Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/XFoiHE-ZYacU9Nkj9xXiE18hM0k.roa
File:                     XFoiHE-ZYacU9Nkj9xXiE18hM0k.roa (raw, json)
Hash identifier:          TdnJReaL1O6konHt2W1j2hApxWsEPgmC+XlKBkovuF4=
Subject key identifier:   5C:5A:22:1C:4F:99:61:A7:14:F4:D9:23:F7:15:E2:13:5F:21:33:49
Certificate issuer:       /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial:       6202
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XFoiHE-ZYacU9Nkj9xXiE18hM0k.roa
Signing time:             Mon 19 May 2025 10:40:32 +0000
ROA not before:           Mon 19 May 2025 10:40:32 +0000
ROA not after:            Fri 03 Apr 2026 08:00:09 +0000
asID:                     24426
IP address blocks:        43.239.48.0/22 maxlen: 22
                          43.246.0.0/22 maxlen: 22
                          43.246.4.0/22 maxlen: 22
                          43.246.12.0/22 maxlen: 22
                          43.246.16.0/22 maxlen: 22
                          43.246.20.0/22 maxlen: 22
                          43.246.24.0/22 maxlen: 22
                          43.246.28.0/22 maxlen: 22
                          43.246.32.0/22 maxlen: 22
                          43.246.36.0/22 maxlen: 22
                          43.246.40.0/22 maxlen: 22
                          43.246.44.0/22 maxlen: 22
                          43.246.52.0/22 maxlen: 22
                          43.246.56.0/22 maxlen: 22
                          43.246.60.0/22 maxlen: 22
                          43.246.64.0/22 maxlen: 22
                          43.246.68.0/22 maxlen: 22
                          43.246.72.0/22 maxlen: 22
                          43.246.76.0/22 maxlen: 22
                          43.246.80.0/22 maxlen: 22
                          43.246.84.0/22 maxlen: 22
                          43.246.88.0/22 maxlen: 22
                          43.246.92.0/22 maxlen: 22
                          43.246.96.0/22 maxlen: 22
                          103.35.48.0/22 maxlen: 22
                          103.236.0.0/22 maxlen: 22
                          103.236.4.0/22 maxlen: 22
                          103.236.8.0/22 maxlen: 22
                          103.236.12.0/22 maxlen: 22
                          103.236.16.0/22 maxlen: 22
                          103.236.20.0/22 maxlen: 22
                          103.236.28.0/22 maxlen: 22
                          103.236.32.0/22 maxlen: 22
                          103.236.36.0/22 maxlen: 22
                          103.236.40.0/22 maxlen: 22
                          103.236.44.0/22 maxlen: 22
                          103.236.48.0/22 maxlen: 22
                          103.236.52.0/22 maxlen: 22
                          103.236.56.0/22 maxlen: 22
                          103.236.60.0/22 maxlen: 22
                          103.236.64.0/22 maxlen: 22
                          103.236.68.0/22 maxlen: 22
                          103.236.72.0/22 maxlen: 22
                          103.236.76.0/22 maxlen: 22
                          103.236.80.0/22 maxlen: 22
                          103.236.84.0/22 maxlen: 22
                          103.236.88.0/22 maxlen: 22
                          103.236.92.0/22 maxlen: 22
                          103.236.96.0/22 maxlen: 22
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 25090 (0x6202)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
        Validity
            Not Before: May 19 10:40:32 2025 GMT
            Not After : Apr  3 08:00:09 2026 GMT
        Subject: CN=5C5A221C4F9961A714F4D923F715E2135F213349
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:d3:1c:1f:b4:c8:94:98:d7:3b:ab:4a:a6:87:
                    61:3d:04:b5:40:67:f5:d7:3d:50:fc:35:e7:e0:7d:
                    33:08:5b:5c:64:e3:fe:a7:96:1d:27:13:53:0b:3f:
                    bd:19:5b:91:62:4d:0b:0d:10:ff:11:e4:ba:81:f6:
                    2c:75:e6:66:72:a3:0b:86:39:01:ce:06:47:70:40:
                    69:24:e6:37:7c:22:bf:8c:ab:f2:a1:4b:92:fd:9d:
                    75:6e:01:74:11:1b:2c:3c:b4:6d:42:14:55:e4:3c:
                    53:fd:d1:e5:9a:00:42:c2:86:e8:72:b7:3b:ba:ca:
                    53:97:79:39:51:2a:9e:6c:a3:1e:3f:c7:aa:e0:ff:
                    f4:38:38:34:14:f8:cc:64:25:ff:c8:bb:da:b3:50:
                    6d:65:3c:bf:bd:6c:91:f1:26:14:da:5e:f3:68:4b:
                    3f:2c:6a:63:fa:19:cd:a9:61:b0:9b:56:9b:33:e3:
                    8a:ee:9e:b6:77:fa:b1:ed:18:af:07:42:18:89:bd:
                    b4:dc:b1:87:d3:84:13:ce:b3:a9:a5:58:9b:ba:7d:
                    55:9d:69:60:a0:fd:6b:5e:62:ae:ce:b1:33:31:98:
                    db:62:6c:f8:3c:1e:e7:e4:90:b1:01:5d:d4:79:18:
                    a2:82:57:cc:e9:13:94:a6:91:be:0d:dd:59:10:4f:
                    11:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:5A:22:1C:4F:99:61:A7:14:F4:D9:23:F7:15:E2:13:5F:21:33:49
            X509v3 Authority Key Identifier:
                keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XFoiHE-ZYacU9Nkj9xXiE18hM0k.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.239.48.0/22
                  43.246.0.0/21
                  43.246.12.0-43.246.47.255
                  43.246.52.0-43.246.99.255
                  103.35.48.0/22
                  103.236.0.0-103.236.23.255
                  103.236.28.0-103.236.99.255

    Signature Algorithm: sha256WithRSAEncryption
         79:60:52:c0:3d:70:1f:93:8c:d7:d3:46:aa:d3:dd:38:21:12:
         80:97:b8:23:a7:57:d5:5b:7b:76:10:7c:b1:44:32:56:70:84:
         5a:9e:0a:75:d2:89:0d:9d:03:f9:90:00:b0:51:0e:13:fd:47:
         c9:ec:7b:ba:af:ea:d7:8a:23:6e:94:39:c4:3c:de:e7:fe:88:
         b2:80:88:d8:1e:23:d7:08:86:c2:18:61:fc:ed:74:a0:e4:ce:
         d7:ec:97:91:bd:59:52:fb:14:54:b0:56:0a:db:ea:dc:a0:93:
         23:81:e6:1c:1c:1e:58:83:5e:fa:bf:b9:46:f6:95:92:96:71:
         af:10:cd:c5:d7:02:83:43:7e:08:6b:d6:0c:6f:ad:e6:de:c8:
         a7:d8:2d:56:7c:48:0f:f3:d7:bd:16:0c:4d:f9:c1:ec:e3:7e:
         06:55:8e:dc:63:41:d5:5d:ca:c7:f0:bd:08:16:71:cc:52:d8:
         1b:a2:3a:c6:e3:12:a2:e0:e8:ce:7d:c4:d0:8f:6d:aa:f9:aa:
         2e:a3:ba:0b:8f:26:8a:e8:1f:32:3a:c5:7c:22:c3:af:d6:49:
         44:b9:e1:2c:34:30:24:1a:31:d5:fd:7f:92:3a:e7:c1:23:15:
         7a:4b:e2:f7:44:79:4f:4e:8c:9f:6c:c6:0c:7a:8d:6b:aa:a0:
         7f:d2:3f:ca
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYgIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTkx
MDQwMzJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDVDNUEyMjFDNEY5OTYx
QTcxNEY0RDkyM0Y3MTVFMjEzNUYyMTMzNDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCh0xwftMiUmNc7q0qmh2E9BLVAZ/XXPVD8NefgfTMIW1xk4/6n
lh0nE1MLP70ZW5FiTQsNEP8R5LqB9ix15mZyowuGOQHOBkdwQGkk5jd8Ir+Mq/Kh
S5L9nXVuAXQRGyw8tG1CFFXkPFP90eWaAELChuhytzu6ylOXeTlRKp5sox4/x6rg
//Q4ODQU+MxkJf/Iu9qzUG1lPL+9bJHxJhTaXvNoSz8samP6Gc2pYbCbVpsz44ru
nrZ3+rHtGK8HQhiJvbTcsYfThBPOs6mlWJu6fVWdaWCg/WteYq7OsTMxmNtibPg8
HufkkLEBXdR5GKKCV8zpE5Smkb4N3VkQTxE7AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUXFoiHE+ZYacU9Nkj9xXiE18hM0kwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1hGb2lIRS1aWWFjVTlO
a2o5eFhpRTE4aE0way5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB5YFLA
PXAfk4zX00aq0904IRKAl7gjp1fVW3t2EHyxRDJWcIRangp10okNnQP5kACwUQ4T
/UfJ7Hu6r+rXiiNulDnEPN7n/oiygIjYHiPXCIbCGGH87XSg5M7X7JeRvVlS+xRU
sFYK2+rcoJMjgeYcHB5Yg176v7lG9pWSlnGvEM3F1wKDQ34Ia9YMb63m3sin2C1W
fEgP89e9FgxN+cHs434GVY7cY0HVXcrH8L0IFnHMUtgbojrG4xKi4OjOfcTQj22q
+aouo7oLjyaK6B8yOsV8IsOv1klEueEsNDAkGjHV/X+SOufBIxV6S+L3RHlPToyf
bMYMeo1rqqB/0j/K
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:48:49 2025 by rpki-client