Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/PjbJ8UTtgvuM3iUplcLUbdXPXIk.roa
File: PjbJ8UTtgvuM3iUplcLUbdXPXIk.roa (raw, json)
Hash identifier: U7LwrJLAlqtNU8sFyLI2ThUk+LspPd9/MXU4TP+AKKQ=
Subject key identifier: 3E:36:C9:F1:44:ED:82:FB:8C:DE:25:29:95:C2:D4:6D:D5:CF:5C:89
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 0D32
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/PjbJ8UTtgvuM3iUplcLUbdXPXIk.roa
Signing time: Fri 07 Feb 2025 17:55:49 +0000
ROA not before: Fri 07 Feb 2025 17:55:49 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3378 (0xd32)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Feb 7 17:55:49 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=3E36C9F144ED82FB8CDE252995C2D46DD5CF5C89
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:c4:ac:c4:8b:b6:78:7a:14:86:33:29:0a:5e:
39:fb:92:01:4b:3d:f2:ae:74:cf:d5:3a:be:88:b5:
7e:6b:6c:0e:46:ae:e2:0e:4e:c7:b1:76:e6:d7:66:
17:20:54:af:ca:5e:6b:03:e9:8e:d4:76:00:b0:d9:
0e:4b:6c:5d:04:11:be:d2:99:01:2c:e4:3f:77:6c:
57:e5:38:2f:de:c7:c2:dd:82:f1:9b:7c:ba:13:c4:
fe:fc:cd:35:c4:28:de:03:53:be:b4:ca:8f:e9:a2:
18:19:fb:4f:b5:51:a4:f7:52:15:49:bb:8e:a0:c8:
bb:3a:fd:f3:20:ca:04:c5:fd:20:73:69:4c:f7:74:
9d:70:70:86:74:0e:f7:cc:10:01:47:67:f4:bb:a0:
b0:bf:8e:1d:ee:31:e6:d0:ae:30:4f:92:a0:5d:5b:
28:c3:6d:34:11:00:31:10:a1:88:70:ae:62:b4:c8:
2b:94:2d:4e:f5:87:a5:9b:bb:84:a2:78:34:76:97:
b1:62:a7:60:ac:84:9a:39:20:f2:0e:5a:1a:df:a0:
8a:a6:9f:80:46:02:f6:7d:52:bc:74:a8:59:35:1d:
f4:9e:f9:a0:6e:69:a9:ab:6d:5f:d8:c2:f5:2d:e6:
8c:7f:96:71:eb:93:50:7c:e4:49:e0:fa:cc:c4:6b:
78:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:36:C9:F1:44:ED:82:FB:8C:DE:25:29:95:C2:D4:6D:D5:CF:5C:89
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/PjbJ8UTtgvuM3iUplcLUbdXPXIk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
1e:ae:71:52:5e:35:24:ab:b3:96:26:fd:64:4e:a2:c1:5e:be:
a0:89:dd:1d:d9:65:b6:39:1e:1c:84:e3:bd:19:6a:12:1d:ea:
09:f7:61:91:d6:98:01:e4:44:1f:12:00:29:4a:b1:59:54:79:
fe:0a:df:63:c4:47:df:5f:8d:a5:f4:fb:7e:fb:3d:e5:23:69:
09:f3:b1:05:00:1e:06:bd:4b:73:09:e0:02:73:64:bc:3a:7a:
e5:14:18:e2:44:54:8b:b1:b1:d9:6a:94:d4:28:f7:33:ba:8c:
49:5e:c0:61:6d:d5:be:cc:02:ec:43:96:a3:1d:9a:e9:3b:e1:
f7:62:7c:aa:75:e6:a0:38:9a:19:0f:a1:b9:eb:34:ba:08:d7:
fc:7e:29:3a:db:a7:87:97:cb:3d:59:e7:e3:d4:62:ec:8a:4a:
3b:5e:69:e8:d8:79:3f:52:72:4c:44:2b:ad:0c:bd:2e:e8:e2:
88:6f:fe:01:b4:6c:3b:3f:b4:33:3e:66:a7:92:e6:a6:28:f1:
16:ac:c1:6f:e6:21:ca:1e:cb:da:6a:07:2c:d4:8e:ba:39:03:
53:b6:74:74:f5:62:22:1f:fc:67:75:73:9b:37:6b:e5:aa:0a:
39:2e:a2:77:5d:82:62:f8:f4:88:e3:3d:31:f2:e6:c1:cf:88:
ac:06:07:8e
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICDTIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAyMDcx
NzU1NDlaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDNFMzZDOUYxNDRFRDgy
RkI4Q0RFMjUyOTk1QzJENDZERDVDRjVDODkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDixKzEi7Z4ehSGMykKXjn7kgFLPfKudM/VOr6ItX5rbA5GruIO
TsexdubXZhcgVK/KXmsD6Y7UdgCw2Q5LbF0EEb7SmQEs5D93bFflOC/ex8LdgvGb
fLoTxP78zTXEKN4DU760yo/pohgZ+0+1UaT3UhVJu46gyLs6/fMgygTF/SBzaUz3
dJ1wcIZ0DvfMEAFHZ/S7oLC/jh3uMebQrjBPkqBdWyjDbTQRADEQoYhwrmK0yCuU
LU71h6Wbu4SieDR2l7Fip2CshJo5IPIOWhrfoIqmn4BGAvZ9Urx0qFk1HfSe+aBu
aamrbV/YwvUt5ox/lnHrk1B85Eng+szEa3gnAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUPjbJ8UTtgvuM3iUplcLUbdXPXIkwHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL1BqYko4VVR0Z3Z1TTNp
VXBsY0xVYmRYUFhJay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAB6ucVJeNSSrs5Ym/WROosFe
vqCJ3R3ZZbY5HhyE470ZahId6gn3YZHWmAHkRB8SAClKsVlUef4K32PER99fjaX0
+377PeUjaQnzsQUAHga9S3MJ4AJzZLw6euUUGOJEVIuxsdlqlNQo9zO6jElewGFt
1b7MAuxDlqMdmuk74fdifKp15qA4mhkPobnrNLoI1/x+KTrbp4eXyz1Z5+PUYuyK
SjteaejYeT9SckxEK60MvS7o4ohv/gG0bDs/tDM+ZqeS5qYo8RaswW/mIcoey9pq
ByzUjro5A1O2dHT1YiIf/Gd1c5s3a+WqCjkuonddgmL49IjjPTHy5sHPiKwGB44=
Generated at Fri Feb 7 21:32:41 2025 by rpki-client on console.sobornost.net