Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/5D23AD6E070911ED930D5F18C4F9AE02.roa
File:                     5D23AD6E070911ED930D5F18C4F9AE02.roa (raw, json)
Hash identifier:          ViPEzKuKLgrxrxSW9AgpiuooHf3cbJYj2ner3PSRC8o=
Subject key identifier:   B7:72:01:25:C0:87:D1:68:74:61:58:A9:EE:BD:1C:88:E8:87:33:11
Certificate issuer:       /CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
Certificate serial:       48CF
Authority key identifier: 16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/5D23AD6E070911ED930D5F18C4F9AE02.roa
Signing time:             Wed 18 Dec 2024 10:07:46 +0000
ROA not before:           Wed 18 Dec 2024 10:07:46 +0000
ROA not after:            Fri 31 Oct 2025 00:00:00 +0000
asID:                     149107
IP address blocks:        103.188.166.0/23 maxlen: 23
                          2001:df4:1bc0::/48 maxlen: 48
                          2001:df4:bac0::/48 maxlen: 48
                          2001:df4:bb40::/48 maxlen: 48
                          2400:82a0::/32 maxlen: 32
                          2401:8e20::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 18639 (0x48cf)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
        Validity
            Not Before: Dec 18 10:07:46 2024 GMT
            Not After : Oct 31 00:00:00 2025 GMT
        Subject: CN=67629ef1-f808
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:97:9b:c5:5a:81:65:52:01:1a:59:6c:0d:f6:
                    8f:5b:1f:d3:48:dc:d0:a4:7e:b1:83:b2:c0:de:62:
                    d7:19:cb:96:1a:d3:5e:dc:0a:64:95:48:62:32:59:
                    01:55:36:d7:0a:f4:4b:33:7d:1c:bf:4a:74:68:b0:
                    cd:f6:5c:f9:d0:2d:44:5f:7e:25:0b:16:62:39:3a:
                    ac:bb:cd:fc:39:58:d7:3f:79:55:ca:c3:6f:c9:3a:
                    79:ac:0a:0a:c1:1d:ad:aa:f6:e0:93:08:a8:ea:52:
                    d1:6b:02:d6:af:d2:c4:46:4f:34:4b:62:b9:78:64:
                    72:c6:ba:dc:fa:e0:1f:e7:e2:4c:1e:59:46:6f:27:
                    90:37:7f:7a:6c:08:37:a7:75:fc:29:23:4c:5e:e2:
                    2c:a1:ca:5e:22:44:c4:59:b0:10:1e:65:fc:02:99:
                    f4:b9:d2:7b:76:ca:d3:f9:bb:6b:11:88:ca:33:bd:
                    43:5d:84:8b:2f:94:4f:cf:55:15:cd:8b:e1:7f:f1:
                    02:e7:69:1b:e9:63:93:c8:9d:df:1c:3d:55:88:86:
                    63:2e:6c:24:55:36:1c:3e:f2:0b:75:39:c2:ee:d2:
                    85:09:1f:3b:a3:6b:c7:56:8b:96:6f:60:a2:90:af:
                    41:28:1a:0b:9f:34:0a:1e:4d:50:91:80:cc:e9:ce:
                    43:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:72:01:25:C0:87:D1:68:74:61:58:A9:EE:BD:1C:88:E8:87:33:11
            X509v3 Authority Key Identifier:
                keyid:16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/5D23AD6E070911ED930D5F18C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.188.166.0/23
                IPv6:
                  2001:df4:1bc0::/48
                  2001:df4:bac0::/48
                  2001:df4:bb40::/48
                  2400:82a0::/32
                  2401:8e20::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:cc:d3:36:b9:a3:f9:3d:8e:8e:13:b8:34:ea:0f:f7:83:7b:
         8e:75:f6:66:52:ae:a6:22:43:66:41:f7:f9:2d:05:a1:60:51:
         f4:2b:65:05:24:e1:12:3e:d2:2b:05:7a:7a:c8:8c:28:20:24:
         ea:8d:2e:59:5f:35:14:ba:02:75:13:f3:0b:c5:45:ab:22:53:
         99:63:af:fe:98:c3:ba:33:72:19:6c:4d:a5:f1:16:4b:8d:b7:
         6f:a1:69:c1:1c:aa:7f:d5:04:29:74:6a:e7:fd:26:27:06:bf:
         c1:af:54:c4:3b:6f:70:29:57:62:38:b8:f5:be:da:27:6a:cb:
         d3:d0:22:d6:cf:fb:09:78:f6:e7:59:66:54:ae:3f:76:72:28:
         fb:81:a6:79:36:ae:ce:30:dd:9d:f9:77:1a:20:cc:37:86:26:
         f7:a9:96:ee:b8:29:a2:a3:cf:d2:4b:0a:27:1d:3f:a3:0c:a0:
         24:ba:f9:a3:c8:00:84:61:97:1d:e0:54:46:c0:3a:9e:4b:8f:
         7d:45:88:34:a8:fd:87:53:ac:a1:e3:21:13:57:bb:90:df:75:
         ff:ab:65:aa:89:d8:f4:63:46:f1:ab:fb:32:4b:fa:7b:d8:b4:
         9b:59:74:51:17:f4:60:e3:9a:8a:e0:10:14:b5:2d:8a:02:ee:
         9c:12:29:cb
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgICSM8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU2MEExMTAvBgNVBAUTKDE2N0MzQjIyMTc3NUZFQzA1MDM5NDY4MTUwQ0U4MTQ3
NTZBQzZGMEEwHhcNMjQxMjE4MTAwNzQ2WhcNMjUxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzYyOWVmMS1mODA4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyZebxVqBZVIBGllsDfaPWx/TSNzQpH6xg7LA3mLXGcuWGtNe3ApklUhiMlkB
VTbXCvRLM30cv0p0aLDN9lz50C1EX34lCxZiOTqsu838OVjXP3lVysNvyTp5rAoK
wR2tqvbgkwio6lLRawLWr9LERk80S2K5eGRyxrrc+uAf5+JMHllGbyeQN396bAg3
p3X8KSNMXuIsocpeIkTEWbAQHmX8Apn0udJ7dsrT+btrEYjKM71DXYSLL5RPz1UV
zYvhf/EC52kb6WOTyJ3fHD1ViIZjLmwkVTYcPvILdTnC7tKFCR87o2vHVouWb2Ci
kK9BKBoLnzQKHk1QkYDM6c5DOQIDAQABo4ICyDCCAsQwHQYDVR0OBBYEFLdyASXA
h9FodGFYqe69HIjohzMRMB8GA1UdIwQYMBaAFBZ8OyIXdf7AUDlGgVDOgUdWrG8K
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTYwQS9BQUVCMTkxQTFE
OEExMUUyQTM4N0QwRTQwOEIwMkNEMi9Gbnc3SWhkMV9zQlFPVWFCVU02QlIxYXNi
d28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0ZudzdJaGQxX3NCUU9VYUJVTTZCUjFhc2J3by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU2MEEvQUFFQjE5MUExRDhBMTFFMkEzODdEMEU0MDhCMDJDRDIvNUQyM0FENkUw
NzA5MTFFRDkzMEQ1RjE4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwUgYIKwYBBQUHAQcBAf8E
QzBBMAwEAgABMAYDBAFnvKYwMQQCAAIwKwMHACABDfQbwAMHACABDfS6wAMHACAB
DfS7QAMFACQAgqADBwAkAY4gAAAwDQYJKoZIhvcNAQELBQADggEBABHM0za5o/k9
jo4TuDTqD/eDe4519mZSrqYiQ2ZB9/ktBaFgUfQrZQUk4RI+0isFenrIjCggJOqN
LllfNRS6AnUT8wvFRasiU5ljr/6Yw7ozchlsTaXxFkuNt2+hacEcqn/VBCl0auf9
JicGv8GvVMQ7b3ApV2I4uPW+2idqy9PQItbP+wl49udZZlSuP3ZyKPuBpnk2rs4w
3Z35dxogzDeGJveplu64KaKjz9JLCicdP6MMoCS6+aPIAIRhlx3gVEbAOp5Lj31F
iDSo/YdTrKHjIRNXu5Dfdf+rZaqJ2PRjRvGr+zJL+nvYtJtZdFEX9GDjmorgEBS1
LYoC7pwSKcs=
-----END CERTIFICATE-----