Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A935D/F500F7288AB811EB8707E11AC4F9AE02/47EB76428ABA11EB8A85C01BC4F9AE02.roa
File:                     47EB76428ABA11EB8A85C01BC4F9AE02.roa (raw, json)
Hash identifier:          1AEXU+7Y4PfWz8jQxA5HlFwuXkljqopTv6bNdtPTBW0=
Subject key identifier:   67:89:F6:B6:3E:6B:91:B0:DE:0F:D3:81:67:47:BC:D7:A1:71:28:EA
Certificate issuer:       /CN=A91A935D/serialNumber=6359309EF49B445F6EB5331BDF0A94C5C6EFC37B
Certificate serial:       05C5
Authority key identifier: 63:59:30:9E:F4:9B:44:5F:6E:B5:33:1B:DF:0A:94:C5:C6:EF:C3:7B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Y1kwnvSbRF9utTMb3wqUxcbvw3s.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A935D/F500F7288AB811EB8707E11AC4F9AE02/47EB76428ABA11EB8A85C01BC4F9AE02.roa
Signing time:             Mon 26 Aug 2024 23:32:26 +0000
ROA not before:           Mon 26 Aug 2024 23:32:26 +0000
ROA not after:            Fri 31 Oct 2025 00:00:00 +0000
asID:                     136805
IP address blocks:        103.96.141.0/24 maxlen: 24
                          103.109.123.0/24 maxlen: 24
                          103.109.132.0/23 maxlen: 23
                          2001:df1:df00::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1477 (0x5c5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A935D/serialNumber=6359309EF49B445F6EB5331BDF0A94C5C6EFC37B
        Validity
            Not Before: Aug 26 23:32:26 2024 GMT
            Not After : Oct 31 00:00:00 2025 GMT
        Subject: CN=66cd1089-7e5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:3a:3e:bf:bc:38:91:08:12:11:8e:1e:12:af:
                    fb:18:c9:e9:d9:e8:61:d4:64:9a:ab:79:9d:05:22:
                    33:e3:1c:b1:c0:5d:22:50:ae:8a:45:37:4b:36:e1:
                    d2:bc:f1:71:e9:80:c9:48:81:0b:a3:43:70:1f:58:
                    37:0f:18:17:67:09:89:0a:b9:17:e2:46:b2:78:df:
                    be:f0:14:a4:f0:c5:66:84:53:cc:7f:02:19:21:c6:
                    5a:23:cd:07:ea:c9:60:b1:7a:ea:ba:7a:01:2d:e9:
                    9d:f6:9a:19:bf:ee:d5:bb:75:74:66:81:19:c2:f8:
                    6d:7c:fe:12:08:c0:07:45:26:e5:d9:bb:aa:ec:ea:
                    08:7e:22:65:69:4f:e6:ca:bd:5e:7a:f7:4e:67:c6:
                    4d:d0:af:3c:92:15:22:dc:1f:3a:0d:47:3f:1d:ee:
                    2d:58:7d:c6:b9:7c:5e:9b:e2:66:50:07:51:26:26:
                    9d:7d:63:84:e2:50:75:18:22:43:7c:41:43:ef:41:
                    ba:1a:51:d4:25:37:09:3c:94:d1:87:ca:08:45:e6:
                    27:1f:9b:97:ad:28:56:8d:e9:24:53:3f:ea:f6:26:
                    24:ad:6b:83:80:d7:52:70:7c:6b:2d:ca:ae:b5:60:
                    a9:f5:ed:35:64:8a:c7:67:fc:aa:f2:10:45:29:91:
                    d9:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:89:F6:B6:3E:6B:91:B0:DE:0F:D3:81:67:47:BC:D7:A1:71:28:EA
            X509v3 Authority Key Identifier:
                keyid:63:59:30:9E:F4:9B:44:5F:6E:B5:33:1B:DF:0A:94:C5:C6:EF:C3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A935D/F500F7288AB811EB8707E11AC4F9AE02/Y1kwnvSbRF9utTMb3wqUxcbvw3s.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Y1kwnvSbRF9utTMb3wqUxcbvw3s.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A935D/F500F7288AB811EB8707E11AC4F9AE02/47EB76428ABA11EB8A85C01BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.96.141.0/24
                  103.109.123.0/24
                  103.109.132.0/23
                IPv6:
                  2001:df1:df00::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:ea:a8:8f:62:fb:90:13:73:5f:bc:74:19:4c:01:20:a3:46:
         75:ee:74:f1:94:98:d7:f8:5d:1f:92:fc:1b:0d:35:64:0f:e6:
         6e:9d:0a:19:f0:c7:9d:1f:d9:dc:d1:7c:94:f0:da:07:d7:a3:
         79:8e:8c:28:af:be:f7:91:28:63:e5:49:15:93:cd:ca:8c:9d:
         d2:e2:b0:94:55:4f:4b:78:d2:ef:28:03:37:6b:c9:79:4a:55:
         4a:45:9e:a2:e7:10:6c:ec:36:87:1b:0d:1a:ba:73:e7:67:f2:
         18:4f:ab:98:14:8f:2b:77:63:2e:81:19:18:32:d7:e2:ba:b6:
         76:81:43:0c:6f:9a:18:54:3c:eb:47:8d:93:55:ff:81:03:07:
         1f:1e:0a:91:27:86:26:75:c4:e0:b7:37:2a:88:6e:97:5f:ef:
         c1:40:20:18:ac:27:b9:47:43:2f:5f:89:72:ed:ce:7d:81:18:
         da:4b:6f:70:74:8f:cc:49:6c:33:7f:40:16:cd:e9:22:bc:bf:
         e9:7a:7b:a1:f9:d8:8c:bc:f1:86:6b:3b:4b:1a:01:b2:41:82:
         90:0e:de:10:6a:d5:bb:67:66:e8:73:61:5d:72:da:75:31:af:
         90:a2:63:63:af:4d:9e:00:fa:c9:77:04:05:05:3f:82:65:0f:
         24:2e:62:f9
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgICBcUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTkzNUQxMTAvBgNVBAUTKDYzNTkzMDlFRjQ5QjQ0NUY2RUI1MzMxQkRGMEE5NEM1
QzZFRkMzN0IwHhcNMjQwODI2MjMzMjI2WhcNMjUxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmNkMTA4OS03ZTVkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsjo+v7w4kQgSEY4eEq/7GMnp2ehh1GSaq3mdBSIz4xyxwF0iUK6KRTdLNuHS
vPFx6YDJSIELo0NwH1g3DxgXZwmJCrkX4kayeN++8BSk8MVmhFPMfwIZIcZaI80H
6slgsXrqunoBLemd9poZv+7Vu3V0ZoEZwvhtfP4SCMAHRSbl2buq7OoIfiJlaU/m
yr1eevdOZ8ZN0K88khUi3B86DUc/He4tWH3GuXxem+JmUAdRJiadfWOE4lB1GCJD
fEFD70G6GlHUJTcJPJTRh8oIReYnH5uXrShWjekkUz/q9iYkrWuDgNdScHxrLcqu
tWCp9e01ZIrHZ/yq8hBFKZHZIwIDAQABo4ICsjCCAq4wHQYDVR0OBBYEFGeJ9rY+
a5Gw3g/TgWdHvNehcSjqMB8GA1UdIwQYMBaAFGNZMJ70m0RfbrUzG98KlMXG78N7
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBOTM1RC9GNTAwRjcyODhB
QjgxMUVCODcwN0UxMUFDNEY5QUUwMi9ZMWt3bnZTYlJGOXV0VE1iM3dxVXhjYnZ3
M3MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1kxa3dudlNiUkY5dXRUTWIzd3FVeGNidnczcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTkzNUQvRjUwMEY3Mjg4QUI4MTFFQjg3MDdFMTFBQzRGOUFFMDIvNDdFQjc2NDI4
QUJBMTFFQjhBODVDMDFCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPAYIKwYBBQUHAQcBAf8E
LTArMBgEAgABMBIDBABnYI0DBABnbXsDBAFnbYQwDwQCAAIwCQMHACABDfHfADAN
BgkqhkiG9w0BAQsFAAOCAQEAZuqoj2L7kBNzX7x0GUwBIKNGde508ZSY1/hdH5L8
Gw01ZA/mbp0KGfDHnR/Z3NF8lPDaB9ejeY6MKK++95EoY+VJFZPNyoyd0uKwlFVP
S3jS7ygDN2vJeUpVSkWeoucQbOw2hxsNGrpz52fyGE+rmBSPK3djLoEZGDLX4rq2
doFDDG+aGFQ860eNk1X/gQMHHx4KkSeGJnXE4Lc3Kohul1/vwUAgGKwnuUdDL1+J
cu3OfYEY2ktvcHSPzElsM39AFs3pIry/6Xp7ofnYjLzxhms7SxoBskGCkA7eEGrV
u2dm6HNhXXLadTGvkKJjY69NngD6yXcEBQU/gmUPJC5i+Q==
-----END CERTIFICATE-----