Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1411/gLlnbGEVS0lHyJ46imZhTKB-hXQ.roa
File:                     gLlnbGEVS0lHyJ46imZhTKB-hXQ.roa (raw, json)
Hash identifier:          p9GzVqOVs9DBK+x1y+Vi5dFwiiPxULSQGPAvYVXOscY=
Subject key identifier:   80:B9:67:6C:61:15:4B:49:47:C8:9E:3A:8A:66:61:4C:A0:7E:85:74
Certificate issuer:       /CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
Certificate serial:       0D4F
Authority key identifier: 49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/gLlnbGEVS0lHyJ46imZhTKB-hXQ.roa
Signing time:             Tue 07 Jun 2022 02:16:44 +0000
ROA not before:           Tue 07 Jun 2022 02:16:44 +0000
ROA not after:            Fri 02 Jun 2023 05:30:26 +0000
asID:                     45839
IP address blocks:        223.29.252.0/24 maxlen: 24
                          223.29.255.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3407 (0xd4f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
        Validity
            Not Before: Jun  7 02:16:44 2022 GMT
            Not After : Jun  2 05:30:26 2023 GMT
        Subject: CN=80B9676C61154B4947C89E3A8A66614CA07E8574
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e3:07:02:13:e5:57:66:15:c1:4b:62:cd:02:
                    a9:8e:37:23:1a:09:9e:b9:44:80:93:82:27:ff:81:
                    06:dd:9a:d7:5b:51:19:5a:b9:33:bd:bc:3a:ae:f3:
                    2d:5d:10:06:e4:67:0e:09:a8:fa:33:a9:52:cc:63:
                    c9:86:b5:2d:bf:bd:90:1f:f9:58:cc:60:29:5b:2f:
                    2d:18:8b:67:e7:ad:57:df:a7:fd:f5:a6:1d:4c:fe:
                    e7:d2:17:a0:e5:87:55:1a:54:4c:c8:37:90:d2:eb:
                    ba:e9:36:2b:b5:4e:cb:9b:22:41:8e:55:e8:e7:e6:
                    36:11:1f:4b:d3:a9:51:fc:f1:92:ab:88:b7:34:b6:
                    30:d0:77:74:3d:f0:f7:49:e4:45:1b:66:c9:26:45:
                    58:a8:08:87:6f:e1:4c:48:0b:9d:b2:d7:dd:d7:b3:
                    07:ca:92:29:38:ab:a7:08:1b:f9:4d:90:1e:96:6f:
                    84:ba:8e:53:4d:24:ab:78:0e:25:6b:ea:94:6a:91:
                    b2:8d:1c:b6:84:41:a1:bc:f5:7c:16:89:5b:bc:df:
                    7e:ee:98:7a:c0:7d:21:c9:4f:7b:4b:2d:8e:4b:8f:
                    51:ff:ba:df:66:12:2f:dc:a3:1b:31:d2:28:33:29:
                    d1:6a:67:09:c0:07:67:0d:22:68:06:40:38:00:13:
                    2f:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:B9:67:6C:61:15:4B:49:47:C8:9E:3A:8A:66:61:4C:A0:7E:85:74
            X509v3 Authority Key Identifier:
                keyid:49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/gLlnbGEVS0lHyJ46imZhTKB-hXQ.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  223.29.252.0/24
                  223.29.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:b3:66:84:03:53:00:96:0b:db:62:d4:8d:45:c8:2f:48:da:
         44:05:12:5b:f2:59:7b:6a:e5:f3:9f:65:65:2d:d2:b1:e5:fb:
         6d:01:5b:4d:78:a7:6e:1c:0e:97:35:d9:6d:46:fe:88:fa:be:
         41:52:a7:8d:67:15:30:c2:ed:53:8f:e7:18:d2:33:bd:79:8b:
         d1:00:30:92:9c:70:fa:de:40:ab:ff:56:90:db:e8:f2:cb:9b:
         88:4c:e3:d0:50:60:09:62:38:6e:0a:b2:6c:16:d4:f4:70:1a:
         84:38:1f:16:09:00:6d:c9:50:4f:d4:35:47:d4:90:f9:21:84:
         dc:d3:8b:de:aa:75:2d:1f:0c:ad:9e:8d:7a:af:60:4d:bc:ba:
         4e:dd:73:e1:c7:fb:9c:95:70:48:d5:70:c8:10:af:78:f9:e2:
         59:79:ce:40:50:9e:3a:70:39:08:b7:99:75:70:96:66:c5:2c:
         5c:d9:e0:81:00:16:c9:16:2f:d3:36:ed:bc:78:60:52:eb:75:
         27:07:49:25:6b:5a:d2:f0:83:66:62:17:45:dc:ec:98:ce:ae:
         2a:b4:eb:c9:19:94:fe:6e:bf:27:32:06:34:50:3c:d4:8b:cf:
         4c:82:a3:bd:10:3c:01:54:59:e6:2c:49:ac:56:e9:7f:47:73:
         35:30:92:88
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgICDU8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNDkx
MUNCNkQ1NDRCM0I2OTA1NTMyOTY0QzhFMUE0NzJCRENCQzI2NzAeFw0yMjA2MDcw
MjE2NDRaFw0yMzA2MDIwNTMwMjZaMDMxMTAvBgNVBAMTKDgwQjk2NzZDNjExNTRC
NDk0N0M4OUUzQThBNjY2MTRDQTA3RTg1NzQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDI4wcCE+VXZhXBS2LNAqmONyMaCZ65RICTgif/gQbdmtdbURla
uTO9vDqu8y1dEAbkZw4JqPozqVLMY8mGtS2/vZAf+VjMYClbLy0Yi2fnrVffp/31
ph1M/ufSF6Dlh1UaVEzIN5DS67rpNiu1TsubIkGOVejn5jYRH0vTqVH88ZKriLc0
tjDQd3Q98PdJ5EUbZskmRVioCIdv4UxIC52y193XswfKkik4q6cIG/lNkB6Wb4S6
jlNNJKt4DiVr6pRqkbKNHLaEQaG89XwWiVu8337umHrAfSHJT3tLLY5Lj1H/ut9m
Ei/coxsx0igzKdFqZwnAB2cNImgGQDgAEy+bAgMBAAGjggH5MIIB9TAdBgNVHQ4E
FgQUgLlnbGEVS0lHyJ46imZhTKB+hXQwHwYDVR0jBBgwFoAUSRHLbVRLO2kFUylk
yOGkcr3LwmcwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTQx
MS9TUkhMYlZSTE8ya0ZVeWxreU9Ha2NyM0x3bWMuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL1NSSExiVlJMTzJrRlV5bGt5T0drY3IzTHdtYy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE0MTEvZ0xsbmJHRVZTMGxI
eUo0NmltWmhUS0ItaFhRLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEw
DAMEAN8d/AMEAN8d/zANBgkqhkiG9w0BAQsFAAOCAQEANrNmhANTAJYL22LUjUXI
L0jaRAUSW/JZe2rl859lZS3SseX7bQFbTXinbhwOlzXZbUb+iPq+QVKnjWcVMMLt
U4/nGNIzvXmL0QAwkpxw+t5Aq/9WkNvo8subiEzj0FBgCWI4bgqybBbU9HAahDgf
FgkAbclQT9Q1R9SQ+SGE3NOL3qp1LR8MrZ6Neq9gTby6Tt1z4cf7nJVwSNVwyBCv
ePniWXnOQFCeOnA5CLeZdXCWZsUsXNnggQAWyRYv0zbtvHhgUut1JwdJJWta0vCD
ZmIXRdzsmM6uKrTryRmU/m6/JzIGNFA81IvPTIKjvRA8AVRZ5ixJrFbpf0dzNTCS
iA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:15:57 2024 by rpki-client on console-fra.rpki-client.org