Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/gT1GoHuYFlCpSXXI8fqMdzYt9dU.roa
File: gT1GoHuYFlCpSXXI8fqMdzYt9dU.roa (raw, json)
Hash identifier: mt3dahPvjPaYKX4mPfFo/gACZ6wno94Ai4Ec79GUtyo=
Subject key identifier: 81:3D:46:A0:7B:98:16:50:A9:49:75:C8:F1:FA:8C:77:36:2D:F5:D5
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 081A
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/gT1GoHuYFlCpSXXI8fqMdzYt9dU.roa
Signing time: Sat 25 Jan 2025 03:55:08 +0000
ROA not before: Sat 25 Jan 2025 03:55:08 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2074 (0x81a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Jan 25 03:55:08 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=813D46A07B981650A94975C8F1FA8C77362DF5D5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:42:f2:3e:4c:1d:26:6e:bc:4d:57:dc:be:7c:
8f:1a:87:06:3e:3b:58:f2:6f:12:68:33:42:a4:57:
20:66:73:a1:08:d7:6f:2b:f8:06:2c:fb:0b:de:64:
21:31:ab:93:22:9a:19:25:12:4a:50:d2:fa:38:66:
01:b2:b0:18:e4:ad:54:fa:d3:51:1a:5b:8e:66:5b:
da:c1:6f:b4:da:6a:09:54:04:c8:64:49:45:e4:b6:
6f:ab:d5:a8:49:48:a1:e8:2c:8c:13:85:b1:2f:9e:
7b:47:5f:bf:14:3f:d0:1e:af:c7:aa:57:94:b7:51:
5a:b2:9d:2c:5d:22:97:51:dd:4f:58:31:45:ea:24:
f4:d9:5b:6a:31:32:d3:55:60:ea:82:d3:6a:dd:9c:
21:53:0e:8a:5e:31:ab:d4:24:e7:0a:fb:08:f0:8d:
13:26:78:bd:63:72:54:39:41:75:93:8f:71:c4:a8:
23:b7:38:4a:c2:f4:c2:0e:31:3e:ff:b1:db:1e:48:
aa:c2:ab:d4:52:ec:8c:c7:0c:58:f7:7b:8f:66:e4:
87:cd:70:79:5c:73:6a:16:aa:1f:0c:da:53:82:21:
49:cf:21:9b:fd:72:9b:20:99:a5:00:de:90:fe:d8:
7f:20:f2:b8:26:7b:e5:88:ab:ce:7b:71:70:e9:4c:
94:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:3D:46:A0:7B:98:16:50:A9:49:75:C8:F1:FA:8C:77:36:2D:F5:D5
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/gT1GoHuYFlCpSXXI8fqMdzYt9dU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
85:03:f5:c0:e8:11:d8:2a:82:b8:e6:a9:d1:c6:85:04:1f:d3:
f7:1e:18:43:e4:e0:f8:31:a1:ba:d6:0c:32:ff:9c:6f:7a:ce:
bd:35:82:6a:77:a8:c4:72:4c:47:64:5b:7c:b9:43:8f:55:72:
5b:41:2f:7c:72:a8:1c:7f:ef:6c:34:6b:81:6d:bd:d3:7f:32:
16:ef:c5:4e:49:e8:c5:17:91:f5:10:03:a7:30:dc:23:f2:67:
b5:67:2d:28:b5:59:c8:14:c9:ec:82:aa:16:26:b9:d6:9d:d6:
89:d2:63:cc:ab:23:5c:9f:16:11:a6:54:6d:b8:2c:1c:c8:68:
99:0a:19:39:c9:34:f1:81:9a:02:de:d4:75:c2:48:da:6b:59:
da:31:d9:18:16:75:a1:e0:5b:b3:d6:d6:bf:24:e4:d5:5d:af:
f8:a5:0a:c7:fc:b6:2a:4e:0a:08:d6:4f:b1:b8:38:2c:cd:dc:
e9:00:66:1b:73:ab:e3:1c:d9:ae:f9:4c:29:63:65:f7:ad:e3:
82:58:ac:5d:dc:5f:eb:d6:42:30:c0:41:09:4d:9f:7a:c4:df:
91:d4:c0:a7:76:b0:01:7c:c1:10:af:db:ab:37:56:f2:b9:cd:
b9:da:0b:75:da:53:05:21:af:4f:54:e1:b7:11:32:7e:b5:ba:
80:e3:83:4e
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICCBowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAxMjUw
MzU1MDhaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDgxM0Q0NkEwN0I5ODE2
NTBBOTQ5NzVDOEYxRkE4Qzc3MzYyREY1RDUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOQvI+TB0mbrxNV9y+fI8ahwY+O1jybxJoM0KkVyBmc6EI128r
+AYs+wveZCExq5MimhklEkpQ0vo4ZgGysBjkrVT601EaW45mW9rBb7TaaglUBMhk
SUXktm+r1ahJSKHoLIwThbEvnntHX78UP9Aer8eqV5S3UVqynSxdIpdR3U9YMUXq
JPTZW2oxMtNVYOqC02rdnCFTDopeMavUJOcK+wjwjRMmeL1jclQ5QXWTj3HEqCO3
OErC9MIOMT7/sdseSKrCq9RS7IzHDFj3e49m5IfNcHlcc2oWqh8M2lOCIUnPIZv9
cpsgmaUA3pD+2H8g8rgme+WIq857cXDpTJQFAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUgT1GoHuYFlCpSXXI8fqMdzYt9dUwHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL2dUMUdvSHVZRmxDcFNY
WEk4ZnFNZHpZdDlkVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAIUD9cDoEdgqgrjmqdHGhQQf
0/ceGEPk4PgxobrWDDL/nG96zr01gmp3qMRyTEdkW3y5Q49VcltBL3xyqBx/72w0
a4FtvdN/MhbvxU5J6MUXkfUQA6cw3CPyZ7VnLSi1WcgUyeyCqhYmudad1onSY8yr
I1yfFhGmVG24LBzIaJkKGTnJNPGBmgLe1HXCSNprWdox2RgWdaHgW7PW1r8k5NVd
r/ilCsf8tipOCgjWT7G4OCzN3OkAZhtzq+Mc2a75TCljZfet44JYrF3cX+vWQjDA
QQlNn3rE35HUwKd2sAF8wRCv26s3VvK5zbnaC3XaUwUhr09U4bcRMn61uoDjg04=
-----END CERTIFICATE-----
Generated at Sat Jan 25 13:43:36 2025 by rpki-client on console.sobornost.net