Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Diqaa3G_OHbV02sPeQC6vTajhLc.roa
File:                     Diqaa3G_OHbV02sPeQC6vTajhLc.roa (raw, json)
Hash identifier:          xU0ZmubArjdy00kEAzj0dbOkggcSbzeNBERWDmpsH0M=
Subject key identifier:   0E:2A:9A:6B:71:BF:38:76:D5:D3:6B:0F:79:00:BA:BD:36:A3:84:B7
Certificate issuer:       /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial:       756C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Diqaa3G_OHbV02sPeQC6vTajhLc.roa
Signing time:             Thu 10 Jul 2025 10:45:11 +0000
ROA not before:           Thu 10 Jul 2025 10:45:11 +0000
ROA not after:            Fri 03 Apr 2026 08:00:09 +0000
asID:                     24426
IP address blocks:        43.239.48.0/22 maxlen: 22
                          43.246.0.0/22 maxlen: 22
                          43.246.4.0/22 maxlen: 22
                          43.246.12.0/22 maxlen: 22
                          43.246.16.0/22 maxlen: 22
                          43.246.20.0/22 maxlen: 22
                          43.246.24.0/22 maxlen: 22
                          43.246.28.0/22 maxlen: 22
                          43.246.32.0/22 maxlen: 22
                          43.246.36.0/22 maxlen: 22
                          43.246.40.0/22 maxlen: 22
                          43.246.44.0/22 maxlen: 22
                          43.246.52.0/22 maxlen: 22
                          43.246.56.0/22 maxlen: 22
                          43.246.60.0/22 maxlen: 22
                          43.246.64.0/22 maxlen: 22
                          43.246.68.0/22 maxlen: 22
                          43.246.72.0/22 maxlen: 22
                          43.246.76.0/22 maxlen: 22
                          43.246.80.0/22 maxlen: 22
                          43.246.84.0/22 maxlen: 22
                          43.246.88.0/22 maxlen: 22
                          43.246.92.0/22 maxlen: 22
                          43.246.96.0/22 maxlen: 22
                          103.35.48.0/22 maxlen: 22
                          103.236.0.0/22 maxlen: 22
                          103.236.4.0/22 maxlen: 22
                          103.236.8.0/22 maxlen: 22
                          103.236.12.0/22 maxlen: 22
                          103.236.16.0/22 maxlen: 22
                          103.236.20.0/22 maxlen: 22
                          103.236.28.0/22 maxlen: 22
                          103.236.32.0/22 maxlen: 22
                          103.236.36.0/22 maxlen: 22
                          103.236.40.0/22 maxlen: 22
                          103.236.44.0/22 maxlen: 22
                          103.236.48.0/22 maxlen: 22
                          103.236.52.0/22 maxlen: 22
                          103.236.56.0/22 maxlen: 22
                          103.236.60.0/22 maxlen: 22
                          103.236.64.0/22 maxlen: 22
                          103.236.68.0/22 maxlen: 22
                          103.236.72.0/22 maxlen: 22
                          103.236.76.0/22 maxlen: 22
                          103.236.80.0/22 maxlen: 22
                          103.236.84.0/22 maxlen: 22
                          103.236.88.0/22 maxlen: 22
                          103.236.92.0/22 maxlen: 22
                          103.236.96.0/22 maxlen: 22
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 30060 (0x756c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
        Validity
            Not Before: Jul 10 10:45:11 2025 GMT
            Not After : Apr  3 08:00:09 2026 GMT
        Subject: CN=0E2A9A6B71BF3876D5D36B0F7900BABD36A384B7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:fa:c3:f4:12:db:72:5d:c8:41:29:ca:25:f5:
                    2b:d0:ba:91:a3:91:2b:5e:3c:f1:b1:a7:16:ee:d0:
                    db:ed:3d:29:dd:03:58:d4:70:fb:af:0b:5f:c6:20:
                    32:71:8c:e4:bf:b8:69:43:de:7f:91:ef:73:2d:ae:
                    70:a4:df:46:a6:eb:58:b6:76:61:da:7a:4f:bf:7f:
                    ef:dd:69:81:3a:94:44:e3:a8:56:65:74:ff:f1:55:
                    51:40:76:61:4a:e1:e3:57:95:1f:e8:35:e5:b4:f1:
                    08:24:8e:bf:e8:c3:0e:e3:10:b4:19:62:ef:eb:9c:
                    b1:12:0b:c4:3c:78:66:e9:0f:e2:74:21:44:65:5d:
                    c2:4c:38:71:ab:af:f6:8e:54:75:11:53:5b:e2:89:
                    3c:dd:66:3c:3c:ff:80:1b:10:41:00:4b:17:62:a7:
                    8c:c5:99:37:4f:80:f9:9f:c2:81:78:49:eb:2f:a9:
                    9c:40:4d:79:99:b5:b9:7e:b7:27:fc:3c:47:af:e2:
                    93:54:ac:c9:a4:09:0a:e9:1d:be:e2:c9:c9:94:af:
                    54:01:43:53:a0:ae:b9:0d:e0:f2:dd:c7:8b:56:08:
                    25:bc:5d:29:0b:4c:b9:ff:5b:9a:62:ed:85:1d:c4:
                    4a:ae:a5:c6:78:17:b9:59:c7:5d:bd:54:67:72:83:
                    ac:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:2A:9A:6B:71:BF:38:76:D5:D3:6B:0F:79:00:BA:BD:36:A3:84:B7
            X509v3 Authority Key Identifier:
                keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Diqaa3G_OHbV02sPeQC6vTajhLc.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.239.48.0/22
                  43.246.0.0/21
                  43.246.12.0-43.246.47.255
                  43.246.52.0-43.246.99.255
                  103.35.48.0/22
                  103.236.0.0-103.236.23.255
                  103.236.28.0-103.236.99.255

    Signature Algorithm: sha256WithRSAEncryption
         8b:f7:eb:50:bf:4d:f1:9c:c9:2e:a2:90:c3:bf:f2:a7:79:a5:
         8d:e4:f7:67:3f:e8:81:df:eb:19:f4:80:75:42:9b:36:4e:eb:
         f2:54:d7:9e:21:18:c5:95:ef:8e:e5:e9:42:1f:f2:8b:6e:3e:
         cf:f2:03:73:43:10:55:f8:8a:14:d2:bf:f4:34:16:cb:d5:00:
         a8:f0:8b:04:8a:cb:26:bf:cb:ff:83:74:f3:d0:51:93:fb:ed:
         b5:8f:da:0b:f2:b9:91:45:dd:26:ff:7c:cc:da:2a:99:94:1a:
         fb:7b:ca:11:ac:1b:fc:89:3f:93:13:3d:46:65:50:9a:2b:d8:
         a3:9f:8a:34:b7:d9:71:2c:6d:a8:70:17:13:8e:78:74:0a:a2:
         c0:ed:f8:73:61:42:6f:b8:3e:90:46:5e:71:93:82:a0:d6:61:
         b1:2b:5a:7e:70:ba:a5:aa:23:f7:aa:f5:8f:17:75:bb:38:d6:
         47:1f:32:f4:76:e4:18:60:61:d0:96:87:d7:85:1a:dc:60:33:
         a9:71:0a:a4:c4:5a:df:0e:3b:61:a6:66:bb:c3:6c:e7:88:4b:
         f6:87:9c:8f:62:ad:19:73:f8:61:dd:8e:ba:98:d2:9c:b1:0f:
         04:0c:23:f0:b3:b3:d1:bb:9e:59:a3:6a:34:72:ce:64:02:a7:
         7f:ca:a4:0b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdWwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTAx
MDQ1MTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDBFMkE5QTZCNzFCRjM4
NzZENUQzNkIwRjc5MDBCQUJEMzZBMzg0QjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6+sP0EttyXchBKcol9SvQupGjkStePPGxpxbu0NvtPSndA1jU
cPuvC1/GIDJxjOS/uGlD3n+R73MtrnCk30am61i2dmHaek+/f+/daYE6lETjqFZl
dP/xVVFAdmFK4eNXlR/oNeW08Qgkjr/oww7jELQZYu/rnLESC8Q8eGbpD+J0IURl
XcJMOHGrr/aOVHURU1viiTzdZjw8/4AbEEEASxdip4zFmTdPgPmfwoF4SesvqZxA
TXmZtbl+tyf8PEev4pNUrMmkCQrpHb7iycmUr1QBQ1OgrrkN4PLdx4tWCCW8XSkL
TLn/W5pi7YUdxEqupcZ4F7lZx129VGdyg6ztAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUDiqaa3G/OHbV02sPeQC6vTajhLcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0RpcWFhM0dfT0hiVjAy
c1BlUUM2dlRhamhMYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCL9+tQ
v03xnMkuopDDv/KneaWN5PdnP+iB3+sZ9IB1Qps2TuvyVNeeIRjFle+O5elCH/KL
bj7P8gNzQxBV+IoU0r/0NBbL1QCo8IsEissmv8v/g3Tz0FGT++21j9oL8rmRRd0m
/3zM2iqZlBr7e8oRrBv8iT+TEz1GZVCaK9ijn4o0t9lxLG2ocBcTjnh0CqLA7fhz
YUJvuD6QRl5xk4Kg1mGxK1p+cLqlqiP3qvWPF3W7ONZHHzL0duQYYGHQlofXhRrc
YDOpcQqkxFrfDjthpma7w2zniEv2h5yPYq0Zc/hh3Y66mNKcsQ8EDCPws7PRu55Z
o2o0cs5kAqd/yqQL
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:48:31 2025 by rpki-client