Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/hoFAMufb2-YJmy-oZjRzg7X_BHc.roa
File:                     hoFAMufb2-YJmy-oZjRzg7X_BHc.roa (raw, json)
Hash identifier:          n/mJMs+w79Zuk/OEfGwve9xr2N9wRR5lXgBD5wJ4P1A=
Subject key identifier:   86:81:40:32:E7:DB:DB:E6:09:9B:2F:A8:66:34:73:83:B5:FF:04:77
Certificate issuer:       /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial:       63D2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hoFAMufb2-YJmy-oZjRzg7X_BHc.roa
Signing time:             Sat 24 May 2025 06:40:51 +0000
ROA not before:           Sat 24 May 2025 06:40:51 +0000
ROA not after:            Fri 03 Apr 2026 08:00:09 +0000
asID:                     24426
IP address blocks:        43.239.48.0/22 maxlen: 22
                          43.246.0.0/22 maxlen: 22
                          43.246.4.0/22 maxlen: 22
                          43.246.12.0/22 maxlen: 22
                          43.246.16.0/22 maxlen: 22
                          43.246.20.0/22 maxlen: 22
                          43.246.24.0/22 maxlen: 22
                          43.246.28.0/22 maxlen: 22
                          43.246.32.0/22 maxlen: 22
                          43.246.36.0/22 maxlen: 22
                          43.246.40.0/22 maxlen: 22
                          43.246.44.0/22 maxlen: 22
                          43.246.52.0/22 maxlen: 22
                          43.246.56.0/22 maxlen: 22
                          43.246.60.0/22 maxlen: 22
                          43.246.64.0/22 maxlen: 22
                          43.246.68.0/22 maxlen: 22
                          43.246.72.0/22 maxlen: 22
                          43.246.76.0/22 maxlen: 22
                          43.246.80.0/22 maxlen: 22
                          43.246.84.0/22 maxlen: 22
                          43.246.88.0/22 maxlen: 22
                          43.246.92.0/22 maxlen: 22
                          43.246.96.0/22 maxlen: 22
                          103.35.48.0/22 maxlen: 22
                          103.236.0.0/22 maxlen: 22
                          103.236.4.0/22 maxlen: 22
                          103.236.8.0/22 maxlen: 22
                          103.236.12.0/22 maxlen: 22
                          103.236.16.0/22 maxlen: 22
                          103.236.20.0/22 maxlen: 22
                          103.236.28.0/22 maxlen: 22
                          103.236.32.0/22 maxlen: 22
                          103.236.36.0/22 maxlen: 22
                          103.236.40.0/22 maxlen: 22
                          103.236.44.0/22 maxlen: 22
                          103.236.48.0/22 maxlen: 22
                          103.236.52.0/22 maxlen: 22
                          103.236.56.0/22 maxlen: 22
                          103.236.60.0/22 maxlen: 22
                          103.236.64.0/22 maxlen: 22
                          103.236.68.0/22 maxlen: 22
                          103.236.72.0/22 maxlen: 22
                          103.236.76.0/22 maxlen: 22
                          103.236.80.0/22 maxlen: 22
                          103.236.84.0/22 maxlen: 22
                          103.236.88.0/22 maxlen: 22
                          103.236.92.0/22 maxlen: 22
                          103.236.96.0/22 maxlen: 22
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 25554 (0x63d2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
        Validity
            Not Before: May 24 06:40:51 2025 GMT
            Not After : Apr  3 08:00:09 2026 GMT
        Subject: CN=86814032E7DBDBE6099B2FA866347383B5FF0477
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:5b:b9:05:12:67:6f:07:f6:ce:00:c4:a8:26:
                    f0:fc:4f:fb:39:89:18:8a:39:87:8e:cb:8b:ea:68:
                    f9:79:c9:55:f2:14:49:94:60:32:c7:da:f8:f8:50:
                    db:b2:00:0a:4e:80:56:75:09:7d:78:b1:b7:7d:65:
                    5d:41:22:b4:90:91:ec:5c:17:67:c8:4c:bb:0a:ef:
                    01:7a:0b:69:a8:27:46:f5:f2:e6:f1:82:1a:0b:a3:
                    f9:87:f5:e5:8c:9c:68:86:5a:e3:10:d7:23:8d:59:
                    2f:fa:28:8d:74:71:a5:9e:e6:2c:7b:22:7f:88:57:
                    f6:a7:0f:e3:4d:c0:eb:ef:18:79:bb:fc:0c:e8:41:
                    e2:b0:5c:2b:31:6b:48:59:04:f5:5b:59:16:ea:8c:
                    69:7f:4a:e7:09:99:dd:a0:c5:89:30:ad:ed:e3:0a:
                    87:ae:31:ee:77:bf:6b:31:a8:a6:01:04:24:b4:2a:
                    98:c7:ba:d2:bd:46:7e:9c:c1:3b:e8:d3:69:27:94:
                    3d:d5:86:d1:08:6d:6e:c7:56:ae:f3:2a:fb:82:6a:
                    ad:7a:5f:ae:f1:d3:5a:04:56:ee:29:1b:f7:07:ef:
                    d9:70:e1:12:d1:53:67:2b:5d:f6:7d:84:e6:54:98:
                    ca:c0:9e:c3:df:5e:e9:28:af:8f:d5:27:ae:2e:a4:
                    c2:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:81:40:32:E7:DB:DB:E6:09:9B:2F:A8:66:34:73:83:B5:FF:04:77
            X509v3 Authority Key Identifier:
                keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hoFAMufb2-YJmy-oZjRzg7X_BHc.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.239.48.0/22
                  43.246.0.0/21
                  43.246.12.0-43.246.47.255
                  43.246.52.0-43.246.99.255
                  103.35.48.0/22
                  103.236.0.0-103.236.23.255
                  103.236.28.0-103.236.99.255

    Signature Algorithm: sha256WithRSAEncryption
         b4:4e:9d:bd:f1:0e:33:90:74:45:db:46:91:23:fc:ab:bf:7d:
         09:60:c5:7b:b0:f1:30:b1:00:8d:a9:92:57:b9:80:63:17:11:
         63:63:be:31:0a:d7:b1:38:e4:7e:8c:1a:73:51:f8:55:60:11:
         6b:93:8f:b2:74:e3:b6:dd:f1:f3:e2:ba:62:17:91:8b:f5:54:
         ac:f0:83:a5:10:b5:0d:d3:49:5d:73:54:78:86:fd:08:f6:17:
         1d:89:f1:e9:95:47:30:85:ac:0e:8b:09:b7:ad:69:f1:02:1c:
         4c:57:b0:62:bf:ae:a4:02:ad:a5:d4:0e:2f:ed:e0:d8:44:41:
         9e:30:d7:a0:2f:92:87:b9:55:a2:b1:71:09:90:72:e2:82:b6:
         95:a7:53:7d:0e:5e:8b:4b:f4:d0:5c:00:f8:7a:37:b2:7d:37:
         72:f9:1e:63:29:f6:ad:48:59:66:8d:23:88:40:64:e0:b0:c7:
         b8:5a:26:95:59:39:20:c5:85:0e:2d:bf:6d:47:f9:0f:18:1a:
         17:86:5c:2a:af:01:87:cc:8c:f2:fc:0f:59:17:90:4a:5e:3a:
         82:74:08:16:63:37:c7:0e:f3:d5:b9:18:ee:90:fb:95:86:46:
         e0:64:fb:ec:d4:39:bb:5f:2f:43:ef:a2:ff:d2:c2:01:54:94:
         21:75:75:b1
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICY9IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjQw
NjQwNTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDg2ODE0MDMyRTdEQkRC
RTYwOTlCMkZBODY2MzQ3MzgzQjVGRjA0NzcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2W7kFEmdvB/bOAMSoJvD8T/s5iRiKOYeOy4vqaPl5yVXyFEmU
YDLH2vj4UNuyAApOgFZ1CX14sbd9ZV1BIrSQkexcF2fITLsK7wF6C2moJ0b18ubx
ghoLo/mH9eWMnGiGWuMQ1yONWS/6KI10caWe5ix7In+IV/anD+NNwOvvGHm7/Azo
QeKwXCsxa0hZBPVbWRbqjGl/SucJmd2gxYkwre3jCoeuMe53v2sxqKYBBCS0KpjH
utK9Rn6cwTvo02knlD3VhtEIbW7HVq7zKvuCaq16X67x01oEVu4pG/cH79lw4RLR
U2crXfZ9hOZUmMrAnsPfXukor4/VJ64upMJPAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUhoFAMufb2+YJmy+oZjRzg7X/BHcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2hvRkFNdWZiMi1ZSm15
LW9aalJ6ZzdYX0JIYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC0Tp29
8Q4zkHRF20aRI/yrv30JYMV7sPEwsQCNqZJXuYBjFxFjY74xCtexOOR+jBpzUfhV
YBFrk4+ydOO23fHz4rpiF5GL9VSs8IOlELUN00ldc1R4hv0I9hcdifHplUcwhawO
iwm3rWnxAhxMV7Biv66kAq2l1A4v7eDYREGeMNegL5KHuVWisXEJkHLigraVp1N9
Dl6LS/TQXAD4ejeyfTdy+R5jKfatSFlmjSOIQGTgsMe4WiaVWTkgxYUOLb9tR/kP
GBoXhlwqrwGHzIzy/A9ZF5BKXjqCdAgWYzfHDvPVuRjukPuVhkbgZPvs1Dm7Xy9D
76L/0sIBVJQhdXWx
-----END CERTIFICATE-----
Generated at Sun Jul 20 16:38:23 2025 by rpki-client