Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91795CA/63473756980611EBA87E2765C4F9AE02/2B8D76AE9BB711EBBB7BA02BC4F9AE02.roa
File:                     2B8D76AE9BB711EBBB7BA02BC4F9AE02.roa (raw, json)
Hash identifier:          GBv0Bwrza6PzeZcBlfUxDT4tM9xuaZtoH+l5x8EcaKE=
Subject key identifier:   29:E8:23:3A:11:28:4F:B2:65:43:09:62:E6:97:46:B2:59:C1:D2:52
Certificate issuer:       /CN=A91795CA/serialNumber=917915195C971AB441FDDEDE6FF3CD372E754CB5
Certificate serial:       0568
Authority key identifier: 91:79:15:19:5C:97:1A:B4:41:FD:DE:DE:6F:F3:CD:37:2E:75:4C:B5
Authority info access:    rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/kXkVGVyXGrRB_d7eb_PNNy51TLU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91795CA/63473756980611EBA87E2765C4F9AE02/2B8D76AE9BB711EBBB7BA02BC4F9AE02.roa
Signing time:             Wed 01 May 2024 01:03:23 +0000
ROA not before:           Wed 01 May 2024 01:03:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     141995
IP address blocks:        194.233.64.0/22 maxlen: 22
                          194.233.68.0/22 maxlen: 22
                          194.233.72.0/22 maxlen: 22
                          194.233.76.0/22 maxlen: 22
                          194.233.80.0/22 maxlen: 22
                          194.233.84.0/22 maxlen: 22
                          194.233.88.0/22 maxlen: 22
                          194.233.92.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1384 (0x568)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91795CA/serialNumber=917915195C971AB441FDDEDE6FF3CD372E754CB5
        Validity
            Not Before: May  1 01:03:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=663194db-89db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:41:28:28:f1:95:29:75:3d:54:c6:d5:ff:0b:
                    30:b9:48:4d:95:f9:c7:7b:6d:3f:9c:58:04:45:b0:
                    09:21:69:e4:14:3e:14:ba:06:36:d8:81:5c:54:e8:
                    e8:be:17:f2:fe:d3:db:d1:19:93:f1:c3:46:60:00:
                    1c:04:44:f1:ad:26:e6:c9:ed:e4:7a:2e:25:61:60:
                    17:3c:5c:f5:16:98:66:40:76:e6:8e:61:c4:45:b9:
                    74:e1:6d:ed:94:73:47:c0:b6:ab:00:d0:5e:7d:46:
                    8a:85:3b:7a:81:32:37:f0:84:64:4f:d4:14:be:7d:
                    2d:c7:f3:39:36:8d:9b:c7:9d:3d:13:55:aa:ee:aa:
                    5d:9f:59:aa:8a:a3:91:bb:f0:9d:07:d3:90:98:30:
                    3b:f2:4e:26:df:23:58:1d:4a:46:20:9e:4e:c0:fc:
                    0b:f4:ca:07:9c:0d:9b:bb:44:bd:fb:2a:8e:1c:77:
                    b4:a2:59:15:11:5d:38:86:dd:c9:34:98:1b:d4:a6:
                    13:7a:1e:2a:e3:5e:2f:45:17:64:86:e9:04:6b:1c:
                    84:dd:a7:95:f9:4e:0c:d3:2e:71:af:72:a1:9e:cf:
                    c2:38:73:75:cc:3e:82:aa:a8:1b:60:55:a2:9b:f9:
                    2e:a5:d2:24:44:7c:dd:80:88:56:90:56:5e:27:15:
                    93:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:E8:23:3A:11:28:4F:B2:65:43:09:62:E6:97:46:B2:59:C1:D2:52
            X509v3 Authority Key Identifier:
                keyid:91:79:15:19:5C:97:1A:B4:41:FD:DE:DE:6F:F3:CD:37:2E:75:4C:B5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91795CA/63473756980611EBA87E2765C4F9AE02/kXkVGVyXGrRB_d7eb_PNNy51TLU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/kXkVGVyXGrRB_d7eb_PNNy51TLU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91795CA/63473756980611EBA87E2765C4F9AE02/2B8D76AE9BB711EBBB7BA02BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.233.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         53:3d:9c:20:e0:8f:59:c2:44:50:96:37:27:2f:d1:b5:a8:6c:
         16:67:0c:1c:48:ca:4e:da:ee:54:f2:50:9b:3e:d4:a8:da:c2:
         ab:d6:36:ee:16:10:69:01:f5:0d:6f:f1:30:d5:08:f4:7a:d9:
         b1:c1:3a:87:60:c5:90:27:2d:8d:69:34:18:86:b7:e4:e1:17:
         44:98:48:c9:e3:fa:19:d4:84:4c:ea:23:2b:ac:b2:99:7d:0d:
         fd:51:6f:36:b5:a6:80:d7:de:b7:81:f4:0e:9e:88:b8:c1:c0:
         7f:ba:13:54:ba:93:84:6b:99:25:12:2b:17:ba:6c:5d:72:15:
         79:2b:b0:64:7c:b3:d5:2b:29:f3:82:f2:8a:c7:43:a8:58:11:
         fe:b2:f8:01:e8:8e:4d:f0:d9:4b:a7:1d:00:0e:05:a4:8c:b1:
         9a:9e:bb:1c:4a:c9:45:c7:d0:49:9f:80:77:77:2f:46:a2:26:
         ad:42:85:99:d7:81:49:e6:c7:f6:ef:84:22:94:c5:3f:13:d1:
         b8:d6:08:b4:72:98:24:80:1a:35:3d:28:3f:da:86:07:c5:bd:
         98:51:43:49:8b:f2:79:46:ca:36:7a:b9:5e:bb:2f:a8:66:06:
         80:da:f1:a6:6b:98:7d:6b:c5:fc:e8:cc:90:dd:95:e0:a0:9b:
         91:ea:30:6f
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBWgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Nzk1Q0ExMTAvBgNVBAUTKDkxNzkxNTE5NUM5NzFBQjQ0MUZEREVERTZGRjNDRDM3
MkU3NTRDQjUwHhcNMjQwNTAxMDEwMzIzWhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjMxOTRkYi04OWRiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvkEoKPGVKXU9VMbV/wswuUhNlfnHe20/nFgERbAJIWnkFD4UugY22IFcVOjo
vhfy/tPb0RmT8cNGYAAcBETxrSbmye3kei4lYWAXPFz1FphmQHbmjmHERbl04W3t
lHNHwLarANBefUaKhTt6gTI38IRkT9QUvn0tx/M5No2bx509E1Wq7qpdn1mqiqOR
u/CdB9OQmDA78k4m3yNYHUpGIJ5OwPwL9MoHnA2bu0S9+yqOHHe0olkVEV04ht3J
NJgb1KYTeh4q414vRRdkhukEaxyE3aeV+U4M0y5xr3Khns/COHN1zD6CqqgbYFWi
m/kupdIkRHzdgIhWkFZeJxWTuQIDAQABo4IClTCCApEwHQYDVR0OBBYEFCnoIzoR
KE+yZUMJYuaXRrJZwdJSMB8GA1UdIwQYMBaAFJF5FRlclxq0Qf3e3m/zzTcudUy1
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3OTVDQS82MzQ3Mzc1Njk4
MDYxMUVCQTg3RTI3NjVDNEY5QUUwMi9rWGtWR1Z5WEdyUkJfZDdlYl9QTk55NTFU
TFUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzMjJBNUY0MUQ2NjExRTJBM0YyN0Y3Qzcy
RkQxRkYyL2tYa1ZHVnlYR3JSQl9kN2ViX1BOTnk1MVRMVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Nzk1Q0EvNjM0NzM3NTY5ODA2MTFFQkE4N0UyNzY1QzRGOUFFMDIvMkI4RDc2QUU5
QkI3MTFFQkJCN0JBMDJCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAXC6UAwDQYJKoZIhvcNAQELBQADggEBAFM9nCDgj1nCRFCW
Nycv0bWobBZnDBxIyk7a7lTyUJs+1KjawqvWNu4WEGkB9Q1v8TDVCPR62bHBOodg
xZAnLY1pNBiGt+ThF0SYSMnj+hnUhEzqIyusspl9Df1Rbza1poDX3reB9A6eiLjB
wH+6E1S6k4RrmSUSKxe6bF1yFXkrsGR8s9UrKfOC8orHQ6hYEf6y+AHojk3w2Uun
HQAOBaSMsZqeuxxKyUXH0EmfgHd3L0aiJq1ChZnXgUnmx/bvhCKUxT8T0bjWCLRy
mCSAGjU9KD/ahgfFvZhRQ0mL8nlGyjZ6uV67L6hmBoDa8aZrmH1rxfzozJDdleCg
m5HqMG8=
-----END CERTIFICATE-----