Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91F7DCD/84428B0E73D111EA9CDEC534C4F9AE02/855AECF29B3A11EB9B73EB7BC4F9AE02.roa
File:                     855AECF29B3A11EB9B73EB7BC4F9AE02.roa (raw, json)
Hash identifier:          zqNQDPCuYzDYo/nHe2BJbjMekLz1Fbx+26S+Qt9czd4=
Subject key identifier:   F7:B4:70:74:37:AF:D7:B7:B7:9D:ED:6C:12:95:4F:88:10:9E:97:64
Certificate issuer:       /CN=A91F7DCD/serialNumber=3BD302FA7A2E866A679B1B6096DB67453A03AB86
Certificate serial:       099D
Authority key identifier: 3B:D3:02:FA:7A:2E:86:6A:67:9B:1B:60:96:DB:67:45:3A:03:AB:86
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/O9MC-nouhmpnmxtglttnRToDq4Y.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91F7DCD/84428B0E73D111EA9CDEC534C4F9AE02/855AECF29B3A11EB9B73EB7BC4F9AE02.roa
Signing time:             Wed 04 Sep 2024 20:39:06 +0000
ROA not before:           Wed 04 Sep 2024 20:39:06 +0000
ROA not after:            Mon 01 Dec 2025 00:00:00 +0000
asID:                     141768
IP address blocks:        39.109.92.0/22 maxlen: 22
                          39.109.92.0/24 maxlen: 24
                          39.109.93.0/24 maxlen: 24
                          39.109.94.0/24 maxlen: 24
                          39.109.95.0/24 maxlen: 24
                          103.120.228.0/23 maxlen: 23
                          103.120.228.0/24 maxlen: 24
                          103.120.229.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2461 (0x99d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F7DCD/serialNumber=3BD302FA7A2E866A679B1B6096DB67453A03AB86
        Validity
            Not Before: Sep  4 20:39:06 2024 GMT
            Not After : Dec  1 00:00:00 2025 GMT
        Subject: CN=66d8c56a-0cd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:d4:7f:33:0e:80:8a:5b:cc:6f:7e:d3:a3:67:
                    47:82:dd:5d:aa:cd:35:a4:8b:fe:bb:f7:bb:21:18:
                    89:a1:71:3e:01:35:f5:af:de:ba:e0:5f:ac:bc:f9:
                    be:92:99:b2:a2:07:30:95:43:22:e0:b0:a5:12:43:
                    71:4e:c7:92:aa:a3:94:ad:ac:a7:e7:f4:02:05:53:
                    41:12:d2:7a:74:04:ca:45:27:1f:5e:a0:37:57:55:
                    a5:30:12:8f:20:04:1d:b0:40:74:ec:7c:2d:92:7e:
                    e9:06:1b:39:b2:75:4c:92:6f:7d:d3:b3:2c:e2:9a:
                    49:41:39:73:45:dc:35:0b:a9:e5:b7:c1:86:a1:25:
                    da:6a:a8:78:71:41:46:80:0b:bb:80:f2:0a:1a:d1:
                    42:1c:6c:89:45:49:a2:67:fd:74:21:12:80:66:4a:
                    61:25:a2:73:3e:73:76:fa:88:dc:16:6e:70:29:41:
                    a7:5b:fc:ca:fd:c7:71:d0:0e:76:c3:7e:17:bc:dd:
                    6e:fd:04:8f:85:8d:36:72:af:6a:2d:1c:65:1e:01:
                    7b:37:31:82:fa:ba:f7:0c:56:77:77:48:9e:11:e6:
                    4d:9c:21:65:c2:e1:6d:4e:bf:c9:77:35:e6:2b:2b:
                    a9:97:da:e0:17:97:3d:b6:3d:1f:78:2b:dc:ab:9c:
                    bb:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:B4:70:74:37:AF:D7:B7:B7:9D:ED:6C:12:95:4F:88:10:9E:97:64
            X509v3 Authority Key Identifier:
                keyid:3B:D3:02:FA:7A:2E:86:6A:67:9B:1B:60:96:DB:67:45:3A:03:AB:86

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91F7DCD/84428B0E73D111EA9CDEC534C4F9AE02/O9MC-nouhmpnmxtglttnRToDq4Y.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/O9MC-nouhmpnmxtglttnRToDq4Y.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F7DCD/84428B0E73D111EA9CDEC534C4F9AE02/855AECF29B3A11EB9B73EB7BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  39.109.92.0/22
                  103.120.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:5d:a7:20:f3:95:c2:d7:e4:9c:f5:72:ac:3f:57:db:7b:6d:
         55:28:3d:0b:69:fd:b9:14:6e:56:5d:0b:e7:01:26:4f:3d:17:
         8b:63:c7:10:b1:83:4f:b7:5b:38:84:5c:72:eb:6d:93:c8:83:
         0c:f1:74:84:c3:7a:10:a0:9d:5a:52:3c:d2:02:b7:51:f5:02:
         da:b5:be:6b:e3:c8:c1:d7:00:57:7f:70:b2:6f:ef:d5:70:20:
         7a:74:4b:ef:b5:5e:95:64:a5:0a:12:db:a4:7f:fe:54:0e:e4:
         8e:5b:08:d0:cb:21:63:19:4c:32:ef:cc:ed:3f:74:23:c0:d2:
         73:ea:33:89:e9:9d:6b:7c:e9:cf:28:0d:a7:5c:bb:7a:db:1b:
         57:3a:d5:93:c7:c2:17:59:5b:04:41:e3:80:dd:e9:fd:69:6b:
         fa:bb:87:37:6f:67:fe:19:95:88:30:9d:ae:14:1f:f4:9f:2f:
         f5:bf:12:69:22:f9:26:34:b4:40:6d:e2:e7:1c:8a:ae:13:1e:
         db:07:27:4f:69:3e:73:58:20:6a:8e:e0:38:dd:9e:39:ef:1b:
         ed:3e:15:e1:d6:84:b0:3d:69:a9:6d:4a:13:e1:01:a9:b6:b6:
         08:cb:1d:37:8b:94:64:22:f5:3b:37:ad:d5:34:1e:d2:89:d2:
         d5:00:60:c3
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICCZ0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjdEQ0QxMTAvBgNVBAUTKDNCRDMwMkZBN0EyRTg2NkE2NzlCMUI2MDk2REI2NzQ1
M0EwM0FCODYwHhcNMjQwOTA0MjAzOTA2WhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmQ4YzU2YS0wY2Q4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4tR/Mw6AilvMb37To2dHgt1dqs01pIv+u/e7IRiJoXE+ATX1r9664F+svPm+
kpmyogcwlUMi4LClEkNxTseSqqOUrayn5/QCBVNBEtJ6dATKRScfXqA3V1WlMBKP
IAQdsEB07Hwtkn7pBhs5snVMkm9907Ms4ppJQTlzRdw1C6nlt8GGoSXaaqh4cUFG
gAu7gPIKGtFCHGyJRUmiZ/10IRKAZkphJaJzPnN2+ojcFm5wKUGnW/zK/cdx0A52
w34XvN1u/QSPhY02cq9qLRxlHgF7NzGC+rr3DFZ3d0ieEeZNnCFlwuFtTr/JdzXm
Kyupl9rgF5c9tj0feCvcq5y7uwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFPe0cHQ3
r9e3t53tbBKVT4gQnpdkMB8GA1UdIwQYMBaAFDvTAvp6LoZqZ5sbYJbbZ0U6A6uG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGN0RDRC84NDQyOEIwRTcz
RDExMUVBOUNERUM1MzRDNEY5QUUwMi9POU1DLW5vdWhtcG5teHRnbHR0blJUb0Rx
NFkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL085TUMtbm91aG1wbm14dGdsdHRuUlRvRHE0WS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjdEQ0QvODQ0MjhCMEU3M0QxMTFFQTlDREVDNTM0QzRGOUFFMDIvODU1QUVDRjI5
QjNBMTFFQjlCNzNFQjdCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAInbVwDBAFneOQwDQYJKoZIhvcNAQELBQADggEBAEddpyDz
lcLX5Jz1cqw/V9t7bVUoPQtp/bkUblZdC+cBJk89F4tjxxCxg0+3WziEXHLrbZPI
gwzxdITDehCgnVpSPNICt1H1Atq1vmvjyMHXAFd/cLJv79VwIHp0S++1XpVkpQoS
26R//lQO5I5bCNDLIWMZTDLvzO0/dCPA0nPqM4npnWt86c8oDadcu3rbG1c61ZPH
whdZWwRB44Dd6f1pa/q7hzdvZ/4ZlYgwna4UH/SfL/W/Emki+SY0tEBt4ucciq4T
HtsHJ09pPnNYIGqO4DjdnjnvG+0+FeHWhLA9aaltShPhAam2tgjLHTeLlGQi9Ts3
rdU0HtKJ0tUAYMM=
-----END CERTIFICATE-----