Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/446u72kCb34qfXFitrZwGby8gAM.roa
File:                     446u72kCb34qfXFitrZwGby8gAM.roa (raw, json)
Hash identifier:          5YG1iUtK/xfZ13N8bJ+yP6QxZ34FDwbcad4Hf7wEcRw=
Subject key identifier:   E3:8E:AE:EF:69:02:6F:7E:2A:7D:71:62:B6:B6:70:19:BC:BC:80:03
Certificate issuer:       /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial:       6D02
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/446u72kCb34qfXFitrZwGby8gAM.roa
Signing time:             Tue 17 Jun 2025 18:46:19 +0000
ROA not before:           Tue 17 Jun 2025 18:46:19 +0000
ROA not after:            Fri 03 Apr 2026 08:00:09 +0000
asID:                     24426
IP address blocks:        43.239.48.0/22 maxlen: 22
                          43.246.0.0/22 maxlen: 22
                          43.246.4.0/22 maxlen: 22
                          43.246.12.0/22 maxlen: 22
                          43.246.16.0/22 maxlen: 22
                          43.246.20.0/22 maxlen: 22
                          43.246.24.0/22 maxlen: 22
                          43.246.28.0/22 maxlen: 22
                          43.246.32.0/22 maxlen: 22
                          43.246.36.0/22 maxlen: 22
                          43.246.40.0/22 maxlen: 22
                          43.246.44.0/22 maxlen: 22
                          43.246.52.0/22 maxlen: 22
                          43.246.56.0/22 maxlen: 22
                          43.246.60.0/22 maxlen: 22
                          43.246.64.0/22 maxlen: 22
                          43.246.68.0/22 maxlen: 22
                          43.246.72.0/22 maxlen: 22
                          43.246.76.0/22 maxlen: 22
                          43.246.80.0/22 maxlen: 22
                          43.246.84.0/22 maxlen: 22
                          43.246.88.0/22 maxlen: 22
                          43.246.92.0/22 maxlen: 22
                          43.246.96.0/22 maxlen: 22
                          103.35.48.0/22 maxlen: 22
                          103.236.0.0/22 maxlen: 22
                          103.236.4.0/22 maxlen: 22
                          103.236.8.0/22 maxlen: 22
                          103.236.12.0/22 maxlen: 22
                          103.236.16.0/22 maxlen: 22
                          103.236.20.0/22 maxlen: 22
                          103.236.28.0/22 maxlen: 22
                          103.236.32.0/22 maxlen: 22
                          103.236.36.0/22 maxlen: 22
                          103.236.40.0/22 maxlen: 22
                          103.236.44.0/22 maxlen: 22
                          103.236.48.0/22 maxlen: 22
                          103.236.52.0/22 maxlen: 22
                          103.236.56.0/22 maxlen: 22
                          103.236.60.0/22 maxlen: 22
                          103.236.64.0/22 maxlen: 22
                          103.236.68.0/22 maxlen: 22
                          103.236.72.0/22 maxlen: 22
                          103.236.76.0/22 maxlen: 22
                          103.236.80.0/22 maxlen: 22
                          103.236.84.0/22 maxlen: 22
                          103.236.88.0/22 maxlen: 22
                          103.236.92.0/22 maxlen: 22
                          103.236.96.0/22 maxlen: 22
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 27906 (0x6d02)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
        Validity
            Not Before: Jun 17 18:46:19 2025 GMT
            Not After : Apr  3 08:00:09 2026 GMT
        Subject: CN=E38EAEEF69026F7E2A7D7162B6B67019BCBC8003
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:7f:77:53:f8:4f:78:28:b0:61:30:1c:bc:75:
                    a2:34:10:4b:da:ff:79:48:21:cd:63:1d:6a:a2:79:
                    ff:d4:51:e0:ea:f2:24:65:36:6d:73:57:e7:6b:6d:
                    8b:7e:c6:0d:22:6e:56:f7:10:04:86:df:d7:eb:09:
                    3d:a0:de:5f:8f:2c:ed:a9:bd:7f:10:a4:48:9a:4f:
                    ab:3f:11:d8:8e:9c:08:62:b8:96:04:3e:5f:a8:3f:
                    d3:6e:8f:46:14:22:9e:6c:d5:b3:7e:e7:8c:28:93:
                    12:8d:9f:b4:ac:f9:31:83:d8:a4:84:38:26:84:91:
                    b3:97:80:67:e3:b4:55:a4:1d:16:4d:1e:9b:53:d4:
                    35:3c:9a:2c:79:3c:c9:ce:46:a9:37:69:d4:04:0d:
                    4c:83:db:81:27:68:5b:de:33:8e:1c:7f:b3:94:42:
                    79:25:37:50:33:6d:50:5b:a8:86:49:48:e3:86:95:
                    18:c9:fd:17:32:b0:57:13:bb:ce:1d:9b:28:63:65:
                    f3:d8:b2:18:b8:25:ca:39:e5:3f:b9:70:70:c5:6b:
                    35:1f:00:30:de:10:ac:84:4a:50:55:78:83:a2:b6:
                    49:38:f7:d0:83:5e:19:4f:54:fb:bb:8a:bc:9c:35:
                    df:0b:58:45:6e:6b:92:f9:ba:16:cf:ae:ee:68:0a:
                    ea:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:8E:AE:EF:69:02:6F:7E:2A:7D:71:62:B6:B6:70:19:BC:BC:80:03
            X509v3 Authority Key Identifier:
                keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/446u72kCb34qfXFitrZwGby8gAM.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.239.48.0/22
                  43.246.0.0/21
                  43.246.12.0-43.246.47.255
                  43.246.52.0-43.246.99.255
                  103.35.48.0/22
                  103.236.0.0-103.236.23.255
                  103.236.28.0-103.236.99.255

    Signature Algorithm: sha256WithRSAEncryption
         3c:fd:7f:f8:98:b1:6b:c9:0f:f5:e8:cb:62:0e:80:ae:04:b3:
         44:be:3a:05:27:da:b1:e4:56:c0:d3:4e:61:95:52:f2:60:86:
         bf:e0:0c:a7:15:b2:b2:dc:ed:0a:53:2c:69:d5:c9:6f:80:37:
         e3:ae:28:e9:86:24:42:63:73:5d:66:08:eb:e4:55:83:27:cb:
         03:73:b9:5c:36:54:04:46:fe:57:77:29:46:71:57:4d:72:f2:
         7b:8d:54:45:81:3b:0e:2f:7e:a9:f5:3a:bb:7c:26:f9:4a:f4:
         22:f9:32:0d:07:81:bd:2a:6f:6e:e4:9b:f7:ff:1c:21:ae:60:
         be:d2:9a:55:0f:40:b0:1d:d8:87:27:38:60:29:78:fe:a9:0b:
         65:34:7d:26:3f:40:38:da:26:ec:35:6d:c6:df:c5:dc:90:e1:
         41:30:eb:0d:0f:14:46:8b:c7:29:e6:be:02:26:69:f3:22:72:
         95:0f:e2:0a:53:cf:f0:df:bf:19:83:1b:7e:c2:f9:13:ae:b8:
         5c:be:14:ca:80:0a:f4:b6:bb:9b:51:ba:1b:79:41:1f:a2:d5:
         bc:98:bf:20:4c:0e:81:77:89:b8:da:26:26:50:e7:82:58:d9:
         2d:87:92:af:65:3f:ab:4a:a6:33:19:5c:0a:69:58:4d:c1:63:
         97:6b:3b:42
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbQIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTcx
ODQ2MTlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEUzOEVBRUVGNjkwMjZG
N0UyQTdENzE2MkI2QjY3MDE5QkNCQzgwMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+f3dT+E94KLBhMBy8daI0EEva/3lIIc1jHWqief/UUeDq8iRl
Nm1zV+drbYt+xg0iblb3EASG39frCT2g3l+PLO2pvX8QpEiaT6s/EdiOnAhiuJYE
Pl+oP9Nuj0YUIp5s1bN+54wokxKNn7Ss+TGD2KSEOCaEkbOXgGfjtFWkHRZNHptT
1DU8mix5PMnORqk3adQEDUyD24EnaFveM44cf7OUQnklN1AzbVBbqIZJSOOGlRjJ
/RcysFcTu84dmyhjZfPYshi4Jco55T+5cHDFazUfADDeEKyESlBVeIOitkk499CD
XhlPVPu7irycNd8LWEVua5L5uhbPru5oCupZAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU446u72kCb34qfXFitrZwGby8gAMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzQ0NnU3MmtDYjM0cWZY
Rml0clp3R2J5OGdBTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA8/X/4
mLFryQ/16MtiDoCuBLNEvjoFJ9qx5FbA005hlVLyYIa/4AynFbKy3O0KUyxp1clv
gDfjrijphiRCY3NdZgjr5FWDJ8sDc7lcNlQERv5XdylGcVdNcvJ7jVRFgTsOL36p
9Tq7fCb5SvQi+TINB4G9Km9u5Jv3/xwhrmC+0ppVD0CwHdiHJzhgKXj+qQtlNH0m
P0A42ibsNW3G38XckOFBMOsNDxRGi8cp5r4CJmnzInKVD+IKU8/w378Zgxt+wvkT
rrhcvhTKgAr0trubUbobeUEfotW8mL8gTA6Bd4m42iYmUOeCWNkth5KvZT+rSqYz
GVwKaVhNwWOXaztC
-----END CERTIFICATE-----
Generated at Sun Jul 20 16:38:22 2025 by rpki-client