Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/sMCMy9xdOdMaX8KqQ-mJIJ8yahk.roa
File:                     sMCMy9xdOdMaX8KqQ-mJIJ8yahk.roa (raw, json)
Hash identifier:          UKkZInbclnOrhkUjVgTL+9gfAYqNnVlSOnLMdyLtaG4=
Subject key identifier:   B0:C0:8C:CB:DC:5D:39:D3:1A:5F:C2:AA:43:E9:89:20:9F:32:6A:19
Certificate issuer:       /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial:       6D6C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/sMCMy9xdOdMaX8KqQ-mJIJ8yahk.roa
Signing time:             Thu 19 Jun 2025 00:57:50 +0000
ROA not before:           Thu 19 Jun 2025 00:57:50 +0000
ROA not after:            Fri 03 Apr 2026 08:00:09 +0000
asID:                     24426
IP address blocks:        43.239.48.0/22 maxlen: 22
                          43.246.0.0/22 maxlen: 22
                          43.246.4.0/22 maxlen: 22
                          43.246.12.0/22 maxlen: 22
                          43.246.16.0/22 maxlen: 22
                          43.246.20.0/22 maxlen: 22
                          43.246.24.0/22 maxlen: 22
                          43.246.28.0/22 maxlen: 22
                          43.246.32.0/22 maxlen: 22
                          43.246.36.0/22 maxlen: 22
                          43.246.40.0/22 maxlen: 22
                          43.246.44.0/22 maxlen: 22
                          43.246.52.0/22 maxlen: 22
                          43.246.56.0/22 maxlen: 22
                          43.246.60.0/22 maxlen: 22
                          43.246.64.0/22 maxlen: 22
                          43.246.68.0/22 maxlen: 22
                          43.246.72.0/22 maxlen: 22
                          43.246.76.0/22 maxlen: 22
                          43.246.80.0/22 maxlen: 22
                          43.246.84.0/22 maxlen: 22
                          43.246.88.0/22 maxlen: 22
                          43.246.92.0/22 maxlen: 22
                          43.246.96.0/22 maxlen: 22
                          103.35.48.0/22 maxlen: 22
                          103.236.0.0/22 maxlen: 22
                          103.236.4.0/22 maxlen: 22
                          103.236.8.0/22 maxlen: 22
                          103.236.12.0/22 maxlen: 22
                          103.236.16.0/22 maxlen: 22
                          103.236.20.0/22 maxlen: 22
                          103.236.28.0/22 maxlen: 22
                          103.236.32.0/22 maxlen: 22
                          103.236.36.0/22 maxlen: 22
                          103.236.40.0/22 maxlen: 22
                          103.236.44.0/22 maxlen: 22
                          103.236.48.0/22 maxlen: 22
                          103.236.52.0/22 maxlen: 22
                          103.236.56.0/22 maxlen: 22
                          103.236.60.0/22 maxlen: 22
                          103.236.64.0/22 maxlen: 22
                          103.236.68.0/22 maxlen: 22
                          103.236.72.0/22 maxlen: 22
                          103.236.76.0/22 maxlen: 22
                          103.236.80.0/22 maxlen: 22
                          103.236.84.0/22 maxlen: 22
                          103.236.88.0/22 maxlen: 22
                          103.236.92.0/22 maxlen: 22
                          103.236.96.0/22 maxlen: 22
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 28012 (0x6d6c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
        Validity
            Not Before: Jun 19 00:57:50 2025 GMT
            Not After : Apr  3 08:00:09 2026 GMT
        Subject: CN=B0C08CCBDC5D39D31A5FC2AA43E989209F326A19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:59:c7:0e:c8:c2:7c:35:4c:36:05:14:23:ff:
                    53:d5:ab:dd:85:15:1e:af:61:c5:09:27:77:6d:b9:
                    ad:55:4e:7d:d7:b0:b0:de:10:a0:d9:f5:53:60:69:
                    14:e3:19:2b:df:eb:1d:ca:6e:96:95:1e:42:cf:b2:
                    9a:d0:b9:28:ed:ac:fb:79:58:d2:85:93:fe:18:d9:
                    4a:80:61:4d:52:c3:10:45:be:cf:99:67:7a:b9:43:
                    89:a7:fd:a5:22:b7:c4:14:0f:f3:e2:61:32:98:37:
                    15:8b:70:bb:14:d6:ca:90:0f:15:54:83:57:4d:87:
                    4a:f4:f9:4d:f3:cb:92:68:91:5f:db:df:87:a1:fb:
                    36:9b:27:9e:f0:3f:b4:7f:5e:bf:c9:ac:28:f3:3a:
                    3b:42:39:7c:bb:7b:ff:b6:ec:e0:d3:80:fc:8c:f2:
                    a5:2e:5c:49:c6:54:a4:cb:41:fb:f9:82:13:e7:47:
                    9c:6c:04:75:00:70:99:ea:6d:37:d3:c2:9c:40:5c:
                    95:d1:bc:98:57:00:69:dd:79:7d:70:5c:8d:24:86:
                    b2:90:b9:5e:2c:f0:a9:d9:55:c0:4d:db:4d:76:d2:
                    c3:23:21:5b:ea:f4:95:03:42:67:c6:3b:9f:96:c1:
                    8e:7e:b9:11:44:19:7e:3e:d1:d1:3f:c8:5b:a6:e0:
                    0d:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:C0:8C:CB:DC:5D:39:D3:1A:5F:C2:AA:43:E9:89:20:9F:32:6A:19
            X509v3 Authority Key Identifier:
                keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/sMCMy9xdOdMaX8KqQ-mJIJ8yahk.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.239.48.0/22
                  43.246.0.0/21
                  43.246.12.0-43.246.47.255
                  43.246.52.0-43.246.99.255
                  103.35.48.0/22
                  103.236.0.0-103.236.23.255
                  103.236.28.0-103.236.99.255

    Signature Algorithm: sha256WithRSAEncryption
         28:32:11:d3:1f:b0:42:9d:e6:b8:32:e1:f1:c9:35:71:99:a6:
         53:9a:60:63:fa:06:74:85:f5:01:60:98:81:49:65:f3:70:45:
         27:f4:6f:77:c6:ae:59:55:61:4d:6f:a7:17:ac:19:e1:95:23:
         a7:53:e5:dd:8b:8e:b7:86:c5:98:af:67:8b:90:b7:94:64:f5:
         1b:78:a7:ce:54:d4:e9:00:34:fe:02:2d:3f:56:6b:b7:7a:50:
         05:ef:96:48:3f:d4:d0:b5:5b:33:1d:41:03:97:4f:1e:31:70:
         ca:41:19:13:05:cd:e7:66:34:5a:05:72:c7:23:5e:0e:e1:6c:
         69:8d:d3:fa:c9:60:64:e9:a8:38:ed:d9:86:43:6e:5d:3a:e6:
         2e:dc:0c:e5:f0:c6:86:74:13:1e:d8:f4:78:f4:86:98:8e:35:
         e6:8f:1a:78:bf:74:06:78:a5:d0:6c:0d:bb:f7:8d:dd:6c:02:
         30:d1:60:77:a7:64:5a:99:51:70:21:14:ef:8e:eb:c8:dc:8d:
         b0:14:72:e2:09:fb:95:51:fe:d1:0e:8f:71:a9:da:a7:32:50:
         34:28:f1:81:f8:33:78:bc:76:70:12:d8:2f:da:15:66:aa:61:
         01:68:60:2a:35:74:40:f9:08:21:ca:7a:ff:e3:13:b8:00:3b:
         de:3c:7c:e2
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbWwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTkw
MDU3NTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEIwQzA4Q0NCREM1RDM5
RDMxQTVGQzJBQTQzRTk4OTIwOUYzMjZBMTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD0WccOyMJ8NUw2BRQj/1PVq92FFR6vYcUJJ3dtua1VTn3XsLDe
EKDZ9VNgaRTjGSvf6x3KbpaVHkLPsprQuSjtrPt5WNKFk/4Y2UqAYU1SwxBFvs+Z
Z3q5Q4mn/aUit8QUD/PiYTKYNxWLcLsU1sqQDxVUg1dNh0r0+U3zy5JokV/b34eh
+zabJ57wP7R/Xr/JrCjzOjtCOXy7e/+27ODTgPyM8qUuXEnGVKTLQfv5ghPnR5xs
BHUAcJnqbTfTwpxAXJXRvJhXAGndeX1wXI0khrKQuV4s8KnZVcBN20120sMjIVvq
9JUDQmfGO5+WwY5+uRFEGX4+0dE/yFum4A1PAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUsMCMy9xdOdMaX8KqQ+mJIJ8yahkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3NNQ015OXhkT2RNYVg4
S3FRLW1KSUo4eWFoay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAoMhHT
H7BCnea4MuHxyTVxmaZTmmBj+gZ0hfUBYJiBSWXzcEUn9G93xq5ZVWFNb6cXrBnh
lSOnU+Xdi463hsWYr2eLkLeUZPUbeKfOVNTpADT+Ai0/Vmu3elAF75ZIP9TQtVsz
HUEDl08eMXDKQRkTBc3nZjRaBXLHI14O4WxpjdP6yWBk6ag47dmGQ25dOuYu3Azl
8MaGdBMe2PR49IaYjjXmjxp4v3QGeKXQbA27943dbAIw0WB3p2RamVFwIRTvjuvI
3I2wFHLiCfuVUf7RDo9xqdqnMlA0KPGB+DN4vHZwEtgv2hVmqmEBaGAqNXRA+Qgh
ynr/4xO4ADvePHzi
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:48:38 2025 by rpki-client