Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/-OikmirZa_GpMSBp478jADnrNOg.roa
File:                     -OikmirZa_GpMSBp478jADnrNOg.roa (raw, json)
Hash identifier:          F5AoKPxHuN5cUvcgyPfA7NwsSmbp3E83F/5GOWpCgEI=
Subject key identifier:   F8:E8:A4:9A:2A:D9:6B:F1:A9:31:20:69:E3:BF:23:00:39:EB:34:E8
Certificate issuer:       /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial:       75C2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-OikmirZa_GpMSBp478jADnrNOg.roa
Signing time:             Fri 11 Jul 2025 08:17:28 +0000
ROA not before:           Fri 11 Jul 2025 08:17:28 +0000
ROA not after:            Fri 03 Apr 2026 08:00:09 +0000
asID:                     24426
IP address blocks:        43.239.48.0/22 maxlen: 22
                          43.246.0.0/22 maxlen: 22
                          43.246.4.0/22 maxlen: 22
                          43.246.12.0/22 maxlen: 22
                          43.246.16.0/22 maxlen: 22
                          43.246.20.0/22 maxlen: 22
                          43.246.24.0/22 maxlen: 22
                          43.246.28.0/22 maxlen: 22
                          43.246.32.0/22 maxlen: 22
                          43.246.36.0/22 maxlen: 22
                          43.246.40.0/22 maxlen: 22
                          43.246.44.0/22 maxlen: 22
                          43.246.52.0/22 maxlen: 22
                          43.246.56.0/22 maxlen: 22
                          43.246.60.0/22 maxlen: 22
                          43.246.64.0/22 maxlen: 22
                          43.246.68.0/22 maxlen: 22
                          43.246.72.0/22 maxlen: 22
                          43.246.76.0/22 maxlen: 22
                          43.246.80.0/22 maxlen: 22
                          43.246.84.0/22 maxlen: 22
                          43.246.88.0/22 maxlen: 22
                          43.246.92.0/22 maxlen: 22
                          43.246.96.0/22 maxlen: 22
                          103.35.48.0/22 maxlen: 22
                          103.236.0.0/22 maxlen: 22
                          103.236.4.0/22 maxlen: 22
                          103.236.8.0/22 maxlen: 22
                          103.236.12.0/22 maxlen: 22
                          103.236.16.0/22 maxlen: 22
                          103.236.20.0/22 maxlen: 22
                          103.236.28.0/22 maxlen: 22
                          103.236.32.0/22 maxlen: 22
                          103.236.36.0/22 maxlen: 22
                          103.236.40.0/22 maxlen: 22
                          103.236.44.0/22 maxlen: 22
                          103.236.48.0/22 maxlen: 22
                          103.236.52.0/22 maxlen: 22
                          103.236.56.0/22 maxlen: 22
                          103.236.60.0/22 maxlen: 22
                          103.236.64.0/22 maxlen: 22
                          103.236.68.0/22 maxlen: 22
                          103.236.72.0/22 maxlen: 22
                          103.236.76.0/22 maxlen: 22
                          103.236.80.0/22 maxlen: 22
                          103.236.84.0/22 maxlen: 22
                          103.236.88.0/22 maxlen: 22
                          103.236.92.0/22 maxlen: 22
                          103.236.96.0/22 maxlen: 22
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 30146 (0x75c2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
        Validity
            Not Before: Jul 11 08:17:28 2025 GMT
            Not After : Apr  3 08:00:09 2026 GMT
        Subject: CN=F8E8A49A2AD96BF1A9312069E3BF230039EB34E8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:d8:73:08:38:4d:ce:a2:2f:be:27:bd:c6:a9:
                    11:fc:f3:c3:eb:45:36:20:3e:df:8b:65:76:6a:af:
                    9b:1c:c3:48:a2:61:92:34:4d:7d:72:7f:69:16:da:
                    d4:62:e2:6f:c4:2f:40:23:a2:0c:c5:50:8f:9c:d3:
                    74:1a:e4:d9:35:b4:8b:34:05:76:4e:d7:26:7c:94:
                    f4:e7:ee:a2:a3:ff:40:01:5e:c7:2b:ba:c0:46:45:
                    1c:d9:fa:ba:f1:27:f1:fb:ab:5d:9d:fa:f7:68:4a:
                    a0:90:ef:d0:49:78:6e:89:32:01:df:1a:ef:dd:e4:
                    b3:b1:89:da:19:55:fc:cf:b8:12:fd:15:3a:94:bc:
                    8a:0e:7a:89:05:dc:21:ea:cf:15:af:cd:ce:04:99:
                    68:0c:c2:58:3f:f7:58:96:85:7c:44:3f:e7:b8:45:
                    26:99:69:09:dd:4d:c3:42:50:ca:af:6b:73:92:13:
                    f3:5a:65:8a:35:4c:1f:bd:4f:5e:3d:65:6f:58:1c:
                    8c:a9:ca:1e:eb:b8:ff:d7:9d:42:2c:93:ca:92:72:
                    7e:6b:ae:62:7e:a0:fb:5c:2f:e9:b9:15:04:22:ff:
                    a8:59:cc:84:02:1a:24:f4:c3:0f:81:f1:11:9b:a9:
                    4b:fe:70:90:a6:99:2c:36:43:9c:98:85:80:06:ee:
                    02:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:E8:A4:9A:2A:D9:6B:F1:A9:31:20:69:E3:BF:23:00:39:EB:34:E8
            X509v3 Authority Key Identifier:
                keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-OikmirZa_GpMSBp478jADnrNOg.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.239.48.0/22
                  43.246.0.0/21
                  43.246.12.0-43.246.47.255
                  43.246.52.0-43.246.99.255
                  103.35.48.0/22
                  103.236.0.0-103.236.23.255
                  103.236.28.0-103.236.99.255

    Signature Algorithm: sha256WithRSAEncryption
         2d:1c:5f:fe:2b:5f:f4:c4:07:2d:33:dd:86:f9:95:ef:f5:bb:
         f0:58:fc:7d:e0:ba:7b:a4:7d:d6:1a:62:cd:74:ed:02:2d:30:
         7e:01:a3:85:eb:29:07:4b:71:89:cc:59:f2:63:5a:73:a7:28:
         cc:d7:46:21:5a:46:95:73:e1:de:ce:78:ba:cd:99:f3:f1:ea:
         b6:67:b7:81:64:c5:e3:cd:22:5b:59:44:80:96:01:cb:a5:11:
         16:24:9c:6b:63:61:74:ab:5b:c8:87:02:5c:93:94:7c:6f:9d:
         aa:e8:c9:c2:5e:3e:31:99:b6:47:19:a6:af:64:2a:20:6b:d3:
         b3:ba:5d:9a:9b:93:4b:e1:29:ed:57:3c:9b:4d:b4:6b:33:0c:
         d8:1c:12:5e:b7:23:60:d6:fb:86:53:aa:5d:11:d7:a0:24:dd:
         dc:5b:99:87:25:b5:a6:a4:aa:e6:e0:42:d6:83:05:a4:9a:3c:
         38:90:8b:d6:ce:60:2c:af:cb:eb:0e:80:4d:21:0e:cb:0e:35:
         6e:d2:ad:f5:58:e6:2c:4a:30:f3:0b:4f:7f:65:27:49:e4:a4:
         99:5c:e7:14:db:4b:20:ed:4b:2e:3b:46:fb:51:f9:8b:3b:4b:
         0b:a7:92:c5:e5:f9:f6:0a:52:d5:23:5e:f8:28:68:7d:dd:ed:
         60:5e:44:77
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdcIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTEw
ODE3MjhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEY4RThBNDlBMkFEOTZC
RjFBOTMxMjA2OUUzQkYyMzAwMzlFQjM0RTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCo2HMIOE3Ooi++J73GqRH888PrRTYgPt+LZXZqr5scw0iiYZI0
TX1yf2kW2tRi4m/EL0AjogzFUI+c03Qa5Nk1tIs0BXZO1yZ8lPTn7qKj/0ABXscr
usBGRRzZ+rrxJ/H7q12d+vdoSqCQ79BJeG6JMgHfGu/d5LOxidoZVfzPuBL9FTqU
vIoOeokF3CHqzxWvzc4EmWgMwlg/91iWhXxEP+e4RSaZaQndTcNCUMqva3OSE/Na
ZYo1TB+9T149ZW9YHIypyh7ruP/XnUIsk8qScn5rrmJ+oPtcL+m5FQQi/6hZzIQC
GiT0ww+B8RGbqUv+cJCmmSw2Q5yYhYAG7gLRAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU+OikmirZa/GpMSBp478jADnrNOgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3Ly1PaWttaXJaYV9HcE1T
QnA0NzhqQURuck5PZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAtHF/+
K1/0xActM92G+ZXv9bvwWPx94Lp7pH3WGmLNdO0CLTB+AaOF6ykHS3GJzFnyY1pz
pyjM10YhWkaVc+Hezni6zZnz8eq2Z7eBZMXjzSJbWUSAlgHLpREWJJxrY2F0q1vI
hwJck5R8b52q6MnCXj4xmbZHGaavZCoga9Ozul2am5NL4SntVzybTbRrMwzYHBJe
tyNg1vuGU6pdEdegJN3cW5mHJbWmpKrm4ELWgwWkmjw4kIvWzmAsr8vrDoBNIQ7L
DjVu0q31WOYsSjDzC09/ZSdJ5KSZXOcU20sg7UsuO0b7UfmLO0sLp5LF5fn2ClLV
I174KGh93e1gXkR3
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:48:44 2025 by rpki-client