Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912190F/6CC0F9F447B111E99FCCA059C4F9AE02/995AA100551611E9BDD3CB66C4F9AE02.roa
File:                     995AA100551611E9BDD3CB66C4F9AE02.roa (raw, json)
Hash identifier:          S1puYgMfl+rhLJZsXDef4wN48sGGTp3Vir1AA57s2ts=
Subject key identifier:   48:C1:FA:EB:18:AD:91:F5:B2:32:9B:C6:E5:97:13:34:63:59:14:08
Certificate issuer:       /CN=A912190F/serialNumber=344FB499A6A37D26329AB7D5FF526251098E5DF2
Certificate serial:       0FBE
Authority key identifier: 34:4F:B4:99:A6:A3:7D:26:32:9A:B7:D5:FF:52:62:51:09:8E:5D:F2
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/NE-0maajfSYymrfV_1JiUQmOXfI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912190F/6CC0F9F447B111E99FCCA059C4F9AE02/995AA100551611E9BDD3CB66C4F9AE02.roa
Signing time:             Tue 03 Dec 2024 07:39:48 +0000
ROA not before:           Tue 03 Dec 2024 07:39:48 +0000
ROA not after:            Wed 28 May 2025 00:00:00 +0000
asID:                     138699
IP address blocks:        103.136.220.0/24 maxlen: 24
                          103.136.221.0/24 maxlen: 24
                          103.136.222.0/24 maxlen: 24
                          103.136.223.0/24 maxlen: 24
                          118.26.132.0/24 maxlen: 24
                          2404:9dc0:cd01::/48 maxlen: 48
                          2404:9dc0:cd02::/48 maxlen: 48
                          2404:9dc0:cd03::/48 maxlen: 48
                          2404:9dc0:cd04::/48 maxlen: 48
                          2404:9dc0:cd05::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4030 (0xfbe)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912190F/serialNumber=344FB499A6A37D26329AB7D5FF526251098E5DF2
        Validity
            Not Before: Dec  3 07:39:48 2024 GMT
            Not After : May 28 00:00:00 2025 GMT
        Subject: CN=674eb5c4-43df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:c3:c4:eb:3d:ab:0c:f9:41:66:bd:63:4c:d9:
                    dc:f8:98:8e:b7:7a:05:28:de:09:29:41:78:3a:c4:
                    d5:5a:bb:00:ee:3a:36:72:36:1e:da:a8:17:cd:dc:
                    ca:a3:9b:f9:53:6d:0b:77:b4:19:b2:a1:d3:b0:ec:
                    b3:0e:7a:ff:7f:29:e1:43:86:7f:e4:f5:13:d7:67:
                    d2:66:7c:0c:5e:fa:22:0e:2b:4a:f0:b9:d0:72:24:
                    6d:3d:5c:a4:ef:b8:87:6c:e1:c3:00:42:33:6f:8f:
                    ef:ea:db:4d:e3:f6:4e:23:37:98:f3:5c:64:a4:43:
                    61:62:7a:5c:d9:be:db:17:5d:aa:9a:33:3c:2b:0a:
                    e7:04:3a:fe:9b:fc:e4:ec:9d:18:0f:83:bc:84:26:
                    b7:0a:ef:b4:46:37:c2:01:a3:85:aa:d9:17:84:c6:
                    22:18:e4:82:ec:bf:39:1b:14:71:b5:12:5d:5f:2f:
                    e3:63:29:e3:79:a3:2e:e3:1d:2f:19:e6:6d:c1:7a:
                    bf:ee:e7:cd:2a:70:1c:d5:2b:43:a6:8c:6f:65:8e:
                    c6:8a:27:16:b0:38:4d:90:2a:92:00:c5:5a:8b:97:
                    d5:d1:4f:5a:37:21:31:85:07:38:45:de:54:f4:8d:
                    90:ce:42:88:7c:f8:97:2c:87:bf:da:cf:dd:46:3f:
                    18:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:C1:FA:EB:18:AD:91:F5:B2:32:9B:C6:E5:97:13:34:63:59:14:08
            X509v3 Authority Key Identifier:
                keyid:34:4F:B4:99:A6:A3:7D:26:32:9A:B7:D5:FF:52:62:51:09:8E:5D:F2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912190F/6CC0F9F447B111E99FCCA059C4F9AE02/NE-0maajfSYymrfV_1JiUQmOXfI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/NE-0maajfSYymrfV_1JiUQmOXfI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912190F/6CC0F9F447B111E99FCCA059C4F9AE02/995AA100551611E9BDD3CB66C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.136.220.0/22
                  118.26.132.0/24
                IPv6:
                  2404:9dc0:cd01::-2404:9dc0:cd05:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         c0:2a:ef:e2:6d:70:41:c7:34:b4:e4:73:39:37:23:4f:ef:55:
         f7:90:07:c6:43:33:6f:a1:b3:28:1a:d9:79:67:16:30:3f:3a:
         bb:58:0a:88:89:7d:b3:d5:40:89:3a:ad:e8:a8:a3:6c:b0:af:
         15:da:d4:25:6d:33:3d:fb:0f:eb:68:92:3b:33:de:84:88:39:
         68:4c:e5:81:80:b4:8a:39:58:7f:0b:1f:1e:a5:d6:6d:60:38:
         41:38:83:aa:6b:6e:64:82:12:a3:be:fb:7c:1d:61:12:6d:55:
         2f:fc:a5:5a:83:63:2a:cb:27:5d:df:e3:ef:16:2d:90:48:de:
         5c:f4:2e:7f:c1:34:ac:6f:d0:1c:86:c4:05:a0:cf:4d:9e:96:
         7c:d3:59:dd:6a:1b:73:e0:84:cb:43:c5:de:87:eb:81:a2:c9:
         5d:1d:33:00:42:6e:ff:2d:41:92:af:91:bc:63:52:98:a7:6c:
         54:85:82:79:fe:b6:a5:03:3b:a6:ca:08:31:50:de:08:af:3a:
         80:99:86:25:5b:51:79:78:b3:4e:4d:63:e3:d0:e6:a6:03:6d:
         7d:76:c6:4e:6f:b3:d4:00:c0:32:f8:78:3c:85:c3:e3:69:a1:
         c1:32:c6:93:14:de:14:35:51:e4:f3:0b:73:77:8c:d5:33:2e:
         b5:f2:92:99
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgICD74wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjE5MEYxMTAvBgNVBAUTKDM0NEZCNDk5QTZBMzdEMjYzMjlBQjdENUZGNTI2MjUx
MDk4RTVERjIwHhcNMjQxMjAzMDczOTQ4WhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NzRlYjVjNC00M2RmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAx8PE6z2rDPlBZr1jTNnc+JiOt3oFKN4JKUF4OsTVWrsA7jo2cjYe2qgXzdzK
o5v5U20Ld7QZsqHTsOyzDnr/fynhQ4Z/5PUT12fSZnwMXvoiDitK8LnQciRtPVyk
77iHbOHDAEIzb4/v6ttN4/ZOIzeY81xkpENhYnpc2b7bF12qmjM8KwrnBDr+m/zk
7J0YD4O8hCa3Cu+0RjfCAaOFqtkXhMYiGOSC7L85GxRxtRJdXy/jYynjeaMu4x0v
GeZtwXq/7ufNKnAc1StDpoxvZY7GiicWsDhNkCqSAMVai5fV0U9aNyExhQc4Rd5U
9I2QzkKIfPiXLIe/2s/dRj8YAQIDAQABo4ICtzCCArMwHQYDVR0OBBYEFEjB+usY
rZH1sjKbxuWXEzRjWRQIMB8GA1UdIwQYMBaAFDRPtJmmo30mMpq31f9SYlEJjl3y
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyMTkwRi82Q0MwRjlGNDQ3
QjExMUU5OUZDQ0EwNTlDNEY5QUUwMi9ORS0wbWFhamZTWXltcmZWXzFKaVVRbU9Y
ZkkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL05FLTBtYWFqZlNZeW1yZlZfMUppVVFtT1hmSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjE5MEYvNkNDMEY5RjQ0N0IxMTFFOTlGQ0NBMDU5QzRGOUFFMDIvOTk1QUExMDA1
NTE2MTFFOUJERDNDQjY2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQQYIKwYBBQUHAQcBAf8E
MjAwMBIEAgABMAwDBAJniNwDBAB2GoQwGgQCAAIwFDASAwcAJASdwM0BAwcBJASd
wM0EMA0GCSqGSIb3DQEBCwUAA4IBAQDAKu/ibXBBxzS05HM5NyNP71X3kAfGQzNv
obMoGtl5ZxYwPzq7WAqIiX2z1UCJOq3oqKNssK8V2tQlbTM9+w/raJI7M96EiDlo
TOWBgLSKOVh/Cx8epdZtYDhBOIOqa25kghKjvvt8HWESbVUv/KVag2Mqyydd3+Pv
Fi2QSN5c9C5/wTSsb9AchsQFoM9NnpZ801ndahtz4ITLQ8Xeh+uBosldHTMAQm7/
LUGSr5G8Y1KYp2xUhYJ5/ralAzumyggxUN4IrzqAmYYlW1F5eLNOTWPj0OamA219
dsZOb7PUAMAy+Hg8hcPjaaHBMsaTFN4UNVHk8wtzd4zVMy618pKZ
-----END CERTIFICATE-----