Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/XvveC1_RsAikJjcVep4X0YGLT2Y.roa
File:                     XvveC1_RsAikJjcVep4X0YGLT2Y.roa (raw, json)
Hash identifier:          voOZyL55D9xGejx+0ulEFlvJSi+c65Hgm5cb6cF5uZA=
Subject key identifier:   5E:FB:DE:0B:5F:D1:B0:08:A4:26:37:15:7A:9E:17:D1:81:8B:4F:66
Certificate issuer:       /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial:       6D8C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XvveC1_RsAikJjcVep4X0YGLT2Y.roa
Signing time:             Thu 19 Jun 2025 10:37:07 +0000
ROA not before:           Thu 19 Jun 2025 10:37:07 +0000
ROA not after:            Fri 03 Apr 2026 08:00:09 +0000
asID:                     24426
IP address blocks:        43.239.48.0/22 maxlen: 22
                          43.246.0.0/22 maxlen: 22
                          43.246.4.0/22 maxlen: 22
                          43.246.12.0/22 maxlen: 22
                          43.246.16.0/22 maxlen: 22
                          43.246.20.0/22 maxlen: 22
                          43.246.24.0/22 maxlen: 22
                          43.246.28.0/22 maxlen: 22
                          43.246.32.0/22 maxlen: 22
                          43.246.36.0/22 maxlen: 22
                          43.246.40.0/22 maxlen: 22
                          43.246.44.0/22 maxlen: 22
                          43.246.52.0/22 maxlen: 22
                          43.246.56.0/22 maxlen: 22
                          43.246.60.0/22 maxlen: 22
                          43.246.64.0/22 maxlen: 22
                          43.246.68.0/22 maxlen: 22
                          43.246.72.0/22 maxlen: 22
                          43.246.76.0/22 maxlen: 22
                          43.246.80.0/22 maxlen: 22
                          43.246.84.0/22 maxlen: 22
                          43.246.88.0/22 maxlen: 22
                          43.246.92.0/22 maxlen: 22
                          43.246.96.0/22 maxlen: 22
                          103.35.48.0/22 maxlen: 22
                          103.236.0.0/22 maxlen: 22
                          103.236.4.0/22 maxlen: 22
                          103.236.8.0/22 maxlen: 22
                          103.236.12.0/22 maxlen: 22
                          103.236.16.0/22 maxlen: 22
                          103.236.20.0/22 maxlen: 22
                          103.236.28.0/22 maxlen: 22
                          103.236.32.0/22 maxlen: 22
                          103.236.36.0/22 maxlen: 22
                          103.236.40.0/22 maxlen: 22
                          103.236.44.0/22 maxlen: 22
                          103.236.48.0/22 maxlen: 22
                          103.236.52.0/22 maxlen: 22
                          103.236.56.0/22 maxlen: 22
                          103.236.60.0/22 maxlen: 22
                          103.236.64.0/22 maxlen: 22
                          103.236.68.0/22 maxlen: 22
                          103.236.72.0/22 maxlen: 22
                          103.236.76.0/22 maxlen: 22
                          103.236.80.0/22 maxlen: 22
                          103.236.84.0/22 maxlen: 22
                          103.236.88.0/22 maxlen: 22
                          103.236.92.0/22 maxlen: 22
                          103.236.96.0/22 maxlen: 22
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 28044 (0x6d8c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
        Validity
            Not Before: Jun 19 10:37:07 2025 GMT
            Not After : Apr  3 08:00:09 2026 GMT
        Subject: CN=5EFBDE0B5FD1B008A42637157A9E17D1818B4F66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:69:f4:08:93:db:ef:e4:aa:7b:02:ff:2b:51:
                    c6:f1:6a:74:55:c5:96:00:1c:66:03:30:74:31:e5:
                    50:bb:c3:70:31:70:a9:43:02:bc:b3:ea:4a:53:de:
                    20:e7:93:07:35:86:8e:3b:3a:2b:85:f6:66:ac:1a:
                    94:c7:99:c1:56:77:21:29:0c:38:17:e8:a1:50:44:
                    f1:c1:7f:c7:d3:87:47:68:cb:7b:fb:38:f2:fd:9b:
                    ba:cb:ae:87:59:56:08:4c:99:3c:1f:15:3e:44:f5:
                    eb:17:ed:89:65:c8:e1:37:28:e8:9b:70:cc:8e:63:
                    6f:44:ff:47:54:f2:4f:5a:2f:eb:1d:66:98:9f:39:
                    55:89:1d:67:be:41:3c:ec:06:fa:c2:60:32:81:c7:
                    1c:ff:d0:f8:9d:bb:54:2d:f4:6d:bf:bc:84:91:72:
                    73:66:e1:17:5a:db:f4:a2:08:da:07:6e:c3:fc:38:
                    82:9e:30:d2:55:f0:98:7e:2c:03:57:73:0f:64:db:
                    4a:b6:ab:1c:12:c7:06:39:61:0b:31:c1:f7:0c:01:
                    c6:4e:65:2d:f2:99:fa:63:29:71:70:f3:d2:d6:d2:
                    25:dd:49:02:bb:09:03:47:91:fb:33:be:17:f1:83:
                    5c:d7:9f:ae:05:a6:30:11:8d:3c:f6:47:5c:dc:27:
                    6d:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:FB:DE:0B:5F:D1:B0:08:A4:26:37:15:7A:9E:17:D1:81:8B:4F:66
            X509v3 Authority Key Identifier:
                keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XvveC1_RsAikJjcVep4X0YGLT2Y.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.239.48.0/22
                  43.246.0.0/21
                  43.246.12.0-43.246.47.255
                  43.246.52.0-43.246.99.255
                  103.35.48.0/22
                  103.236.0.0-103.236.23.255
                  103.236.28.0-103.236.99.255

    Signature Algorithm: sha256WithRSAEncryption
         78:62:70:20:aa:7d:43:f8:20:6d:e7:de:6f:d0:1f:da:28:78:
         fe:b4:0d:2d:81:d5:0d:0f:0e:c7:bd:da:e2:e7:89:4a:94:8d:
         e3:59:56:ab:30:a3:cf:03:59:3c:4c:ff:0e:1d:db:b6:36:e2:
         31:7f:76:c1:df:26:70:da:9a:3b:81:e8:a2:aa:49:d5:75:ef:
         ab:13:82:e5:2f:f7:d4:81:a2:95:be:2e:48:cc:0a:70:d6:e5:
         fe:17:c8:79:3e:bc:19:53:11:c3:b2:a7:11:45:e5:f6:56:e3:
         71:8c:70:22:5e:52:f1:d3:7d:db:97:ca:97:a3:89:fc:65:ba:
         ae:e7:53:56:19:e7:99:00:a0:b3:eb:7f:6a:9d:39:a3:4f:d0:
         ab:3a:ae:d4:08:09:2c:50:b3:21:96:6e:3d:91:11:ac:67:16:
         b4:3e:3e:d1:90:fa:e4:88:29:1e:f8:59:79:05:ca:fb:8e:b5:
         57:cc:f1:ef:54:51:c3:81:6d:0d:c1:c3:da:6b:b8:6f:dd:8b:
         66:97:78:d0:0b:ea:ce:6d:66:72:45:96:f3:4f:79:dc:3e:dd:
         dc:ef:d4:fc:d5:e7:92:33:b4:e7:8b:1d:7a:ba:aa:04:d6:33:
         98:27:96:10:25:02:bc:00:e6:d8:ee:7a:03:e2:f7:6c:9d:b1:
         56:3a:bb:a7
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbYwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTkx
MDM3MDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDVFRkJERTBCNUZEMUIw
MDhBNDI2MzcxNTdBOUUxN0QxODE4QjRGNjYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDcafQIk9vv5Kp7Av8rUcbxanRVxZYAHGYDMHQx5VC7w3AxcKlD
Aryz6kpT3iDnkwc1ho47OiuF9masGpTHmcFWdyEpDDgX6KFQRPHBf8fTh0doy3v7
OPL9m7rLrodZVghMmTwfFT5E9esX7YllyOE3KOibcMyOY29E/0dU8k9aL+sdZpif
OVWJHWe+QTzsBvrCYDKBxxz/0Pidu1Qt9G2/vISRcnNm4Rda2/SiCNoHbsP8OIKe
MNJV8Jh+LANXcw9k20q2qxwSxwY5YQsxwfcMAcZOZS3ymfpjKXFw89LW0iXdSQK7
CQNHkfszvhfxg1zXn64FpjARjTz2R1zcJ20tAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUXvveC1/RsAikJjcVep4X0YGLT2YwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1h2dmVDMV9Sc0Fpa0pq
Y1ZlcDRYMFlHTFQyWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB4YnAg
qn1D+CBt595v0B/aKHj+tA0tgdUNDw7Hvdri54lKlI3jWVarMKPPA1k8TP8OHdu2
NuIxf3bB3yZw2po7geiiqknVde+rE4LlL/fUgaKVvi5IzApw1uX+F8h5PrwZUxHD
sqcRReX2VuNxjHAiXlLx033bl8qXo4n8Zbqu51NWGeeZAKCz639qnTmjT9CrOq7U
CAksULMhlm49kRGsZxa0Pj7RkPrkiCke+Fl5Bcr7jrVXzPHvVFHDgW0NwcPaa7hv
3Ytml3jQC+rObWZyRZbzT3ncPt3c79T81eeSM7Tnix16uqoE1jOYJ5YQJQK8AObY
7noD4vdsnbFWOrun
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:48:32 2025 by rpki-client