Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/CPHZ-E0sl8Ne_W4H6LJbqz_NR4A.roa
File: CPHZ-E0sl8Ne_W4H6LJbqz_NR4A.roa (raw, json)
Hash identifier: DaUZGx2DaUDR2HoLsg82YXHP1R7YQ5bKPyFORrlW/GQ=
Subject key identifier: 08:F1:D9:F8:4D:2C:97:C3:5E:FD:6E:07:E8:B2:5B:AB:3F:CD:47:80
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 639C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/CPHZ-E0sl8Ne_W4H6LJbqz_NR4A.roa
Signing time: Fri 23 May 2025 17:10:51 +0000
ROA not before: Fri 23 May 2025 17:10:51 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25500 (0x639c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 23 17:10:51 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=08F1D9F84D2C97C35EFD6E07E8B25BAB3FCD4780
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:f0:3c:72:c2:e8:60:bf:50:39:ee:a7:50:85:
62:f4:8b:f5:6f:d8:66:1e:83:d4:9a:87:7a:d1:be:
2a:d5:c8:f0:20:2a:9a:69:ca:f0:f2:10:0b:df:ad:
ed:3c:8d:2d:79:73:f2:2e:0e:39:12:18:e2:98:26:
c3:5c:b7:e0:34:9f:03:a1:33:db:9c:76:2e:81:26:
9f:e5:d1:e9:6d:09:9d:2f:5e:f2:f4:c7:f3:c9:be:
18:50:2c:a9:db:3b:9c:34:6a:9a:71:8a:3e:1d:cc:
94:7d:0c:c6:51:d6:b3:10:c9:4a:1a:96:53:62:f6:
33:bd:8d:ce:1d:56:b7:e6:5e:af:8d:aa:3a:d1:83:
d6:2b:17:58:9e:cc:79:90:95:ea:17:f1:3b:c9:20:
67:18:7e:3f:ca:a3:52:b9:29:fc:6a:44:cc:c2:65:
b7:ba:72:51:1a:ed:db:b2:d8:30:98:02:75:aa:78:
3b:47:2d:9c:63:e8:2d:30:b5:da:4f:84:57:05:f7:
45:25:46:ac:21:00:62:93:71:dd:81:ac:38:bd:36:
d1:5a:6a:fd:71:0e:24:e2:5c:f4:6e:68:42:60:19:
9d:50:a1:f8:4c:35:c0:39:c6:df:3d:3a:05:2d:79:
b8:a9:60:cb:c8:16:ee:1b:22:72:87:1d:52:fd:ae:
90:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:F1:D9:F8:4D:2C:97:C3:5E:FD:6E:07:E8:B2:5B:AB:3F:CD:47:80
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/CPHZ-E0sl8Ne_W4H6LJbqz_NR4A.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
05:96:71:aa:ab:07:df:e9:1b:50:46:fb:fd:06:9c:33:f6:ae:
2e:e9:c4:55:83:28:26:3f:35:f3:5d:e5:f6:b5:f9:e0:28:66:
ab:6b:bf:86:26:64:5f:21:87:1e:03:c0:d9:70:96:1f:1b:6e:
fb:c8:a3:40:f2:12:55:8b:b2:7a:6f:fb:bb:ad:09:f8:da:57:
47:30:d5:db:2c:31:15:36:49:0d:88:7c:0a:54:2a:0b:4e:1f:
5b:50:33:07:2d:72:1d:57:b7:a5:65:e7:a9:72:4e:16:e8:df:
37:66:0d:5e:93:43:ac:28:1c:a3:6c:6a:50:9c:d4:a0:c6:47:
64:44:ff:b0:3c:dd:6e:9a:1d:96:6b:5e:68:f4:b4:58:fd:5e:
fc:8b:81:2d:d0:76:37:dd:79:18:5e:e2:ab:1c:6c:5f:7a:a1:
e8:ce:cf:91:99:25:a8:85:05:c5:0a:0c:8b:e3:4d:5b:56:31:
dd:6b:c9:d1:d6:7b:c4:b2:a0:ce:8a:10:20:6b:5d:63:e1:c1:
82:4c:06:63:f0:6e:8a:b9:a6:92:be:ad:82:a4:73:55:d9:b7:
d0:04:a2:f6:8c:2c:67:e4:01:af:69:c8:79:42:46:7d:34:29:
c9:12:00:6a:7e:e9:2b:76:ef:10:e9:18:21:6f:c4:29:09:34:
1d:37:60:50
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICY5wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjMx
NzEwNTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDA4RjFEOUY4NEQyQzk3
QzM1RUZENkUwN0U4QjI1QkFCM0ZDRDQ3ODAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDV8Dxywuhgv1A57qdQhWL0i/Vv2GYeg9Sah3rRvirVyPAgKppp
yvDyEAvfre08jS15c/IuDjkSGOKYJsNct+A0nwOhM9ucdi6BJp/l0eltCZ0vXvL0
x/PJvhhQLKnbO5w0appxij4dzJR9DMZR1rMQyUoallNi9jO9jc4dVrfmXq+NqjrR
g9YrF1iezHmQleoX8TvJIGcYfj/Ko1K5KfxqRMzCZbe6clEa7duy2DCYAnWqeDtH
LZxj6C0wtdpPhFcF90UlRqwhAGKTcd2BrDi9NtFaav1xDiTiXPRuaEJgGZ1QofhM
NcA5xt89OgUtebipYMvIFu4bInKHHVL9rpDTAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUCPHZ+E0sl8Ne/W4H6LJbqz/NR4AwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0NQSFotRTBzbDhOZV9X
NEg2TEpicXpfTlI0QS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAFlnGq
qwff6RtQRvv9Bpwz9q4u6cRVgygmPzXzXeX2tfngKGara7+GJmRfIYceA8DZcJYf
G277yKNA8hJVi7J6b/u7rQn42ldHMNXbLDEVNkkNiHwKVCoLTh9bUDMHLXIdV7el
Zeepck4W6N83Zg1ek0OsKByjbGpQnNSgxkdkRP+wPN1umh2Wa15o9LRY/V78i4Et
0HY33XkYXuKrHGxfeqHozs+RmSWohQXFCgyL401bVjHda8nR1nvEsqDOihAga11j
4cGCTAZj8G6KuaaSvq2CpHNV2bfQBKL2jCxn5AGvach5QkZ9NCnJEgBqfukrdu8Q
6Rghb8QpCTQdN2BQ
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:54:11 2025 by rpki-client