Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/PU7QMJJ8u9TYFKFziAHgaNMyPvw.roa
File:                     PU7QMJJ8u9TYFKFziAHgaNMyPvw.roa (raw, json)
Hash identifier:          rhbb3KE1seY7xiLdPA30to7rwwdwTlvwnaKQmG5aXf0=
Subject key identifier:   3D:4E:D0:30:92:7C:BB:D4:D8:14:A1:73:88:01:E0:68:D3:32:3E:FC
Certificate issuer:       /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial:       775E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PU7QMJJ8u9TYFKFziAHgaNMyPvw.roa
Signing time:             Tue 15 Jul 2025 15:41:50 +0000
ROA not before:           Tue 15 Jul 2025 15:41:50 +0000
ROA not after:            Fri 03 Apr 2026 08:00:09 +0000
asID:                     24426
IP address blocks:        43.239.48.0/22 maxlen: 22
                          43.246.0.0/22 maxlen: 22
                          43.246.4.0/22 maxlen: 22
                          43.246.12.0/22 maxlen: 22
                          43.246.16.0/22 maxlen: 22
                          43.246.20.0/22 maxlen: 22
                          43.246.24.0/22 maxlen: 22
                          43.246.28.0/22 maxlen: 22
                          43.246.32.0/22 maxlen: 22
                          43.246.36.0/22 maxlen: 22
                          43.246.40.0/22 maxlen: 22
                          43.246.44.0/22 maxlen: 22
                          43.246.52.0/22 maxlen: 22
                          43.246.56.0/22 maxlen: 22
                          43.246.60.0/22 maxlen: 22
                          43.246.64.0/22 maxlen: 22
                          43.246.68.0/22 maxlen: 22
                          43.246.72.0/22 maxlen: 22
                          43.246.76.0/22 maxlen: 22
                          43.246.80.0/22 maxlen: 22
                          43.246.84.0/22 maxlen: 22
                          43.246.88.0/22 maxlen: 22
                          43.246.92.0/22 maxlen: 22
                          43.246.96.0/22 maxlen: 22
                          103.35.48.0/22 maxlen: 22
                          103.236.0.0/22 maxlen: 22
                          103.236.4.0/22 maxlen: 22
                          103.236.8.0/22 maxlen: 22
                          103.236.12.0/22 maxlen: 22
                          103.236.16.0/22 maxlen: 22
                          103.236.20.0/22 maxlen: 22
                          103.236.28.0/22 maxlen: 22
                          103.236.32.0/22 maxlen: 22
                          103.236.36.0/22 maxlen: 22
                          103.236.40.0/22 maxlen: 22
                          103.236.44.0/22 maxlen: 22
                          103.236.48.0/22 maxlen: 22
                          103.236.52.0/22 maxlen: 22
                          103.236.56.0/22 maxlen: 22
                          103.236.60.0/22 maxlen: 22
                          103.236.64.0/22 maxlen: 22
                          103.236.68.0/22 maxlen: 22
                          103.236.72.0/22 maxlen: 22
                          103.236.76.0/22 maxlen: 22
                          103.236.80.0/22 maxlen: 22
                          103.236.84.0/22 maxlen: 22
                          103.236.88.0/22 maxlen: 22
                          103.236.92.0/22 maxlen: 22
                          103.236.96.0/22 maxlen: 22
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 30558 (0x775e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
        Validity
            Not Before: Jul 15 15:41:50 2025 GMT
            Not After : Apr  3 08:00:09 2026 GMT
        Subject: CN=3D4ED030927CBBD4D814A1738801E068D3323EFC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:42:50:40:79:5f:e6:6c:53:b8:02:75:fa:cc:
                    44:57:ed:85:f7:2b:2b:75:e4:7f:34:3a:20:68:f0:
                    72:9b:24:15:c1:3c:ca:a4:ef:15:33:bb:fc:73:87:
                    b7:da:41:83:57:13:7c:58:78:33:24:34:e5:5c:2b:
                    ea:11:9f:8a:01:74:78:08:7d:a4:c2:8b:ca:25:3d:
                    a9:b3:7e:cc:2e:8f:0a:8c:e8:1a:31:70:fb:d0:23:
                    32:cb:1c:fd:e9:41:94:86:fb:31:35:85:51:f9:48:
                    5d:77:60:34:13:7e:b4:7e:f5:71:fd:38:66:26:60:
                    e9:73:8f:12:07:c2:af:04:69:08:a6:34:31:f3:95:
                    6a:0c:62:d3:4c:3c:03:a7:ac:51:88:7f:ff:d1:01:
                    64:19:ed:2f:23:87:4b:af:8c:1e:e9:3c:5f:06:90:
                    02:02:f7:d6:11:0c:85:9a:a4:c5:87:c7:e1:d5:b8:
                    39:36:81:e0:0c:f8:32:97:57:4e:2e:70:57:c9:07:
                    5c:ee:25:42:d6:a1:fe:1a:4f:2a:0b:09:94:49:dd:
                    c6:9a:8c:0c:bf:38:71:75:78:bc:f2:53:42:e8:8e:
                    80:78:6c:e7:73:93:df:f9:f6:ae:37:22:0c:bb:21:
                    78:06:cd:7b:fe:14:f4:75:24:29:f5:b5:2a:5e:3c:
                    b9:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:4E:D0:30:92:7C:BB:D4:D8:14:A1:73:88:01:E0:68:D3:32:3E:FC
            X509v3 Authority Key Identifier:
                keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PU7QMJJ8u9TYFKFziAHgaNMyPvw.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.239.48.0/22
                  43.246.0.0/21
                  43.246.12.0-43.246.47.255
                  43.246.52.0-43.246.99.255
                  103.35.48.0/22
                  103.236.0.0-103.236.23.255
                  103.236.28.0-103.236.99.255

    Signature Algorithm: sha256WithRSAEncryption
         46:13:2b:e9:7c:56:9a:59:95:22:79:39:7c:f5:d1:c4:16:56:
         2c:dd:4b:8d:6d:a6:6a:fc:f6:5e:02:a2:1d:70:4c:69:94:73:
         74:8a:10:b7:41:b5:78:a2:6e:ee:65:21:e9:d3:43:0c:e4:cb:
         ac:59:7d:51:79:a8:5b:d8:b0:6f:05:8b:db:96:7f:a7:d6:9d:
         a2:a7:ce:5b:67:da:3b:a2:2e:37:02:68:54:43:77:28:4e:b7:
         d5:8b:f5:74:3f:5a:9f:3b:3d:1c:3d:65:86:45:80:93:24:47:
         e8:78:54:7b:a6:73:8a:26:f7:cc:3b:56:0c:93:c3:85:a3:17:
         c8:4c:4b:1e:2f:da:30:24:e9:b4:03:d3:a3:c2:f7:84:ad:f7:
         82:2d:5f:8e:90:f5:a9:58:d1:bb:aa:9f:2d:fc:0f:58:a1:c5:
         87:ba:f3:8f:b9:da:ff:09:41:48:8d:0c:1b:07:78:2c:b2:e8:
         09:9d:f8:79:f1:6d:65:ab:c5:dc:be:68:27:2b:b2:08:a4:25:
         c8:1f:dd:c8:d5:4b:b2:61:5e:5f:d9:b8:1d:0d:f1:17:89:f4:
         02:d2:54:30:57:9b:53:f6:b6:4f:1e:2f:85:b5:e7:6c:5e:a6:
         5d:5a:f8:95:30:34:a3:ec:cb:ad:97:bb:b6:7a:b5:7f:a0:d4:
         d2:a1:fd:c0
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICd14wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTUx
NTQxNTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDNENEVEMDMwOTI3Q0JC
RDREODE0QTE3Mzg4MDFFMDY4RDMzMjNFRkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDSQlBAeV/mbFO4AnX6zERX7YX3Kyt15H80OiBo8HKbJBXBPMqk
7xUzu/xzh7faQYNXE3xYeDMkNOVcK+oRn4oBdHgIfaTCi8olPamzfswujwqM6Box
cPvQIzLLHP3pQZSG+zE1hVH5SF13YDQTfrR+9XH9OGYmYOlzjxIHwq8EaQimNDHz
lWoMYtNMPAOnrFGIf//RAWQZ7S8jh0uvjB7pPF8GkAIC99YRDIWapMWHx+HVuDk2
geAM+DKXV04ucFfJB1zuJULWof4aTyoLCZRJ3caajAy/OHF1eLzyU0LojoB4bOdz
k9/59q43Igy7IXgGzXv+FPR1JCn1tSpePLlRAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUPU7QMJJ8u9TYFKFziAHgaNMyPvwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1BVN1FNSko4dTlUWUZL
RnppQUhnYU5NeVB2dy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBGEyvp
fFaaWZUieTl89dHEFlYs3UuNbaZq/PZeAqIdcExplHN0ihC3QbV4om7uZSHp00MM
5MusWX1Reahb2LBvBYvbln+n1p2ip85bZ9o7oi43AmhUQ3coTrfVi/V0P1qfOz0c
PWWGRYCTJEfoeFR7pnOKJvfMO1YMk8OFoxfITEseL9owJOm0A9OjwveErfeCLV+O
kPWpWNG7qp8t/A9YocWHuvOPudr/CUFIjQwbB3gssugJnfh58W1lq8XcvmgnK7II
pCXIH93I1UuyYV5f2bgdDfEXifQC0lQwV5tT9rZPHi+FtedsXqZdWviVMDSj7Mut
l7u2erV/oNTSof3A
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:48:48 2025 by rpki-client