Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919DC74/E42CBC4C462911EDAE78B235C4F9AE02/9A7071C0462E11ED90035452C4F9AE02.roa
File:                     9A7071C0462E11ED90035452C4F9AE02.roa (raw, json)
Hash identifier:          8uNU/3Og8Qb0Djb5B657ZCQSK+n3RVoZQHApiAni9qA=
Subject key identifier:   7F:93:98:86:7B:0E:B1:97:99:8D:12:82:1A:C0:3A:93:A9:3E:33:FB
Certificate issuer:       /CN=A919DC74/serialNumber=DECFC7534398C48578B9E474AEB80B1C94CBC5BA
Certificate serial:       01A3
Authority key identifier: DE:CF:C7:53:43:98:C4:85:78:B9:E4:74:AE:B8:0B:1C:94:CB:C5:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3s_HU0OYxIV4ueR0rrgLHJTLxbo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919DC74/E42CBC4C462911EDAE78B235C4F9AE02/9A7071C0462E11ED90035452C4F9AE02.roa
Signing time:             Wed 27 Nov 2024 02:05:35 +0000
ROA not before:           Wed 27 Nov 2024 02:05:35 +0000
ROA not after:            Sat 31 Jan 2026 00:00:00 +0000
asID:                     133748
IP address blocks:        43.249.248.0/22 maxlen: 24
                          103.41.128.0/22 maxlen: 24
                          203.208.22.0/24 maxlen: 24
                          2401:b080::/32 maxlen: 32
                          2401:b080:63::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 419 (0x1a3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919DC74/serialNumber=DECFC7534398C48578B9E474AEB80B1C94CBC5BA
        Validity
            Not Before: Nov 27 02:05:35 2024 GMT
            Not After : Jan 31 00:00:00 2026 GMT
        Subject: CN=67467e6f-50eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:02:54:ab:7e:23:7e:59:1d:2f:a6:df:7c:49:
                    47:41:9c:87:89:a3:80:33:62:83:ac:ca:d1:12:00:
                    d1:53:61:e9:d3:43:5a:ff:1a:ff:d5:78:8d:cb:9d:
                    71:8e:56:53:d9:f7:90:67:b6:b4:ce:6a:d6:a7:f1:
                    9e:52:26:e3:f9:2b:87:27:14:97:1c:02:98:c3:25:
                    50:89:13:f6:d5:a0:a9:c3:f9:64:57:f6:37:d9:db:
                    5b:0c:ce:f3:fa:8d:13:37:e3:f5:85:f9:df:8a:d8:
                    d1:ae:e4:8f:18:5b:74:69:7b:70:cc:07:2d:71:78:
                    3a:f7:c4:6c:f4:55:ff:59:31:59:09:8c:8a:d7:07:
                    ca:ee:34:44:e0:28:32:20:6f:70:87:86:2c:fd:bc:
                    c5:95:5e:ba:23:18:37:fb:2b:de:b3:13:45:d3:99:
                    d1:eb:77:60:d9:18:b9:9e:85:0d:b4:db:39:6d:41:
                    4e:bd:4b:85:82:85:cb:71:f0:58:c8:d7:88:fd:30:
                    b7:b0:36:18:a8:05:71:8e:48:f5:ca:39:64:80:ac:
                    42:17:71:54:ae:cc:83:c4:50:23:42:55:4b:ba:b7:
                    50:e7:91:e7:26:01:ca:d0:42:fb:d9:bf:97:ac:ea:
                    b7:91:cc:74:1e:7c:ce:80:3d:b6:ca:eb:2e:09:7e:
                    78:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:93:98:86:7B:0E:B1:97:99:8D:12:82:1A:C0:3A:93:A9:3E:33:FB
            X509v3 Authority Key Identifier:
                keyid:DE:CF:C7:53:43:98:C4:85:78:B9:E4:74:AE:B8:0B:1C:94:CB:C5:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919DC74/E42CBC4C462911EDAE78B235C4F9AE02/3s_HU0OYxIV4ueR0rrgLHJTLxbo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3s_HU0OYxIV4ueR0rrgLHJTLxbo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919DC74/E42CBC4C462911EDAE78B235C4F9AE02/9A7071C0462E11ED90035452C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.249.248.0/22
                  103.41.128.0/22
                  203.208.22.0/24
                IPv6:
                  2401:b080::/32

    Signature Algorithm: sha256WithRSAEncryption
         6c:0a:7a:84:dd:3f:57:9b:0d:58:10:a9:1e:b4:07:9d:08:97:
         c7:20:ca:6a:3a:38:71:ec:b8:3c:d8:22:c3:12:e9:bc:e6:42:
         1e:40:0d:d1:61:55:64:07:1b:14:9a:a2:8c:80:a1:a2:18:ea:
         4d:e2:f7:77:6d:94:8f:f7:1d:73:8e:7a:f7:4d:de:8a:31:b7:
         46:cc:5e:e3:2b:a7:f6:92:5d:69:60:06:fe:4c:4a:47:96:87:
         02:6d:6c:ea:85:6a:04:d2:06:13:eb:55:c4:ed:1f:e9:73:31:
         1f:62:61:05:10:fd:42:80:94:2b:66:df:e4:27:b7:f4:4e:b9:
         b5:48:ed:1b:a8:8f:09:a2:e3:81:58:33:c6:e9:81:de:16:38:
         27:98:b4:b9:cc:e9:52:f0:e8:48:a6:b3:80:1f:cd:63:d2:a6:
         18:fb:33:c6:dd:17:b6:af:24:1f:4a:f0:c4:65:d9:76:ce:7b:
         c2:fe:32:8b:b3:18:2d:95:52:30:97:b2:63:22:f7:83:d6:8c:
         51:af:fc:f8:6f:78:81:33:95:8a:3d:65:47:3c:99:cd:d4:90:
         8e:a2:d8:c1:20:d9:18:b6:c3:50:e4:1d:e2:c4:f9:c3:fa:89:
         c9:7f:71:57:74:c1:38:d6:c5:63:e9:99:5c:ca:8c:e6:b4:9d:
         6d:62:7c:1a
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICAaMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OURDNzQxMTAvBgNVBAUTKERFQ0ZDNzUzNDM5OEM0ODU3OEI5RTQ3NEFFQjgwQjFD
OTRDQkM1QkEwHhcNMjQxMTI3MDIwNTM1WhcNMjYwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzQ2N2U2Zi01MGViMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAugJUq34jflkdL6bffElHQZyHiaOAM2KDrMrREgDRU2Hp00Na/xr/1XiNy51x
jlZT2feQZ7a0zmrWp/GeUibj+SuHJxSXHAKYwyVQiRP21aCpw/lkV/Y32dtbDM7z
+o0TN+P1hfnfitjRruSPGFt0aXtwzActcXg698Rs9FX/WTFZCYyK1wfK7jRE4Cgy
IG9wh4Ys/bzFlV66Ixg3+yvesxNF05nR63dg2Ri5noUNtNs5bUFOvUuFgoXLcfBY
yNeI/TC3sDYYqAVxjkj1yjlkgKxCF3FUrsyDxFAjQlVLurdQ55HnJgHK0EL72b+X
rOq3kcx0HnzOgD22yusuCX54fQIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFH+TmIZ7
DrGXmY0SghrAOpOpPjP7MB8GA1UdIwQYMBaAFN7Px1NDmMSFeLnkdK64CxyUy8W6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5REM3NC9FNDJDQkM0QzQ2
MjkxMUVEQUU3OEIyMzVDNEY5QUUwMi8zc19IVTBPWXhJVjR1ZVIwcnJnTEhKVEx4
Ym8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzNzX0hVME9ZeElWNHVlUjBycmdMSEpUTHhiby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OURDNzQvRTQyQ0JDNEM0NjI5MTFFREFFNzhCMjM1QzRGOUFFMDIvOUE3MDcxQzA0
NjJFMTFFRDkwMDM1NDUyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOgYIKwYBBQUHAQcBAf8E
KzApMBgEAgABMBIDBAIr+fgDBAJnKYADBADL0BYwDQQCAAIwBwMFACQBsIAwDQYJ
KoZIhvcNAQELBQADggEBAGwKeoTdP1ebDVgQqR60B50Il8cgymo6OHHsuDzYIsMS
6bzmQh5ADdFhVWQHGxSaooyAoaIY6k3i93dtlI/3HXOOevdN3ooxt0bMXuMrp/aS
XWlgBv5MSkeWhwJtbOqFagTSBhPrVcTtH+lzMR9iYQUQ/UKAlCtm3+Qnt/ROubVI
7Ruojwmi44FYM8bpgd4WOCeYtLnM6VLw6Eims4AfzWPSphj7M8bdF7avJB9K8MRl
2XbOe8L+MouzGC2VUjCXsmMi94PWjFGv/PhveIEzlYo9ZUc8mc3UkI6i2MEg2Ri2
w1DkHeLE+cP6icl/cVd0wTjWxWPpmVzKjOa0nW1ifBo=
-----END CERTIFICATE-----