Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/7CE3C06CDBD211EF80FBB936C4F9AE02.roa
File:                     7CE3C06CDBD211EF80FBB936C4F9AE02.roa (raw, json)
Hash identifier:          gfp+AQsQbjgKZtwpy8CGwR4KvJPk+7hjn5oRUytsDgc=
Subject key identifier:   54:E6:A0:85:7E:70:8E:30:61:64:EF:16:8B:BC:01:F7:28:F7:B0:01
Certificate issuer:       /CN=A915A0CD/serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Certificate serial:       0C1D
Authority key identifier: 38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/7CE3C06CDBD211EF80FBB936C4F9AE02.roa
Signing time:             Sun 26 Jan 2025 10:44:16 +0000
ROA not before:           Sun 26 Jan 2025 10:44:16 +0000
ROA not after:            Tue 30 Sep 2025 00:00:00 +0000
asID:                     208485
IP address blocks:        14.192.138.0/24 maxlen: 24
                          14.192.139.0/24 maxlen: 24
                          14.192.143.0/24 maxlen: 24
                          14.192.158.0/24 maxlen: 24
                          43.247.123.0/24 maxlen: 24
                          103.20.133.0/24 maxlen: 24
                          103.20.135.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3101 (0xc1d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A915A0CD/serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
        Validity
            Not Before: Jan 26 10:44:16 2025 GMT
            Not After : Sep 30 00:00:00 2025 GMT
        Subject: CN=679611ff-f4ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:51:fc:9b:25:9d:71:78:ce:90:b2:48:75:7a:
                    15:e2:48:ff:7d:09:2f:9c:d6:d7:33:c2:b3:1d:75:
                    fe:46:d1:62:d2:93:ba:78:7f:5f:de:d3:65:33:5a:
                    42:70:d6:69:f3:3f:22:90:6f:26:e9:50:95:53:aa:
                    bd:73:88:4f:40:e3:a4:94:4f:ee:76:ba:ec:ce:d2:
                    8b:21:d8:73:bd:5c:91:1b:10:76:56:cb:81:26:e7:
                    49:1c:13:a3:9f:d7:a3:cd:65:90:69:36:b5:c5:3b:
                    f1:63:05:82:54:65:9a:2f:c0:bf:0b:d9:ba:48:0c:
                    2e:4a:b4:f7:61:14:11:70:4c:9c:9e:34:2e:b6:69:
                    b1:1c:9e:79:20:bb:35:2f:de:07:b9:27:31:86:68:
                    7c:66:40:f3:62:91:95:02:c6:14:59:73:44:0c:e8:
                    44:87:43:a6:eb:57:b3:3b:a1:13:e8:c4:37:a7:4a:
                    df:f4:b0:fc:a0:ab:86:d5:f8:5e:13:3c:f9:cb:33:
                    e1:c5:e5:33:dd:b7:e3:cc:e6:1d:59:1a:b9:c5:8a:
                    2a:7b:cf:7a:46:80:13:a6:e5:cc:ee:99:6b:0e:b7:
                    eb:77:de:d7:7f:b1:e7:0c:e7:80:c7:87:bb:81:e4:
                    a8:af:78:80:c1:c4:af:2f:66:5d:0e:72:eb:2a:63:
                    07:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:E6:A0:85:7E:70:8E:30:61:64:EF:16:8B:BC:01:F7:28:F7:B0:01
            X509v3 Authority Key Identifier:
                keyid:38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/7CE3C06CDBD211EF80FBB936C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.192.138.0/23
                  14.192.143.0/24
                  14.192.158.0/24
                  43.247.123.0/24
                  103.20.133.0/24
                  103.20.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:80:f8:04:7e:90:64:8c:26:68:f6:da:30:72:d1:f6:68:a0:
         c0:d2:6b:36:b9:55:f8:bb:e0:1d:f1:30:85:89:4a:50:84:82:
         00:58:b5:2e:2f:88:b3:91:c4:be:ad:d4:cb:56:e7:d1:cc:ba:
         3e:63:ba:90:69:3d:c6:07:42:22:d5:e7:67:e3:99:b2:60:51:
         f9:33:30:9d:fc:34:99:48:dc:52:0a:1e:c3:2c:3f:d9:09:1d:
         3f:e2:d3:0e:7b:df:f0:7c:7c:51:e1:fe:7a:dc:dd:27:17:dd:
         13:23:af:c1:3e:9b:ab:70:c8:07:9c:7b:a9:eb:8f:b3:55:0b:
         85:89:cc:3b:81:75:81:1b:94:63:c4:0a:02:5b:f2:29:32:a4:
         33:e4:db:aa:18:38:31:ca:4c:21:3f:b1:54:a0:34:00:15:32:
         0e:8f:05:e6:42:df:24:e6:4f:a3:8c:88:1f:ba:a7:ca:3c:c4:
         01:ea:03:52:6b:be:44:62:a6:ce:d8:9f:c4:88:25:05:64:dc:
         e9:c9:d1:d0:6d:89:d6:59:66:99:42:0b:1e:5a:46:b9:8f:56:
         48:82:74:1a:05:5a:0c:0a:60:6a:1f:d9:34:17:46:83:00:8d:
         29:5d:89:18:f3:15:88:2a:2a:12:c8:ad:60:c0:5c:47:73:6f:
         55:25:41:72
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgICDB0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUEwQ0QxMTAvBgNVBAUTKDM4MTkzNzIwODIxRTA3RDY5MThFM0E3OUZCRTA4MjND
NjczMkUyNjQwHhcNMjUwMTI2MTA0NDE2WhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02Nzk2MTFmZi1mNGVhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAz1H8myWdcXjOkLJIdXoV4kj/fQkvnNbXM8KzHXX+RtFi0pO6eH9f3tNlM1pC
cNZp8z8ikG8m6VCVU6q9c4hPQOOklE/udrrsztKLIdhzvVyRGxB2VsuBJudJHBOj
n9ejzWWQaTa1xTvxYwWCVGWaL8C/C9m6SAwuSrT3YRQRcEycnjQutmmxHJ55ILs1
L94HuScxhmh8ZkDzYpGVAsYUWXNEDOhEh0Om61ezO6ET6MQ3p0rf9LD8oKuG1fhe
Ezz5yzPhxeUz3bfjzOYdWRq5xYoqe896RoATpuXM7plrDrfrd97Xf7HnDOeAx4e7
geSor3iAwcSvL2ZdDnLrKmMHMwIDAQABo4ICszCCAq8wHQYDVR0OBBYEFFTmoIV+
cI4wYWTvFou8Afco97ABMB8GA1UdIwQYMBaAFDgZNyCCHgfWkY46efvggjxnMuJk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QTBDRC80NjcyM0YxRTg5
RUMxMUVBODFDMDRGMUVDNEY5QUUwMi9PQmszSUlJZUI5YVJqanA1LS1DQ1BHY3k0
bVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09CazNJSUllQjlhUmpqcDUtLUNDUEdjeTRtUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUEwQ0QvNDY3MjNGMUU4OUVDMTFFQTgxQzA0RjFFQzRGOUFFMDIvN0NFM0MwNkNE
QkQyMTFFRjgwRkJCOTM2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPQYIKwYBBQUHAQcBAf8E
LjAsMCoEAgABMCQDBAEOwIoDBAAOwI8DBAAOwJ4DBAAr93sDBABnFIUDBABnFIcw
DQYJKoZIhvcNAQELBQADggEBABqA+AR+kGSMJmj22jBy0fZooMDSaza5Vfi74B3x
MIWJSlCEggBYtS4viLORxL6t1MtW59HMuj5jupBpPcYHQiLV52fjmbJgUfkzMJ38
NJlI3FIKHsMsP9kJHT/i0w573/B8fFHh/nrc3ScX3RMjr8E+m6twyAece6nrj7NV
C4WJzDuBdYEblGPECgJb8ikypDPk26oYODHKTCE/sVSgNAAVMg6PBeZC3yTmT6OM
iB+6p8o8xAHqA1JrvkRips7Yn8SIJQVk3OnJ0dBtidZZZplCCx5aRrmPVkiCdBoF
WgwKYGof2TQXRoMAjSldiRjzFYgqKhLIrWDAXEdzb1UlQXI=
-----END CERTIFICATE-----