Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/aBcuffhFZY7JpwshyxMy3sg_SIY.roa
File:                     aBcuffhFZY7JpwshyxMy3sg_SIY.roa (raw, json)
Hash identifier:          SM4i0jyoobVlw918WVM395T82Ld5MRGbekOoQnCdnZA=
Subject key identifier:   68:17:2E:7D:F8:45:65:8E:C9:A7:0B:21:CB:13:32:DE:C8:3F:48:86
Certificate issuer:       /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial:       7918
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/aBcuffhFZY7JpwshyxMy3sg_SIY.roa
Signing time:             Sun 20 Jul 2025 06:12:07 +0000
ROA not before:           Sun 20 Jul 2025 06:12:07 +0000
ROA not after:            Fri 03 Apr 2026 08:00:09 +0000
asID:                     24426
IP address blocks:        43.239.48.0/22 maxlen: 22
                          43.246.0.0/22 maxlen: 22
                          43.246.4.0/22 maxlen: 22
                          43.246.12.0/22 maxlen: 22
                          43.246.16.0/22 maxlen: 22
                          43.246.20.0/22 maxlen: 22
                          43.246.24.0/22 maxlen: 22
                          43.246.28.0/22 maxlen: 22
                          43.246.32.0/22 maxlen: 22
                          43.246.36.0/22 maxlen: 22
                          43.246.40.0/22 maxlen: 22
                          43.246.44.0/22 maxlen: 22
                          43.246.52.0/22 maxlen: 22
                          43.246.56.0/22 maxlen: 22
                          43.246.60.0/22 maxlen: 22
                          43.246.64.0/22 maxlen: 22
                          43.246.68.0/22 maxlen: 22
                          43.246.72.0/22 maxlen: 22
                          43.246.76.0/22 maxlen: 22
                          43.246.80.0/22 maxlen: 22
                          43.246.84.0/22 maxlen: 22
                          43.246.88.0/22 maxlen: 22
                          43.246.92.0/22 maxlen: 22
                          43.246.96.0/22 maxlen: 22
                          103.35.48.0/22 maxlen: 22
                          103.236.0.0/22 maxlen: 22
                          103.236.4.0/22 maxlen: 22
                          103.236.8.0/22 maxlen: 22
                          103.236.12.0/22 maxlen: 22
                          103.236.16.0/22 maxlen: 22
                          103.236.20.0/22 maxlen: 22
                          103.236.28.0/22 maxlen: 22
                          103.236.32.0/22 maxlen: 22
                          103.236.36.0/22 maxlen: 22
                          103.236.40.0/22 maxlen: 22
                          103.236.44.0/22 maxlen: 22
                          103.236.48.0/22 maxlen: 22
                          103.236.52.0/22 maxlen: 22
                          103.236.56.0/22 maxlen: 22
                          103.236.60.0/22 maxlen: 22
                          103.236.64.0/22 maxlen: 22
                          103.236.68.0/22 maxlen: 22
                          103.236.72.0/22 maxlen: 22
                          103.236.76.0/22 maxlen: 22
                          103.236.80.0/22 maxlen: 22
                          103.236.84.0/22 maxlen: 22
                          103.236.88.0/22 maxlen: 22
                          103.236.92.0/22 maxlen: 22
                          103.236.96.0/22 maxlen: 22
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 31000 (0x7918)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
        Validity
            Not Before: Jul 20 06:12:07 2025 GMT
            Not After : Apr  3 08:00:09 2026 GMT
        Subject: CN=68172E7DF845658EC9A70B21CB1332DEC83F4886
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c0:f4:a5:38:fd:1b:ee:f6:62:b2:74:62:6e:
                    24:34:80:2b:2a:80:bd:b5:61:4d:de:63:5b:5b:c8:
                    63:72:1e:6c:0a:71:d7:7d:f6:9a:43:4a:b9:5a:ad:
                    7e:94:5a:3f:7a:3e:84:29:de:17:d4:9a:5a:b9:15:
                    35:54:e0:3d:07:a0:21:0d:a6:a1:1f:47:c6:d0:8a:
                    a9:2e:a0:5f:f5:b3:d1:52:4b:fb:a1:2d:e0:d7:44:
                    6a:39:07:22:f0:bd:53:d3:19:a6:44:f5:bd:38:44:
                    b0:28:a3:64:86:d3:9c:53:a4:fd:58:8d:c6:11:c9:
                    08:3e:f2:95:47:1a:4c:c8:ef:11:3f:3c:4a:39:a7:
                    14:26:f7:bf:14:e6:77:c3:c0:b9:68:e7:1f:2a:4d:
                    f8:cd:c1:09:22:39:9e:bd:d4:53:25:4a:c5:0a:5d:
                    1a:37:48:92:79:b7:61:d6:2e:76:d6:f1:8a:e0:0f:
                    fc:22:15:41:84:54:a4:72:40:0a:e5:fa:a1:9e:d4:
                    82:21:d7:b3:66:42:95:a0:37:3d:94:a6:85:87:26:
                    d5:e4:3c:b2:c9:11:9c:1c:ab:50:2f:43:4c:ec:bf:
                    c0:b5:dc:47:9d:55:ec:e1:c1:e4:c2:f4:9e:bb:1b:
                    ec:fd:af:3d:5c:d5:34:75:6e:c4:df:46:59:9c:f5:
                    2a:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:17:2E:7D:F8:45:65:8E:C9:A7:0B:21:CB:13:32:DE:C8:3F:48:86
            X509v3 Authority Key Identifier:
                keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/aBcuffhFZY7JpwshyxMy3sg_SIY.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.239.48.0/22
                  43.246.0.0/21
                  43.246.12.0-43.246.47.255
                  43.246.52.0-43.246.99.255
                  103.35.48.0/22
                  103.236.0.0-103.236.23.255
                  103.236.28.0-103.236.99.255

    Signature Algorithm: sha256WithRSAEncryption
         41:49:12:6c:11:ad:b4:6d:c7:dc:c5:0f:fd:2b:a5:c2:85:18:
         a0:65:e5:e3:46:4a:da:fb:6f:f1:49:60:bb:22:1b:4f:7f:05:
         bc:76:b8:57:60:ed:9c:e0:85:2f:d9:26:2f:c2:86:fe:cf:97:
         a6:f2:a8:e0:7d:c4:93:9d:c3:fd:3c:df:a2:2f:3b:c4:92:b3:
         53:30:34:9b:86:91:df:1a:f5:29:3c:58:6f:67:31:42:89:42:
         45:69:b3:0c:76:1e:e8:63:2c:f0:fe:3e:0b:5a:da:eb:13:52:
         67:34:66:25:ca:06:28:7c:d1:0f:5c:33:a0:98:c5:3f:be:ae:
         6a:7a:ae:e5:d4:34:8b:8f:41:de:75:c6:6d:e3:97:c3:80:e6:
         25:ad:9b:db:ca:d4:78:f4:61:59:8c:5b:b5:90:48:61:69:43:
         f3:16:10:b5:fb:9b:ca:63:a0:39:61:7c:53:11:29:a7:86:01:
         3c:31:fd:43:a0:a0:0d:ae:40:3b:3e:23:34:cb:f1:1e:f1:23:
         86:b5:a2:2e:41:1f:56:6b:a2:12:db:59:2f:02:12:bb:ca:92:
         5c:15:33:f3:78:f1:28:53:0e:35:27:ce:c6:0e:c3:9a:b7:82:
         a7:88:c7:95:de:66:d8:b3:f6:18:03:59:6a:9b:d2:e9:ad:8c:
         9b:7f:71:69
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeRgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MjAw
NjEyMDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDY4MTcyRTdERjg0NTY1
OEVDOUE3MEIyMUNCMTMzMkRFQzgzRjQ4ODYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCpwPSlOP0b7vZisnRibiQ0gCsqgL21YU3eY1tbyGNyHmwKcdd9
9ppDSrlarX6UWj96PoQp3hfUmlq5FTVU4D0HoCENpqEfR8bQiqkuoF/1s9FSS/uh
LeDXRGo5ByLwvVPTGaZE9b04RLAoo2SG05xTpP1YjcYRyQg+8pVHGkzI7xE/PEo5
pxQm978U5nfDwLlo5x8qTfjNwQkiOZ691FMlSsUKXRo3SJJ5t2HWLnbW8YrgD/wi
FUGEVKRyQArl+qGe1IIh17NmQpWgNz2UpoWHJtXkPLLJEZwcq1AvQ0zsv8C13Eed
VezhweTC9J67G+z9rz1c1TR1bsTfRlmc9SpdAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUaBcuffhFZY7JpwshyxMy3sg/SIYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2FCY3VmZmhGWlk3SnB3
c2h5eE15M3NnX1NJWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBBSRJs
Ea20bcfcxQ/9K6XChRigZeXjRkra+2/xSWC7IhtPfwW8drhXYO2c4IUv2SYvwob+
z5em8qjgfcSTncP9PN+iLzvEkrNTMDSbhpHfGvUpPFhvZzFCiUJFabMMdh7oYyzw
/j4LWtrrE1JnNGYlygYofNEPXDOgmMU/vq5qeq7l1DSLj0HedcZt45fDgOYlrZvb
ytR49GFZjFu1kEhhaUPzFhC1+5vKY6A5YXxTESmnhgE8Mf1DoKANrkA7PiM0y/Ee
8SOGtaIuQR9Wa6IS21kvAhK7ypJcFTPzePEoUw41J87GDsOat4KniMeV3mbYs/YY
A1lqm9LprYybf3Fp
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:48:32 2025 by rpki-client