Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/rmnp8yYinE9Uq43BRFcNZnIt7HE.roa
File:                     rmnp8yYinE9Uq43BRFcNZnIt7HE.roa (raw, json)
Hash identifier:          CJBFd4POgRzp7CkFl46GIrWCIw5Xp43ELZfTEyXSgVc=
Subject key identifier:   AE:69:E9:F3:26:22:9C:4F:54:AB:8D:C1:44:57:0D:66:72:2D:EC:71
Certificate issuer:       /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial:       7428
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rmnp8yYinE9Uq43BRFcNZnIt7HE.roa
Signing time:             Mon 07 Jul 2025 01:44:59 +0000
ROA not before:           Mon 07 Jul 2025 01:44:59 +0000
ROA not after:            Fri 03 Apr 2026 08:00:09 +0000
asID:                     24426
IP address blocks:        43.239.48.0/22 maxlen: 22
                          43.246.0.0/22 maxlen: 22
                          43.246.4.0/22 maxlen: 22
                          43.246.12.0/22 maxlen: 22
                          43.246.16.0/22 maxlen: 22
                          43.246.20.0/22 maxlen: 22
                          43.246.24.0/22 maxlen: 22
                          43.246.28.0/22 maxlen: 22
                          43.246.32.0/22 maxlen: 22
                          43.246.36.0/22 maxlen: 22
                          43.246.40.0/22 maxlen: 22
                          43.246.44.0/22 maxlen: 22
                          43.246.52.0/22 maxlen: 22
                          43.246.56.0/22 maxlen: 22
                          43.246.60.0/22 maxlen: 22
                          43.246.64.0/22 maxlen: 22
                          43.246.68.0/22 maxlen: 22
                          43.246.72.0/22 maxlen: 22
                          43.246.76.0/22 maxlen: 22
                          43.246.80.0/22 maxlen: 22
                          43.246.84.0/22 maxlen: 22
                          43.246.88.0/22 maxlen: 22
                          43.246.92.0/22 maxlen: 22
                          43.246.96.0/22 maxlen: 22
                          103.35.48.0/22 maxlen: 22
                          103.236.0.0/22 maxlen: 22
                          103.236.4.0/22 maxlen: 22
                          103.236.8.0/22 maxlen: 22
                          103.236.12.0/22 maxlen: 22
                          103.236.16.0/22 maxlen: 22
                          103.236.20.0/22 maxlen: 22
                          103.236.28.0/22 maxlen: 22
                          103.236.32.0/22 maxlen: 22
                          103.236.36.0/22 maxlen: 22
                          103.236.40.0/22 maxlen: 22
                          103.236.44.0/22 maxlen: 22
                          103.236.48.0/22 maxlen: 22
                          103.236.52.0/22 maxlen: 22
                          103.236.56.0/22 maxlen: 22
                          103.236.60.0/22 maxlen: 22
                          103.236.64.0/22 maxlen: 22
                          103.236.68.0/22 maxlen: 22
                          103.236.72.0/22 maxlen: 22
                          103.236.76.0/22 maxlen: 22
                          103.236.80.0/22 maxlen: 22
                          103.236.84.0/22 maxlen: 22
                          103.236.88.0/22 maxlen: 22
                          103.236.92.0/22 maxlen: 22
                          103.236.96.0/22 maxlen: 22
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 29736 (0x7428)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
        Validity
            Not Before: Jul  7 01:44:59 2025 GMT
            Not After : Apr  3 08:00:09 2026 GMT
        Subject: CN=AE69E9F326229C4F54AB8DC144570D66722DEC71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c8:1a:6c:0c:06:19:0d:d5:ea:10:dd:97:e1:
                    21:a8:46:02:58:44:9c:b5:53:99:5f:99:48:9d:7b:
                    8d:d6:d6:b2:de:d7:cf:5c:13:b5:b2:18:89:75:f5:
                    e5:c6:e8:a3:8c:cf:bf:67:ec:6d:4f:39:bb:e6:81:
                    63:20:9f:f0:8c:64:90:50:d3:a9:2d:be:e5:e6:ab:
                    57:fe:03:07:95:6d:59:ba:de:ef:2d:9a:1c:29:f0:
                    4e:cf:6f:46:1b:99:2d:d4:a7:65:db:f9:32:b6:f3:
                    5f:7c:4e:3d:c5:b6:2b:a1:fa:3f:df:2e:4d:50:55:
                    91:d9:03:91:8f:7b:ad:86:60:a0:fe:b2:c2:bd:6d:
                    38:0d:b6:53:f3:0f:24:2b:e7:92:11:13:ae:bc:52:
                    1b:02:8f:05:8b:57:35:48:12:75:b2:d5:5e:9b:94:
                    d8:2f:e7:3b:cf:96:3a:72:62:dc:54:24:89:e5:4e:
                    39:58:fe:d8:35:f0:ee:33:0a:61:95:5f:59:be:00:
                    91:cd:65:5e:6a:eb:0e:aa:53:3e:d5:83:91:6f:bc:
                    f3:df:14:ea:3b:d9:53:2b:4b:83:fc:2d:cc:4b:d8:
                    a5:c4:db:1d:c8:4b:c9:a6:86:81:74:8d:ad:ac:54:
                    e3:4a:d9:20:43:7c:f6:e5:ef:d7:0a:2a:ad:62:f9:
                    9c:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:69:E9:F3:26:22:9C:4F:54:AB:8D:C1:44:57:0D:66:72:2D:EC:71
            X509v3 Authority Key Identifier:
                keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rmnp8yYinE9Uq43BRFcNZnIt7HE.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.239.48.0/22
                  43.246.0.0/21
                  43.246.12.0-43.246.47.255
                  43.246.52.0-43.246.99.255
                  103.35.48.0/22
                  103.236.0.0-103.236.23.255
                  103.236.28.0-103.236.99.255

    Signature Algorithm: sha256WithRSAEncryption
         ac:9f:91:e8:e3:75:4b:3f:9f:61:3b:9c:6d:ea:f1:0a:74:3e:
         f4:54:55:72:98:bf:18:83:c2:b6:b2:53:6e:0a:ed:b6:e0:3b:
         ee:78:bd:5c:5c:72:f1:a3:fc:e2:d1:33:ee:2b:e7:f1:60:8e:
         64:0a:7b:e0:23:01:72:42:fd:43:dc:d5:94:02:05:5f:1a:d2:
         0c:f2:1f:9a:3a:66:3d:ee:02:57:b0:79:18:a8:b0:fb:d9:e5:
         d4:ce:94:d5:a5:64:c5:dd:87:d4:f0:1a:6f:4d:43:08:e0:fb:
         9b:5b:c1:84:a3:a6:02:f5:3b:44:4c:04:63:a6:58:75:7c:5d:
         1b:5b:75:54:04:05:aa:60:22:1d:99:54:76:87:df:cb:84:48:
         3e:dd:6f:85:c5:e5:f5:5c:c2:b6:0b:90:75:00:d4:ce:c6:ae:
         52:e5:64:d1:27:22:a6:9e:49:4f:49:c9:c9:be:e5:a2:27:d3:
         25:ff:92:fc:eb:4b:d2:c4:e8:99:f6:50:8a:7a:ac:56:fe:32:
         54:2e:ed:65:45:20:34:fd:2c:a1:f9:8d:59:70:b1:d5:02:42:
         57:b6:64:ad:b1:c7:73:95:45:b8:2b:40:19:d9:f7:e6:32:d1:
         6e:aa:e4:3f:63:45:19:58:a6:58:be:99:f6:49:6a:bc:3e:0a:
         2c:2f:37:6a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdCgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDcw
MTQ0NTlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEFFNjlFOUYzMjYyMjlD
NEY1NEFCOERDMTQ0NTcwRDY2NzIyREVDNzEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCdyBpsDAYZDdXqEN2X4SGoRgJYRJy1U5lfmUide43W1rLe189c
E7WyGIl19eXG6KOMz79n7G1PObvmgWMgn/CMZJBQ06ktvuXmq1f+AweVbVm63u8t
mhwp8E7Pb0YbmS3Up2Xb+TK28198Tj3Ftiuh+j/fLk1QVZHZA5GPe62GYKD+ssK9
bTgNtlPzDyQr55IRE668UhsCjwWLVzVIEnWy1V6blNgv5zvPljpyYtxUJInlTjlY
/tg18O4zCmGVX1m+AJHNZV5q6w6qUz7Vg5FvvPPfFOo72VMrS4P8LcxL2KXE2x3I
S8mmhoF0ja2sVONK2SBDfPbl79cKKq1i+ZxdAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUrmnp8yYinE9Uq43BRFcNZnIt7HEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3JtbnA4eVlpbkU5VXE0
M0JSRmNOWm5JdDdIRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCsn5Ho
43VLP59hO5xt6vEKdD70VFVymL8Yg8K2slNuCu224DvueL1cXHLxo/zi0TPuK+fx
YI5kCnvgIwFyQv1D3NWUAgVfGtIM8h+aOmY97gJXsHkYqLD72eXUzpTVpWTF3YfU
8BpvTUMI4PubW8GEo6YC9TtETARjplh1fF0bW3VUBAWqYCIdmVR2h9/LhEg+3W+F
xeX1XMK2C5B1ANTOxq5S5WTRJyKmnklPScnJvuWiJ9Ml/5L860vSxOiZ9lCKeqxW
/jJULu1lRSA0/Syh+Y1ZcLHVAkJXtmStscdzlUW4K0AZ2ffmMtFuquQ/Y0UZWKZY
vpn2SWq8PgosLzdq
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:48:28 2025 by rpki-client