Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1411/mATBcXK0N8S651vG_Xab2vpegZQ.roa
File:                     mATBcXK0N8S651vG_Xab2vpegZQ.roa (raw, json)
Hash identifier:          fdZ+A7vmfZmCOLtiFYY4QQqgaiFITy1ddF0lQ3BBVgY=
Subject key identifier:   98:04:C1:71:72:B4:37:C4:BA:E7:5B:C6:FD:76:9B:DA:FA:5E:81:94
Certificate issuer:       /CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
Certificate serial:       19F1
Authority key identifier: 49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/mATBcXK0N8S651vG_Xab2vpegZQ.roa
Signing time:             Wed 13 Mar 2024 01:21:13 +0000
ROA not before:           Wed 13 Mar 2024 01:21:13 +0000
ROA not after:            Fri 31 Jan 2025 01:13:46 +0000
asID:                     61317
IP address blocks:        49.128.4.0/22 maxlen: 24
                          103.244.116.0/22 maxlen: 24
                          223.29.252.0/22 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6641 (0x19f1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
        Validity
            Not Before: Mar 13 01:21:13 2024 GMT
            Not After : Jan 31 01:13:46 2025 GMT
        Subject: CN=9804C17172B437C4BAE75BC6FD769BDAFA5E8194
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:78:14:2a:2c:dc:a8:b9:69:c4:88:9c:e8:b5:
                    7a:0a:da:84:bc:9a:56:60:b6:ae:40:a4:8d:6b:da:
                    ff:3c:46:29:fc:4e:67:e8:ca:fa:38:a3:b6:ed:9b:
                    89:af:99:12:78:55:f4:a1:05:a2:d0:e4:72:99:61:
                    9b:c0:fa:f1:73:64:09:03:22:91:44:03:de:9c:79:
                    a6:4c:fd:de:3a:dd:a0:4a:ed:5a:f6:56:94:36:87:
                    e8:55:e7:49:41:b4:67:b2:1a:47:b4:ed:92:a5:f3:
                    93:14:72:1c:b5:6d:8d:b5:b1:d5:9b:ad:a1:28:d4:
                    bd:cb:c4:8c:5c:6a:1e:ab:0f:a6:30:20:94:a4:60:
                    e7:40:03:c2:2a:a5:75:e8:d1:72:f2:9c:35:8d:db:
                    d7:e4:44:72:c8:34:eb:08:76:d3:d7:5e:5c:e4:50:
                    80:39:85:87:fc:b0:16:76:5c:57:29:e1:49:88:17:
                    35:c4:2c:e2:df:9e:74:6a:ff:b3:1a:f9:f2:fc:04:
                    6f:d3:15:72:83:c0:3f:ac:a3:31:a1:61:4b:88:61:
                    d8:ba:ce:22:4f:05:2f:eb:99:c4:3d:5e:e9:8b:24:
                    22:e2:f6:bc:19:d3:d5:20:06:0c:31:da:72:7b:a8:
                    b9:e3:e1:c3:68:98:9e:8e:f5:4f:87:2b:23:ab:89:
                    8d:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:04:C1:71:72:B4:37:C4:BA:E7:5B:C6:FD:76:9B:DA:FA:5E:81:94
            X509v3 Authority Key Identifier:
                keyid:49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/mATBcXK0N8S651vG_Xab2vpegZQ.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  49.128.4.0/22
                  103.244.116.0/22
                  223.29.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:5d:6c:de:95:79:57:3b:e9:38:64:57:20:35:f5:25:af:5d:
         fe:e2:70:42:5f:4e:3b:f9:c2:97:81:64:3a:28:a3:15:9f:95:
         72:f3:73:e0:c7:64:f1:a5:41:8c:8c:fb:e4:fa:8c:d8:14:45:
         cc:57:2b:50:bf:bf:9d:9e:eb:2f:4e:06:c4:9c:d3:43:1e:37:
         ca:04:53:88:b4:27:a2:6c:67:c6:78:ab:ac:d6:3e:e4:21:7f:
         1c:a8:40:a4:97:d5:f3:0b:f7:c1:a2:76:7d:a5:0e:28:f5:aa:
         fb:35:36:11:70:9d:3a:79:21:b1:b8:cd:36:24:7e:a0:a8:3f:
         17:17:a2:a2:3d:74:b2:09:ae:98:1f:dd:8c:45:56:31:89:42:
         94:77:b0:9f:57:ac:d7:1d:1e:55:e4:4d:a4:cb:29:27:20:26:
         cb:70:59:45:a9:51:20:04:73:64:dd:89:0c:05:95:02:b3:dc:
         4c:63:9f:69:8b:37:a5:0e:8c:93:ee:8b:58:8a:32:ee:3d:32:
         43:a7:ed:75:76:fe:02:dc:9e:99:06:9d:33:f8:f3:63:21:d7:
         43:3a:d0:67:d7:81:80:c2:53:23:e7:96:64:63:e5:ae:f8:67:
         8d:44:5d:cb:c0:3e:67:64:11:cc:51:09:60:ea:3e:4b:d5:84:
         8a:fc:36:60
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgICGfEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNDkx
MUNCNkQ1NDRCM0I2OTA1NTMyOTY0QzhFMUE0NzJCRENCQzI2NzAeFw0yNDAzMTMw
MTIxMTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDk4MDRDMTcxNzJCNDM3
QzRCQUU3NUJDNkZENzY5QkRBRkE1RTgxOTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCzeBQqLNyouWnEiJzotXoK2oS8mlZgtq5ApI1r2v88Rin8Tmfo
yvo4o7btm4mvmRJ4VfShBaLQ5HKZYZvA+vFzZAkDIpFEA96ceaZM/d463aBK7Vr2
VpQ2h+hV50lBtGeyGke07ZKl85MUchy1bY21sdWbraEo1L3LxIxcah6rD6YwIJSk
YOdAA8IqpXXo0XLynDWN29fkRHLINOsIdtPXXlzkUIA5hYf8sBZ2XFcp4UmIFzXE
LOLfnnRq/7Ma+fL8BG/TFXKDwD+sozGhYUuIYdi6ziJPBS/rmcQ9XumLJCLi9rwZ
09UgBgwx2nJ7qLnj4cNomJ6O9U+HKyOriY2rAgMBAAGjggH/MIIB+zAdBgNVHQ4E
FgQUmATBcXK0N8S651vG/Xab2vpegZQwHwYDVR0jBBgwFoAUSRHLbVRLO2kFUylk
yOGkcr3LwmcwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTQx
MS9TUkhMYlZSTE8ya0ZVeWxreU9Ha2NyM0x3bWMuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL1NSSExiVlJMTzJrRlV5bGt5T0drY3IzTHdtYy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE0MTEvbUFUQmNYSzBOOFM2
NTF2R19YYWIydnBlZ1pRLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEw
EgMEAjGABAMEAmf0dAMEAt8d/DANBgkqhkiG9w0BAQsFAAOCAQEAAV1s3pV5Vzvp
OGRXIDX1Ja9d/uJwQl9OO/nCl4FkOiijFZ+VcvNz4Mdk8aVBjIz75PqM2BRFzFcr
UL+/nZ7rL04GxJzTQx43ygRTiLQnomxnxnirrNY+5CF/HKhApJfV8wv3waJ2faUO
KPWq+zU2EXCdOnkhsbjNNiR+oKg/Fxeioj10sgmumB/djEVWMYlClHewn1es1x0e
VeRNpMspJyAmy3BZRalRIARzZN2JDAWVArPcTGOfaYs3pQ6Mk+6LWIoy7j0yQ6ft
dXb+AtyemQadM/jzYyHXQzrQZ9eBgMJTI+eWZGPlrvhnjURdy8A+Z2QRzFEJYOo+
S9WEivw2YA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:15:57 2024 by rpki-client on console-fra.rpki-client.org