Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/WXImyyRv09QIRCFYdpVoOhOIpyg.roa
File:                     WXImyyRv09QIRCFYdpVoOhOIpyg.roa (raw, json)
Hash identifier:          KxPms/XU4IFygNTtJiLMmiGZ1k1kluqmYMVAsr3q+R8=
Subject key identifier:   59:72:26:CB:24:6F:D3:D4:08:44:21:58:76:95:68:3A:13:88:A7:28
Certificate issuer:       /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial:       75B6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WXImyyRv09QIRCFYdpVoOhOIpyg.roa
Signing time:             Fri 11 Jul 2025 05:16:01 +0000
ROA not before:           Fri 11 Jul 2025 05:16:01 +0000
ROA not after:            Fri 03 Apr 2026 08:00:09 +0000
asID:                     24426
IP address blocks:        43.239.48.0/22 maxlen: 22
                          43.246.0.0/22 maxlen: 22
                          43.246.4.0/22 maxlen: 22
                          43.246.12.0/22 maxlen: 22
                          43.246.16.0/22 maxlen: 22
                          43.246.20.0/22 maxlen: 22
                          43.246.24.0/22 maxlen: 22
                          43.246.28.0/22 maxlen: 22
                          43.246.32.0/22 maxlen: 22
                          43.246.36.0/22 maxlen: 22
                          43.246.40.0/22 maxlen: 22
                          43.246.44.0/22 maxlen: 22
                          43.246.52.0/22 maxlen: 22
                          43.246.56.0/22 maxlen: 22
                          43.246.60.0/22 maxlen: 22
                          43.246.64.0/22 maxlen: 22
                          43.246.68.0/22 maxlen: 22
                          43.246.72.0/22 maxlen: 22
                          43.246.76.0/22 maxlen: 22
                          43.246.80.0/22 maxlen: 22
                          43.246.84.0/22 maxlen: 22
                          43.246.88.0/22 maxlen: 22
                          43.246.92.0/22 maxlen: 22
                          43.246.96.0/22 maxlen: 22
                          103.35.48.0/22 maxlen: 22
                          103.236.0.0/22 maxlen: 22
                          103.236.4.0/22 maxlen: 22
                          103.236.8.0/22 maxlen: 22
                          103.236.12.0/22 maxlen: 22
                          103.236.16.0/22 maxlen: 22
                          103.236.20.0/22 maxlen: 22
                          103.236.28.0/22 maxlen: 22
                          103.236.32.0/22 maxlen: 22
                          103.236.36.0/22 maxlen: 22
                          103.236.40.0/22 maxlen: 22
                          103.236.44.0/22 maxlen: 22
                          103.236.48.0/22 maxlen: 22
                          103.236.52.0/22 maxlen: 22
                          103.236.56.0/22 maxlen: 22
                          103.236.60.0/22 maxlen: 22
                          103.236.64.0/22 maxlen: 22
                          103.236.68.0/22 maxlen: 22
                          103.236.72.0/22 maxlen: 22
                          103.236.76.0/22 maxlen: 22
                          103.236.80.0/22 maxlen: 22
                          103.236.84.0/22 maxlen: 22
                          103.236.88.0/22 maxlen: 22
                          103.236.92.0/22 maxlen: 22
                          103.236.96.0/22 maxlen: 22
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 30134 (0x75b6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
        Validity
            Not Before: Jul 11 05:16:01 2025 GMT
            Not After : Apr  3 08:00:09 2026 GMT
        Subject: CN=597226CB246FD3D4084421587695683A1388A728
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:62:97:2d:69:37:60:6d:39:b6:97:b9:58:72:
                    5f:c6:d9:6f:9b:7d:f7:7a:cf:49:cd:b1:f1:c8:d8:
                    f8:93:dd:9a:d7:b2:34:c7:cd:b7:5c:65:6d:2c:be:
                    58:1e:46:cf:6f:c6:2c:11:a5:1f:f3:90:03:93:b4:
                    00:ec:7a:37:a9:f6:1d:0f:85:ec:de:84:ec:d4:e0:
                    39:8c:95:68:6b:99:98:82:bb:0d:5f:7b:98:c0:b3:
                    66:68:3f:a6:b0:ff:f2:ff:13:74:21:1a:a9:a5:5d:
                    ff:94:5d:cc:b3:c3:22:82:13:6e:6f:48:e5:e3:d7:
                    df:b5:d5:42:d7:ae:5e:1f:5b:cf:8e:c0:53:8e:0e:
                    58:fa:4d:ab:06:62:3f:23:7d:39:74:1e:2a:fd:75:
                    ef:55:e3:75:1b:c4:c9:5e:7b:00:d8:49:5a:fa:7f:
                    14:26:5b:6c:9c:63:76:67:df:3a:5c:b7:c8:6c:48:
                    4e:25:6e:e6:cc:0c:80:e9:96:5b:ad:12:72:c9:30:
                    47:cf:97:32:11:41:a1:2c:72:d1:03:cc:05:62:21:
                    e1:83:4c:0a:67:86:73:d9:95:2c:ec:61:a9:56:b1:
                    c3:03:e9:cb:b2:3a:e1:ed:68:0b:b7:68:e4:6f:c5:
                    63:ba:43:d8:ba:2b:34:8a:34:28:15:81:a7:62:2b:
                    d8:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:72:26:CB:24:6F:D3:D4:08:44:21:58:76:95:68:3A:13:88:A7:28
            X509v3 Authority Key Identifier:
                keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WXImyyRv09QIRCFYdpVoOhOIpyg.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.239.48.0/22
                  43.246.0.0/21
                  43.246.12.0-43.246.47.255
                  43.246.52.0-43.246.99.255
                  103.35.48.0/22
                  103.236.0.0-103.236.23.255
                  103.236.28.0-103.236.99.255

    Signature Algorithm: sha256WithRSAEncryption
         98:f3:70:95:77:e0:3b:9f:7a:e4:fc:3d:33:30:70:7e:33:64:
         7c:06:8a:b0:a4:6f:09:17:01:e1:e8:0f:88:1a:6c:4c:24:21:
         df:04:04:71:d5:d3:21:1b:d9:1a:a8:31:8a:b3:26:41:37:d1:
         ab:93:39:52:49:05:be:58:39:88:c1:5e:c3:08:05:e0:7b:5d:
         cf:64:c7:2e:57:8e:a3:d7:e0:70:c4:35:af:7f:2b:2e:e1:0c:
         2f:c9:2c:0c:09:1a:db:ac:d3:8e:45:4b:2a:b9:1c:1f:10:bc:
         c4:3c:2c:8e:5d:c8:fb:a2:e4:3c:02:d2:e1:09:24:ec:b1:2d:
         f6:6e:d2:cb:b6:af:be:01:37:ce:d2:20:5c:8d:a8:fb:a1:4d:
         f8:c5:1c:70:db:c7:b7:b3:81:5f:3a:d5:05:93:12:66:c8:eb:
         cb:59:ce:2e:db:86:0e:0a:da:d2:9c:be:9d:98:1f:1a:c5:aa:
         22:94:85:c5:2b:10:da:e7:31:1f:d8:3e:94:b7:e8:61:9e:de:
         1a:9e:52:f3:b5:55:33:2f:f9:0c:c2:67:47:47:e6:f8:26:ab:
         a1:2b:cb:fc:79:11:30:b3:14:be:44:2d:05:6a:4f:8a:f4:65:
         ec:9d:dd:8b:15:28:17:80:9f:3c:8d:48:13:be:9c:c0:2c:85:
         85:a1:f2:b3
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdbYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTEw
NTE2MDFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDU5NzIyNkNCMjQ2RkQz
RDQwODQ0MjE1ODc2OTU2ODNBMTM4OEE3MjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCrYpctaTdgbTm2l7lYcl/G2W+bffd6z0nNsfHI2PiT3ZrXsjTH
zbdcZW0svlgeRs9vxiwRpR/zkAOTtADsejep9h0PhezehOzU4DmMlWhrmZiCuw1f
e5jAs2ZoP6aw//L/E3QhGqmlXf+UXcyzwyKCE25vSOXj19+11ULXrl4fW8+OwFOO
Dlj6TasGYj8jfTl0Hir9de9V43UbxMleewDYSVr6fxQmW2ycY3Zn3zpct8hsSE4l
bubMDIDpllutEnLJMEfPlzIRQaEsctEDzAViIeGDTApnhnPZlSzsYalWscMD6cuy
OuHtaAu3aORvxWO6Q9i6KzSKNCgVgadiK9jNAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUWXImyyRv09QIRCFYdpVoOhOIpygwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1dYSW15eVJ2MDlRSVJD
RllkcFZvT2hPSXB5Zy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCY83CV
d+A7n3rk/D0zMHB+M2R8BoqwpG8JFwHh6A+IGmxMJCHfBARx1dMhG9kaqDGKsyZB
N9GrkzlSSQW+WDmIwV7DCAXge13PZMcuV46j1+BwxDWvfysu4QwvySwMCRrbrNOO
RUsquRwfELzEPCyOXcj7ouQ8AtLhCSTssS32btLLtq++ATfO0iBcjaj7oU34xRxw
28e3s4FfOtUFkxJmyOvLWc4u24YOCtrSnL6dmB8axaoilIXFKxDa5zEf2D6Ut+hh
nt4anlLztVUzL/kMwmdHR+b4JquhK8v8eREwsxS+RC0Fak+K9GXsnd2LFSgXgJ88
jUgTvpzALIWFofKz
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:48:41 2025 by rpki-client