Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3130/8xQN9_iUTYCrHJSxOxlWfJBWcJA.roa
File:                     8xQN9_iUTYCrHJSxOxlWfJBWcJA.roa (raw, json)
Hash identifier:          /hNOLvp6CHPCE/rQv1ooQ+VsoG73l5xVZrPegT//Ojw=
Subject key identifier:   F3:14:0D:F7:F8:94:4D:80:AB:1C:94:B1:3B:19:56:7C:90:56:70:90
Certificate issuer:       /CN=2B0C50542CA87AA3C12F30C32323062C87102221
Certificate serial:       0F06
Authority key identifier: 2B:0C:50:54:2C:A8:7A:A3:C1:2F:30:C3:23:23:06:2C:87:10:22:21
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KwxQVCyoeqPBLzDDIyMGLIcQIiE.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3130/8xQN9_iUTYCrHJSxOxlWfJBWcJA.roa
Signing time:             Mon 18 Mar 2024 07:19:30 +0000
ROA not before:           Mon 18 Mar 2024 07:19:30 +0000
ROA not after:            Fri 31 Jan 2025 01:13:46 +0000
asID:                     2914
IP address blocks:        180.223.32.0/21 maxlen: 24
                          180.223.152.0/21 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3846 (0xf06)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2B0C50542CA87AA3C12F30C32323062C87102221
        Validity
            Not Before: Mar 18 07:19:30 2024 GMT
            Not After : Jan 31 01:13:46 2025 GMT
        Subject: CN=F3140DF7F8944D80AB1C94B13B19567C90567090
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:b5:a5:08:18:03:24:e2:72:2c:e5:e0:e7:d4:
                    ed:2d:99:87:d1:fa:79:2c:b5:f9:de:bc:d2:94:09:
                    61:d7:50:96:56:3f:8a:b8:b7:18:78:2f:f8:81:b6:
                    c9:ce:03:64:04:3b:cf:b2:ee:61:a0:c1:05:75:7e:
                    fb:af:a4:59:93:64:68:2d:6e:0e:a8:00:06:e9:a9:
                    76:2f:aa:e2:c8:c1:49:d5:dc:d9:c1:6a:b7:94:29:
                    2c:68:26:76:29:93:3c:70:6d:86:08:4f:c8:a8:32:
                    8a:c7:01:2c:f7:78:18:e6:01:9e:e0:c7:03:85:ca:
                    54:e3:13:0b:56:f1:3a:71:1a:4a:6c:b7:49:5a:e1:
                    0f:a7:ec:51:15:c4:9a:cc:d7:91:2b:8f:06:17:6c:
                    6f:af:6d:f5:94:56:48:93:93:b2:10:ba:9d:15:d1:
                    65:2e:ca:64:8c:0b:b4:a4:1b:d8:f4:06:40:52:2c:
                    29:df:af:53:e1:18:9b:d9:0a:03:89:33:15:09:14:
                    11:d4:4b:05:d6:36:f4:d9:a1:07:98:3b:8c:6f:e6:
                    9a:6f:55:45:1d:cf:3b:e6:04:5e:91:13:32:40:dc:
                    8a:a6:2c:bb:ab:51:da:92:fd:73:d0:cc:98:49:8e:
                    2a:9b:78:f2:c9:5a:a4:01:77:aa:52:d4:5c:01:eb:
                    3a:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:14:0D:F7:F8:94:4D:80:AB:1C:94:B1:3B:19:56:7C:90:56:70:90
            X509v3 Authority Key Identifier:
                keyid:2B:0C:50:54:2C:A8:7A:A3:C1:2F:30:C3:23:23:06:2C:87:10:22:21

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3130/KwxQVCyoeqPBLzDDIyMGLIcQIiE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KwxQVCyoeqPBLzDDIyMGLIcQIiE.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3130/8xQN9_iUTYCrHJSxOxlWfJBWcJA.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  180.223.32.0/21
                  180.223.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5e:a2:76:0b:0a:fe:71:f3:43:3b:42:c1:9e:6c:0d:ee:a7:78:
         5f:8a:70:4c:94:15:c0:ec:4c:f2:10:8e:3d:80:31:7e:e3:43:
         fe:ef:8a:52:95:00:fb:16:27:c9:3b:9a:79:b1:e8:92:77:1b:
         80:dc:56:e8:12:2a:85:93:83:e3:f5:95:1d:d7:ef:a7:9d:4b:
         67:3a:f3:e7:0b:cb:d5:ee:7e:ab:b5:15:63:93:fc:1e:cd:aa:
         62:9c:32:bd:52:b5:ff:a4:44:44:e2:9d:23:3d:ef:fc:1b:54:
         88:10:28:9d:96:73:30:ff:14:7f:2e:79:c3:a3:9a:a5:ef:15:
         16:6a:c1:72:ff:d1:c1:ae:27:cd:22:56:29:82:de:31:8e:f6:
         19:f9:0f:70:43:b3:a1:c9:0b:57:bf:fa:ca:c4:3c:26:1b:0a:
         6c:80:d0:5e:a0:1b:11:b8:8b:55:cc:11:b5:35:93:38:7f:5f:
         65:ca:1e:b2:00:75:23:85:18:3b:ef:34:c4:20:49:47:19:26:
         79:92:c4:fd:31:dc:6b:7f:d0:db:49:0e:fc:a0:e0:54:d5:6c:
         0f:86:7a:cf:50:e2:de:aa:d0:48:a6:8c:e3:0a:89:d3:11:c7:
         8c:03:0b:a6:f7:50:0a:02:dc:75:92:9b:80:e8:96:3c:78:72:
         2b:84:4d:7c
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgICDwYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkIw
QzUwNTQyQ0E4N0FBM0MxMkYzMEMzMjMyMzA2MkM4NzEwMjIyMTAeFw0yNDAzMTgw
NzE5MzBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEYzMTQwREY3Rjg5NDRE
ODBBQjFDOTRCMTNCMTk1NjdDOTA1NjcwOTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJtaUIGAMk4nIs5eDn1O0tmYfR+nkstfnevNKUCWHXUJZWP4q4
txh4L/iBtsnOA2QEO8+y7mGgwQV1fvuvpFmTZGgtbg6oAAbpqXYvquLIwUnV3NnB
areUKSxoJnYpkzxwbYYIT8ioMorHASz3eBjmAZ7gxwOFylTjEwtW8TpxGkpst0la
4Q+n7FEVxJrM15ErjwYXbG+vbfWUVkiTk7IQup0V0WUuymSMC7SkG9j0BkBSLCnf
r1PhGJvZCgOJMxUJFBHUSwXWNvTZoQeYO4xv5ppvVUUdzzvmBF6REzJA3IqmLLur
UdqS/XPQzJhJjiqbePLJWqQBd6pS1FwB6zrVAgMBAAGjggH5MIIB9TAdBgNVHQ4E
FgQU8xQN9/iUTYCrHJSxOxlWfJBWcJAwHwYDVR0jBBgwFoAUKwxQVCyoeqPBLzDD
IyMGLIcQIiEwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzEz
MC9Ld3hRVkN5b2VxUEJMekRESXlNR0xJY1FJaUUuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL0t3eFFWQ3lvZXFQQkx6RERJeU1HTEljUUlpRS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMxMzAvOHhRTjlfaVVUWUNy
SEpTeE94bFdmSkJXY0pBLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEw
DAMEA7TfIAMEA7TfmDANBgkqhkiG9w0BAQsFAAOCAQEAXqJ2Cwr+cfNDO0LBnmwN
7qd4X4pwTJQVwOxM8hCOPYAxfuND/u+KUpUA+xYnyTuaebHokncbgNxW6BIqhZOD
4/WVHdfvp51LZzrz5wvL1e5+q7UVY5P8Hs2qYpwyvVK1/6REROKdIz3v/BtUiBAo
nZZzMP8Ufy55w6Oape8VFmrBcv/Rwa4nzSJWKYLeMY72GfkPcEOzockLV7/6ysQ8
JhsKbIDQXqAbEbiLVcwRtTWTOH9fZcoesgB1I4UYO+80xCBJRxkmeZLE/THca3/Q
20kO/KDgVNVsD4Z6z1Di3qrQSKaM4wqJ0xHHjAMLpvdQCgLcdZKbgOiWPHhyK4RN
fA==
-----END CERTIFICATE-----
Generated at Mon Mar 25 09:53:54 2024 by rpki-client on console-fra.rpki-client.org