Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/SN2YzDporMRLD4JWucsIHeLw5I8.roa
File:                     SN2YzDporMRLD4JWucsIHeLw5I8.roa (raw, json)
Hash identifier:          ZKXj6o12wUsJTPjxMUUOtgh5k/6eFF6/jqWsWB3qe9s=
Subject key identifier:   48:DD:98:CC:3A:68:AC:C4:4B:0F:82:56:B9:CB:08:1D:E2:F0:E4:8F
Certificate issuer:       /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial:       5355
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/SN2YzDporMRLD4JWucsIHeLw5I8.roa
Signing time:             Thu 09 May 2024 16:54:26 +0000
ROA not before:           Thu 09 May 2024 16:54:26 +0000
ROA not after:            Fri 31 Jan 2025 01:13:46 +0000
asID:                     24426
IP address blocks:        43.239.0.0/19 maxlen: 19
                          101.78.32.0/19 maxlen: 19
                          103.35.0.0/19 maxlen: 19
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 21333 (0x5355)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
        Validity
            Not Before: May  9 16:54:26 2024 GMT
            Not After : Jan 31 01:13:46 2025 GMT
        Subject: CN=48DD98CC3A68ACC44B0F8256B9CB081DE2F0E48F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:95:9b:96:dc:7b:5a:31:ae:be:92:b0:41:ff:
                    2c:36:e6:5d:9e:ee:61:e2:41:2e:e0:3b:41:66:22:
                    79:64:ee:c3:fe:69:31:69:5c:e2:d2:84:ee:d3:6f:
                    6a:ba:12:f9:05:10:b0:2c:99:a7:46:22:67:c2:fb:
                    11:cc:18:f6:ce:ff:ab:64:b0:d9:7f:50:dc:7a:5e:
                    1a:c3:ff:9c:41:b0:aa:44:7d:01:55:84:e2:db:dc:
                    92:5e:c3:17:a3:21:9d:52:84:3b:af:f0:21:f5:fc:
                    5e:4b:13:3d:26:dc:a2:5c:ab:02:72:d2:07:09:79:
                    55:53:78:c8:a8:0f:60:14:6f:1e:ec:3b:73:0c:5e:
                    6d:ff:df:12:c3:db:1f:7f:cc:82:0e:8e:77:60:a8:
                    d5:5d:54:d1:63:7a:3c:e9:0d:6d:ed:11:dd:6b:31:
                    6c:c1:1b:58:9a:61:55:3e:9c:1d:f9:b1:f2:e6:24:
                    80:97:63:af:a6:14:7a:a8:12:15:8b:6d:72:07:f5:
                    01:b0:d7:bb:5f:97:5d:3a:91:3b:19:1e:b6:b2:64:
                    e5:68:41:6e:f5:42:13:b2:1f:23:77:a3:22:1e:7f:
                    db:ad:1a:24:b7:0b:b1:5b:27:2a:7b:0b:9f:cb:eb:
                    77:00:5d:15:26:b5:96:fc:2d:dd:f0:19:40:f0:3a:
                    88:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:DD:98:CC:3A:68:AC:C4:4B:0F:82:56:B9:CB:08:1D:E2:F0:E4:8F
            X509v3 Authority Key Identifier:
                keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/SN2YzDporMRLD4JWucsIHeLw5I8.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.239.0.0/19
                  101.78.32.0/19
                  103.35.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         38:58:52:63:63:2c:27:d0:b4:5f:73:c3:ba:8c:2f:59:b9:92:
         78:3b:96:90:fb:28:78:bd:ce:7d:3c:10:b4:78:4f:e0:6f:ce:
         a7:99:64:53:71:a2:cc:22:1c:c7:4a:ab:f0:0d:65:1e:94:34:
         5e:f4:5c:e3:d5:b8:f1:d0:fe:95:58:09:37:b8:16:bf:59:dd:
         77:53:f2:f9:83:4b:5f:56:40:2b:65:6a:a2:7c:c5:dd:53:f2:
         a5:1d:3d:b8:28:34:4a:5a:ae:19:55:0d:e8:de:8e:3f:d6:f7:
         be:d8:e2:a8:53:4d:ef:a0:43:1b:89:67:58:92:5d:de:bd:70:
         fa:11:79:c0:70:74:e2:bc:c5:81:d9:9a:d7:ed:5c:da:52:93:
         33:15:d9:03:4d:a4:6a:40:dc:a9:dc:d8:82:92:c8:b3:54:56:
         20:18:26:05:4d:89:1a:f6:c6:d4:be:42:3a:0d:73:5b:c9:eb:
         81:06:1c:4f:3d:30:06:8e:5a:14:3d:fe:34:4a:fb:93:8c:0d:
         8c:de:11:62:23:b6:d8:68:82:01:81:92:a3:a3:09:f8:8b:51:
         46:9c:3b:cb:7f:d1:be:1b:3e:08:3f:57:9c:19:ee:7e:02:aa:
         6e:7a:d1:a3:59:68:2d:4c:32:99:9b:ef:ed:24:34:c2:f6:68:
         e8:6d:94:45
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICU1UwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDkx
NjU0MjZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQ4REQ5OENDM0E2OEFD
QzQ0QjBGODI1NkI5Q0IwODFERTJGMEU0OEYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDQlZuW3HtaMa6+krBB/yw25l2e7mHiQS7gO0FmInlk7sP+aTFp
XOLShO7Tb2q6EvkFELAsmadGImfC+xHMGPbO/6tksNl/UNx6XhrD/5xBsKpEfQFV
hOLb3JJewxejIZ1ShDuv8CH1/F5LEz0m3KJcqwJy0gcJeVVTeMioD2AUbx7sO3MM
Xm3/3xLD2x9/zIIOjndgqNVdVNFjejzpDW3tEd1rMWzBG1iaYVU+nB35sfLmJICX
Y6+mFHqoEhWLbXIH9QGw17tfl106kTsZHrayZOVoQW71QhOyHyN3oyIef9utGiS3
C7FbJyp7C5/L63cAXRUmtZb8Ld3wGUDwOogdAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUSN2YzDporMRLD4JWucsIHeLw5I8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1NOMll6RHBvck1STEQ0
Sld1Y3NJSGVMdzVJOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBADhYUmNjLCfQtF9z
w7qML1m5kng7lpD7KHi9zn08ELR4T+BvzqeZZFNxoswiHMdKq/ANZR6UNF70XOPV
uPHQ/pVYCTe4Fr9Z3XdT8vmDS19WQCtlaqJ8xd1T8qUdPbgoNEparhlVDejejj/W
977Y4qhTTe+gQxuJZ1iSXd69cPoRecBwdOK8xYHZmtftXNpSkzMV2QNNpGpA3Knc
2IKSyLNUViAYJgVNiRr2xtS+QjoNc1vJ64EGHE89MAaOWhQ9/jRK+5OMDYzeEWIj
tthoggGBkqOjCfiLUUacO8t/0b4bPgg/V5wZ7n4Cqm560aNZaC1MMpmb7+0kNML2
aOhtlEU=
-----END CERTIFICATE-----
Generated at Sun May 18 01:59:44 2025 by rpki-client