Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/og3mCKP91T_GrtV4BF4MiFASAiE.roa
File:                     og3mCKP91T_GrtV4BF4MiFASAiE.roa (raw, json)
Hash identifier:          9WcmykODfXu2agk47uqoHbDUcsyLbbsfQ5+mgyEGMWE=
Subject key identifier:   A2:0D:E6:08:A3:FD:D5:3F:C6:AE:D5:78:04:5E:0C:88:50:12:02:21
Certificate issuer:       /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial:       5525
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/og3mCKP91T_GrtV4BF4MiFASAiE.roa
Signing time:             Sun 12 May 2024 02:54:09 +0000
ROA not before:           Sun 12 May 2024 02:54:09 +0000
ROA not after:            Fri 31 Jan 2025 01:13:46 +0000
asID:                     24426
IP address blocks:        43.239.0.0/19 maxlen: 19
                          101.78.32.0/19 maxlen: 19
                          103.35.0.0/19 maxlen: 19

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 21797 (0x5525)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
        Validity
            Not Before: May 12 02:54:09 2024 GMT
            Not After : Jan 31 01:13:46 2025 GMT
        Subject: CN=A20DE608A3FDD53FC6AED578045E0C8850120221
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:59:27:8b:ff:06:6d:44:a8:17:f0:5e:aa:b2:
                    c6:aa:ec:95:35:7f:01:2f:86:82:fb:1e:8d:5f:75:
                    11:3c:a1:be:b8:75:fd:e7:e1:3c:4f:f0:1d:5f:1f:
                    8e:25:43:46:98:ee:a7:ed:fe:16:b4:14:b1:99:db:
                    8b:12:3a:7f:37:72:34:85:c2:22:04:47:44:25:79:
                    eb:62:ca:6d:ac:91:f0:4b:86:d8:5e:a3:05:74:b5:
                    d0:61:6a:78:5f:c0:53:70:dd:00:48:d0:4b:89:32:
                    a6:47:4e:2c:2b:aa:e7:bf:ef:aa:fe:66:15:ef:b9:
                    44:67:2d:b9:fb:c6:50:0a:a3:c5:b1:f1:17:7a:e3:
                    b5:7c:51:60:af:cc:63:62:79:11:82:2c:00:03:3d:
                    c9:3f:ab:97:97:f1:e9:b2:b9:08:19:d0:c7:1e:4a:
                    11:20:9c:21:2f:eb:84:81:5f:b9:df:16:bf:f6:17:
                    ec:d5:76:8b:07:36:f7:50:c2:12:ed:60:fa:ab:15:
                    70:40:c9:46:0b:b0:4f:fa:a0:70:37:6c:0a:06:54:
                    a0:ef:6f:b8:63:5e:28:e5:14:ad:51:63:61:7c:68:
                    80:cd:ae:b0:dc:12:13:11:73:38:49:66:70:6f:44:
                    1d:30:79:27:02:76:0a:a6:fc:36:6f:af:ee:34:a0:
                    7f:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:0D:E6:08:A3:FD:D5:3F:C6:AE:D5:78:04:5E:0C:88:50:12:02:21
            X509v3 Authority Key Identifier:
                keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/og3mCKP91T_GrtV4BF4MiFASAiE.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.239.0.0/19
                  101.78.32.0/19
                  103.35.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         52:7b:8d:06:83:cd:3b:87:d6:f8:12:6d:09:c6:03:ae:d2:d1:
         86:f2:cf:ae:bb:7d:88:e6:13:8a:14:f9:18:ae:f0:18:6c:43:
         38:ee:4a:c8:b7:3e:81:f2:22:c7:86:1b:f3:b8:a6:38:d1:14:
         8b:58:76:c9:04:e3:c9:91:09:59:f4:72:ff:8f:06:aa:a9:eb:
         07:d0:fd:a6:6f:36:f5:9e:bc:68:54:ee:c6:24:8a:fd:6f:ae:
         42:d4:8b:7f:92:f3:20:6c:46:1f:fe:4c:b1:5d:ab:bc:c2:95:
         2a:9f:ea:5b:a2:6a:d2:1a:2c:6c:9f:66:cd:78:f5:ae:72:60:
         42:f8:be:f6:14:1d:41:e5:f4:1e:37:d4:d9:64:ac:24:b0:73:
         f3:17:a2:52:fe:46:ab:a8:0d:90:82:5c:e4:d3:c3:6a:b5:af:
         5c:ca:6c:79:22:f8:93:f1:c9:5e:35:49:c4:fe:41:40:65:7d:
         51:ce:56:06:3e:be:6b:85:bf:41:4e:55:3b:c7:9a:be:00:09:
         e9:2b:c9:41:85:12:d4:76:e0:b7:a7:47:73:3a:76:f9:cf:75:
         3a:04:73:73:08:83:9e:0a:bb:23:63:76:58:41:18:15:0c:fb:
         33:2b:4f:39:d8:7a:1b:31:33:06:65:46:61:27:ab:a7:1c:ad:
         55:e1:e3:42
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVSUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTIw
MjU0MDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEEyMERFNjA4QTNGREQ1
M0ZDNkFFRDU3ODA0NUUwQzg4NTAxMjAyMjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDiWSeL/wZtRKgX8F6qssaq7JU1fwEvhoL7Ho1fdRE8ob64df3n
4TxP8B1fH44lQ0aY7qft/ha0FLGZ24sSOn83cjSFwiIER0Qleetiym2skfBLhthe
owV0tdBhanhfwFNw3QBI0EuJMqZHTiwrque/76r+ZhXvuURnLbn7xlAKo8Wx8Rd6
47V8UWCvzGNieRGCLAADPck/q5eX8emyuQgZ0MceShEgnCEv64SBX7nfFr/2F+zV
dosHNvdQwhLtYPqrFXBAyUYLsE/6oHA3bAoGVKDvb7hjXijlFK1RY2F8aIDNrrDc
EhMRczhJZnBvRB0weScCdgqm/DZvr+40oH+vAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUog3mCKP91T/GrtV4BF4MiFASAiEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L29nM21DS1A5MVRfR3J0
VjRCRjRNaUZBU0FpRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAFJ7jQaDzTuH1vgS
bQnGA67S0Ybyz667fYjmE4oU+Riu8BhsQzjuSsi3PoHyIseGG/O4pjjRFItYdskE
48mRCVn0cv+PBqqp6wfQ/aZvNvWevGhU7sYkiv1vrkLUi3+S8yBsRh/+TLFdq7zC
lSqf6luiatIaLGyfZs149a5yYEL4vvYUHUHl9B431NlkrCSwc/MXolL+RquoDZCC
XOTTw2q1r1zKbHki+JPxyV41ScT+QUBlfVHOVgY+vmuFv0FOVTvHmr4ACekryUGF
EtR24LenR3M6dvnPdToEc3MIg54KuyNjdlhBGBUM+zMrTznYehsxMwZlRmEnq6cc
rVXh40I=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:49:10 2024 by rpki-client on console-ams.rpki-client.org