Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A913ACF4/70E3036C99FC11EA96554510C4F9AE02/25E6E72899FE11EAB3E30513C4F9AE02.roa
File:                     25E6E72899FE11EAB3E30513C4F9AE02.roa (raw, json)
Hash identifier:          Z6vRCcxL1bmdrItPmj7qCyzvetl7oMIALv4P0w4CxB8=
Subject key identifier:   D2:BD:5E:E4:1B:B1:D8:35:E4:71:D2:DB:19:F4:91:D6:18:4A:B8:DC
Certificate issuer:       /CN=A913ACF4/serialNumber=387BDCF8E947A1A04E2F4387FBDF70654A44D1BD
Certificate serial:       090D
Authority key identifier: 38:7B:DC:F8:E9:47:A1:A0:4E:2F:43:87:FB:DF:70:65:4A:44:D1:BD
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OHvc-OlHoaBOL0OH-99wZUpE0b0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A913ACF4/70E3036C99FC11EA96554510C4F9AE02/25E6E72899FE11EAB3E30513C4F9AE02.roa
Signing time:             Mon 20 Jan 2025 20:19:37 +0000
ROA not before:           Mon 20 Jan 2025 20:19:37 +0000
ROA not after:            Tue 31 Mar 2026 00:00:00 +0000
asID:                     137419
IP address blocks:        103.107.228.0/24 maxlen: 24
                          103.107.229.0/24 maxlen: 24
                          103.107.230.0/24 maxlen: 24
                          103.107.231.0/24 maxlen: 24
                          2402:5fc0::/32 maxlen: 32
                          2402:5fc0:1::/48 maxlen: 48
                          2402:5fc0:2::/48 maxlen: 48
                          2402:5fc0:3::/48 maxlen: 48
                          2402:5fc0:4::/48 maxlen: 48
                          2402:5fc0:5::/48 maxlen: 48
                          2402:5fc0:6::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2317 (0x90d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A913ACF4/serialNumber=387BDCF8E947A1A04E2F4387FBDF70654A44D1BD
        Validity
            Not Before: Jan 20 20:19:37 2025 GMT
            Not After : Mar 31 00:00:00 2026 GMT
        Subject: CN=678eafd8-1522
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:42:fb:a4:59:29:23:02:ca:a7:fc:d3:b0:d5:
                    7e:ef:a2:6e:7b:ad:b8:4f:45:de:b9:e7:1d:c7:0d:
                    31:4c:7c:3e:3c:a2:9a:21:98:c0:36:6b:54:98:9c:
                    05:3c:a9:13:e8:98:14:e6:87:ed:94:64:40:2a:c6:
                    f3:2d:87:35:c5:e0:6a:88:1b:19:ce:6e:72:44:7a:
                    1a:2b:05:2d:36:b5:cf:fd:f0:b9:b7:9c:5e:3e:d0:
                    9a:9c:4d:a0:9d:7b:a6:9e:a3:32:76:62:b1:0d:18:
                    8b:be:ea:0b:d5:90:31:f8:f9:35:b5:ea:23:81:e9:
                    26:3c:fb:03:bd:90:9a:4e:41:c8:84:03:dc:13:0a:
                    8e:be:d2:81:24:9f:a6:29:eb:a6:b3:82:1b:ee:7e:
                    ed:1b:48:0a:8d:44:a9:23:bb:b8:84:13:9b:9a:7a:
                    19:a1:dd:0a:f7:a2:95:53:d2:4f:c2:91:5a:d6:75:
                    75:9c:18:9d:7e:ae:2e:c4:6c:7c:8a:b1:b2:1a:84:
                    ae:8f:6b:b1:79:78:3b:96:b1:b6:23:82:34:26:f3:
                    08:32:5a:ef:b7:eb:6f:43:55:05:1f:1a:da:00:2f:
                    1e:72:72:06:de:81:a4:e4:a2:cf:b0:9f:9c:64:42:
                    a4:81:0e:f4:bf:93:66:6d:00:d1:de:26:34:46:d7:
                    63:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:BD:5E:E4:1B:B1:D8:35:E4:71:D2:DB:19:F4:91:D6:18:4A:B8:DC
            X509v3 Authority Key Identifier:
                keyid:38:7B:DC:F8:E9:47:A1:A0:4E:2F:43:87:FB:DF:70:65:4A:44:D1:BD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A913ACF4/70E3036C99FC11EA96554510C4F9AE02/OHvc-OlHoaBOL0OH-99wZUpE0b0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OHvc-OlHoaBOL0OH-99wZUpE0b0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A913ACF4/70E3036C99FC11EA96554510C4F9AE02/25E6E72899FE11EAB3E30513C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.107.228.0/22
                IPv6:
                  2402:5fc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         56:58:0d:b1:f2:28:d9:4c:fe:53:91:f8:b6:fb:64:2e:8b:54:
         39:ff:66:0b:01:9a:69:05:70:52:76:f0:d0:a1:01:fd:fe:4e:
         5e:49:99:a4:70:6a:fa:1f:8c:62:06:51:64:31:c0:6e:b2:3c:
         4b:ca:bb:54:10:d8:88:e6:60:2e:88:f8:d6:c1:83:e3:63:ba:
         d6:b4:aa:82:c8:c1:62:ab:80:54:c0:52:89:84:89:9f:8d:13:
         3b:31:c7:ad:a6:77:fa:d0:e5:52:69:fd:83:2e:ae:f1:d5:5e:
         2d:1e:11:af:0a:05:ab:cf:44:94:1c:1a:01:32:30:1d:44:cf:
         01:47:cf:b2:31:9c:8e:1d:6e:83:35:fc:84:93:be:ac:5b:89:
         16:6e:25:21:2b:ed:b8:30:3d:a4:cc:d7:86:5d:4c:d8:d9:74:
         01:31:20:13:c4:70:c7:1b:81:03:e4:d8:3b:af:86:a3:82:47:
         87:09:06:ff:04:d4:00:a0:10:ea:56:bf:c1:15:a0:bd:4e:23:
         ad:3b:2e:75:cc:90:20:c9:e0:47:38:4b:6b:ca:0c:c9:53:c9:
         23:45:b6:2e:6e:42:7a:4f:66:7b:e9:15:18:31:e4:52:5a:f4:
         07:d9:3a:37:ad:b1:e7:ec:c9:c1:88:b6:c6:cb:9b:0f:be:05:
         7c:37:c8:af
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICCQ0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
M0FDRjQxMTAvBgNVBAUTKDM4N0JEQ0Y4RTk0N0ExQTA0RTJGNDM4N0ZCREY3MDY1
NEE0NEQxQkQwHhcNMjUwMTIwMjAxOTM3WhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzhlYWZkOC0xNTIyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA9kL7pFkpIwLKp/zTsNV+76Jue624T0Xeuecdxw0xTHw+PKKaIZjANmtUmJwF
PKkT6JgU5oftlGRAKsbzLYc1xeBqiBsZzm5yRHoaKwUtNrXP/fC5t5xePtCanE2g
nXumnqMydmKxDRiLvuoL1ZAx+Pk1teojgekmPPsDvZCaTkHIhAPcEwqOvtKBJJ+m
Keums4Ib7n7tG0gKjUSpI7u4hBObmnoZod0K96KVU9JPwpFa1nV1nBidfq4uxGx8
irGyGoSuj2uxeXg7lrG2I4I0JvMIMlrvt+tvQ1UFHxraAC8ecnIG3oGk5KLPsJ+c
ZEKkgQ70v5NmbQDR3iY0RtdjHwIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFNK9XuQb
sdg15HHS2xn0kdYYSrjcMB8GA1UdIwQYMBaAFDh73PjpR6GgTi9Dh/vfcGVKRNG9
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzQUNGNC83MEUzMDM2Qzk5
RkMxMUVBOTY1NTQ1MTBDNEY5QUUwMi9PSHZjLU9sSG9hQk9MME9ILTk5d1pVcEUw
YjAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09IdmMtT2xIb2FCT0wwT0gtOTl3WlVwRTBiMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
M0FDRjQvNzBFMzAzNkM5OUZDMTFFQTk2NTU0NTEwQzRGOUFFMDIvMjVFNkU3Mjg5
OUZFMTFFQUIzRTMwNTEzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJna+QwDQQCAAIwBwMFACQCX8AwDQYJKoZIhvcNAQELBQAD
ggEBAFZYDbHyKNlM/lOR+Lb7ZC6LVDn/ZgsBmmkFcFJ28NChAf3+Tl5JmaRwavof
jGIGUWQxwG6yPEvKu1QQ2IjmYC6I+NbBg+Njuta0qoLIwWKrgFTAUomEiZ+NEzsx
x62md/rQ5VJp/YMurvHVXi0eEa8KBavPRJQcGgEyMB1EzwFHz7IxnI4dboM1/IST
vqxbiRZuJSEr7bgwPaTM14ZdTNjZdAExIBPEcMcbgQPk2DuvhqOCR4cJBv8E1ACg
EOpWv8EVoL1OI607LnXMkCDJ4Ec4S2vKDMlTySNFti5uQnpPZnvpFRgx5FJa9AfZ
OjetsefsycGItsbLmw++BXw3yK8=
-----END CERTIFICATE-----