Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Qpp5uJvp48YineNVUVnkMVUnofI.roa
File:                     Qpp5uJvp48YineNVUVnkMVUnofI.roa (raw, json)
Hash identifier:          CtuqAZfPGxfwMwJDCi5BYDwZvGSLBN7NobWiqTnMEwQ=
Subject key identifier:   42:9A:79:B8:9B:E9:E3:C6:22:9D:E3:55:51:59:E4:31:55:27:A1:F2
Certificate issuer:       /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial:       7820
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Qpp5uJvp48YineNVUVnkMVUnofI.roa
Signing time:             Thu 17 Jul 2025 16:12:05 +0000
ROA not before:           Thu 17 Jul 2025 16:12:05 +0000
ROA not after:            Fri 03 Apr 2026 08:00:09 +0000
asID:                     24426
IP address blocks:        43.239.48.0/22 maxlen: 22
                          43.246.0.0/22 maxlen: 22
                          43.246.4.0/22 maxlen: 22
                          43.246.12.0/22 maxlen: 22
                          43.246.16.0/22 maxlen: 22
                          43.246.20.0/22 maxlen: 22
                          43.246.24.0/22 maxlen: 22
                          43.246.28.0/22 maxlen: 22
                          43.246.32.0/22 maxlen: 22
                          43.246.36.0/22 maxlen: 22
                          43.246.40.0/22 maxlen: 22
                          43.246.44.0/22 maxlen: 22
                          43.246.52.0/22 maxlen: 22
                          43.246.56.0/22 maxlen: 22
                          43.246.60.0/22 maxlen: 22
                          43.246.64.0/22 maxlen: 22
                          43.246.68.0/22 maxlen: 22
                          43.246.72.0/22 maxlen: 22
                          43.246.76.0/22 maxlen: 22
                          43.246.80.0/22 maxlen: 22
                          43.246.84.0/22 maxlen: 22
                          43.246.88.0/22 maxlen: 22
                          43.246.92.0/22 maxlen: 22
                          43.246.96.0/22 maxlen: 22
                          103.35.48.0/22 maxlen: 22
                          103.236.0.0/22 maxlen: 22
                          103.236.4.0/22 maxlen: 22
                          103.236.8.0/22 maxlen: 22
                          103.236.12.0/22 maxlen: 22
                          103.236.16.0/22 maxlen: 22
                          103.236.20.0/22 maxlen: 22
                          103.236.28.0/22 maxlen: 22
                          103.236.32.0/22 maxlen: 22
                          103.236.36.0/22 maxlen: 22
                          103.236.40.0/22 maxlen: 22
                          103.236.44.0/22 maxlen: 22
                          103.236.48.0/22 maxlen: 22
                          103.236.52.0/22 maxlen: 22
                          103.236.56.0/22 maxlen: 22
                          103.236.60.0/22 maxlen: 22
                          103.236.64.0/22 maxlen: 22
                          103.236.68.0/22 maxlen: 22
                          103.236.72.0/22 maxlen: 22
                          103.236.76.0/22 maxlen: 22
                          103.236.80.0/22 maxlen: 22
                          103.236.84.0/22 maxlen: 22
                          103.236.88.0/22 maxlen: 22
                          103.236.92.0/22 maxlen: 22
                          103.236.96.0/22 maxlen: 22
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 30752 (0x7820)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
        Validity
            Not Before: Jul 17 16:12:05 2025 GMT
            Not After : Apr  3 08:00:09 2026 GMT
        Subject: CN=429A79B89BE9E3C6229DE3555159E4315527A1F2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:d3:1d:9e:ad:f7:8a:c8:a6:69:f7:04:e6:96:
                    07:f6:32:66:43:78:05:c3:1f:e9:4f:33:b3:77:82:
                    50:cc:b5:36:1f:8b:7a:2d:ca:f4:6f:2a:0e:30:b5:
                    6b:5e:c7:f3:47:90:b9:16:21:f4:2d:ff:3e:63:1b:
                    03:10:76:84:32:84:52:d3:88:83:3c:27:bc:7c:69:
                    e4:8a:fd:ba:7a:39:3c:99:d6:7b:96:87:cc:10:bb:
                    96:da:45:03:99:f3:57:ad:21:78:a0:71:64:55:33:
                    5b:09:cd:7e:c0:82:8a:91:c3:b0:f6:5a:3e:f5:29:
                    d6:0c:d9:11:6b:bd:c7:04:24:bd:65:b7:49:cb:f0:
                    eb:f0:d2:0a:53:7c:70:7e:f6:3b:55:e7:32:9a:ce:
                    90:32:3e:bb:0d:57:b0:72:99:86:60:70:1e:fa:1d:
                    01:d6:76:fb:9e:f4:be:ac:f4:be:ab:f4:a8:1c:36:
                    83:7d:9e:93:16:23:a4:d5:d8:10:ef:47:89:c1:10:
                    1e:ba:46:93:7f:20:07:f6:2c:e5:1a:a0:e4:10:a4:
                    10:48:89:e8:58:8b:eb:bb:a3:1b:84:ac:51:7f:74:
                    64:c1:5b:08:87:d1:a8:78:11:df:db:65:30:1b:20:
                    45:9d:05:71:b4:a3:8d:ec:f1:2a:2c:54:af:cb:79:
                    1d:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:9A:79:B8:9B:E9:E3:C6:22:9D:E3:55:51:59:E4:31:55:27:A1:F2
            X509v3 Authority Key Identifier:
                keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Qpp5uJvp48YineNVUVnkMVUnofI.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.239.48.0/22
                  43.246.0.0/21
                  43.246.12.0-43.246.47.255
                  43.246.52.0-43.246.99.255
                  103.35.48.0/22
                  103.236.0.0-103.236.23.255
                  103.236.28.0-103.236.99.255

    Signature Algorithm: sha256WithRSAEncryption
         b0:17:a5:58:30:20:76:8e:c3:8d:88:69:cf:21:a7:b2:0e:9f:
         58:49:b5:c2:67:c7:35:35:2e:b9:bc:e2:5b:d4:68:9a:44:81:
         64:60:11:81:5a:f6:5e:8d:95:b4:6a:ac:ab:a8:59:41:86:d8:
         a5:d5:c8:e0:d7:73:fb:06:1f:71:30:89:b5:97:b8:a2:13:ab:
         7a:74:6f:15:2f:ff:93:97:8c:80:93:4c:54:89:1f:8c:e9:4f:
         d5:8f:9c:44:58:8c:5b:22:55:6f:5b:73:35:47:a5:45:c2:9b:
         78:63:0d:ba:63:63:f9:01:65:65:e3:86:da:96:ce:ee:b3:29:
         fe:db:53:78:16:d2:28:1a:40:88:f5:86:2a:9b:97:c7:c1:b7:
         1c:09:ba:26:9b:b1:54:2a:92:cf:fa:b0:11:04:dd:b5:95:e9:
         a5:a9:a7:65:56:22:95:6d:09:f6:89:3b:2b:e1:e9:a8:38:c3:
         4f:f6:ee:b4:a6:e1:16:fe:38:9a:1e:94:de:ec:ae:f1:ae:bd:
         ce:f2:83:69:17:d4:c6:7b:39:9f:60:9a:31:b1:05:47:7e:4f:
         a4:5f:48:3c:9c:84:22:b2:8a:0d:70:7e:e1:b9:ad:be:6f:46:
         77:aa:c1:a8:69:79:33:f1:f6:70:c2:cf:ba:10:25:35:ed:29:
         46:38:60:43
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeCAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTcx
NjEyMDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDQyOUE3OUI4OUJFOUUz
QzYyMjlERTM1NTUxNTlFNDMxNTUyN0ExRjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDw0x2erfeKyKZp9wTmlgf2MmZDeAXDH+lPM7N3glDMtTYfi3ot
yvRvKg4wtWtex/NHkLkWIfQt/z5jGwMQdoQyhFLTiIM8J7x8aeSK/bp6OTyZ1nuW
h8wQu5baRQOZ81etIXigcWRVM1sJzX7AgoqRw7D2Wj71KdYM2RFrvccEJL1lt0nL
8Ovw0gpTfHB+9jtV5zKazpAyPrsNV7BymYZgcB76HQHWdvue9L6s9L6r9KgcNoN9
npMWI6TV2BDvR4nBEB66RpN/IAf2LOUaoOQQpBBIiehYi+u7oxuErFF/dGTBWwiH
0ah4Ed/bZTAbIEWdBXG0o43s8SosVK/LeR05AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUQpp5uJvp48YineNVUVnkMVUnofIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1FwcDV1SnZwNDhZaW5l
TlZVVm5rTVZVbm9mSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCwF6VY
MCB2jsONiGnPIaeyDp9YSbXCZ8c1NS65vOJb1GiaRIFkYBGBWvZejZW0aqyrqFlB
htil1cjg13P7Bh9xMIm1l7iiE6t6dG8VL/+Tl4yAk0xUiR+M6U/Vj5xEWIxbIlVv
W3M1R6VFwpt4Yw26Y2P5AWVl44bals7usyn+21N4FtIoGkCI9YYqm5fHwbccCbom
m7FUKpLP+rARBN21lemlqadlViKVbQn2iTsr4emoOMNP9u60puEW/jiaHpTe7K7x
rr3O8oNpF9TGezmfYJoxsQVHfk+kX0g8nIQisooNcH7hua2+b0Z3qsGoaXkz8fZw
ws+6ECU17SlGOGBD
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:48:50 2025 by rpki-client