Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9120FD4/809C24D2F55111E99D5B7D3DC4F9AE02/4154E51AC91311EBA6226F45C4F9AE02.roa
File:                     4154E51AC91311EBA6226F45C4F9AE02.roa (raw, json)
Hash identifier:          X3uR7nkHEkJDs/4UDZXjCbVpYlI7ETxizWrqRmPT3Rg=
Subject key identifier:   AB:0F:42:BD:1F:EB:F7:4C:E7:CC:A7:C1:90:C8:87:31:A2:A8:2B:1F
Certificate issuer:       /CN=A9120FD4/serialNumber=62C6B1A0B2C3A614F3CB43FABB31BF81616B54B4
Certificate serial:       0C67
Authority key identifier: 62:C6:B1:A0:B2:C3:A6:14:F3:CB:43:FA:BB:31:BF:81:61:6B:54:B4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/YsaxoLLDphTzy0P6uzG_gWFrVLQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9120FD4/809C24D2F55111E99D5B7D3DC4F9AE02/4154E51AC91311EBA6226F45C4F9AE02.roa
Signing time:             Tue 14 Jan 2025 18:16:57 +0000
ROA not before:           Tue 14 Jan 2025 18:16:57 +0000
ROA not after:            Tue 31 Mar 2026 00:00:00 +0000
asID:                     58768
IP address blocks:        103.140.116.0/23 maxlen: 24
                          203.190.8.0/21 maxlen: 24
                          2400:fa40::/32 maxlen: 32
                          2400:fa40::/48 maxlen: 48
                          2400:fa40:1::/48 maxlen: 48
                          2400:fa40:2::/48 maxlen: 48
                          2400:fa40:3::/48 maxlen: 48
                          2400:fa40:4::/48 maxlen: 48
                          2400:fa40:5::/48 maxlen: 48
                          2400:fa40:a::/48 maxlen: 48
                          2400:fa40:b::/48 maxlen: 48
                          2400:fa40:a00::/40 maxlen: 40
                          2400:fa40:e000::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3175 (0xc67)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9120FD4
        Validity
            Not Before: Jan 14 18:16:57 2025 GMT
            Not After : Mar 31 00:00:00 2026 GMT
        Subject: CN=6786aa19-2bf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:64:d7:1b:d0:2c:1b:aa:ef:3a:50:d9:a0:e7:
                    49:42:73:c2:fe:93:22:fd:6a:fe:b4:76:c8:13:6b:
                    e2:9a:96:55:62:a7:f8:9f:ec:8f:2c:b8:11:57:a4:
                    9f:80:6b:af:5e:e7:14:37:65:8e:7f:5e:84:d3:1c:
                    06:ad:bb:6a:63:b1:5f:0d:58:5e:37:1e:f2:ec:ab:
                    01:8a:62:64:71:05:f3:c6:08:f2:80:2a:0f:a2:38:
                    4f:60:51:c5:1a:23:9c:2b:f9:3a:e1:74:af:23:39:
                    01:cf:0f:a9:04:fa:c4:98:12:b3:fa:5b:e5:1c:43:
                    9f:3f:92:19:5a:e5:14:fb:08:b3:a3:d2:d7:0e:dd:
                    d6:58:b8:07:37:e9:be:6d:fe:f9:39:eb:17:ba:10:
                    42:38:44:34:c3:6b:de:32:9a:3d:cb:1a:96:a5:04:
                    24:0e:73:13:bf:10:98:ae:43:65:54:56:6d:83:a7:
                    f7:05:a0:ae:e4:1a:ab:25:c2:0e:5d:be:c3:64:90:
                    72:2f:86:88:1f:ff:5b:42:6a:76:df:67:d1:6b:0c:
                    8a:a3:3b:9e:fb:1c:7e:30:fe:11:f9:0b:7c:24:a1:
                    47:53:22:26:58:dc:6e:61:73:f7:58:ac:fd:99:e5:
                    e5:94:db:62:8b:81:66:be:92:7b:48:7b:af:2f:c2:
                    48:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:0F:42:BD:1F:EB:F7:4C:E7:CC:A7:C1:90:C8:87:31:A2:A8:2B:1F
            X509v3 Authority Key Identifier:
                keyid:62:C6:B1:A0:B2:C3:A6:14:F3:CB:43:FA:BB:31:BF:81:61:6B:54:B4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9120FD4/809C24D2F55111E99D5B7D3DC4F9AE02/YsaxoLLDphTzy0P6uzG_gWFrVLQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/YsaxoLLDphTzy0P6uzG_gWFrVLQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9120FD4/809C24D2F55111E99D5B7D3DC4F9AE02/4154E51AC91311EBA6226F45C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.140.116.0/23
                  203.190.8.0/21
                IPv6:
                  2400:fa40::/32

    Signature Algorithm: sha256WithRSAEncryption
         43:4a:9d:28:e3:b6:6a:39:1a:34:3d:45:7e:ae:92:08:3c:25:
         6d:30:38:51:7c:8f:eb:80:59:36:04:2f:8c:a1:4b:28:c6:a3:
         a5:2e:b7:b3:20:8b:f8:c5:73:d6:35:0d:f2:83:05:3d:dc:46:
         ce:e2:08:24:44:80:9c:81:71:a9:44:7d:27:8d:be:2b:ee:ac:
         01:d0:82:e3:5e:b6:3f:d7:3c:94:87:52:fe:80:ee:25:56:ae:
         6e:6c:d0:02:1f:82:e4:21:49:de:49:a5:fd:92:e4:12:d3:5f:
         5b:24:f7:99:10:91:70:fe:96:3b:1f:19:57:e5:c6:07:10:a3:
         77:af:8a:1b:72:6e:7d:aa:2a:c8:4e:e6:d2:d0:8a:5c:54:cd:
         ea:35:a6:02:83:aa:59:c5:4a:bf:05:cc:77:b7:2f:f8:eb:b3:
         c3:e4:7f:b6:89:75:4a:64:1f:aa:d0:40:fd:10:02:52:c2:3e:
         e4:cd:21:34:46:b9:9b:43:3f:a6:51:61:aa:18:cd:d1:f3:08:
         b6:56:f4:e4:da:4d:4d:ae:94:f5:63:26:5c:9f:9a:e1:da:54:
         1e:ce:07:c6:f3:30:42:8c:4b:63:e4:b5:8c:21:5d:8a:bb:78:
         30:bc:c0:ed:7c:e8:6c:14:90:ad:7c:aa:9a:13:05:a9:1d:ed:
         64:00:91:f9
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICDGcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjBGRDQxMTAvBgNVBAUTKDYyQzZCMUEwQjJDM0E2MTRGM0NCNDNGQUJCMzFCRjgx
NjE2QjU0QjQwHhcNMjUwMTE0MTgxNjU3WhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02Nzg2YWExOS0yYmYyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyGTXG9AsG6rvOlDZoOdJQnPC/pMi/Wr+tHbIE2vimpZVYqf4n+yPLLgRV6Sf
gGuvXucUN2WOf16E0xwGrbtqY7FfDVheNx7y7KsBimJkcQXzxgjygCoPojhPYFHF
GiOcK/k64XSvIzkBzw+pBPrEmBKz+lvlHEOfP5IZWuUU+wizo9LXDt3WWLgHN+m+
bf75OesXuhBCOEQ0w2veMpo9yxqWpQQkDnMTvxCYrkNlVFZtg6f3BaCu5BqrJcIO
Xb7DZJByL4aIH/9bQmp232fRawyKozue+xx+MP4R+Qt8JKFHUyImWNxuYXP3WKz9
meXllNtii4FmvpJ7SHuvL8JI8QIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFKsPQr0f
6/dM58ynwZDIhzGiqCsfMB8GA1UdIwQYMBaAFGLGsaCyw6YU88tD+rsxv4Fha1S0
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyMEZENC84MDlDMjREMkY1
NTExMUU5OUQ1QjdEM0RDNEY5QUUwMi9Zc2F4b0xMRHBoVHp5MFA2dXpHX2dXRnJW
TFEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1lzYXhvTExEcGhUenkwUDZ1ekdfZ1dGclZMUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjBGRDQvODA5QzI0RDJGNTUxMTFFOTlENUI3RDNEQzRGOUFFMDIvNDE1NEU1MUFD
OTEzMTFFQkE2MjI2RjQ1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAFnjHQDBAPLvggwDQQCAAIwBwMFACQA+kAwDQYJKoZIhvcN
AQELBQADggEBAENKnSjjtmo5GjQ9RX6ukgg8JW0wOFF8j+uAWTYEL4yhSyjGo6Uu
t7Mgi/jFc9Y1DfKDBT3cRs7iCCREgJyBcalEfSeNvivurAHQguNetj/XPJSHUv6A
7iVWrm5s0AIfguQhSd5Jpf2S5BLTX1sk95kQkXD+ljsfGVflxgcQo3evihtybn2q
KshO5tLQilxUzeo1pgKDqlnFSr8FzHe3L/jrs8Pkf7aJdUpkH6rQQP0QAlLCPuTN
ITRGuZtDP6ZRYaoYzdHzCLZW9OTaTU2ulPVjJlyfmuHaVB7OB8bzMEKMS2PktYwh
XYq7eDC8wO186GwUkK18qpoTBakd7WQAkfk=
-----END CERTIFICATE-----