Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/e2krIwUpM3XC9fcUph68nmb_0ak.roa
File:                     e2krIwUpM3XC9fcUph68nmb_0ak.roa (raw, json)
Hash identifier:          Y0Fsbhdtoe2x69qtwx62UXLrBBkgRrrG52SZf6HsabY=
Subject key identifier:   7B:69:2B:23:05:29:33:75:C2:F5:F7:14:A6:1E:BC:9E:66:FF:D1:A9
Certificate issuer:       /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial:       759C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/e2krIwUpM3XC9fcUph68nmb_0ak.roa
Signing time:             Thu 10 Jul 2025 22:45:08 +0000
ROA not before:           Thu 10 Jul 2025 22:45:08 +0000
ROA not after:            Fri 03 Apr 2026 08:00:09 +0000
asID:                     24426
IP address blocks:        43.239.48.0/22 maxlen: 22
                          43.246.0.0/22 maxlen: 22
                          43.246.4.0/22 maxlen: 22
                          43.246.12.0/22 maxlen: 22
                          43.246.16.0/22 maxlen: 22
                          43.246.20.0/22 maxlen: 22
                          43.246.24.0/22 maxlen: 22
                          43.246.28.0/22 maxlen: 22
                          43.246.32.0/22 maxlen: 22
                          43.246.36.0/22 maxlen: 22
                          43.246.40.0/22 maxlen: 22
                          43.246.44.0/22 maxlen: 22
                          43.246.52.0/22 maxlen: 22
                          43.246.56.0/22 maxlen: 22
                          43.246.60.0/22 maxlen: 22
                          43.246.64.0/22 maxlen: 22
                          43.246.68.0/22 maxlen: 22
                          43.246.72.0/22 maxlen: 22
                          43.246.76.0/22 maxlen: 22
                          43.246.80.0/22 maxlen: 22
                          43.246.84.0/22 maxlen: 22
                          43.246.88.0/22 maxlen: 22
                          43.246.92.0/22 maxlen: 22
                          43.246.96.0/22 maxlen: 22
                          103.35.48.0/22 maxlen: 22
                          103.236.0.0/22 maxlen: 22
                          103.236.4.0/22 maxlen: 22
                          103.236.8.0/22 maxlen: 22
                          103.236.12.0/22 maxlen: 22
                          103.236.16.0/22 maxlen: 22
                          103.236.20.0/22 maxlen: 22
                          103.236.28.0/22 maxlen: 22
                          103.236.32.0/22 maxlen: 22
                          103.236.36.0/22 maxlen: 22
                          103.236.40.0/22 maxlen: 22
                          103.236.44.0/22 maxlen: 22
                          103.236.48.0/22 maxlen: 22
                          103.236.52.0/22 maxlen: 22
                          103.236.56.0/22 maxlen: 22
                          103.236.60.0/22 maxlen: 22
                          103.236.64.0/22 maxlen: 22
                          103.236.68.0/22 maxlen: 22
                          103.236.72.0/22 maxlen: 22
                          103.236.76.0/22 maxlen: 22
                          103.236.80.0/22 maxlen: 22
                          103.236.84.0/22 maxlen: 22
                          103.236.88.0/22 maxlen: 22
                          103.236.92.0/22 maxlen: 22
                          103.236.96.0/22 maxlen: 22
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 30108 (0x759c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
        Validity
            Not Before: Jul 10 22:45:08 2025 GMT
            Not After : Apr  3 08:00:09 2026 GMT
        Subject: CN=7B692B2305293375C2F5F714A61EBC9E66FFD1A9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:63:bb:b9:8f:2e:38:f9:68:13:7a:19:61:9b:
                    14:41:0c:0b:3c:f9:a0:9d:4c:d9:a1:62:10:15:ea:
                    3f:95:ab:6d:04:b2:f3:fa:b1:6f:9a:4b:5a:b1:70:
                    96:f7:98:3f:cb:29:e7:2d:75:b5:b2:5a:a6:50:ed:
                    4f:e6:0f:7a:df:aa:e2:ac:f1:7e:85:50:fd:f6:79:
                    9e:23:6f:d9:91:9d:70:76:14:b2:7a:40:34:aa:18:
                    bc:2a:4b:a2:1e:24:60:7a:9c:39:ba:0e:2e:c2:1f:
                    43:c6:57:0a:65:c4:c6:95:53:8e:6e:5a:ae:1f:42:
                    4e:1e:b3:5a:65:1d:2d:9f:3d:81:0d:70:da:97:a9:
                    af:6f:b7:f2:ef:4d:58:3b:91:c2:c5:2d:0f:3e:d3:
                    f7:2f:a5:fa:19:cc:f8:c7:c1:4a:62:f7:7b:36:3c:
                    7a:8d:53:8b:ec:6e:76:5c:92:24:53:1a:f2:1f:c4:
                    f8:5f:7d:14:c4:39:4f:7b:99:e3:7d:60:e3:ac:90:
                    71:a9:bc:17:62:10:68:80:43:4f:25:27:25:fe:85:
                    f1:d4:8e:3d:7f:21:f0:a7:61:7a:6f:26:d8:47:cc:
                    37:55:bc:ed:d9:f6:6b:bd:e7:a3:6d:9b:91:5d:46:
                    51:44:8a:c0:c8:d9:1a:86:ec:a6:62:58:36:26:4b:
                    5c:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:69:2B:23:05:29:33:75:C2:F5:F7:14:A6:1E:BC:9E:66:FF:D1:A9
            X509v3 Authority Key Identifier:
                keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/e2krIwUpM3XC9fcUph68nmb_0ak.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.239.48.0/22
                  43.246.0.0/21
                  43.246.12.0-43.246.47.255
                  43.246.52.0-43.246.99.255
                  103.35.48.0/22
                  103.236.0.0-103.236.23.255
                  103.236.28.0-103.236.99.255

    Signature Algorithm: sha256WithRSAEncryption
         74:54:0a:34:1a:df:c4:bb:c1:ff:02:7f:26:a4:7b:0d:bf:df:
         ed:0b:91:7f:2c:26:11:c6:ac:ef:06:85:48:94:f1:b5:09:50:
         09:9d:a6:67:51:01:a9:75:52:09:b4:8e:1d:91:28:1d:34:7b:
         6e:4c:99:de:dc:aa:b4:4c:db:27:20:1f:7b:28:c1:6f:11:66:
         18:b6:5b:66:da:97:ad:a2:67:a0:c9:e2:d6:b1:30:1a:4f:0d:
         05:d3:70:cc:00:31:36:34:e4:b5:1a:6f:1a:bd:a1:3d:5c:71:
         f7:74:f7:b8:a3:48:d0:fc:17:2d:47:1d:6e:f0:78:2e:02:32:
         38:c5:fe:79:5f:0f:82:39:5c:82:67:38:17:d1:bf:b1:6d:26:
         58:e3:3e:b6:69:fe:99:1a:24:c4:2a:d4:12:15:4c:6b:3c:c8:
         76:e2:5e:05:e9:df:18:e3:99:d9:06:13:2c:84:47:85:5f:8a:
         02:ed:00:2b:46:81:02:c9:e2:05:ea:e4:96:6d:64:c0:be:69:
         e1:32:8a:41:87:e6:c2:0b:0a:88:76:c4:9d:96:b0:27:6c:ff:
         08:1e:d4:bb:d7:4a:56:a2:fa:65:5a:5a:25:d7:b0:40:a4:7f:
         3c:d4:cd:97:b2:00:54:6c:19:40:27:0f:6d:25:3e:61:c8:eb:
         78:8b:94:91
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdZwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTAy
MjQ1MDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDdCNjkyQjIzMDUyOTMz
NzVDMkY1RjcxNEE2MUVCQzlFNjZGRkQxQTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJY7u5jy44+WgTehlhmxRBDAs8+aCdTNmhYhAV6j+Vq20EsvP6
sW+aS1qxcJb3mD/LKectdbWyWqZQ7U/mD3rfquKs8X6FUP32eZ4jb9mRnXB2FLJ6
QDSqGLwqS6IeJGB6nDm6Di7CH0PGVwplxMaVU45uWq4fQk4es1plHS2fPYENcNqX
qa9vt/LvTVg7kcLFLQ8+0/cvpfoZzPjHwUpi93s2PHqNU4vsbnZckiRTGvIfxPhf
fRTEOU97meN9YOOskHGpvBdiEGiAQ08lJyX+hfHUjj1/IfCnYXpvJthHzDdVvO3Z
9mu956Ntm5FdRlFEisDI2RqG7KZiWDYmS1zxAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUe2krIwUpM3XC9fcUph68nmb/0akwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2Uya3JJd1VwTTNYQzlm
Y1VwaDY4bm1iXzBhay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB0VAo0
Gt/Eu8H/An8mpHsNv9/tC5F/LCYRxqzvBoVIlPG1CVAJnaZnUQGpdVIJtI4dkSgd
NHtuTJne3Kq0TNsnIB97KMFvEWYYtltm2petomegyeLWsTAaTw0F03DMADE2NOS1
Gm8avaE9XHH3dPe4o0jQ/BctRx1u8HguAjI4xf55Xw+COVyCZzgX0b+xbSZY4z62
af6ZGiTEKtQSFUxrPMh24l4F6d8Y45nZBhMshEeFX4oC7QArRoECyeIF6uSWbWTA
vmnhMopBh+bCCwqIdsSdlrAnbP8IHtS710pWovplWlol17BApH881M2XsgBUbBlA
Jw9tJT5hyOt4i5SR
-----END CERTIFICATE-----
Generated at Sun Jul 20 16:38:14 2025 by rpki-client