Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/n3KxGGN8fRZbE713NfzEN2zodTI.roa
File:                     n3KxGGN8fRZbE713NfzEN2zodTI.roa (raw, json)
Hash identifier:          Xdku3SXupcWurBfa6P+Z5faIOMaHiPfF3FcFsF7FH/U=
Subject key identifier:   9F:72:B1:18:63:7C:7D:16:5B:13:BD:77:35:FC:C4:37:6C:E8:75:32
Certificate issuer:       /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial:       6D0C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/n3KxGGN8fRZbE713NfzEN2zodTI.roa
Signing time:             Tue 17 Jun 2025 21:12:47 +0000
ROA not before:           Tue 17 Jun 2025 21:12:47 +0000
ROA not after:            Fri 03 Apr 2026 08:00:09 +0000
asID:                     24426
IP address blocks:        43.239.48.0/22 maxlen: 22
                          43.246.0.0/22 maxlen: 22
                          43.246.4.0/22 maxlen: 22
                          43.246.12.0/22 maxlen: 22
                          43.246.16.0/22 maxlen: 22
                          43.246.20.0/22 maxlen: 22
                          43.246.24.0/22 maxlen: 22
                          43.246.28.0/22 maxlen: 22
                          43.246.32.0/22 maxlen: 22
                          43.246.36.0/22 maxlen: 22
                          43.246.40.0/22 maxlen: 22
                          43.246.44.0/22 maxlen: 22
                          43.246.52.0/22 maxlen: 22
                          43.246.56.0/22 maxlen: 22
                          43.246.60.0/22 maxlen: 22
                          43.246.64.0/22 maxlen: 22
                          43.246.68.0/22 maxlen: 22
                          43.246.72.0/22 maxlen: 22
                          43.246.76.0/22 maxlen: 22
                          43.246.80.0/22 maxlen: 22
                          43.246.84.0/22 maxlen: 22
                          43.246.88.0/22 maxlen: 22
                          43.246.92.0/22 maxlen: 22
                          43.246.96.0/22 maxlen: 22
                          103.35.48.0/22 maxlen: 22
                          103.236.0.0/22 maxlen: 22
                          103.236.4.0/22 maxlen: 22
                          103.236.8.0/22 maxlen: 22
                          103.236.12.0/22 maxlen: 22
                          103.236.16.0/22 maxlen: 22
                          103.236.20.0/22 maxlen: 22
                          103.236.28.0/22 maxlen: 22
                          103.236.32.0/22 maxlen: 22
                          103.236.36.0/22 maxlen: 22
                          103.236.40.0/22 maxlen: 22
                          103.236.44.0/22 maxlen: 22
                          103.236.48.0/22 maxlen: 22
                          103.236.52.0/22 maxlen: 22
                          103.236.56.0/22 maxlen: 22
                          103.236.60.0/22 maxlen: 22
                          103.236.64.0/22 maxlen: 22
                          103.236.68.0/22 maxlen: 22
                          103.236.72.0/22 maxlen: 22
                          103.236.76.0/22 maxlen: 22
                          103.236.80.0/22 maxlen: 22
                          103.236.84.0/22 maxlen: 22
                          103.236.88.0/22 maxlen: 22
                          103.236.92.0/22 maxlen: 22
                          103.236.96.0/22 maxlen: 22
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 27916 (0x6d0c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
        Validity
            Not Before: Jun 17 21:12:47 2025 GMT
            Not After : Apr  3 08:00:09 2026 GMT
        Subject: CN=9F72B118637C7D165B13BD7735FCC4376CE87532
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:60:45:10:64:18:c8:1d:41:67:ea:bb:63:14:
                    57:af:f1:4d:28:d7:63:24:0a:80:16:7d:6e:67:b7:
                    36:77:cc:67:90:f7:ea:0a:e6:35:f5:c7:7b:42:80:
                    f4:40:09:57:a2:ed:5f:ed:33:86:39:09:96:66:13:
                    e2:33:ad:c5:5b:8e:2b:59:18:6d:f1:2b:9f:d7:41:
                    b4:f2:7b:55:fa:c9:b7:09:f8:44:7d:70:06:65:69:
                    cc:95:02:55:1f:1b:25:0e:39:bc:5f:c8:2d:fe:be:
                    ae:e2:3d:78:49:dd:9f:32:45:90:17:95:e0:e8:52:
                    06:fa:23:d8:b6:31:08:b8:4a:18:00:5f:5c:fe:39:
                    ea:03:2b:b0:8b:66:aa:40:c3:11:8b:11:9c:f1:cf:
                    57:03:36:54:66:7b:7a:f3:9a:13:06:4e:53:11:1e:
                    ce:13:e8:d2:13:c2:1c:8e:c0:8b:28:31:fc:43:30:
                    52:fb:a4:1a:ab:78:84:56:72:fb:2e:80:fd:0d:88:
                    4c:e5:3e:db:f4:3c:97:68:74:99:a8:bb:18:85:5d:
                    09:13:87:f6:bd:f4:e3:1d:2b:73:25:f6:0b:6b:ae:
                    f0:e2:20:1a:cc:c3:68:19:8c:83:d9:da:6e:d8:59:
                    b4:cc:e6:86:59:fc:67:a3:ab:5b:7d:0b:b6:d6:c8:
                    b5:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:72:B1:18:63:7C:7D:16:5B:13:BD:77:35:FC:C4:37:6C:E8:75:32
            X509v3 Authority Key Identifier:
                keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/n3KxGGN8fRZbE713NfzEN2zodTI.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.239.48.0/22
                  43.246.0.0/21
                  43.246.12.0-43.246.47.255
                  43.246.52.0-43.246.99.255
                  103.35.48.0/22
                  103.236.0.0-103.236.23.255
                  103.236.28.0-103.236.99.255

    Signature Algorithm: sha256WithRSAEncryption
         3c:e5:f6:8a:3e:a2:2a:97:c8:b0:64:a7:f8:3b:89:f3:b3:d9:
         ce:73:08:83:be:93:94:66:93:9e:bd:df:e1:e3:19:ec:57:5e:
         ff:6b:b1:fc:a6:98:66:5c:18:b1:1a:4b:e7:da:5e:2d:7c:16:
         0f:70:eb:27:18:9a:c2:94:f7:d7:78:e2:e8:cd:10:20:aa:a2:
         5f:a7:ae:81:1c:ce:24:1f:7c:9b:05:f6:75:50:0c:c5:cc:9e:
         3e:a7:32:13:fd:07:ee:66:d2:e4:11:a4:82:87:50:ad:fd:3c:
         1e:a5:07:ce:94:d4:4a:8c:56:b7:c2:76:28:85:77:d0:24:e2:
         58:eb:48:e2:4a:76:28:e7:62:75:08:f6:da:81:b3:de:f3:f9:
         d1:13:f1:2f:75:88:82:7c:a4:7d:77:74:17:1f:dd:cb:d4:79:
         dc:36:e5:9a:ee:bc:36:8c:9b:f6:7b:b5:da:75:3c:df:96:fc:
         b1:85:7f:90:1d:50:b0:af:da:a4:e4:02:d9:1f:21:e0:41:23:
         5e:d5:ee:ad:99:48:bc:6b:4e:ef:57:ca:aa:24:45:b1:52:98:
         de:90:d9:d3:23:37:b9:dd:d2:cc:3d:4a:8f:82:c9:2c:e9:53:
         65:32:f7:a0:4e:58:03:12:7d:91:f2:40:77:aa:22:7c:8f:ea:
         8f:f7:3e:10
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbQwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTcy
MTEyNDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDlGNzJCMTE4NjM3QzdE
MTY1QjEzQkQ3NzM1RkNDNDM3NkNFODc1MzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCkYEUQZBjIHUFn6rtjFFev8U0o12MkCoAWfW5ntzZ3zGeQ9+oK
5jX1x3tCgPRACVei7V/tM4Y5CZZmE+IzrcVbjitZGG3xK5/XQbTye1X6ybcJ+ER9
cAZlacyVAlUfGyUOObxfyC3+vq7iPXhJ3Z8yRZAXleDoUgb6I9i2MQi4ShgAX1z+
OeoDK7CLZqpAwxGLEZzxz1cDNlRme3rzmhMGTlMRHs4T6NITwhyOwIsoMfxDMFL7
pBqreIRWcvsugP0NiEzlPtv0PJdodJmouxiFXQkTh/a99OMdK3Ml9gtrrvDiIBrM
w2gZjIPZ2m7YWbTM5oZZ/Gejq1t9C7bWyLVrAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUn3KxGGN8fRZbE713NfzEN2zodTIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L24zS3hHR044ZlJaYkU3
MTNOZnpFTjJ6b2RUSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA85faK
PqIql8iwZKf4O4nzs9nOcwiDvpOUZpOevd/h4xnsV17/a7H8pphmXBixGkvn2l4t
fBYPcOsnGJrClPfXeOLozRAgqqJfp66BHM4kH3ybBfZ1UAzFzJ4+pzIT/QfuZtLk
EaSCh1Ct/TwepQfOlNRKjFa3wnYohXfQJOJY60jiSnYo52J1CPbagbPe8/nRE/Ev
dYiCfKR9d3QXH93L1HncNuWa7rw2jJv2e7XadTzflvyxhX+QHVCwr9qk5ALZHyHg
QSNe1e6tmUi8a07vV8qqJEWxUpjekNnTIze53dLMPUqPgsks6VNlMvegTlgDEn2R
8kB3qiJ8j+qP9z4Q
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:48:34 2025 by rpki-client