Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/F254F0CE099A11EAB5891D5BC4F9AE02.roa
File:                     F254F0CE099A11EAB5891D5BC4F9AE02.roa (raw, json)
Hash identifier:          i2v48s58DOAkVrcshyIOwOnzjUvrau1oQLQQL2De7Wg=
Subject key identifier:   52:25:AC:BF:64:90:1F:20:9E:1E:F6:57:C0:AB:7B:92:88:66:A9:C6
Certificate issuer:       /CN=A91919EA/serialNumber=7B01CACC170FE6A61B20304185E868946DF7285A
Certificate serial:       0EA6
Authority key identifier: 7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/F254F0CE099A11EAB5891D5BC4F9AE02.roa
Signing time:             Thu 29 Feb 2024 19:38:16 +0000
ROA not before:           Thu 29 Feb 2024 19:38:16 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     397233
IP address blocks:        120.29.252.0/24 maxlen: 24
                          120.29.253.0/24 maxlen: 24
                          120.29.254.0/24 maxlen: 24
                          203.17.72.0/24 maxlen: 24
                          2001:dcd:1::/48 maxlen: 48
                          2001:dcd:2::/48 maxlen: 48
                          2001:dcd:3::/48 maxlen: 48
                          2001:dcd:4::/48 maxlen: 48
                          2001:dcd:5::/48 maxlen: 48
                          2001:dcd:6::/48 maxlen: 48
                          2001:dcd:7::/48 maxlen: 48
                          2001:dcd:dd05::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3750 (0xea6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91919EA/serialNumber=7B01CACC170FE6A61B20304185E868946DF7285A
        Validity
            Not Before: Feb 29 19:38:16 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65e0dd27-4d70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:96:15:2b:7b:bd:9b:d6:e6:27:39:7b:00:c7:
                    a8:03:d0:33:a8:30:fe:d1:c0:52:32:83:21:43:9e:
                    71:14:70:ba:dc:6d:9d:ec:3c:80:6a:6e:7b:b3:1d:
                    10:68:9c:f6:2c:66:a7:b1:36:46:22:85:0e:a7:79:
                    fd:db:54:e6:a6:56:21:73:95:ed:b9:fa:00:d3:fc:
                    6f:98:57:a2:6e:68:42:e8:80:d0:b3:9e:8e:ce:47:
                    39:9f:8c:eb:c5:b8:68:eb:0b:bc:cf:6a:2e:c0:4d:
                    0a:be:38:bb:23:80:93:49:6b:7c:da:cb:41:86:63:
                    97:48:d6:a1:d3:5f:b3:f1:67:fd:d9:e6:e9:ec:37:
                    b9:d3:ad:2d:15:4f:da:3c:0c:f2:46:f4:e6:52:66:
                    51:8c:07:ec:6b:2f:b0:ba:3b:1f:1d:52:88:2e:32:
                    97:83:43:7d:2b:1e:2e:31:03:ad:fb:a5:81:0e:4c:
                    59:6a:b7:63:b4:23:63:d0:8c:cf:52:7d:f4:24:ee:
                    13:f9:c2:0d:3f:28:fe:ad:9e:5a:02:3c:a1:3a:26:
                    b0:fc:dc:fd:6d:07:6f:2f:7b:b9:1f:cb:60:5d:64:
                    92:a9:de:eb:ee:e8:e9:ca:d3:a2:f3:4e:9a:99:b8:
                    9a:e1:6b:5f:e3:8d:01:e4:3b:b1:cf:a2:b2:ea:10:
                    6f:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:25:AC:BF:64:90:1F:20:9E:1E:F6:57:C0:AB:7B:92:88:66:A9:C6
            X509v3 Authority Key Identifier:
                keyid:7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/ewHKzBcP5qYbIDBBheholG33KFo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/F254F0CE099A11EAB5891D5BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  120.29.252.0-120.29.254.255
                  203.17.72.0/24
                IPv6:
                  2001:dcd:1::-2001:dcd:7:ffff:ffff:ffff:ffff:ffff
                  2001:dcd:dd05::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:8e:57:f8:6a:de:73:97:56:c1:63:d6:08:0f:ad:0a:6b:32:
         6d:99:29:89:e0:d4:2a:49:17:19:7f:ad:1c:5c:4c:fd:64:dd:
         47:06:8d:da:cb:c4:50:91:dd:04:56:12:d3:45:5f:98:05:4a:
         42:10:73:aa:c5:e5:fa:29:14:b2:91:0f:92:c1:03:bc:61:95:
         4a:73:78:01:f4:28:45:a5:06:79:ee:f7:88:40:ee:e4:62:9a:
         85:f0:f5:b0:63:4a:d8:49:9a:db:bb:f2:90:54:67:de:c6:bf:
         d2:73:98:2b:93:ff:65:97:ab:ea:2c:3a:6f:a4:d6:b4:72:87:
         4a:82:d0:48:87:85:fc:3f:6a:fb:22:39:1c:90:1f:86:a3:5d:
         d2:59:42:17:21:8a:84:3b:21:40:d0:6b:5d:bf:15:b6:26:20:
         79:a0:8c:a7:5b:4c:e5:be:71:9e:4d:77:00:2a:50:c0:ae:76:
         80:aa:c6:73:50:e8:32:a3:42:10:fa:dd:a7:97:54:b5:6a:77:
         70:60:be:fc:22:31:f0:9c:4e:cb:9e:72:d7:b3:4b:c4:f7:3f:
         af:b3:20:1a:d2:90:79:ba:ad:be:ce:e0:c5:25:38:77:9a:9b:
         04:07:b3:b8:76:41:f4:be:8d:0a:6d:22:ef:bd:3e:0f:d4:65:
         59:3e:8c:76
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgICDqYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTE5RUExMTAvBgNVBAUTKDdCMDFDQUNDMTcwRkU2QTYxQjIwMzA0MTg1RTg2ODk0
NkRGNzI4NUEwHhcNMjQwMjI5MTkzODE2WhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWUwZGQyNy00ZDcwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzZYVK3u9m9bmJzl7AMeoA9AzqDD+0cBSMoMhQ55xFHC63G2d7DyAam57sx0Q
aJz2LGansTZGIoUOp3n921TmplYhc5XtufoA0/xvmFeibmhC6IDQs56Ozkc5n4zr
xbho6wu8z2ouwE0Kvji7I4CTSWt82stBhmOXSNah01+z8Wf92ebp7De5060tFU/a
PAzyRvTmUmZRjAfsay+wujsfHVKILjKXg0N9Kx4uMQOt+6WBDkxZardjtCNj0IzP
Un30JO4T+cINPyj+rZ5aAjyhOiaw/Nz9bQdvL3u5H8tgXWSSqd7r7ujpytOi806a
mbia4Wtf440B5Duxz6Ky6hBvdwIDAQABo4ICyDCCAsQwHQYDVR0OBBYEFFIlrL9k
kB8gnh72V8Cre5KIZqnGMB8GA1UdIwQYMBaAFHsByswXD+amGyAwQYXoaJRt9yha
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5MTlFQS82RDQ2M0NGRTA0
RkQxMUVBODJDQ0NBMThDNEY5QUUwMi9ld0hLekJjUDVxWWJJREJCaGVob2xHMzNL
Rm8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2V3SEt6QmNQNXFZYklEQkJoZWhvbEczM0tGby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTE5RUEvNkQ0NjNDRkUwNEZEMTFFQTgyQ0NDQTE4QzRGOUFFMDIvRjI1NEYwQ0Uw
OTlBMTFFQUI1ODkxRDVCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwUgYIKwYBBQUHAQcBAf8E
QzBBMBoEAgABMBQwDAMEAngd/AMEAHgd/gMEAMsRSDAjBAIAAjAdMBIDBwAgAQ3N
AAEDBwMgAQ3NAAADBwAgAQ3N3QUwDQYJKoZIhvcNAQELBQADggEBAHyOV/hq3nOX
VsFj1ggPrQprMm2ZKYng1CpJFxl/rRxcTP1k3UcGjdrLxFCR3QRWEtNFX5gFSkIQ
c6rF5fopFLKRD5LBA7xhlUpzeAH0KEWlBnnu94hA7uRimoXw9bBjSthJmtu78pBU
Z97Gv9JzmCuT/2WXq+osOm+k1rRyh0qC0EiHhfw/avsiORyQH4ajXdJZQhchioQ7
IUDQa12/FbYmIHmgjKdbTOW+cZ5NdwAqUMCudoCqxnNQ6DKjQhD63aeXVLVqd3Bg
vvwiMfCcTsuectezS8T3P6+zIBrSkHm6rb7O4MUlOHeamwQHs7h2QfS+jQptIu+9
Pg/UZVk+jHY=
-----END CERTIFICATE-----