Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/gFm_kpmVZ2zqIPRZ_idlbg1un3s.roa
File:                     gFm_kpmVZ2zqIPRZ_idlbg1un3s.roa (raw, json)
Hash identifier:          IayJ8TcKV+beGW+kMvgJ7rC5WmwaE3EaUuLyu3scSmc=
Subject key identifier:   80:59:BF:92:99:95:67:6C:EA:20:F4:59:FE:27:65:6E:0D:6E:9F:7B
Certificate issuer:       /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial:       36DD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/gFm_kpmVZ2zqIPRZ_idlbg1un3s.roa
Signing time:             Mon 01 Apr 2024 17:52:11 +0000
ROA not before:           Mon 01 Apr 2024 17:52:11 +0000
ROA not after:            Fri 31 Jan 2025 01:13:46 +0000
asID:                     24426
IP address blocks:        43.239.0.0/19 maxlen: 19
                          101.78.32.0/19 maxlen: 19
                          103.35.0.0/19 maxlen: 19

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14045 (0x36dd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
        Validity
            Not Before: Apr  1 17:52:11 2024 GMT
            Not After : Jan 31 01:13:46 2025 GMT
        Subject: CN=8059BF929995676CEA20F459FE27656E0D6E9F7B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:f7:f1:35:31:d2:b3:8a:e8:39:61:ef:62:5f:
                    29:c1:ab:0a:81:53:16:13:ed:d8:0b:ec:de:a2:7c:
                    68:a8:79:a0:dc:57:af:b5:cd:78:83:4b:0f:cf:91:
                    d7:b6:e0:d5:0c:22:e7:28:f0:26:1a:a7:dd:63:ab:
                    99:92:8e:ac:7b:62:f9:fd:92:53:50:7c:5c:73:d2:
                    b9:95:6e:5d:f5:cc:6d:5b:b2:95:ac:af:ba:36:cf:
                    04:60:67:ca:a3:fc:9c:d6:6e:9a:03:82:72:72:3d:
                    53:d2:e1:e2:a9:0f:64:78:37:2d:e8:25:6e:eb:0c:
                    04:66:eb:67:df:66:70:35:5b:d9:f7:f3:be:4f:b9:
                    d8:77:3a:3c:11:24:8a:4c:9a:5a:e7:92:3d:b0:ac:
                    6b:cd:0d:7a:86:76:4a:2d:56:95:8b:9c:07:a6:6e:
                    0f:cb:a9:d3:b0:84:8a:e8:68:f8:52:24:f1:7d:a9:
                    93:a7:2c:04:d9:7b:f5:2f:64:aa:d5:bd:dc:cb:0c:
                    30:f0:61:f6:30:57:7e:0a:fe:00:e6:76:75:0a:2f:
                    7d:c1:ec:21:3c:da:9f:16:fe:0f:e4:9b:a4:cc:69:
                    67:2b:eb:69:8b:7e:88:fd:65:c6:c4:80:a6:fd:ec:
                    27:00:5f:4d:0a:ad:e9:58:c8:45:4c:8a:a7:99:da:
                    d3:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:59:BF:92:99:95:67:6C:EA:20:F4:59:FE:27:65:6E:0D:6E:9F:7B
            X509v3 Authority Key Identifier:
                keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/gFm_kpmVZ2zqIPRZ_idlbg1un3s.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.239.0.0/19
                  101.78.32.0/19
                  103.35.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         52:08:2c:02:64:ad:ba:f2:cf:ef:a3:74:12:6c:ef:42:b6:ea:
         2e:3b:4b:10:97:9d:9b:75:9a:8c:3c:f3:db:df:00:9e:19:36:
         49:3a:48:1e:0d:2a:3b:69:f8:a7:7e:3d:ab:8b:bc:1b:93:bf:
         f7:e8:c5:3c:e0:ca:16:52:2a:58:de:db:61:c6:75:0e:be:0b:
         97:15:2b:5c:c5:1d:92:68:4e:f8:ae:06:66:56:51:6e:f9:fd:
         13:9a:90:76:fc:4c:5f:89:59:8c:c0:13:9b:a2:76:42:9c:20:
         81:d3:41:10:9b:a6:c3:8e:86:c2:23:c0:65:27:35:d7:e1:4f:
         b6:e1:ba:c3:e7:f1:1e:74:3d:d2:dd:dc:83:c1:cd:2d:8e:5c:
         16:46:03:74:7a:65:1a:3e:4e:03:7c:a6:d2:ac:2b:ba:63:51:
         44:6c:e3:28:98:de:5c:47:5b:4b:6d:01:9f:79:91:64:5d:1b:
         76:91:1e:f7:bd:51:b2:1f:cf:74:c0:75:6f:68:cf:e1:bd:b5:
         53:5c:39:94:12:c8:c3:4e:3a:5b:c7:90:63:94:7e:be:de:42:
         00:08:0b:ca:2e:2a:06:e9:63:d4:7c:43:bc:d5:bf:4a:2c:b9:
         e5:4d:a9:62:21:1f:54:c9:36:29:7a:dd:35:ab:37:c6:9f:7d:
         1e:52:09:f2
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICNt0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDEx
NzUyMTFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDgwNTlCRjkyOTk5NTY3
NkNFQTIwRjQ1OUZFMjc2NTZFMEQ2RTlGN0IwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDc9/E1MdKziug5Ye9iXynBqwqBUxYT7dgL7N6ifGioeaDcV6+1
zXiDSw/Pkde24NUMIuco8CYap91jq5mSjqx7Yvn9klNQfFxz0rmVbl31zG1bspWs
r7o2zwRgZ8qj/JzWbpoDgnJyPVPS4eKpD2R4Ny3oJW7rDARm62ffZnA1W9n3875P
udh3OjwRJIpMmlrnkj2wrGvNDXqGdkotVpWLnAembg/LqdOwhIroaPhSJPF9qZOn
LATZe/UvZKrVvdzLDDDwYfYwV34K/gDmdnUKL33B7CE82p8W/g/km6TMaWcr62mL
foj9ZcbEgKb97CcAX00KrelYyEVMiqeZ2tMRAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUgFm/kpmVZ2zqIPRZ/idlbg1un3swHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2dGbV9rcG1WWjJ6cUlQ
UlpfaWRsYmcxdW4zcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAFIILAJkrbryz++j
dBJs70K26i47SxCXnZt1mow889vfAJ4ZNkk6SB4NKjtp+Kd+PauLvBuTv/foxTzg
yhZSKlje22HGdQ6+C5cVK1zFHZJoTviuBmZWUW75/ROakHb8TF+JWYzAE5uidkKc
IIHTQRCbpsOOhsIjwGUnNdfhT7bhusPn8R50PdLd3IPBzS2OXBZGA3R6ZRo+TgN8
ptKsK7pjUURs4yiY3lxHW0ttAZ95kWRdG3aRHve9UbIfz3TAdW9oz+G9tVNcOZQS
yMNOOlvHkGOUfr7eQgAIC8ouKgbpY9R8Q7zVv0osueVNqWIhH1TJNil63TWrN8af
fR5SCfI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:49:00 2024 by rpki-client on console-ams.rpki-client.org