Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91AF0E8/45796AD21DA311E29FFB8C9808B02CD2/0A956A80B48711EC83327546C4F9AE02.roa
File:                     0A956A80B48711EC83327546C4F9AE02.roa (raw, json)
Hash identifier:          9LTH0YNpJSoOIQpkw88J8KChbFMDLdSzcK4sN/Oo+iE=
Subject key identifier:   8B:6D:AE:C5:50:F1:2B:26:1E:51:6F:7C:41:4F:F3:DF:51:C8:B7:F9
Certificate issuer:       /CN=A91AF0E8/serialNumber=FAA20A1AFB2091CB7F51147883F364A453094131
Certificate serial:       33AE
Authority key identifier: FA:A2:0A:1A:FB:20:91:CB:7F:51:14:78:83:F3:64:A4:53:09:41:31
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-qIKGvsgkct_URR4g_NkpFMJQTE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91AF0E8/45796AD21DA311E29FFB8C9808B02CD2/0A956A80B48711EC83327546C4F9AE02.roa
Signing time:             Sat 02 Mar 2024 15:21:22 +0000
ROA not before:           Sat 02 Mar 2024 15:21:22 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     55328
IP address blocks:        175.176.208.0/21 maxlen: 24
                          203.34.75.0/24 maxlen: 24
                          203.62.198.0/24 maxlen: 24
                          2401:7200::/32 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13230 (0x33ae)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91AF0E8/serialNumber=FAA20A1AFB2091CB7F51147883F364A453094131
        Validity
            Not Before: Mar  2 15:21:22 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65e343f1-8759
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:8b:15:a4:28:ca:3d:44:89:e6:16:37:ad:7b:
                    e2:33:d3:70:73:9b:c0:63:95:3d:7f:9d:f7:32:01:
                    82:f0:5a:09:b7:7b:d2:92:46:3e:1e:14:b5:ec:df:
                    84:0e:f7:ee:9b:0f:d9:b1:95:14:3f:12:34:a5:be:
                    90:72:6f:17:7b:09:86:13:8b:be:3e:e7:37:a5:8e:
                    e2:c7:b2:cc:bc:f3:ca:6e:13:fa:b2:f0:7b:17:d3:
                    de:0b:77:10:51:d4:74:a9:7f:15:63:ac:af:f2:51:
                    d5:22:af:69:26:88:39:03:31:8b:b9:29:f9:64:f3:
                    26:92:bb:0d:d8:c0:76:28:99:50:1a:4c:61:d3:45:
                    7b:b7:f9:65:1f:cc:19:a3:59:75:5f:d9:fd:4c:ec:
                    2e:d4:59:3e:16:e5:a0:64:92:f1:d1:5f:77:8c:54:
                    a1:5a:f4:46:a1:df:de:b5:c8:c6:67:e8:33:a0:7e:
                    e3:43:e0:99:f0:3c:4c:33:d5:2e:37:f2:fa:6e:f4:
                    42:76:49:b8:c4:8f:6b:83:9b:63:4d:bf:00:13:99:
                    0b:d0:1c:d0:27:99:f4:3a:f6:c2:b1:7b:9c:d7:33:
                    6b:27:d0:60:06:1a:5e:df:86:d0:28:f9:d6:86:df:
                    d9:b6:6a:51:6a:53:6b:54:95:3d:f3:85:e4:4a:38:
                    1e:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:6D:AE:C5:50:F1:2B:26:1E:51:6F:7C:41:4F:F3:DF:51:C8:B7:F9
            X509v3 Authority Key Identifier:
                keyid:FA:A2:0A:1A:FB:20:91:CB:7F:51:14:78:83:F3:64:A4:53:09:41:31

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91AF0E8/45796AD21DA311E29FFB8C9808B02CD2/-qIKGvsgkct_URR4g_NkpFMJQTE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-qIKGvsgkct_URR4g_NkpFMJQTE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AF0E8/45796AD21DA311E29FFB8C9808B02CD2/0A956A80B48711EC83327546C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  175.176.208.0/21
                  203.34.75.0/24
                  203.62.198.0/24
                IPv6:
                  2401:7200::/32

    Signature Algorithm: sha256WithRSAEncryption
         a5:1f:bc:03:06:e7:86:cb:f5:3b:b3:9e:ce:ed:7b:2c:22:49:
         2e:1a:52:37:d5:56:89:02:a1:94:06:97:62:73:36:03:3f:30:
         76:3d:e5:28:cc:22:75:22:bb:87:9b:2f:b6:9a:c4:3b:fc:94:
         4a:a5:0c:dd:fb:08:c2:f2:11:8e:c0:af:08:54:a3:4f:f1:2b:
         f9:74:e6:9e:1a:89:6a:bc:48:a0:1a:58:61:ce:bf:2c:ff:5e:
         42:5f:8a:c3:57:6e:7d:5c:65:22:a1:3c:c0:d6:5f:62:25:af:
         0d:85:4e:0a:db:ff:44:fa:e8:a2:28:16:f3:01:1a:98:d8:c1:
         1b:5c:60:32:c5:2a:4d:09:78:98:cd:43:34:48:05:46:6a:4a:
         72:34:f3:0f:d7:54:a0:9b:85:3c:7f:81:a1:e3:bc:64:31:27:
         05:0d:37:dd:06:93:3c:1e:9d:47:c6:ac:98:ad:50:a0:56:83:
         6f:14:c8:09:09:58:55:f1:43:c7:1c:5e:61:a5:3c:51:7f:3f:
         5e:1d:97:03:bc:c0:3e:c2:e5:ca:81:36:e6:49:cc:05:8c:0a:
         64:64:02:bd:34:82:87:3d:09:d7:d4:7c:22:2a:6e:8b:af:92:
         fe:0a:a5:ff:db:af:e3:8f:f1:ae:8b:dc:78:fa:cf:d7:dd:c4:
         ae:ff:d5:1d
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICM64wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUYwRTgxMTAvBgNVBAUTKEZBQTIwQTFBRkIyMDkxQ0I3RjUxMTQ3ODgzRjM2NEE0
NTMwOTQxMzEwHhcNMjQwMzAyMTUyMTIyWhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWUzNDNmMS04NzU5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqIsVpCjKPUSJ5hY3rXviM9Nwc5vAY5U9f533MgGC8FoJt3vSkkY+HhS17N+E
Dvfumw/ZsZUUPxI0pb6Qcm8XewmGE4u+Puc3pY7ix7LMvPPKbhP6svB7F9PeC3cQ
UdR0qX8VY6yv8lHVIq9pJog5AzGLuSn5ZPMmkrsN2MB2KJlQGkxh00V7t/llH8wZ
o1l1X9n9TOwu1Fk+FuWgZJLx0V93jFShWvRGod/etcjGZ+gzoH7jQ+CZ8DxMM9Uu
N/L6bvRCdkm4xI9rg5tjTb8AE5kL0BzQJ5n0OvbCsXuc1zNrJ9BgBhpe34bQKPnW
ht/ZtmpRalNrVJU984XkSjge3wIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFIttrsVQ
8SsmHlFvfEFP899RyLf5MB8GA1UdIwQYMBaAFPqiChr7IJHLf1EUeIPzZKRTCUEx
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBRjBFOC80NTc5NkFEMjFE
QTMxMUUyOUZGQjhDOTgwOEIwMkNEMi8tcUlLR3ZzZ2tjdF9VUlI0Z19Oa3BGTUpR
VEUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLy1xSUtHdnNna2N0X1VSUjRnX05rcEZNSlFURS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUYwRTgvNDU3OTZBRDIxREEzMTFFMjlGRkI4Qzk4MDhCMDJDRDIvMEE5NTZBODBC
NDg3MTFFQzgzMzI3NTQ2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOgYIKwYBBQUHAQcBAf8E
KzApMBgEAgABMBIDBAOvsNADBADLIksDBADLPsYwDQQCAAIwBwMFACQBcgAwDQYJ
KoZIhvcNAQELBQADggEBAKUfvAMG54bL9Tuzns7teywiSS4aUjfVVokCoZQGl2Jz
NgM/MHY95SjMInUiu4ebL7aaxDv8lEqlDN37CMLyEY7ArwhUo0/xK/l05p4aiWq8
SKAaWGHOvyz/XkJfisNXbn1cZSKhPMDWX2Ilrw2FTgrb/0T66KIoFvMBGpjYwRtc
YDLFKk0JeJjNQzRIBUZqSnI08w/XVKCbhTx/gaHjvGQxJwUNN90GkzwenUfGrJit
UKBWg28UyAkJWFXxQ8ccXmGlPFF/P14dlwO8wD7C5cqBNuZJzAWMCmRkAr00goc9
CdfUfCIqbouvkv4Kpf/br+OP8a6L3Hj6z9fdxK7/1R0=
-----END CERTIFICATE-----