Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/fTRqcikgVMYuv2udgL0yBGxXEys.roa
File:                     fTRqcikgVMYuv2udgL0yBGxXEys.roa (raw, json)
Hash identifier:          emejI4C618xiIyczkcQBbiAxuG+q5CUUhl1toAJWKZ0=
Subject key identifier:   7D:34:6A:72:29:20:54:C6:2E:BF:6B:9D:80:BD:32:04:6C:57:13:2B
Certificate issuer:       /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial:       7782
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fTRqcikgVMYuv2udgL0yBGxXEys.roa
Signing time:             Wed 16 Jul 2025 00:42:51 +0000
ROA not before:           Wed 16 Jul 2025 00:42:51 +0000
ROA not after:            Fri 03 Apr 2026 08:00:09 +0000
asID:                     24426
IP address blocks:        43.239.48.0/22 maxlen: 22
                          43.246.0.0/22 maxlen: 22
                          43.246.4.0/22 maxlen: 22
                          43.246.12.0/22 maxlen: 22
                          43.246.16.0/22 maxlen: 22
                          43.246.20.0/22 maxlen: 22
                          43.246.24.0/22 maxlen: 22
                          43.246.28.0/22 maxlen: 22
                          43.246.32.0/22 maxlen: 22
                          43.246.36.0/22 maxlen: 22
                          43.246.40.0/22 maxlen: 22
                          43.246.44.0/22 maxlen: 22
                          43.246.52.0/22 maxlen: 22
                          43.246.56.0/22 maxlen: 22
                          43.246.60.0/22 maxlen: 22
                          43.246.64.0/22 maxlen: 22
                          43.246.68.0/22 maxlen: 22
                          43.246.72.0/22 maxlen: 22
                          43.246.76.0/22 maxlen: 22
                          43.246.80.0/22 maxlen: 22
                          43.246.84.0/22 maxlen: 22
                          43.246.88.0/22 maxlen: 22
                          43.246.92.0/22 maxlen: 22
                          43.246.96.0/22 maxlen: 22
                          103.35.48.0/22 maxlen: 22
                          103.236.0.0/22 maxlen: 22
                          103.236.4.0/22 maxlen: 22
                          103.236.8.0/22 maxlen: 22
                          103.236.12.0/22 maxlen: 22
                          103.236.16.0/22 maxlen: 22
                          103.236.20.0/22 maxlen: 22
                          103.236.28.0/22 maxlen: 22
                          103.236.32.0/22 maxlen: 22
                          103.236.36.0/22 maxlen: 22
                          103.236.40.0/22 maxlen: 22
                          103.236.44.0/22 maxlen: 22
                          103.236.48.0/22 maxlen: 22
                          103.236.52.0/22 maxlen: 22
                          103.236.56.0/22 maxlen: 22
                          103.236.60.0/22 maxlen: 22
                          103.236.64.0/22 maxlen: 22
                          103.236.68.0/22 maxlen: 22
                          103.236.72.0/22 maxlen: 22
                          103.236.76.0/22 maxlen: 22
                          103.236.80.0/22 maxlen: 22
                          103.236.84.0/22 maxlen: 22
                          103.236.88.0/22 maxlen: 22
                          103.236.92.0/22 maxlen: 22
                          103.236.96.0/22 maxlen: 22
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 30594 (0x7782)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
        Validity
            Not Before: Jul 16 00:42:51 2025 GMT
            Not After : Apr  3 08:00:09 2026 GMT
        Subject: CN=7D346A72292054C62EBF6B9D80BD32046C57132B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:00:9b:df:cf:7d:12:35:4d:b8:c1:3b:7b:ec:
                    fb:4a:c5:94:a6:e9:34:d5:7d:71:80:c5:a7:d0:ee:
                    e4:07:d9:f4:6b:7e:9b:5e:44:00:7f:7b:82:ae:bc:
                    cc:52:9a:5d:a1:f9:1a:d3:f9:7c:2e:0a:d8:63:37:
                    36:05:80:61:7f:34:b6:cb:27:3b:80:33:01:1f:df:
                    54:6c:20:a5:46:da:9d:d9:8c:5d:da:67:3b:30:84:
                    24:fc:c6:67:d2:4e:47:8a:27:f8:6f:b5:95:60:d1:
                    21:51:ce:5b:d4:63:2b:98:f9:8e:fe:39:90:3b:a3:
                    cf:74:50:b9:0e:46:4b:ea:41:1c:7f:14:50:1b:51:
                    f8:ed:df:ea:d1:a8:70:47:9a:09:94:eb:17:69:6c:
                    3a:b3:96:b8:fc:e4:9d:4e:b6:b6:47:2b:8f:34:91:
                    54:13:95:50:b8:7b:28:fa:bb:af:8a:6b:7b:ca:20:
                    ec:86:52:23:f9:58:0d:b5:f4:6f:cc:76:b6:56:53:
                    13:12:02:f2:54:c5:19:50:22:0a:1e:29:13:31:21:
                    28:d8:2b:49:b7:93:ea:24:cf:73:aa:17:bc:bb:ff:
                    04:27:22:6f:39:83:25:23:d1:88:81:d1:21:4d:50:
                    29:a2:57:c3:2c:22:c8:1a:07:99:d1:2c:cd:00:46:
                    99:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:34:6A:72:29:20:54:C6:2E:BF:6B:9D:80:BD:32:04:6C:57:13:2B
            X509v3 Authority Key Identifier:
                keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fTRqcikgVMYuv2udgL0yBGxXEys.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.239.48.0/22
                  43.246.0.0/21
                  43.246.12.0-43.246.47.255
                  43.246.52.0-43.246.99.255
                  103.35.48.0/22
                  103.236.0.0-103.236.23.255
                  103.236.28.0-103.236.99.255

    Signature Algorithm: sha256WithRSAEncryption
         7c:ec:0f:7f:5c:b4:62:a2:e2:d8:2a:3c:57:98:f2:03:9a:e8:
         ff:14:9d:cd:26:6b:5f:45:be:87:67:67:d6:c9:aa:ca:dc:1f:
         85:0b:3f:ea:15:1d:e5:b0:3f:33:4f:ee:b1:40:0a:d6:1b:7a:
         3b:84:7b:15:02:50:4c:bc:7e:44:a1:14:2a:1e:6f:c1:05:f7:
         54:99:e0:bf:4a:ab:e4:6d:9e:4c:8e:85:f6:81:a1:63:16:9b:
         54:95:b4:fd:df:eb:2f:92:6c:d3:ca:1a:7f:b8:38:9c:70:23:
         5f:94:b4:c0:73:fa:d2:9c:c6:d0:ce:d4:e9:e7:0a:7b:e5:c5:
         b0:8f:17:e4:26:ce:5a:9a:ea:d3:af:76:07:1e:d5:4c:6a:4a:
         72:b6:04:e1:88:ce:5e:55:a4:b9:1f:bb:b1:4f:b6:2c:a9:6e:
         f7:57:42:94:48:8f:b5:34:ba:61:d7:a0:2b:e5:63:02:e0:f0:
         c3:f6:e7:51:71:e9:80:3d:e1:d3:47:95:bb:e6:d8:e0:54:20:
         b6:42:52:05:6e:6d:7c:b5:6d:59:d6:56:f1:3f:8f:68:48:40:
         16:ef:dc:29:84:87:e4:ac:75:90:cd:5f:54:55:6f:1c:b8:5e:
         d7:f7:49:01:a8:e4:65:1a:8a:00:3c:b2:08:b9:d6:bb:77:c0:
         45:23:31:46
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICd4IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTYw
MDQyNTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDdEMzQ2QTcyMjkyMDU0
QzYyRUJGNkI5RDgwQkQzMjA0NkM1NzEzMkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCmAJvfz30SNU24wTt77PtKxZSm6TTVfXGAxafQ7uQH2fRrfpte
RAB/e4KuvMxSml2h+RrT+XwuCthjNzYFgGF/NLbLJzuAMwEf31RsIKVG2p3ZjF3a
ZzswhCT8xmfSTkeKJ/hvtZVg0SFRzlvUYyuY+Y7+OZA7o890ULkORkvqQRx/FFAb
Ufjt3+rRqHBHmgmU6xdpbDqzlrj85J1OtrZHK480kVQTlVC4eyj6u6+Ka3vKIOyG
UiP5WA219G/MdrZWUxMSAvJUxRlQIgoeKRMxISjYK0m3k+okz3OqF7y7/wQnIm85
gyUj0YiB0SFNUCmiV8MsIsgaB5nRLM0ARpk9AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUfTRqcikgVMYuv2udgL0yBGxXEyswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2ZUUnFjaWtnVk1ZdXYy
dWRnTDB5Qkd4WEV5cy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB87A9/
XLRiouLYKjxXmPIDmuj/FJ3NJmtfRb6HZ2fWyarK3B+FCz/qFR3lsD8zT+6xQArW
G3o7hHsVAlBMvH5EoRQqHm/BBfdUmeC/SqvkbZ5MjoX2gaFjFptUlbT93+svkmzT
yhp/uDiccCNflLTAc/rSnMbQztTp5wp75cWwjxfkJs5amurTr3YHHtVMakpytgTh
iM5eVaS5H7uxT7YsqW73V0KUSI+1NLph16Ar5WMC4PDD9udRcemAPeHTR5W75tjg
VCC2QlIFbm18tW1Z1lbxP49oSEAW79wphIfkrHWQzV9UVW8cuF7X90kBqORlGooA
PLIIuda7d8BFIzFG
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:48:39 2025 by rpki-client