Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/479/Dt8h7HMuZURzeVlwspnT73c3U-o.roa
File:                     Dt8h7HMuZURzeVlwspnT73c3U-o.roa (raw, json)
Hash identifier:          vgQ3lvmPj0y3OYqqUFYRNBNjFpSn8qNcgc7aAvRzLdA=
Subject key identifier:   0E:DF:21:EC:73:2E:65:44:73:79:59:70:B2:99:D3:EF:77:37:53:EA
Certificate issuer:       /CN=025E2D794E6FFAE295BACE491100E3D18B9C7141
Certificate serial:       03
Authority key identifier: 02:5E:2D:79:4E:6F:FA:E2:95:BA:CE:49:11:00:E3:D1:8B:9C:71:41
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/Al4teU5v-uKVus5JEQDj0YuccUE.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/479/Dt8h7HMuZURzeVlwspnT73c3U-o.roa
Signing time:             Wed 01 Jun 2022 07:11:33 +0000
ROA not before:           Wed 01 Jun 2022 07:11:33 +0000
ROA not after:            Thu 01 Jun 2023 06:58:54 +0000
asID:                     38283
IP address blocks:        60.247.128.0/17 maxlen: 24
                          211.149.128.0/17 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3 (0x3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=025E2D794E6FFAE295BACE491100E3D18B9C7141
        Validity
            Not Before: Jun  1 07:11:33 2022 GMT
            Not After : Jun  1 06:58:54 2023 GMT
        Subject: CN=0EDF21EC732E654473795970B299D3EF773753EA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:0c:72:02:81:5a:51:27:9f:15:ec:ff:9f:f3:
                    4b:85:9f:9f:af:a6:9f:a5:fa:5e:79:80:e8:bd:ec:
                    15:a3:83:2b:7b:5f:1b:57:a8:2e:99:44:1c:92:ce:
                    2a:0f:1b:ab:df:8d:9e:a9:dd:a6:ed:c6:00:be:93:
                    0b:38:cd:a5:22:fb:d8:ab:3f:46:0e:1f:9d:a6:d0:
                    eb:ef:53:ea:cf:53:9d:c1:9c:2c:6d:b8:ce:73:38:
                    73:02:16:3c:94:7c:08:cf:ee:67:11:a2:80:b1:da:
                    37:9d:a4:38:0f:f5:f8:10:bd:e7:b9:f5:b0:66:f6:
                    88:57:55:c3:27:84:48:2c:bd:bd:0e:67:c8:bd:84:
                    65:22:cb:71:cf:27:17:d1:6b:38:06:65:d8:9b:74:
                    f3:da:7e:15:03:42:bd:4c:7c:63:c4:70:3f:0c:13:
                    f1:bb:d2:14:bc:64:d2:ff:34:91:8a:63:b0:76:4f:
                    f6:d7:91:8f:53:a1:66:28:ad:f2:77:eb:c0:f5:d1:
                    30:c8:04:75:f3:c3:b2:d9:d7:d8:13:01:a4:45:f3:
                    97:9f:a3:36:e8:bd:f3:f8:a8:69:57:41:f9:f4:70:
                    3e:9e:0f:45:0a:b2:5d:5d:58:90:fa:d0:ad:a6:20:
                    6c:39:64:60:7b:a0:21:a5:3e:3f:75:e9:e2:cc:16:
                    76:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:DF:21:EC:73:2E:65:44:73:79:59:70:B2:99:D3:EF:77:37:53:EA
            X509v3 Authority Key Identifier:
                keyid:02:5E:2D:79:4E:6F:FA:E2:95:BA:CE:49:11:00:E3:D1:8B:9C:71:41

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/479/Al4teU5v-uKVus5JEQDj0YuccUE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/Al4teU5v-uKVus5JEQDj0YuccUE.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/479/Dt8h7HMuZURzeVlwspnT73c3U-o.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  60.247.128.0/17
                  211.149.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         90:f9:3b:55:54:b0:2a:9e:f5:b1:fc:a6:e3:f3:a9:5b:8b:9d:
         3f:9f:df:82:70:cc:fc:7e:5f:54:da:f3:14:3a:e5:a5:f5:cd:
         b8:93:b9:75:8d:b9:ae:c8:9b:57:01:32:a7:2d:9c:0a:57:3a:
         5a:48:ab:08:b0:c7:31:eb:39:c7:bd:11:4d:df:77:fc:be:a5:
         ce:e1:85:93:65:c0:66:44:b5:58:23:f7:1c:c5:04:f4:97:e3:
         85:e2:8d:e5:c4:21:34:eb:9e:c3:20:47:a9:7c:63:35:e1:63:
         21:1f:bf:09:dc:70:4e:04:24:6e:0b:86:0e:bb:36:5e:04:39:
         be:40:51:72:3f:26:ed:85:19:f8:d4:30:7d:21:cd:96:d2:dd:
         82:61:14:da:6c:51:77:87:e5:1e:ac:52:e5:8e:b1:3b:8d:eb:
         ec:c9:68:f8:f5:af:4d:9e:52:32:c5:2c:db:db:6e:8c:40:9b:
         d1:7a:37:a7:ef:a3:a0:94:d1:78:1f:57:8d:74:36:44:4c:e9:
         db:10:8c:cc:11:c3:9c:fc:1c:b2:1e:d1:1f:35:6e:2c:60:3b:
         27:44:05:58:14:d5:31:e6:4f:41:c2:d8:74:70:5c:46:36:f5:
         b4:19:6a:f0:8e:c5:bd:8a:73:2d:9b:8e:ec:1a:12:38:2e:20:
         56:93:7b:01
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgIBAzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygwMjVF
MkQ3OTRFNkZGQUUyOTVCQUNFNDkxMTAwRTNEMThCOUM3MTQxMB4XDTIyMDYwMTA3
MTEzM1oXDTIzMDYwMTA2NTg1NFowMzExMC8GA1UEAxMoMEVERjIxRUM3MzJFNjU0
NDczNzk1OTcwQjI5OUQzRUY3NzM3NTNFQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANEMcgKBWlEnnxXs/5/zS4Wfn6+mn6X6XnmA6L3sFaODK3tfG1eo
LplEHJLOKg8bq9+Nnqndpu3GAL6TCzjNpSL72Ks/Rg4fnabQ6+9T6s9TncGcLG24
znM4cwIWPJR8CM/uZxGigLHaN52kOA/1+BC957n1sGb2iFdVwyeESCy9vQ5nyL2E
ZSLLcc8nF9FrOAZl2Jt089p+FQNCvUx8Y8RwPwwT8bvSFLxk0v80kYpjsHZP9teR
j1OhZiit8nfrwPXRMMgEdfPDstnX2BMBpEXzl5+jNui98/ioaVdB+fRwPp4PRQqy
XV1YkPrQraYgbDlkYHugIaU+P3Xp4swWdlUCAwEAAaOCAfcwggHzMB0GA1UdDgQW
BBQO3yHscy5lRHN5WXCymdPvdzdT6jAfBgNVHSMEGDAWgBQCXi15Tm/64pW6zkkR
AOPRi5xxQTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFwGA1UdHwRVMFMwUaBP
oE2GS3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC80Nzkv
QWw0dGVVNXYtdUtWdXM1SkVRRGowWXVjY1VFLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9BbDR0ZVU1di11S1Z1czVKRVFEajBZdWNjVUUuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBnAYIKwYBBQUHAQsEgY8wgYwwVwYIKwYBBQUHMAuGS3JzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC80NzkvRHQ4aDdITXVaVVJ6ZVZs
d3NwblQ3M2MzVS1vLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNubmlj
LmNuL3JyZHAvbm90aWZ5LnhtbDAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAME
Bzz3gAMEB9OVgDANBgkqhkiG9w0BAQsFAAOCAQEAkPk7VVSwKp71sfym4/OpW4ud
P5/fgnDM/H5fVNrzFDrlpfXNuJO5dY25rsibVwEypy2cClc6WkirCLDHMes5x70R
Td93/L6lzuGFk2XAZkS1WCP3HMUE9JfjheKN5cQhNOuewyBHqXxjNeFjIR+/Cdxw
TgQkbguGDrs2XgQ5vkBRcj8m7YUZ+NQwfSHNltLdgmEU2mxRd4flHqxS5Y6xO43r
7Mlo+PWvTZ5SMsUs29tujECb0Xo3p++joJTReB9XjXQ2REzp2xCMzBHDnPwcsh7R
HzVuLGA7J0QFWBTVMeZPQcLYdHBcRjb1tBlq8I7FvYpzLZuO7BoSOC4gVpN7AQ==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:18 2023 by rpki-client on console-ams.rpki-client.org