Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ZFObEQNi7qdLZdT38_tczu7zy7A.roa
File:                     ZFObEQNi7qdLZdT38_tczu7zy7A.roa (raw, json)
Hash identifier:          9gOITnpo8rDaMZLunB97NJxVw/H+Jqm+o9CyY+0iUnQ=
Subject key identifier:   64:53:9B:11:03:62:EE:A7:4B:65:D4:F7:F3:FB:5C:CE:EE:F3:CB:B0
Certificate issuer:       /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial:       7202
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZFObEQNi7qdLZdT38_tczu7zy7A.roa
Signing time:             Tue 01 Jul 2025 08:15:12 +0000
ROA not before:           Tue 01 Jul 2025 08:15:12 +0000
ROA not after:            Fri 03 Apr 2026 08:00:09 +0000
asID:                     24426
IP address blocks:        43.239.48.0/22 maxlen: 22
                          43.246.0.0/22 maxlen: 22
                          43.246.4.0/22 maxlen: 22
                          43.246.12.0/22 maxlen: 22
                          43.246.16.0/22 maxlen: 22
                          43.246.20.0/22 maxlen: 22
                          43.246.24.0/22 maxlen: 22
                          43.246.28.0/22 maxlen: 22
                          43.246.32.0/22 maxlen: 22
                          43.246.36.0/22 maxlen: 22
                          43.246.40.0/22 maxlen: 22
                          43.246.44.0/22 maxlen: 22
                          43.246.52.0/22 maxlen: 22
                          43.246.56.0/22 maxlen: 22
                          43.246.60.0/22 maxlen: 22
                          43.246.64.0/22 maxlen: 22
                          43.246.68.0/22 maxlen: 22
                          43.246.72.0/22 maxlen: 22
                          43.246.76.0/22 maxlen: 22
                          43.246.80.0/22 maxlen: 22
                          43.246.84.0/22 maxlen: 22
                          43.246.88.0/22 maxlen: 22
                          43.246.92.0/22 maxlen: 22
                          43.246.96.0/22 maxlen: 22
                          103.35.48.0/22 maxlen: 22
                          103.236.0.0/22 maxlen: 22
                          103.236.4.0/22 maxlen: 22
                          103.236.8.0/22 maxlen: 22
                          103.236.12.0/22 maxlen: 22
                          103.236.16.0/22 maxlen: 22
                          103.236.20.0/22 maxlen: 22
                          103.236.28.0/22 maxlen: 22
                          103.236.32.0/22 maxlen: 22
                          103.236.36.0/22 maxlen: 22
                          103.236.40.0/22 maxlen: 22
                          103.236.44.0/22 maxlen: 22
                          103.236.48.0/22 maxlen: 22
                          103.236.52.0/22 maxlen: 22
                          103.236.56.0/22 maxlen: 22
                          103.236.60.0/22 maxlen: 22
                          103.236.64.0/22 maxlen: 22
                          103.236.68.0/22 maxlen: 22
                          103.236.72.0/22 maxlen: 22
                          103.236.76.0/22 maxlen: 22
                          103.236.80.0/22 maxlen: 22
                          103.236.84.0/22 maxlen: 22
                          103.236.88.0/22 maxlen: 22
                          103.236.92.0/22 maxlen: 22
                          103.236.96.0/22 maxlen: 22
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 29186 (0x7202)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
        Validity
            Not Before: Jul  1 08:15:12 2025 GMT
            Not After : Apr  3 08:00:09 2026 GMT
        Subject: CN=64539B110362EEA74B65D4F7F3FB5CCEEEF3CBB0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b3:d4:8a:47:b1:54:3c:ae:de:1d:4e:94:69:
                    86:a2:89:b2:8c:ed:f4:0c:1a:cf:7c:a3:76:ec:d4:
                    c9:07:0f:ba:11:df:5c:9d:a4:d0:06:42:39:4a:4c:
                    df:65:8a:da:d3:13:0c:73:38:7c:bc:86:5d:87:71:
                    db:23:4e:f7:a9:9f:dd:75:a9:6b:76:28:3c:54:35:
                    70:5d:9b:96:86:01:3b:d6:2b:6b:e4:17:9c:64:f9:
                    b3:36:6f:9f:0b:bb:13:c9:6f:35:07:aa:1c:3b:e6:
                    d0:e0:c3:34:bd:f8:8c:34:5b:06:c0:01:a2:29:44:
                    3d:4e:2c:fe:c3:d1:73:e5:4c:07:38:ce:d0:b1:cb:
                    ff:40:35:92:47:99:bb:ec:ef:79:99:70:27:21:8b:
                    b8:ff:d9:d4:60:a8:a3:99:ea:f1:dc:6d:ba:ec:2a:
                    9f:0d:37:a4:e5:d4:df:9e:47:b4:53:e1:84:fc:dc:
                    0b:fd:07:1d:fc:13:4b:ab:93:8b:5f:12:25:52:37:
                    b4:d3:f1:fd:88:b0:90:29:99:55:e1:8d:a3:d7:76:
                    61:86:6d:90:b2:d1:82:cd:8e:5d:fa:f5:db:b8:b2:
                    9c:af:df:df:eb:31:0a:03:09:60:02:64:2b:ab:f1:
                    18:d6:90:c5:3f:21:4b:9d:fd:ce:fa:92:ae:e2:c4:
                    4c:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:53:9B:11:03:62:EE:A7:4B:65:D4:F7:F3:FB:5C:CE:EE:F3:CB:B0
            X509v3 Authority Key Identifier:
                keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZFObEQNi7qdLZdT38_tczu7zy7A.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.239.48.0/22
                  43.246.0.0/21
                  43.246.12.0-43.246.47.255
                  43.246.52.0-43.246.99.255
                  103.35.48.0/22
                  103.236.0.0-103.236.23.255
                  103.236.28.0-103.236.99.255

    Signature Algorithm: sha256WithRSAEncryption
         6f:d7:80:28:55:44:0c:7f:e4:e1:1d:23:2f:2f:ac:ec:d3:e8:
         e9:ce:83:28:f8:95:9d:85:d2:3d:97:89:8e:66:55:ac:a9:80:
         6e:34:53:b9:c2:1c:64:34:4b:d0:af:b0:df:df:a4:27:a5:87:
         4f:f3:17:89:f9:a5:ee:b1:6e:e5:64:f0:33:57:c6:e3:38:dd:
         e7:6d:35:35:25:73:f0:f1:66:1a:95:a8:ad:aa:4c:88:97:91:
         d1:17:fd:28:be:69:64:76:24:f4:48:e8:7d:cc:8c:1f:06:e1:
         0e:05:0e:da:75:82:f2:c5:82:7c:44:4a:58:f1:db:c6:b3:4f:
         ba:93:d8:04:d0:d7:47:5b:71:78:38:cb:ef:52:8e:ac:ca:1b:
         09:b9:0d:09:8a:e4:76:4a:9c:fc:d7:9a:b6:87:e6:9f:84:c0:
         c3:1e:ec:9e:86:de:92:e1:43:87:d6:ac:57:2e:63:2a:65:f5:
         85:a3:86:f0:ba:f0:57:52:b1:9b:89:c4:e8:83:97:4c:6a:62:
         30:a3:e7:ee:6c:fe:b4:b2:25:02:f2:f6:38:fe:3d:7b:34:3e:
         1e:14:d1:b6:5c:d8:e5:c3:bf:5a:38:c8:eb:92:6f:73:69:94:
         c4:96:3b:9b:e6:b3:31:9b:9b:a1:5a:14:41:f3:ed:65:6d:fc:
         19:bc:dc:b2
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcgIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDEw
ODE1MTJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDY0NTM5QjExMDM2MkVF
QTc0QjY1RDRGN0YzRkI1Q0NFRUVGM0NCQjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDAs9SKR7FUPK7eHU6UaYaiibKM7fQMGs98o3bs1MkHD7oR31yd
pNAGQjlKTN9litrTEwxzOHy8hl2HcdsjTvepn911qWt2KDxUNXBdm5aGATvWK2vk
F5xk+bM2b58LuxPJbzUHqhw75tDgwzS9+Iw0WwbAAaIpRD1OLP7D0XPlTAc4ztCx
y/9ANZJHmbvs73mZcCchi7j/2dRgqKOZ6vHcbbrsKp8NN6Tl1N+eR7RT4YT83Av9
Bx38E0urk4tfEiVSN7TT8f2IsJApmVXhjaPXdmGGbZCy0YLNjl369du4spyv39/r
MQoDCWACZCur8RjWkMU/IUud/c76kq7ixEzPAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUZFObEQNi7qdLZdT38/tczu7zy7AwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1pGT2JFUU5pN3FkTFpk
VDM4X3RjenU3enk3QS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBv14Ao
VUQMf+ThHSMvL6zs0+jpzoMo+JWdhdI9l4mOZlWsqYBuNFO5whxkNEvQr7Df36Qn
pYdP8xeJ+aXusW7lZPAzV8bjON3nbTU1JXPw8WYalaitqkyIl5HRF/0ovmlkdiT0
SOh9zIwfBuEOBQ7adYLyxYJ8REpY8dvGs0+6k9gE0NdHW3F4OMvvUo6syhsJuQ0J
iuR2Spz815q2h+afhMDDHuyeht6S4UOH1qxXLmMqZfWFo4bwuvBXUrGbicTog5dM
amIwo+fubP60siUC8vY4/j17ND4eFNG2XNjlw79aOMjrkm9zaZTEljub5rMxm5uh
WhRB8+1lbfwZvNyy
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:48:42 2025 by rpki-client