Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91829E3/C45F60DA143711EAACF9FA33C4F9AE02/FA7A1C3AAEE911EA8DB3E03CC4F9AE02.roa
File:                     FA7A1C3AAEE911EA8DB3E03CC4F9AE02.roa (raw, json)
Hash identifier:          QE5ecgdG5fYcUSCX+MxTdkEzDIB0KG6YE5GZCloiYJg=
Subject key identifier:   2B:64:81:1D:85:5B:C2:22:38:DC:63:08:F2:69:E2:DE:6F:3B:C6:00
Certificate issuer:       /CN=A91829E3/serialNumber=23D20DA209C895C300EE6B659B6B1829925FBD4F
Certificate serial:       0B30
Authority key identifier: 23:D2:0D:A2:09:C8:95:C3:00:EE:6B:65:9B:6B:18:29:92:5F:BD:4F
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/I9INognIlcMA7mtlm2sYKZJfvU8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91829E3/C45F60DA143711EAACF9FA33C4F9AE02/FA7A1C3AAEE911EA8DB3E03CC4F9AE02.roa
Signing time:             Tue 12 Mar 2024 19:58:05 +0000
ROA not before:           Tue 12 Mar 2024 19:58:05 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     135076
IP address blocks:        43.245.244.0/22 maxlen: 24
                          103.208.180.0/22 maxlen: 24
                          103.240.248.0/22 maxlen: 24
                          137.59.180.0/22 maxlen: 22
                          137.59.180.0/24 maxlen: 24
                          137.59.181.0/24 maxlen: 24
                          137.59.182.0/24 maxlen: 24
                          137.59.183.0/24 maxlen: 24
                          221.120.96.0/21 maxlen: 24
                          2405:9e80::/32 maxlen: 35
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2864 (0xb30)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91829E3/serialNumber=23D20DA209C895C300EE6B659B6B1829925FBD4F
        Validity
            Not Before: Mar 12 19:58:05 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65f0b3cc-090a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:28:92:83:06:87:7d:1b:61:b9:db:cb:af:c0:
                    b8:86:0f:f6:61:16:08:b0:4e:2e:f5:6b:de:ba:62:
                    1c:a0:a1:68:16:7b:98:08:7d:64:87:48:81:21:a6:
                    9f:ac:0b:2b:3a:52:c6:ea:70:99:dc:12:42:70:61:
                    a2:6e:80:04:36:c6:27:74:4a:d1:54:86:3b:0e:28:
                    db:c6:66:f0:c8:7a:9e:55:92:46:67:d1:d4:1c:ad:
                    1c:bd:06:73:fd:b7:5a:07:f7:13:f4:5b:d7:1e:13:
                    4d:5e:82:1f:19:33:f1:b6:4d:a7:56:f7:3b:3f:ff:
                    da:93:01:12:d8:16:93:9f:85:56:a5:10:90:5f:2b:
                    dd:8f:e6:ea:2c:69:14:aa:ec:15:98:aa:26:ef:5c:
                    8e:e1:2f:1e:de:38:92:b6:a0:d5:64:c7:07:71:fa:
                    07:e0:43:9d:8e:80:35:17:71:e6:5f:79:9e:2d:0d:
                    35:7a:f2:fe:d3:97:1c:7a:09:d8:4b:fe:a3:a8:f3:
                    de:c6:c8:35:87:21:72:4d:f8:c4:64:b7:39:11:7b:
                    3e:81:06:ec:69:d3:e9:0c:db:80:8d:89:90:41:b1:
                    68:9c:15:d7:37:ca:cc:a0:5e:d2:54:e7:42:d6:2e:
                    97:09:0c:76:dd:c9:d7:a0:41:74:d5:ec:71:e2:03:
                    2f:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:64:81:1D:85:5B:C2:22:38:DC:63:08:F2:69:E2:DE:6F:3B:C6:00
            X509v3 Authority Key Identifier:
                keyid:23:D2:0D:A2:09:C8:95:C3:00:EE:6B:65:9B:6B:18:29:92:5F:BD:4F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91829E3/C45F60DA143711EAACF9FA33C4F9AE02/I9INognIlcMA7mtlm2sYKZJfvU8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/I9INognIlcMA7mtlm2sYKZJfvU8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91829E3/C45F60DA143711EAACF9FA33C4F9AE02/FA7A1C3AAEE911EA8DB3E03CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.245.244.0/22
                  103.208.180.0/22
                  103.240.248.0/22
                  137.59.180.0/22
                  221.120.96.0/21
                IPv6:
                  2405:9e80::/32

    Signature Algorithm: sha256WithRSAEncryption
         60:a3:85:f8:5a:cf:fd:fc:5e:44:26:2f:1d:ef:40:b3:89:06:
         d2:c7:54:cb:2a:e8:e7:55:43:a3:fb:3e:1e:37:f3:f6:9e:59:
         01:e7:c1:73:83:17:2e:98:72:ea:ca:a0:63:d3:fa:79:ec:10:
         8f:c1:f1:e0:82:81:55:af:56:73:87:ba:de:67:58:7b:e3:19:
         8a:10:31:f7:2d:f3:85:26:1d:63:ba:c7:1b:b9:b3:5a:3c:a4:
         9c:7d:c0:01:e9:ad:2c:87:11:6e:8f:c8:ba:6d:55:37:a1:23:
         c0:35:ae:89:0b:82:8e:01:d4:c5:0d:61:36:c1:45:78:91:71:
         04:b3:33:57:34:d8:84:8a:ca:33:07:42:cd:b9:14:e6:be:06:
         d6:11:c8:dd:db:2a:9b:2e:43:69:e2:83:91:93:45:2f:b9:f6:
         1e:1e:db:cd:63:77:57:ef:62:e2:90:da:be:29:b9:6e:73:8e:
         e9:76:ce:56:eb:f8:22:38:1d:5e:59:b9:43:f5:ad:c6:1a:e1:
         87:38:99:9b:c8:92:a5:0b:63:3f:01:41:a7:ba:83:70:57:7a:
         51:24:e2:97:fb:62:44:c3:e5:d1:72:40:b9:b4:c3:4a:e5:82:
         31:55:31:16:18:71:d5:16:1a:17:08:9f:02:e7:d8:f4:57:2a:
         ee:87:99:b8
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgICCzAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODI5RTMxMTAvBgNVBAUTKDIzRDIwREEyMDlDODk1QzMwMEVFNkI2NTlCNkIxODI5
OTI1RkJENEYwHhcNMjQwMzEyMTk1ODA1WhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWYwYjNjYy0wOTBhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtSiSgwaHfRthudvLr8C4hg/2YRYIsE4u9WveumIcoKFoFnuYCH1kh0iBIaaf
rAsrOlLG6nCZ3BJCcGGiboAENsYndErRVIY7DijbxmbwyHqeVZJGZ9HUHK0cvQZz
/bdaB/cT9FvXHhNNXoIfGTPxtk2nVvc7P//akwES2BaTn4VWpRCQXyvdj+bqLGkU
quwVmKom71yO4S8e3jiStqDVZMcHcfoH4EOdjoA1F3HmX3meLQ01evL+05ccegnY
S/6jqPPexsg1hyFyTfjEZLc5EXs+gQbsadPpDNuAjYmQQbFonBXXN8rMoF7SVOdC
1i6XCQx23cnXoEF01exx4gMv+QIDAQABo4ICvDCCArgwHQYDVR0OBBYEFCtkgR2F
W8IiONxjCPJp4t5vO8YAMB8GA1UdIwQYMBaAFCPSDaIJyJXDAO5rZZtrGCmSX71P
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4MjlFMy9DNDVGNjBEQTE0
MzcxMUVBQUNGOUZBMzNDNEY5QUUwMi9JOUlOb2duSWxjTUE3bXRsbTJzWUtaSmZ2
VTguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0k5SU5vZ25JbGNNQTdtdGxtMnNZS1pKZnZVOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODI5RTMvQzQ1RjYwREExNDM3MTFFQUFDRjlGQTMzQzRGOUFFMDIvRkE3QTFDM0FB
RUU5MTFFQThEQjNFMDNDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRgYIKwYBBQUHAQcBAf8E
NzA1MCQEAgABMB4DBAIr9fQDBAJn0LQDBAJn8PgDBAKJO7QDBAPdeGAwDQQCAAIw
BwMFACQFnoAwDQYJKoZIhvcNAQELBQADggEBAGCjhfhaz/38XkQmLx3vQLOJBtLH
VMsq6OdVQ6P7Ph438/aeWQHnwXODFy6YcurKoGPT+nnsEI/B8eCCgVWvVnOHut5n
WHvjGYoQMfct84UmHWO6xxu5s1o8pJx9wAHprSyHEW6PyLptVTehI8A1rokLgo4B
1MUNYTbBRXiRcQSzM1c02ISKyjMHQs25FOa+BtYRyN3bKpsuQ2nig5GTRS+59h4e
281jd1fvYuKQ2r4puW5zjul2zlbr+CI4HV5ZuUP1rcYa4Yc4mZvIkqULYz8BQae6
g3BXelEk4pf7YkTD5dFyQLm0w0rlgjFVMRYYcdUWGhcInwLn2PRXKu6Hmbg=
-----END CERTIFICATE-----