Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2823/lzVKM149y88OnoImII9GvS3cNNg.roa
File:                     lzVKM149y88OnoImII9GvS3cNNg.roa (raw, json)
Hash identifier:          xaKe8IosqZXlC1TnzdwQEOl8pU8+b0qRnlKazD8+nx4=
Subject key identifier:   97:35:4A:33:5E:3D:CB:CF:0E:9E:82:26:20:8F:46:BD:2D:DC:34:D8
Certificate issuer:       /CN=20A508534DD93E01DC1191144AEA59A513862665
Certificate serial:       04
Authority key identifier: 20:A5:08:53:4D:D9:3E:01:DC:11:91:14:4A:EA:59:A5:13:86:26:65
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/IKUIU03ZPgHcEZEUSupZpROGJmU.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2823/lzVKM149y88OnoImII9GvS3cNNg.roa
Signing time:             Thu 27 May 2021 05:06:15 +0000
ROA not before:           Thu 27 May 2021 05:06:15 +0000
ROA not after:            Fri 27 May 2022 04:59:52 +0000
asID:                     137730
IP address blocks:        2403:d9c0::/48 maxlen: 48
                          2403:d9c0:2::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4 (0x4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20A508534DD93E01DC1191144AEA59A513862665
        Validity
            Not Before: May 27 05:06:15 2021 GMT
            Not After : May 27 04:59:52 2022 GMT
        Subject: CN=97354A335E3DCBCF0E9E8226208F46BD2DDC34D8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:e0:f1:d5:58:9b:fe:f6:7a:a8:c1:1a:9e:b7:
                    83:5e:4d:b4:4a:ab:99:39:1d:03:ec:2a:18:d6:5d:
                    44:aa:70:2a:87:45:a6:26:64:f6:d0:ac:60:41:6d:
                    53:e9:d1:d5:c7:61:51:60:2a:47:77:f9:78:2e:8f:
                    82:ac:45:0b:5e:0e:83:35:c4:5b:e1:ab:31:f9:36:
                    02:0a:5b:86:dc:4d:68:9c:0b:95:e3:f9:95:ab:15:
                    d3:98:1c:4a:df:00:e7:1e:21:0d:f6:d4:00:6c:a3:
                    c3:90:22:ae:00:1e:b8:a2:8a:39:ca:61:22:ba:65:
                    f9:03:6d:3b:32:39:61:fb:49:13:fc:53:90:7d:25:
                    1d:ff:7a:44:d5:82:2a:6a:5e:f5:45:58:28:73:c9:
                    ba:92:05:72:ae:e3:92:33:72:f5:c4:cd:96:4d:0a:
                    db:e0:75:14:0a:18:9e:d0:34:48:f4:e3:e0:3d:e2:
                    65:be:73:ab:2e:06:ad:ff:69:af:13:99:79:ae:03:
                    33:98:ed:41:b4:f6:51:ec:52:e1:e0:f2:ec:8e:09:
                    cd:a1:61:fd:23:bd:8c:b6:d8:35:46:b1:85:27:cb:
                    65:1e:24:0e:2b:3b:98:9d:1c:5e:27:9d:f1:75:31:
                    df:04:55:b2:71:df:46:3e:b7:0c:0e:d5:8e:f7:0d:
                    67:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:35:4A:33:5E:3D:CB:CF:0E:9E:82:26:20:8F:46:BD:2D:DC:34:D8
            X509v3 Authority Key Identifier:
                keyid:20:A5:08:53:4D:D9:3E:01:DC:11:91:14:4A:EA:59:A5:13:86:26:65

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2823/IKUIU03ZPgHcEZEUSupZpROGJmU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/IKUIU03ZPgHcEZEUSupZpROGJmU.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2823/lzVKM149y88OnoImII9GvS3cNNg.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:d9c0::/48
                  2403:d9c0:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:00:4a:7f:1d:14:11:9e:05:2a:2e:6e:5b:da:80:90:dd:7c:
         97:e6:93:da:a2:38:ec:51:46:34:40:47:61:16:1a:04:22:19:
         52:2d:b3:23:2b:d0:1d:cc:9e:90:79:c0:8c:ab:55:92:d5:d0:
         57:16:68:5b:d7:e8:ac:96:76:24:ea:93:01:d5:9b:23:ca:1e:
         e4:6a:22:71:80:3f:33:1d:be:e4:9b:11:26:83:f9:b0:ab:bb:
         02:01:60:dc:5a:73:87:6a:78:fa:4b:e5:81:ac:37:e4:5d:3d:
         83:f9:63:5f:f8:9b:5e:5b:7e:b1:78:e3:06:a1:82:72:1a:93:
         88:e3:c9:71:74:cd:e6:47:3d:7a:31:d5:5c:c5:73:89:64:93:
         72:3e:c7:20:6c:6f:c5:0b:54:34:39:34:e0:ae:27:4f:c9:a3:
         96:48:8e:6d:f9:a0:1c:d8:ee:e1:84:89:84:04:7f:2c:8e:c4:
         3d:14:64:f7:89:38:d8:d3:8e:06:81:5a:07:5b:1f:ec:9f:4d:
         39:fc:da:7d:4f:be:5e:c3:9f:59:be:06:eb:1b:df:4f:e8:89:
         f6:73:35:70:62:c6:70:6d:bd:85:89:e6:68:47:55:93:e6:96:
         75:ef:46:4b:f9:64:ea:01:ed:83:09:84:3d:41:07:b6:0c:0c:
         96:cf:8f:0a
-----BEGIN CERTIFICATE-----
MIIE4jCCA8qgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygyMEE1
MDg1MzRERDkzRTAxREMxMTkxMTQ0QUVBNTlBNTEzODYyNjY1MB4XDTIxMDUyNzA1
MDYxNVoXDTIyMDUyNzA0NTk1MlowMzExMC8GA1UEAxMoOTczNTRBMzM1RTNEQ0JD
RjBFOUU4MjI2MjA4RjQ2QkQyRERDMzREODCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJzg8dVYm/72eqjBGp63g15NtEqrmTkdA+wqGNZdRKpwKodFpiZk
9tCsYEFtU+nR1cdhUWAqR3f5eC6PgqxFC14OgzXEW+GrMfk2AgpbhtxNaJwLleP5
lasV05gcSt8A5x4hDfbUAGyjw5AirgAeuKKKOcphIrpl+QNtOzI5YftJE/xTkH0l
Hf96RNWCKmpe9UVYKHPJupIFcq7jkjNy9cTNlk0K2+B1FAoYntA0SPTj4D3iZb5z
qy4Grf9prxOZea4DM5jtQbT2UexS4eDy7I4JzaFh/SO9jLbYNUaxhSfLZR4kDis7
mJ0cXied8XUx3wRVsnHfRj63DA7VjvcNZ90CAwEAAaOCAf8wggH7MB0GA1UdDgQW
BBSXNUozXj3Lzw6egiYgj0a9Ldw02DAfBgNVHSMEGDAWgBQgpQhTTdk+AdwRkRRK
6lmlE4YmZTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMF0GA1UdHwRWMFQwUqBQ
oE6GTHJzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC8yODIz
L0lLVUlVMDNaUGdIY0VaRVVTdXBacFJPR0ptVS5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvSUtVSVUwM1pQZ0hjRVpFVVN1cFpwUk9HSm1VLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZ0GCCsGAQUFBwELBIGQMIGNMFgGCCsGAQUFBzALhkxyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjgyMy9selZLTTE0OXk4OE9u
b0ltSUk5R3ZTM2NOTmcucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25u
aWMuY24vcnJkcC9ub3RpZnkueG1sMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjAS
AwcAJAPZwAAAAwcAJAPZwAACMA0GCSqGSIb3DQEBCwUAA4IBAQCCAEp/HRQRngUq
Lm5b2oCQ3XyX5pPaojjsUUY0QEdhFhoEIhlSLbMjK9AdzJ6QecCMq1WS1dBXFmhb
1+islnYk6pMB1Zsjyh7kaiJxgD8zHb7kmxEmg/mwq7sCAWDcWnOHanj6S+WBrDfk
XT2D+WNf+JteW36xeOMGoYJyGpOI48lxdM3mRz16MdVcxXOJZJNyPscgbG/FC1Q0
OTTgridPyaOWSI5t+aAc2O7hhImEBH8sjsQ9FGT3iTjY044GgVoHWx/sn005/Np9
T75ew59ZvgbrG99P6In2czVwYsZwbb2FieZoR1WT5pZ170ZL+WTqAe2DCYQ9QQe2
DAyWz48K
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:16 2023 by rpki-client on console-ams.rpki-client.org