwVGsRJtETR9oMorIS7pBfPvNLf4o=
Subject key identifier: 33:B5:1D:6D:11:19:B9:ED:25:78:B7:3B:28:38:42:7D:D9:01:AE:48
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 0698
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/M7UdbREZue0leLc7KDhCfdkBrkg.roa
Signing time: Tue 21 Jan 2025 03:25:27 +0000
ROA not before: Tue 21 Jan 2025 03:25:27 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1688 (0x698)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Jan 21 03:25:27 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=33B51D6D1119B9ED2578B73B2838427DD901AE48
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:50:0d:1e:d9:4e:5c:af:7c:8e:61:2a:d0:5a:
10:22:d9:25:30:22:6f:d0:83:a2:fb:e7:10:fe:3a:
18:18:3b:8b:e1:45:ca:c6:1d:07:7d:44:60:b4:fd:
24:3a:a6:a3:d7:35:6e:52:0b:06:1e:74:8f:64:65:
2e:07:63:57:26:b4:4d:e4:65:79:19:24:fe:5e:21:
b6:a9:2f:67:6d:73:6f:b6:31:3b:af:b6:98:dc:56:
4b:ad:05:44:80:f4:bd:c1:3c:35:8e:72:f9:9e:0e:
0f:57:d6:5a:cf:b9:df:f6:c9:0f:59:c1:95:4c:45:
aa:ad:bc:de:ca:e1:4a:14:39:23:65:4a:8d:e3:33:
f9:68:75:b9:c6:75:0e:4f:be:56:c6:8f:ed:ab:59:
87:af:e3:c0:a0:b2:d9:02:ed:ba:ee:24:c1:59:75:
71:19:91:d0:98:cc:63:5b:1d:68:2b:7b:fd:65:36:
79:ac:70:3e:c7:75:2a:fe:78:93:50:da:1a:f7:2e:
10:f5:01:45:29:a7:7d:c9:be:d4:13:6f:78:82:ca:
cf:90:00:2d:2f:4a:7f:5e:50:ee:e6:bd:49:09:da:
c3:1f:6a:66:e3:4c:62:07:7c:21:ef:f6:85:6e:60:
39:f6:39:7c:68:f5:35:61:ff:34:d9:c6:2b:4d:55:
7b:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:B5:1D:6D:11:19:B9:ED:25:78:B7:3B:28:38:42:7D:D9:01:AE:48
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/M7UdbREZue0leLc7KDhCfdkBrkg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
71:69:c1:26:0d:86:31:5b:ff:f7:49:98:8c:92:b6:8a:b9:eb:
45:12:2e:13:e2:13:12:a2:4a:91:61:b0:8c:9d:91:1d:d5:c3:
a2:c8:57:cc:fb:9f:72:cd:89:9c:0b:b0:6b:6a:9f:2a:21:23:
b4:86:7b:c3:72:64:93:a9:8c:94:af:0a:92:17:45:ea:09:31:
da:67:cb:27:81:0b:31:cf:97:2c:db:8a:8b:41:b2:d1:3a:be:
0e:c0:8f:4c:10:07:56:c4:aa:13:5a:ab:e9:db:e4:ae:ad:0a:
f6:50:62:18:6f:83:83:58:b2:28:39:30:7e:cb:02:eb:e9:fd:
e0:3e:db:a3:05:97:94:b3:8e:cf:d3:a7:7a:d7:d1:cb:32:24:
90:ba:b4:05:31:dd:3a:0d:f8:dd:f2:c7:bc:f5:8c:ee:eb:2c:
25:45:69:f2:e5:fa:b8:67:0b:ab:05:41:70:23:15:5e:51:5f:
cb:aa:c3:2e:ae:70:91:65:bc:db:4e:70:02:98:13:8e:7c:b9:
d0:ce:d5:b4:3e:f5:e2:7f:f9:86:b3:a8:1e:b2:06:dd:b7:d2:
16:1b:a3:02:d0:84:89:76:84:89:09:61:ed:d6:f1:e4:80:6d:
65:5d:22:97:cf:9b:51:27:c4:87:ad:23:a9:01:44:04:af:e9:
44:df:64:57
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICBpgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAxMjEw
MzI1MjdaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDMzQjUxRDZEMTExOUI5
RUQyNTc4QjczQjI4Mzg0MjdERDkwMUFFNDgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDAUA0e2U5cr3yOYSrQWhAi2SUwIm/Qg6L75xD+OhgYO4vhRcrG
HQd9RGC0/SQ6pqPXNW5SCwYedI9kZS4HY1cmtE3kZXkZJP5eIbapL2dtc2+2MTuv
tpjcVkutBUSA9L3BPDWOcvmeDg9X1lrPud/2yQ9ZwZVMRaqtvN7K4UoUOSNlSo3j
M/lodbnGdQ5PvlbGj+2rWYev48CgstkC7bruJMFZdXEZkdCYzGNbHWgre/1lNnms
cD7HdSr+eJNQ2hr3LhD1AUUpp33JvtQTb3iCys+QAC0vSn9eUO7mvUkJ2sMfambj
TGIHfCHv9oVuYDn2OXxo9TVh/zTZxitNVXuLAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUM7UdbREZue0leLc7KDhCfdkBrkgwHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL003VWRiUkVadWUwbGVM
YzdLRGhDZmRrQnJrZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAHFpwSYNhjFb//dJmIyStoq5
60USLhPiExKiSpFhsIydkR3Vw6LIV8z7n3LNiZwLsGtqnyohI7SGe8NyZJOpjJSv
CpIXReoJMdpnyyeBCzHPlyzbiotBstE6vg7Aj0wQB1bEqhNaq+nb5K6tCvZQYhhv
g4NYsig5MH7LAuvp/eA+26MFl5Szjs/Tp3rX0csyJJC6tAUx3ToN+N3yx7z1jO7r
LCVFafLl+rhnC6sFQXAjFV5RX8uqwy6ucJFlvNtOcAKYE458udDO1bQ+9eJ/+Yaz
qB6yBt230hYbowLQhIl2hIkJYe3W8eSAbWVdIpfPm1EnxIetI6kBRASv6UTfZFc=
Generated at Tue Jan 21 08:54:33 2025 by rpki-client on console.sobornost.net