Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912FC73/0144CDF89F3411EC9CEBC670C4F9AE02/905CF618B08F11EF8E3C4F2FC4F9AE02.roa
File:                     905CF618B08F11EF8E3C4F2FC4F9AE02.roa (raw, json)
Hash identifier:          yowL5uXH/m3aHAzbLItFcCak4GBLBtf0iVXVNGUitfQ=
Subject key identifier:   4A:E7:96:9F:55:89:79:E6:AD:81:30:2F:23:45:6C:7D:B0:BA:1D:F8
Certificate issuer:       /CN=A912FC73/serialNumber=CEE41601EEA9F51B3525DA55DD4AC95CEFAF5ABC
Certificate serial:       0411
Authority key identifier: CE:E4:16:01:EE:A9:F5:1B:35:25:DA:55:DD:4A:C9:5C:EF:AF:5A:BC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/zuQWAe6p9Rs1JdpV3UrJXO-vWrw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912FC73/0144CDF89F3411EC9CEBC670C4F9AE02/905CF618B08F11EF8E3C4F2FC4F9AE02.roa
Signing time:             Mon 02 Dec 2024 09:26:52 +0000
ROA not before:           Mon 02 Dec 2024 09:26:52 +0000
ROA not after:            Tue 30 Dec 2025 00:00:00 +0000
asID:                     7029
IP address blocks:        113.20.48.0/22 maxlen: 22
                          113.20.52.0/22 maxlen: 22
                          113.20.56.0/22 maxlen: 22
                          113.20.60.0/22 maxlen: 22
                          223.29.128.0/22 maxlen: 22
                          223.29.132.0/22 maxlen: 22
                          223.29.136.0/22 maxlen: 22
                          223.29.140.0/22 maxlen: 22
                          223.29.144.0/22 maxlen: 22
                          223.29.148.0/22 maxlen: 22
                          223.29.152.0/22 maxlen: 22
                          223.29.156.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1041 (0x411)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912FC73/serialNumber=CEE41601EEA9F51B3525DA55DD4AC95CEFAF5ABC
        Validity
            Not Before: Dec  2 09:26:52 2024 GMT
            Not After : Dec 30 00:00:00 2025 GMT
        Subject: CN=674d7d5c-0081
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:dc:34:a0:fb:75:e9:90:4a:ad:31:05:01:0b:
                    9b:46:93:b6:eb:08:51:f4:eb:3b:1c:18:f3:11:63:
                    ab:54:64:f7:bf:25:cc:96:5d:52:38:6c:ad:c4:da:
                    91:b5:4c:86:d3:71:5f:1c:c8:c2:f9:10:ea:de:28:
                    a8:33:78:33:8b:ff:13:e9:1d:83:58:02:71:d5:2a:
                    cc:c7:d9:29:75:79:25:66:53:a1:17:fa:04:11:72:
                    7d:1d:ce:ea:18:c8:50:6c:24:53:9a:0a:02:2b:e0:
                    21:b6:e6:f0:df:e3:bd:36:95:56:07:bd:e9:0a:c3:
                    7f:d4:b8:0c:39:cd:5d:29:78:fd:24:c5:d8:7d:e9:
                    58:7a:41:34:b1:12:4f:f7:87:ee:81:99:dc:93:06:
                    50:ae:ab:a1:b9:13:7a:b5:cf:de:7d:33:14:92:ba:
                    1b:8c:0d:98:6a:35:19:e3:19:df:08:8e:df:72:d8:
                    1f:b3:05:82:ea:dd:d9:fb:44:6f:c1:b5:a8:d2:6f:
                    e1:ab:d4:b4:4e:1e:38:a1:59:f9:9c:02:cf:48:5f:
                    04:67:96:11:b4:27:55:4b:da:8d:3e:e7:e7:97:1a:
                    a9:59:bc:f4:3d:72:59:d7:cf:17:07:71:91:1b:51:
                    0a:4d:71:3d:0b:b6:84:96:f8:af:33:37:0e:16:af:
                    9b:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:E7:96:9F:55:89:79:E6:AD:81:30:2F:23:45:6C:7D:B0:BA:1D:F8
            X509v3 Authority Key Identifier:
                keyid:CE:E4:16:01:EE:A9:F5:1B:35:25:DA:55:DD:4A:C9:5C:EF:AF:5A:BC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912FC73/0144CDF89F3411EC9CEBC670C4F9AE02/zuQWAe6p9Rs1JdpV3UrJXO-vWrw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/zuQWAe6p9Rs1JdpV3UrJXO-vWrw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912FC73/0144CDF89F3411EC9CEBC670C4F9AE02/905CF618B08F11EF8E3C4F2FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  113.20.48.0/20
                  223.29.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         1a:16:e1:58:c3:1c:d2:54:38:ae:7f:14:29:e4:0b:f1:5f:88:
         23:c5:2f:48:83:88:35:4f:0c:74:ca:e7:d1:ec:40:91:a3:70:
         31:13:e8:81:db:41:e6:e8:d9:0e:64:32:9a:0a:d6:68:b9:3a:
         cb:44:b1:62:32:8d:27:3f:f4:ac:e2:93:d7:d9:1d:09:b4:88:
         d3:11:34:99:b6:a1:58:fe:92:9f:e0:0e:00:4c:e0:73:62:eb:
         7e:22:9c:d7:ac:d3:94:66:07:bb:d3:f2:7a:8f:41:06:94:4c:
         b6:7f:9f:69:b3:b0:aa:43:0a:cd:a6:47:c9:4f:34:9c:2e:aa:
         0c:f4:b1:9e:3a:8d:34:c7:21:d9:38:b0:31:5f:d8:f0:ac:63:
         37:3d:ab:c8:56:ec:79:d3:dc:a1:4f:82:8c:57:dc:53:22:08:
         72:4f:7e:12:1b:e2:5e:ea:ce:a3:00:3f:b6:34:f8:e2:ff:62:
         34:84:15:ba:97:16:3d:78:5a:3b:f1:98:b0:db:dc:a8:15:30:
         01:6b:5b:f4:1c:62:aa:75:fe:90:7d:aa:a4:43:93:54:03:04:
         16:b6:f1:14:e5:43:e1:a9:52:f3:51:b4:48:cd:77:d7:3f:85:
         42:07:60:14:5d:ba:b5:39:99:2a:f5:6b:7e:4c:60:4b:32:75:
         57:b9:76:d7
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICBBEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MkZDNzMxMTAvBgNVBAUTKENFRTQxNjAxRUVBOUY1MUIzNTI1REE1NURENEFDOTVD
RUZBRjVBQkMwHhcNMjQxMjAyMDkyNjUyWhcNMjUxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzRkN2Q1Yy0wMDgxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3Nw0oPt16ZBKrTEFAQubRpO26whR9Os7HBjzEWOrVGT3vyXMll1SOGytxNqR
tUyG03FfHMjC+RDq3iioM3gzi/8T6R2DWAJx1SrMx9kpdXklZlOhF/oEEXJ9Hc7q
GMhQbCRTmgoCK+Ahtubw3+O9NpVWB73pCsN/1LgMOc1dKXj9JMXYfelYekE0sRJP
94fugZnckwZQrquhuRN6tc/efTMUkrobjA2YajUZ4xnfCI7fctgfswWC6t3Z+0Rv
wbWo0m/hq9S0Th44oVn5nALPSF8EZ5YRtCdVS9qNPufnlxqpWbz0PXJZ188XB3GR
G1EKTXE9C7aElvivMzcOFq+bkwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFErnlp9V
iXnmrYEwLyNFbH2wuh34MB8GA1UdIwQYMBaAFM7kFgHuqfUbNSXaVd1KyVzvr1q8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyRkM3My8wMTQ0Q0RGODlG
MzQxMUVDOUNFQkM2NzBDNEY5QUUwMi96dVFXQWU2cDlSczFKZHBWM1VySlhPLXZX
cncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3p1UVdBZTZwOVJzMUpkcFYzVXJKWE8tdldydy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MkZDNzMvMDE0NENERjg5RjM0MTFFQzlDRUJDNjcwQzRGOUFFMDIvOTA1Q0Y2MThC
MDhGMTFFRjhFM0M0RjJGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBARxFDADBAXfHYAwDQYJKoZIhvcNAQELBQADggEBABoW4VjD
HNJUOK5/FCnkC/FfiCPFL0iDiDVPDHTK59HsQJGjcDET6IHbQebo2Q5kMpoK1mi5
OstEsWIyjSc/9Kzik9fZHQm0iNMRNJm2oVj+kp/gDgBM4HNi634inNes05RmB7vT
8nqPQQaUTLZ/n2mzsKpDCs2mR8lPNJwuqgz0sZ46jTTHIdk4sDFf2PCsYzc9q8hW
7HnT3KFPgoxX3FMiCHJPfhIb4l7qzqMAP7Y0+OL/YjSEFbqXFj14WjvxmLDb3KgV
MAFrW/QcYqp1/pB9qqRDk1QDBBa28RTlQ+GpUvNRtEjNd9c/hUIHYBRdurU5mSr1
a35MYEsydVe5dtc=
-----END CERTIFICATE-----