Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/iIOYu46p7YrtC8WY089JN8YAeuE.roa
File:                     iIOYu46p7YrtC8WY089JN8YAeuE.roa (raw, json)
Hash identifier:          8+OaTIq778qO9U/i7mmxjnxJCKgODP4a+UUQkzkqilE=
Subject key identifier:   88:83:98:BB:8E:A9:ED:8A:ED:0B:C5:98:D3:CF:49:37:C6:00:7A:E1
Certificate issuer:       /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial:       73C6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/iIOYu46p7YrtC8WY089JN8YAeuE.roa
Signing time:             Sun 06 Jul 2025 01:16:10 +0000
ROA not before:           Sun 06 Jul 2025 01:16:10 +0000
ROA not after:            Fri 03 Apr 2026 08:00:09 +0000
asID:                     24426
IP address blocks:        43.239.48.0/22 maxlen: 22
                          43.246.0.0/22 maxlen: 22
                          43.246.4.0/22 maxlen: 22
                          43.246.12.0/22 maxlen: 22
                          43.246.16.0/22 maxlen: 22
                          43.246.20.0/22 maxlen: 22
                          43.246.24.0/22 maxlen: 22
                          43.246.28.0/22 maxlen: 22
                          43.246.32.0/22 maxlen: 22
                          43.246.36.0/22 maxlen: 22
                          43.246.40.0/22 maxlen: 22
                          43.246.44.0/22 maxlen: 22
                          43.246.52.0/22 maxlen: 22
                          43.246.56.0/22 maxlen: 22
                          43.246.60.0/22 maxlen: 22
                          43.246.64.0/22 maxlen: 22
                          43.246.68.0/22 maxlen: 22
                          43.246.72.0/22 maxlen: 22
                          43.246.76.0/22 maxlen: 22
                          43.246.80.0/22 maxlen: 22
                          43.246.84.0/22 maxlen: 22
                          43.246.88.0/22 maxlen: 22
                          43.246.92.0/22 maxlen: 22
                          43.246.96.0/22 maxlen: 22
                          103.35.48.0/22 maxlen: 22
                          103.236.0.0/22 maxlen: 22
                          103.236.4.0/22 maxlen: 22
                          103.236.8.0/22 maxlen: 22
                          103.236.12.0/22 maxlen: 22
                          103.236.16.0/22 maxlen: 22
                          103.236.20.0/22 maxlen: 22
                          103.236.28.0/22 maxlen: 22
                          103.236.32.0/22 maxlen: 22
                          103.236.36.0/22 maxlen: 22
                          103.236.40.0/22 maxlen: 22
                          103.236.44.0/22 maxlen: 22
                          103.236.48.0/22 maxlen: 22
                          103.236.52.0/22 maxlen: 22
                          103.236.56.0/22 maxlen: 22
                          103.236.60.0/22 maxlen: 22
                          103.236.64.0/22 maxlen: 22
                          103.236.68.0/22 maxlen: 22
                          103.236.72.0/22 maxlen: 22
                          103.236.76.0/22 maxlen: 22
                          103.236.80.0/22 maxlen: 22
                          103.236.84.0/22 maxlen: 22
                          103.236.88.0/22 maxlen: 22
                          103.236.92.0/22 maxlen: 22
                          103.236.96.0/22 maxlen: 22
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 29638 (0x73c6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
        Validity
            Not Before: Jul  6 01:16:10 2025 GMT
            Not After : Apr  3 08:00:09 2026 GMT
        Subject: CN=888398BB8EA9ED8AED0BC598D3CF4937C6007AE1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:3e:43:3d:e3:9a:cc:c1:86:72:dd:ba:d2:82:
                    39:9f:0a:cd:b1:d1:b3:06:38:ca:e3:ab:bf:6c:b2:
                    78:2b:1f:35:ba:2b:46:bc:da:63:9f:f4:f1:4d:70:
                    a5:3c:e8:5f:a9:44:e8:9d:eb:40:36:b4:48:1f:84:
                    b5:41:b6:2b:1b:bc:1e:c0:db:5f:60:62:0e:24:1d:
                    13:af:3a:0c:73:b3:04:21:da:f2:68:bf:8e:fd:56:
                    25:46:1a:4b:41:6c:28:d2:0d:26:d7:a8:d9:17:00:
                    02:32:a8:fa:09:19:5a:30:0a:94:f8:f9:0a:18:59:
                    24:57:85:12:00:dd:84:07:22:05:2a:ea:35:79:ca:
                    ef:4a:48:d6:da:77:d2:b5:46:a0:d3:37:65:81:a3:
                    db:ce:54:89:79:fc:a8:d2:6b:da:54:e0:c0:f1:0e:
                    30:a4:68:c6:7a:1c:25:2f:15:a5:24:93:9f:0b:0b:
                    90:95:4d:fb:3a:97:ff:af:35:79:3e:ab:85:77:5b:
                    8e:02:d6:46:b9:8f:21:12:2b:80:43:ad:ab:9e:44:
                    aa:c2:60:2f:bf:c2:aa:de:58:f4:17:b1:28:e9:f2:
                    31:32:41:fe:21:66:4a:7e:e1:2f:a3:3b:8b:6a:e4:
                    fe:12:a7:79:5b:65:47:54:d1:89:6f:a0:2e:ab:02:
                    67:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:83:98:BB:8E:A9:ED:8A:ED:0B:C5:98:D3:CF:49:37:C6:00:7A:E1
            X509v3 Authority Key Identifier:
                keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/iIOYu46p7YrtC8WY089JN8YAeuE.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.239.48.0/22
                  43.246.0.0/21
                  43.246.12.0-43.246.47.255
                  43.246.52.0-43.246.99.255
                  103.35.48.0/22
                  103.236.0.0-103.236.23.255
                  103.236.28.0-103.236.99.255

    Signature Algorithm: sha256WithRSAEncryption
         99:68:54:c9:47:3f:66:a3:6e:06:cb:43:f5:91:ff:2e:05:4b:
         06:7f:9f:11:a4:01:1b:8b:4e:2c:e7:34:34:b2:3a:05:f9:3b:
         2f:28:8c:c9:75:7e:cb:32:04:c1:79:cd:fb:e9:0c:c8:43:1c:
         24:48:80:03:a7:de:7f:28:28:41:5e:6a:81:a5:e3:e1:21:5d:
         4a:cf:30:fe:37:cf:57:b6:95:9c:fe:a7:23:3e:2a:64:de:e5:
         89:2d:29:74:5e:0e:50:ff:4e:39:03:f7:90:9b:b3:20:6c:8c:
         35:26:15:f9:f4:c9:9f:f5:28:ab:a0:0d:6b:2a:6d:45:27:3e:
         2e:96:ce:09:51:fa:99:26:16:6f:5e:cc:a8:be:c5:c3:d4:49:
         61:b3:78:86:54:36:6a:91:55:21:c2:55:39:6d:51:34:19:b9:
         e7:f5:9f:bb:81:b8:59:e3:de:78:9f:20:4b:f1:a5:87:9a:98:
         fd:5c:ac:e7:d2:0e:a5:f2:c6:dc:3f:99:4c:1e:cb:b2:a9:bf:
         c4:bd:db:d2:0c:a0:b6:28:2b:98:ca:35:97:98:02:8d:1c:bb:
         07:6d:a9:8e:8d:97:15:cb:39:f1:a6:eb:2e:a5:54:e1:06:23:
         a4:64:e9:f7:7b:54:85:28:66:d4:84:ad:a5:0d:25:b7:77:ea:
         03:eb:72:4b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICc8YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDYw
MTE2MTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDg4ODM5OEJCOEVBOUVE
OEFFRDBCQzU5OEQzQ0Y0OTM3QzYwMDdBRTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+PkM945rMwYZy3brSgjmfCs2x0bMGOMrjq79ssngrHzW6K0a8
2mOf9PFNcKU86F+pROid60A2tEgfhLVBtisbvB7A219gYg4kHROvOgxzswQh2vJo
v479ViVGGktBbCjSDSbXqNkXAAIyqPoJGVowCpT4+QoYWSRXhRIA3YQHIgUq6jV5
yu9KSNbad9K1RqDTN2WBo9vOVIl5/KjSa9pU4MDxDjCkaMZ6HCUvFaUkk58LC5CV
Tfs6l/+vNXk+q4V3W44C1ka5jyESK4BDraueRKrCYC+/wqreWPQXsSjp8jEyQf4h
Zkp+4S+jO4tq5P4Sp3lbZUdU0YlvoC6rAmdrAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUiIOYu46p7YrtC8WY089JN8YAeuEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2lJT1l1NDZwN1lydEM4
V1kwODlKTjhZQWV1RS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCZaFTJ
Rz9mo24Gy0P1kf8uBUsGf58RpAEbi04s5zQ0sjoF+TsvKIzJdX7LMgTBec376QzI
QxwkSIADp95/KChBXmqBpePhIV1KzzD+N89XtpWc/qcjPipk3uWJLSl0Xg5Q/045
A/eQm7MgbIw1JhX59Mmf9SiroA1rKm1FJz4uls4JUfqZJhZvXsyovsXD1Elhs3iG
VDZqkVUhwlU5bVE0Gbnn9Z+7gbhZ4954nyBL8aWHmpj9XKzn0g6l8sbcP5lMHsuy
qb/EvdvSDKC2KCuYyjWXmAKNHLsHbamOjZcVyznxpusupVThBiOkZOn3e1SFKGbU
hK2lDSW3d+oD63JL
-----END CERTIFICATE-----
Generated at Sun Jul 20 16:38:16 2025 by rpki-client