Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1411/ZieP2GsUvgiZ3AvLTmu0wMQ9ZAc.roa
File:                     ZieP2GsUvgiZ3AvLTmu0wMQ9ZAc.roa (raw, json)
Hash identifier:          Bj4CG9KLG3XTiO0Jcv/a6/DNwpsxhxoXJhvZfFJNVQw=
Subject key identifier:   66:27:8F:D8:6B:14:BE:08:99:DC:0B:CB:4E:6B:B4:C0:C4:3D:64:07
Certificate issuer:       /CN=14FF3D11146E5316E23FE7F8542CAC313FD6F510
Certificate serial:       072B
Authority key identifier: 14:FF:3D:11:14:6E:53:16:E2:3F:E7:F8:54:2C:AC:31:3F:D6:F5:10
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/FP89ERRuUxbiP-f4VCysMT_W9RA.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/ZieP2GsUvgiZ3AvLTmu0wMQ9ZAc.roa
Signing time:             Wed 03 Nov 2021 06:43:36 +0000
ROA not before:           Wed 03 Nov 2021 06:43:36 +0000
ROA not after:            Fri 27 May 2022 04:59:52 +0000
asID:                     45839
IP address blocks:        223.29.252.0/24 maxlen: 24
                          223.29.255.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1835 (0x72b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14FF3D11146E5316E23FE7F8542CAC313FD6F510
        Validity
            Not Before: Nov  3 06:43:36 2021 GMT
            Not After : May 27 04:59:52 2022 GMT
        Subject: CN=66278FD86B14BE0899DC0BCB4E6BB4C0C43D6407
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:28:88:18:a3:90:84:d4:37:8f:ac:bc:b5:4e:
                    87:d9:c1:4d:63:a8:d4:ac:53:07:f9:ad:54:0e:64:
                    6e:06:c3:c0:0e:3a:8e:ed:66:98:70:f3:90:69:73:
                    86:b9:d4:01:bc:05:31:d8:6a:4b:ab:93:bc:d4:21:
                    de:13:f5:2e:d7:04:17:bd:44:86:59:96:95:08:9a:
                    00:fa:9e:3a:d9:99:af:55:2e:2d:71:4a:ad:ff:1f:
                    5e:3b:a0:06:66:d9:98:8c:0a:54:81:b3:dc:ec:9a:
                    46:7f:77:5e:58:73:2e:87:33:1b:a2:e4:88:ea:21:
                    4a:df:57:67:35:57:8f:a2:ca:73:7e:01:bd:0e:65:
                    58:f6:82:89:9f:64:44:67:dc:b8:5f:5b:35:09:2b:
                    24:37:be:89:c9:df:86:8f:e0:6c:50:6a:d8:87:e8:
                    00:39:ff:15:d2:45:de:df:ac:91:c0:4e:1b:29:18:
                    27:2a:3c:6d:30:99:9e:c1:e6:1a:2c:f0:74:41:3f:
                    4a:fb:79:04:f3:e7:9c:58:05:9d:81:e5:48:c3:e6:
                    5f:5d:ec:e6:94:d7:7f:8b:19:e8:4b:54:4b:0f:87:
                    04:07:3c:c2:a3:82:14:e3:24:1d:e6:39:2e:f8:62:
                    d5:58:21:b6:1d:dc:e6:29:d1:c6:d6:0d:04:e6:df:
                    b5:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:27:8F:D8:6B:14:BE:08:99:DC:0B:CB:4E:6B:B4:C0:C4:3D:64:07
            X509v3 Authority Key Identifier:
                keyid:14:FF:3D:11:14:6E:53:16:E2:3F:E7:F8:54:2C:AC:31:3F:D6:F5:10

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/FP89ERRuUxbiP-f4VCysMT_W9RA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/FP89ERRuUxbiP-f4VCysMT_W9RA.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/ZieP2GsUvgiZ3AvLTmu0wMQ9ZAc.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  223.29.252.0/24
                  223.29.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:bf:51:2b:b8:ef:e0:20:76:65:d1:c6:5e:b6:28:6c:69:c4:
         b8:64:17:cc:af:74:26:ec:a9:c6:75:2c:b8:08:df:99:ee:23:
         ef:bf:6d:bf:db:21:f1:f9:0e:89:1f:7d:d3:be:2d:d5:fb:6b:
         63:00:4f:44:0a:32:67:a5:14:e9:5d:3c:80:63:99:9f:cd:54:
         72:f5:3e:9a:00:2a:da:63:74:99:b2:9e:e7:e3:f5:7a:6b:75:
         0d:ce:11:3b:8a:d3:7c:db:32:22:c4:88:c8:26:b7:e8:33:54:
         c5:a6:de:b3:c9:e6:87:df:69:69:b4:84:e6:f9:2e:17:77:f9:
         d2:38:2c:dd:45:d7:3c:aa:7b:cc:1f:02:85:61:ee:78:7b:b9:
         46:ab:eb:b7:a0:5b:5d:bc:bf:e4:63:ca:c0:78:91:ff:63:2e:
         24:1b:6e:60:4e:66:6d:6b:c8:8a:ab:26:36:ca:d9:1a:b4:99:
         ab:4c:57:0a:e7:5c:91:65:1c:bb:f6:e6:7c:fc:51:34:10:6e:
         93:b0:1e:c1:cf:d8:c4:53:97:57:3d:b9:7e:4d:5a:e8:c6:fc:
         ed:d4:1b:ed:7b:11:ed:7b:95:32:03:79:16:7f:16:20:c5:fc:
         38:c5:61:17:c8:f4:1f:d8:df:84:a6:67:46:d4:03:43:19:4a:
         d0:cd:e5:0a
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgICByswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMTRG
RjNEMTExNDZFNTMxNkUyM0ZFN0Y4NTQyQ0FDMzEzRkQ2RjUxMDAeFw0yMTExMDMw
NjQzMzZaFw0yMjA1MjcwNDU5NTJaMDMxMTAvBgNVBAMTKDY2Mjc4RkQ4NkIxNEJF
MDg5OURDMEJDQjRFNkJCNEMwQzQzRDY0MDcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCKIgYo5CE1DePrLy1TofZwU1jqNSsUwf5rVQOZG4Gw8AOOo7t
Zphw85Bpc4a51AG8BTHYakurk7zUId4T9S7XBBe9RIZZlpUImgD6njrZma9VLi1x
Sq3/H147oAZm2ZiMClSBs9zsmkZ/d15Ycy6HMxui5IjqIUrfV2c1V4+iynN+Ab0O
ZVj2gomfZERn3LhfWzUJKyQ3vonJ34aP4GxQatiH6AA5/xXSRd7frJHAThspGCcq
PG0wmZ7B5hos8HRBP0r7eQTz55xYBZ2B5UjD5l9d7OaU13+LGehLVEsPhwQHPMKj
ghTjJB3mOS74YtVYIbYd3OYp0cbWDQTm37VZAgMBAAGjggH5MIIB9TAdBgNVHQ4E
FgQUZieP2GsUvgiZ3AvLTmu0wMQ9ZAcwHwYDVR0jBBgwFoAUFP89ERRuUxbiP+f4
VCysMT/W9RAwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTQx
MS9GUDg5RVJSdVV4YmlQLWY0VkN5c01UX1c5UkEuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL0ZQODlFUlJ1VXhiaVAtZjRWQ3lzTVRfVzlSQS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE0MTEvWmllUDJHc1V2Z2la
M0F2TFRtdTB3TVE5WkFjLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEw
DAMEAN8d/AMEAN8d/zANBgkqhkiG9w0BAQsFAAOCAQEAj79RK7jv4CB2ZdHGXrYo
bGnEuGQXzK90JuypxnUsuAjfme4j779tv9sh8fkOiR99074t1ftrYwBPRAoyZ6UU
6V08gGOZn81UcvU+mgAq2mN0mbKe5+P1emt1Dc4RO4rTfNsyIsSIyCa36DNUxabe
s8nmh99pabSE5vkuF3f50jgs3UXXPKp7zB8ChWHueHu5Rqvrt6BbXby/5GPKwHiR
/2MuJBtuYE5mbWvIiqsmNsrZGrSZq0xXCudckWUcu/bmfPxRNBBuk7Aewc/YxFOX
Vz25fk1a6Mb87dQb7XsR7XuVMgN5Fn8WIMX8OMVhF8j0H9jfhKZnRtQDQxlK0M3l
Cg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:15:57 2024 by rpki-client on console-fra.rpki-client.org