Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/513/Y3tPQxkzUarIeWm_f419h7dJEDs.roa
File:                     Y3tPQxkzUarIeWm_f419h7dJEDs.roa (raw, json)
Hash identifier:          mOHConPBgysQ5ty9mBDBubwaR39bWKFjRcbV3QbqmuE=
Subject key identifier:   63:7B:4F:43:19:33:51:AA:C8:79:69:BF:7F:8D:7D:87:B7:49:10:3B
Certificate issuer:       /CN=EFCA4677F321F4DF2317391F98E223646745E7EE
Certificate serial:       0843
Authority key identifier: EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/Y3tPQxkzUarIeWm_f419h7dJEDs.roa
Signing time:             Sun 09 Jul 2023 15:03:45 +0000
ROA not before:           Sun 09 Jul 2023 15:03:45 +0000
ROA not after:            Fri 07 Jun 2024 02:16:11 +0000
asID:                     996
IP address blocks:        112.75.136.0/22 maxlen: 24
                          112.75.144.0/22 maxlen: 24
                          112.75.152.0/22 maxlen: 24
                          112.75.160.0/22 maxlen: 24
                          112.75.168.0/22 maxlen: 24
                          112.75.176.0/22 maxlen: 24
                          112.75.184.0/22 maxlen: 24
                          112.75.200.0/22 maxlen: 24
                          112.75.208.0/22 maxlen: 24
                          112.75.216.0/22 maxlen: 24
                          112.75.224.0/22 maxlen: 24
                          112.75.232.0/22 maxlen: 24
                          112.75.240.0/22 maxlen: 24
                          112.75.248.0/22 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2115 (0x843)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=EFCA4677F321F4DF2317391F98E223646745E7EE
        Validity
            Not Before: Jul  9 15:03:45 2023 GMT
            Not After : Jun  7 02:16:11 2024 GMT
        Subject: CN=637B4F43193351AAC87969BF7F8D7D87B749103B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:1a:b3:5d:cc:c2:d2:bf:a3:eb:63:b5:1a:80:
                    b8:b6:91:94:12:ed:a4:1b:d5:86:e9:dc:b4:ef:ad:
                    1c:ab:2d:33:05:d8:5e:5a:97:51:4f:d5:a1:95:1b:
                    e1:79:0c:21:af:4e:cc:01:27:3e:30:5b:7d:c6:00:
                    8f:88:56:a4:83:d9:c5:af:3f:f8:5a:26:b3:cd:42:
                    e5:70:00:48:49:4f:14:dd:af:86:d1:a6:42:68:5d:
                    a3:6c:47:3f:fb:b0:ce:09:f8:24:8b:df:06:fc:27:
                    98:98:2e:ae:f2:b8:89:66:6a:96:07:9d:5e:0d:ad:
                    4f:19:83:74:83:d4:40:6b:ef:6a:0d:6d:38:24:3b:
                    d1:3e:0d:cf:c4:69:1a:3c:4d:01:f9:9f:45:0f:4a:
                    db:5b:58:d8:17:25:a6:80:d8:5b:c7:5f:29:6e:8e:
                    f9:65:81:ba:fe:6b:77:f5:fb:b3:61:c5:18:b2:f1:
                    42:ff:da:67:3b:d1:2e:a6:f6:b7:67:f4:06:58:8e:
                    f8:54:fc:cb:62:5e:6b:4b:7b:48:c7:fe:4b:73:33:
                    bb:8d:4c:67:4c:49:30:0d:75:37:bb:55:01:47:a2:
                    50:05:33:07:06:87:f7:6d:01:b4:d8:b8:05:19:bc:
                    cb:37:9b:91:c3:52:dd:fe:46:89:54:05:17:e1:8c:
                    34:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:7B:4F:43:19:33:51:AA:C8:79:69:BF:7F:8D:7D:87:B7:49:10:3B
            X509v3 Authority Key Identifier:
                keyid:EF:CA:46:77:F3:21:F4:DF:23:17:39:1F:98:E2:23:64:67:45:E7:EE

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/78pGd_Mh9N8jFzkfmOIjZGdF5-4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/78pGd_Mh9N8jFzkfmOIjZGdF5-4.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/513/Y3tPQxkzUarIeWm_f419h7dJEDs.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  112.75.136.0/22
                  112.75.144.0/22
                  112.75.152.0/22
                  112.75.160.0/22
                  112.75.168.0/22
                  112.75.176.0/22
                  112.75.184.0/22
                  112.75.200.0/22
                  112.75.208.0/22
                  112.75.216.0/22
                  112.75.224.0/22
                  112.75.232.0/22
                  112.75.240.0/22
                  112.75.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         db:a6:80:27:bf:00:3e:06:bf:d7:a7:95:05:40:04:cf:f4:5c:
         a6:b3:ed:0b:87:ea:ac:9e:ac:e1:39:51:55:2d:60:a0:c5:3f:
         4a:80:25:be:a8:a3:8b:a2:1b:9f:c7:af:23:bb:ff:f6:c9:90:
         66:f8:2a:a9:76:2b:4a:88:5e:91:4b:8d:46:6f:ab:ee:96:5b:
         b8:d2:66:b2:cd:fb:7c:66:bf:ec:ae:7b:1d:00:83:87:62:25:
         fa:04:a3:f6:5b:86:1a:81:da:37:c7:57:32:16:af:03:8c:c9:
         f2:47:3e:14:9d:91:29:80:2e:01:fc:7b:28:c1:75:03:17:f4:
         d2:17:3b:49:33:37:be:8d:3b:e2:f5:be:2d:78:10:4f:48:55:
         94:77:f5:e0:73:30:66:22:f8:bf:0a:22:b7:bc:22:d7:80:36:
         9f:13:2b:c8:51:31:19:29:32:09:56:46:a8:bc:10:7a:bf:f6:
         e9:7d:10:16:23:cb:a2:cd:02:76:d6:94:31:3d:30:aa:78:b7:
         f9:f6:63:7c:db:c8:55:ce:19:0b:65:a3:e2:04:ec:aa:3a:19:
         6a:4f:ee:a0:19:6b:6b:ef:f7:64:7f:25:34:61:f2:9f:45:01:
         73:09:00:9e:9a:63:f4:35:6b:fc:fc:d8:ad:8f:47:04:e8:de:
         31:fd:ac:fd
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgICCEMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUZD
QTQ2NzdGMzIxRjRERjIzMTczOTFGOThFMjIzNjQ2NzQ1RTdFRTAeFw0yMzA3MDkx
NTAzNDVaFw0yNDA2MDcwMjE2MTFaMDMxMTAvBgNVBAMTKDYzN0I0RjQzMTkzMzUx
QUFDODc5NjlCRjdGOEQ3RDg3Qjc0OTEwM0IwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+GrNdzMLSv6PrY7UagLi2kZQS7aQb1Ybp3LTvrRyrLTMF2F5a
l1FP1aGVG+F5DCGvTswBJz4wW33GAI+IVqSD2cWvP/haJrPNQuVwAEhJTxTdr4bR
pkJoXaNsRz/7sM4J+CSL3wb8J5iYLq7yuIlmapYHnV4NrU8Zg3SD1EBr72oNbTgk
O9E+Dc/EaRo8TQH5n0UPSttbWNgXJaaA2FvHXylujvllgbr+a3f1+7NhxRiy8UL/
2mc70S6m9rdn9AZYjvhU/MtiXmtLe0jH/ktzM7uNTGdMSTANdTe7VQFHolAFMwcG
h/dtAbTYuAUZvMs3m5HDUt3+RolUBRfhjDQdAgMBAAGjggI/MIICOzAdBgNVHQ4E
FgQUY3tPQxkzUarIeWm/f419h7dJEDswHwYDVR0jBBgwFoAU78pGd/Mh9N8jFzkf
mOIjZGdF5+4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEz
Lzc4cEdkX01oOU44akZ6a2ZtT0lqWkdkRjUtNC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvNzhwR2RfTWg5TjhqRnprZm1PSWpaR2RGNS00LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTEzL1kzdFBReGt6VWFySWVX
bV9mNDE5aDdkSkVEcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwbQYIKwYBBQUHAQcBAf8EXjBcMFoEAgABMFQD
BAJwS4gDBAJwS5ADBAJwS5gDBAJwS6ADBAJwS6gDBAJwS7ADBAJwS7gDBAJwS8gD
BAJwS9ADBAJwS9gDBAJwS+ADBAJwS+gDBAJwS/ADBAJwS/gwDQYJKoZIhvcNAQEL
BQADggEBANumgCe/AD4Gv9enlQVABM/0XKaz7QuH6qyerOE5UVUtYKDFP0qAJb6o
o4uiG5/HryO7//bJkGb4Kql2K0qIXpFLjUZvq+6WW7jSZrLN+3xmv+yuex0Ag4di
JfoEo/ZbhhqB2jfHVzIWrwOMyfJHPhSdkSmALgH8eyjBdQMX9NIXO0kzN76NO+L1
vi14EE9IVZR39eBzMGYi+L8KIre8IteANp8TK8hRMRkpMglWRqi8EHq/9ul9EBYj
y6LNAnbWlDE9MKp4t/n2Y3zbyFXOGQtlo+IE7Ko6GWpP7qAZa2vv92R/JTRh8p9F
AXMJAJ6aY/Q1a/z82K2PRwTo3jH9rP0=
-----END CERTIFICATE-----