Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/410/t-7dhzdD0XgBXcIZ7sAg2qsygvw.roa
File: t-7dhzdD0XgBXcIZ7sAg2qsygvw.roa (raw, json)
Hash identifier: /RMuxOtDiue7F5fPQ0t92y+hLQvJ1aa4f0uNTYOc4cs=
Subject key identifier: B7:EE:DD:87:37:43:D1:78:01:5D:C2:19:EE:C0:20:DA:AB:32:82:FC
Certificate issuer: /CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Certificate serial: 0CDE
Authority key identifier: 77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/t-7dhzdD0XgBXcIZ7sAg2qsygvw.roa
Signing time: Thu 06 Feb 2025 20:57:40 +0000
ROA not before: Thu 06 Feb 2025 20:57:40 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 139076
IP address blocks: 113.31.64.0/21 maxlen: 24
113.31.72.0/21 maxlen: 24
113.31.128.0/21 maxlen: 24
113.31.136.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3294 (0xcde)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7770B739B9EFCEB8BC1FDA0560E4785561F2BCBF
Validity
Not Before: Feb 6 20:57:40 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=B7EEDD873743D178015DC219EEC020DAAB3282FC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:10:8e:88:93:a9:47:e9:61:2e:ae:1a:42:9c:
ba:bd:42:87:c2:ba:b5:aa:db:63:9a:bc:a5:85:8e:
45:7f:4d:df:8b:38:c1:ab:16:de:14:4b:b8:50:2b:
60:3e:d8:ea:69:f0:c3:0b:81:0f:47:05:f5:f9:ce:
c4:29:3b:ee:e3:fb:dd:67:8d:ce:6c:da:18:2d:24:
c3:4a:a4:f7:ae:60:04:05:12:69:9b:3b:6a:a8:11:
36:a8:0f:ed:8a:aa:ac:bc:45:8b:d8:9f:2f:ad:ab:
e2:66:47:0a:d9:f7:d9:14:7f:b4:af:cb:fc:3a:bf:
5e:a6:ec:b3:e4:d9:2c:4b:9a:59:f9:7d:cd:76:18:
ac:04:34:aa:9a:97:59:ed:63:71:01:4b:1f:5e:a0:
74:4e:07:5b:c7:42:1f:da:1d:19:16:06:95:c5:7f:
eb:2b:b4:14:78:64:8f:af:14:43:a7:67:0a:78:0e:
2c:e8:23:a1:40:5e:66:70:d6:64:7c:e5:bf:29:e1:
08:9a:b5:5b:93:9c:be:40:d7:94:6b:d4:ff:70:4a:
82:bc:62:9a:6a:f7:c6:cb:43:ee:cc:76:34:e1:a8:
02:c2:cb:4f:f7:1f:e0:c3:e7:80:bf:6b:e7:3c:e0:
d5:d1:b1:da:eb:b3:d9:f3:15:7e:a3:52:1b:ae:8c:
5f:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:EE:DD:87:37:43:D1:78:01:5D:C2:19:EE:C0:20:DA:AB:32:82:FC
X509v3 Authority Key Identifier:
keyid:77:70:B7:39:B9:EF:CE:B8:BC:1F:DA:05:60:E4:78:55:61:F2:BC:BF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/d3C3Obnvzri8H9oFYOR4VWHyvL8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/d3C3Obnvzri8H9oFYOR4VWHyvL8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/410/t-7dhzdD0XgBXcIZ7sAg2qsygvw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
113.31.64.0/20
113.31.128.0/20
Signature Algorithm: sha256WithRSAEncryption
47:0f:c6:23:96:60:c7:8c:77:9f:a1:b7:e5:98:41:ad:83:9d:
e6:4f:2f:f6:7f:54:86:8c:ce:4e:ec:0a:6a:88:82:06:c4:b2:
bb:b1:ea:05:f2:9b:95:bd:84:23:20:ec:72:63:c5:52:bd:92:
aa:b5:6e:d0:0b:34:12:c3:35:bd:4d:35:00:ce:5f:a5:1f:98:
f7:c6:eb:f7:62:91:8c:79:1b:e7:10:39:6d:1c:78:53:0a:82:
9e:7a:ff:4c:33:8c:25:a1:54:f8:1e:5a:5c:8a:99:74:dc:ee:
23:2d:57:97:1d:e5:df:4a:17:0c:47:e7:e2:c0:ab:3d:e8:82:
4f:91:ca:47:8a:26:17:7e:e7:95:70:92:b2:75:3e:84:55:f1:
3a:50:00:b0:7c:c1:1a:73:90:ed:75:0d:e0:9e:ad:0b:2e:07:
e0:8e:5f:80:89:36:a8:3f:8d:01:2b:72:27:27:55:a0:5e:e2:
8f:ca:ce:58:13:2f:3a:3b:4e:7a:26:ab:0f:ed:3b:d3:f2:81:
b6:ad:fc:71:0b:f4:c8:e3:e3:85:9e:d7:62:77:52:89:c4:e9:
d6:11:67:1c:c4:46:89:84:e1:99:5b:b4:af:de:7a:01:b5:9f:
65:c7:ca:2a:b7:3b:83:00:ce:06:2d:3b:2b:4b:88:d9:5b:de:
83:17:98:9e
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICDN4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzc3
MEI3MzlCOUVGQ0VCOEJDMUZEQTA1NjBFNDc4NTU2MUYyQkNCRjAeFw0yNTAyMDYy
MDU3NDBaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKEI3RUVERDg3Mzc0M0Qx
NzgwMTVEQzIxOUVFQzAyMERBQUIzMjgyRkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDQEI6Ik6lH6WEurhpCnLq9QofCurWq22OavKWFjkV/Td+LOMGr
Ft4US7hQK2A+2Opp8MMLgQ9HBfX5zsQpO+7j+91njc5s2hgtJMNKpPeuYAQFEmmb
O2qoETaoD+2Kqqy8RYvYny+tq+JmRwrZ99kUf7Svy/w6v16m7LPk2SxLmln5fc12
GKwENKqal1ntY3EBSx9eoHROB1vHQh/aHRkWBpXFf+srtBR4ZI+vFEOnZwp4Dizo
I6FAXmZw1mR85b8p4QiatVuTnL5A15Rr1P9wSoK8Yppq98bLQ+7MdjThqALCy0/3
H+DD54C/a+c84NXRsdrrs9nzFX6jUhuujF9hAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUt+7dhzdD0XgBXcIZ7sAg2qsygvwwHwYDVR0jBBgwFoAUd3C3Obnvzri8H9oF
YOR4VWHyvL8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEw
L2QzQzNPYm52enJpOEg5b0ZZT1I0VldIeXZMOC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZDNDM09ibnZ6cmk4SDlvRllPUjRWV0h5dkw4LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEwL3QtN2RoemREMFhnQlhj
SVo3c0FnMnFzeWd2dy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BARxH0ADBARxH4AwDQYJKoZIhvcNAQELBQADggEBAEcPxiOWYMeMd5+ht+WYQa2D
neZPL/Z/VIaMzk7sCmqIggbEsrux6gXym5W9hCMg7HJjxVK9kqq1btALNBLDNb1N
NQDOX6UfmPfG6/dikYx5G+cQOW0ceFMKgp56/0wzjCWhVPgeWlyKmXTc7iMtV5cd
5d9KFwxH5+LAqz3ogk+RykeKJhd+55VwkrJ1PoRV8TpQALB8wRpzkO11DeCerQsu
B+COX4CJNqg/jQErcicnVaBe4o/KzlgTLzo7Tnomqw/tO9Pygbat/HEL9Mjj44We
12J3UonE6dYRZxzERomE4ZlbtK/eegG1n2XHyiq3O4MAzgYtOytLiNlb3oMXmJ4=
Generated at Fri Feb 7 00:53:16 2025 by rpki-client on console.sobornost.net