Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/NSb9zpfF2pitDYH3_ghgqu3stNw.roa
File:                     NSb9zpfF2pitDYH3_ghgqu3stNw.roa (raw, json)
Hash identifier:          ux86N3JSssbhAf3/u/Bc+5rO++E1ePUgLTmLnuuIed8=
Subject key identifier:   35:26:FD:CE:97:C5:DA:98:AD:0D:81:F7:FE:08:60:AA:ED:EC:B4:DC
Certificate issuer:       /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial:       3945
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NSb9zpfF2pitDYH3_ghgqu3stNw.roa
Signing time:             Thu 04 Apr 2024 22:52:24 +0000
ROA not before:           Thu 04 Apr 2024 22:52:24 +0000
ROA not after:            Fri 31 Jan 2025 01:13:46 +0000
asID:                     24426
IP address blocks:        43.239.0.0/19 maxlen: 19
                          101.78.32.0/19 maxlen: 19
                          103.35.0.0/19 maxlen: 19

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14661 (0x3945)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
        Validity
            Not Before: Apr  4 22:52:24 2024 GMT
            Not After : Jan 31 01:13:46 2025 GMT
        Subject: CN=3526FDCE97C5DA98AD0D81F7FE0860AAEDECB4DC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:18:5c:ad:cd:ad:84:b1:4f:3d:8a:4c:f9:58:
                    f0:51:f6:8f:e9:0f:ba:4e:2f:bb:88:23:ba:be:28:
                    0c:bd:1d:a7:22:97:8f:0d:ac:cb:f6:e3:13:d8:09:
                    4a:59:fb:58:95:a6:9c:e4:c9:71:14:7d:5a:2d:71:
                    09:fe:b4:21:8f:a7:33:8b:d6:21:c9:47:4b:0f:18:
                    8d:1b:12:1d:f3:67:75:96:f5:49:70:e7:85:77:5b:
                    e7:29:63:4b:4b:99:f9:70:6a:e4:7b:9a:f1:3f:87:
                    b1:24:2c:c9:97:91:79:cb:3a:cb:81:65:91:63:9b:
                    40:e5:65:91:fb:57:0f:84:32:5c:58:07:b2:fa:9a:
                    10:a3:ae:30:1a:63:db:3f:f8:e1:0d:a7:6e:c9:20:
                    fa:04:b6:90:2a:9f:08:47:a9:7e:73:ee:49:ca:7d:
                    0b:e4:22:8d:fa:df:81:e7:7c:48:bc:43:84:f8:69:
                    1b:8b:20:68:c7:4b:42:42:06:43:b3:f9:ee:93:ce:
                    20:1a:95:ee:fc:ff:43:7f:d4:b3:29:70:fa:ac:1c:
                    c0:1b:56:b8:02:e9:9b:2a:ca:55:5f:11:33:46:d3:
                    58:bb:bd:95:64:a6:3f:52:ab:5c:01:e3:a7:9e:f1:
                    4f:46:09:78:c9:26:0d:c2:24:45:9f:7a:75:e3:dd:
                    a2:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:26:FD:CE:97:C5:DA:98:AD:0D:81:F7:FE:08:60:AA:ED:EC:B4:DC
            X509v3 Authority Key Identifier:
                keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NSb9zpfF2pitDYH3_ghgqu3stNw.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.239.0.0/19
                  101.78.32.0/19
                  103.35.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         03:6c:16:06:2d:53:f9:3a:05:61:2b:44:d1:be:c3:d2:a3:79:
         a7:30:81:ae:db:7f:c2:4d:78:08:b0:f0:16:32:24:64:a1:29:
         af:99:54:7e:a2:99:77:e8:f4:fb:66:30:d2:76:10:b3:d1:53:
         5a:3d:fa:df:28:04:93:04:73:fe:0c:e8:4a:54:b8:b1:f6:56:
         a6:b2:f7:4e:1a:9f:7d:12:c8:a3:1b:d3:01:1c:e1:10:37:31:
         3b:d7:e6:21:53:3a:5f:7a:bf:08:91:58:65:41:d6:48:dd:29:
         a7:40:b5:f8:fa:eb:f6:8b:85:ab:1b:58:6e:83:a9:fd:34:43:
         5a:cb:26:72:7d:05:e3:86:41:26:a2:9c:42:70:b7:31:48:d5:
         21:7a:9a:9c:02:cc:73:cc:77:05:8b:7a:c2:48:93:f5:06:78:
         0e:4b:8d:3e:d1:2c:1f:2f:0b:6c:9c:d0:cb:89:77:9d:9a:be:
         0c:7e:17:73:b7:70:91:71:5b:b7:05:d1:e8:a7:a7:fd:62:fd:
         08:c2:84:51:cf:b0:e1:23:2a:77:a7:5f:2c:76:dc:a2:ab:f5:
         1f:82:72:d0:cf:ab:56:dc:fa:0d:8d:73:de:cd:18:9c:9b:00:
         a4:7c:55:f7:89:0f:d5:4e:ec:44:fa:19:a6:af:9b:ab:44:3d:
         1e:ee:39:9a
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICOUUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDQy
MjUyMjRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDM1MjZGRENFOTdDNURB
OThBRDBEODFGN0ZFMDg2MEFBRURFQ0I0REMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDzGFytza2EsU89ikz5WPBR9o/pD7pOL7uII7q+KAy9Hacil48N
rMv24xPYCUpZ+1iVppzkyXEUfVotcQn+tCGPpzOL1iHJR0sPGI0bEh3zZ3WW9Ulw
54V3W+cpY0tLmflwauR7mvE/h7EkLMmXkXnLOsuBZZFjm0DlZZH7Vw+EMlxYB7L6
mhCjrjAaY9s/+OENp27JIPoEtpAqnwhHqX5z7knKfQvkIo3634HnfEi8Q4T4aRuL
IGjHS0JCBkOz+e6TziAale78/0N/1LMpcPqsHMAbVrgC6ZsqylVfETNG01i7vZVk
pj9Sq1wB46ee8U9GCXjJJg3CJEWfenXj3aKvAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUNSb9zpfF2pitDYH3/ghgqu3stNwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L05TYjl6cGZGMnBpdERZ
SDNfZ2hncXUzc3ROdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAANsFgYtU/k6BWEr
RNG+w9Kjeacwga7bf8JNeAiw8BYyJGShKa+ZVH6imXfo9PtmMNJ2ELPRU1o9+t8o
BJMEc/4M6EpUuLH2Vqay904an30SyKMb0wEc4RA3MTvX5iFTOl96vwiRWGVB1kjd
KadAtfj66/aLhasbWG6Dqf00Q1rLJnJ9BeOGQSainEJwtzFI1SF6mpwCzHPMdwWL
esJIk/UGeA5LjT7RLB8vC2yc0MuJd52avgx+F3O3cJFxW7cF0einp/1i/QjChFHP
sOEjKnenXyx23KKr9R+CctDPq1bc+g2Nc97NGJybAKR8VfeJD9VO7ET6Gaavm6tE
PR7uOZo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:15:22 2024 by rpki-client on console-fra.rpki-client.org