Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/FSod510zpPGtQsrzQCVveW_OLeg.roa
File:                     FSod510zpPGtQsrzQCVveW_OLeg.roa (raw, json)
Hash identifier:          VN3dND8Qa0rOwydbptmkg/zRmsZ+WyfjgnDJ+MqnThg=
Subject key identifier:   15:2A:1D:E7:5D:33:A4:F1:AD:42:CA:F3:40:25:6F:79:6F:CE:2D:E8
Certificate issuer:       /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial:       7718
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/FSod510zpPGtQsrzQCVveW_OLeg.roa
Signing time:             Mon 14 Jul 2025 22:11:52 +0000
ROA not before:           Mon 14 Jul 2025 22:11:52 +0000
ROA not after:            Fri 03 Apr 2026 08:00:09 +0000
asID:                     24426
IP address blocks:        43.239.48.0/22 maxlen: 22
                          43.246.0.0/22 maxlen: 22
                          43.246.4.0/22 maxlen: 22
                          43.246.12.0/22 maxlen: 22
                          43.246.16.0/22 maxlen: 22
                          43.246.20.0/22 maxlen: 22
                          43.246.24.0/22 maxlen: 22
                          43.246.28.0/22 maxlen: 22
                          43.246.32.0/22 maxlen: 22
                          43.246.36.0/22 maxlen: 22
                          43.246.40.0/22 maxlen: 22
                          43.246.44.0/22 maxlen: 22
                          43.246.52.0/22 maxlen: 22
                          43.246.56.0/22 maxlen: 22
                          43.246.60.0/22 maxlen: 22
                          43.246.64.0/22 maxlen: 22
                          43.246.68.0/22 maxlen: 22
                          43.246.72.0/22 maxlen: 22
                          43.246.76.0/22 maxlen: 22
                          43.246.80.0/22 maxlen: 22
                          43.246.84.0/22 maxlen: 22
                          43.246.88.0/22 maxlen: 22
                          43.246.92.0/22 maxlen: 22
                          43.246.96.0/22 maxlen: 22
                          103.35.48.0/22 maxlen: 22
                          103.236.0.0/22 maxlen: 22
                          103.236.4.0/22 maxlen: 22
                          103.236.8.0/22 maxlen: 22
                          103.236.12.0/22 maxlen: 22
                          103.236.16.0/22 maxlen: 22
                          103.236.20.0/22 maxlen: 22
                          103.236.28.0/22 maxlen: 22
                          103.236.32.0/22 maxlen: 22
                          103.236.36.0/22 maxlen: 22
                          103.236.40.0/22 maxlen: 22
                          103.236.44.0/22 maxlen: 22
                          103.236.48.0/22 maxlen: 22
                          103.236.52.0/22 maxlen: 22
                          103.236.56.0/22 maxlen: 22
                          103.236.60.0/22 maxlen: 22
                          103.236.64.0/22 maxlen: 22
                          103.236.68.0/22 maxlen: 22
                          103.236.72.0/22 maxlen: 22
                          103.236.76.0/22 maxlen: 22
                          103.236.80.0/22 maxlen: 22
                          103.236.84.0/22 maxlen: 22
                          103.236.88.0/22 maxlen: 22
                          103.236.92.0/22 maxlen: 22
                          103.236.96.0/22 maxlen: 22
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 30488 (0x7718)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
        Validity
            Not Before: Jul 14 22:11:52 2025 GMT
            Not After : Apr  3 08:00:09 2026 GMT
        Subject: CN=152A1DE75D33A4F1AD42CAF340256F796FCE2DE8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:7f:03:07:f6:a4:b1:11:6e:0b:80:dd:b9:44:
                    b5:cb:d5:85:54:47:90:90:6c:f4:7c:2b:94:c2:ba:
                    4e:7f:d2:45:77:17:14:27:8d:e0:ee:f0:69:67:65:
                    10:cf:28:c8:2b:5d:55:00:3f:9a:ba:52:b8:9a:43:
                    40:aa:09:1b:10:c5:4a:f2:ef:d9:22:24:53:66:6b:
                    82:a8:96:dc:4f:cc:7c:e6:a1:39:07:3c:89:94:3b:
                    03:93:ab:06:5c:64:2a:0e:62:45:08:93:9c:8f:aa:
                    85:00:c9:07:b0:02:af:b7:e7:2f:26:51:41:b7:44:
                    ce:32:c1:68:a5:5a:41:2d:d9:d7:16:82:bd:a7:e2:
                    2c:82:0a:dd:04:6a:ec:6f:c9:d8:70:cf:ed:b0:5f:
                    1a:e0:7b:e6:da:db:16:00:b5:e0:c2:e4:89:f7:13:
                    b6:31:7a:1c:77:9b:56:76:6c:4a:c0:1a:d5:27:97:
                    7b:b7:9a:fb:21:14:e3:39:ca:9f:9d:f6:ad:62:3a:
                    2d:52:41:1a:dc:90:e7:dc:4c:96:c2:69:58:80:48:
                    31:48:59:a5:c5:22:75:f1:e7:34:9e:a1:a3:c2:d5:
                    cb:d5:1f:13:8e:c3:34:66:bd:75:8c:b2:4b:1d:7d:
                    b7:67:8b:bb:a0:d4:cc:2a:1a:c0:f9:04:19:46:22:
                    a8:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:2A:1D:E7:5D:33:A4:F1:AD:42:CA:F3:40:25:6F:79:6F:CE:2D:E8
            X509v3 Authority Key Identifier:
                keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/FSod510zpPGtQsrzQCVveW_OLeg.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.239.48.0/22
                  43.246.0.0/21
                  43.246.12.0-43.246.47.255
                  43.246.52.0-43.246.99.255
                  103.35.48.0/22
                  103.236.0.0-103.236.23.255
                  103.236.28.0-103.236.99.255

    Signature Algorithm: sha256WithRSAEncryption
         92:e0:47:b2:62:78:a7:45:b6:80:95:82:99:f4:0f:14:5a:e7:
         49:08:99:9a:bb:07:07:20:bf:ee:98:ec:7a:10:3d:f5:55:95:
         02:25:74:13:3e:43:c0:15:5d:1d:10:0d:f1:a1:0b:c9:56:c6:
         01:f2:56:e6:cc:28:4c:a5:6c:a8:fb:cc:29:de:62:5d:ec:97:
         21:ad:f0:af:3d:6a:20:81:30:1d:41:76:38:d1:d1:c8:91:99:
         0a:12:39:ca:8d:e4:c0:9e:79:2f:14:10:f2:b9:e1:1f:77:e8:
         7f:b9:1d:3f:c1:21:b7:0a:01:74:e4:5f:52:00:c3:45:82:5d:
         6f:b1:5c:76:4b:9d:3b:9c:d7:e5:42:d2:30:3e:4d:18:52:69:
         1f:6f:e6:43:3f:d6:3a:04:94:07:d8:f1:d3:0c:a5:61:be:30:
         b3:90:4f:e2:a5:e1:e0:14:98:57:cf:c6:f1:9d:f5:7e:bd:42:
         4d:8b:61:6e:19:b4:60:e1:d4:51:3a:99:c7:77:ee:3c:1b:a8:
         70:8c:a9:e9:95:21:a8:1f:ff:a5:11:48:87:08:47:a3:a0:e4:
         37:5d:cb:28:56:0c:79:5c:18:19:0d:56:c3:09:9c:4a:42:aa:
         aa:d4:33:ae:da:d1:a3:97:28:09:4c:9c:08:99:fb:43:09:66:
         48:85:ac:f9
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdxgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTQy
MjExNTJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDE1MkExREU3NUQzM0E0
RjFBRDQyQ0FGMzQwMjU2Rjc5NkZDRTJERTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4fwMH9qSxEW4LgN25RLXL1YVUR5CQbPR8K5TCuk5/0kV3FxQn
jeDu8GlnZRDPKMgrXVUAP5q6UriaQ0CqCRsQxUry79kiJFNma4KoltxPzHzmoTkH
PImUOwOTqwZcZCoOYkUIk5yPqoUAyQewAq+35y8mUUG3RM4ywWilWkEt2dcWgr2n
4iyCCt0Eauxvydhwz+2wXxrge+ba2xYAteDC5In3E7Yxehx3m1Z2bErAGtUnl3u3
mvshFOM5yp+d9q1iOi1SQRrckOfcTJbCaViASDFIWaXFInXx5zSeoaPC1cvVHxOO
wzRmvXWMsksdfbdni7ug1MwqGsD5BBlGIqgPAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUFSod510zpPGtQsrzQCVveW/OLegwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0ZTb2Q1MTB6cFBHdFFz
cnpRQ1Z2ZVdfT0xlZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCS4Eey
YninRbaAlYKZ9A8UWudJCJmauwcHIL/umOx6ED31VZUCJXQTPkPAFV0dEA3xoQvJ
VsYB8lbmzChMpWyo+8wp3mJd7JchrfCvPWoggTAdQXY40dHIkZkKEjnKjeTAnnkv
FBDyueEfd+h/uR0/wSG3CgF05F9SAMNFgl1vsVx2S507nNflQtIwPk0YUmkfb+ZD
P9Y6BJQH2PHTDKVhvjCzkE/ipeHgFJhXz8bxnfV+vUJNi2FuGbRg4dRROpnHd+48
G6hwjKnplSGoH/+lEUiHCEejoOQ3XcsoVgx5XBgZDVbDCZxKQqqq1DOu2tGjlygJ
TJwImftDCWZIhaz5
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:48:34 2025 by rpki-client