Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9149C2D/4D5A7880087311E79C839B09C4F9AE02/A607F8965F4611EE80BD8D2DC4F9AE02.roa
File:                     A607F8965F4611EE80BD8D2DC4F9AE02.roa (raw, json)
Hash identifier:          wynmFUF72+WqOIzeId16MY3qAbLuhLthoUyin6hAIaA=
Subject key identifier:   8F:4C:C4:15:2F:47:54:B3:7E:37:8F:64:71:08:1A:A2:E0:07:6C:7E
Certificate issuer:       /CN=A9149C2D/serialNumber=1BDC4767A6D5EBE0BEFA5CA1235308F75E48891A
Certificate serial:       1B67
Authority key identifier: 1B:DC:47:67:A6:D5:EB:E0:BE:FA:5C:A1:23:53:08:F7:5E:48:89:1A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/G9xHZ6bV6-C--lyhI1MI915IiRo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9149C2D/4D5A7880087311E79C839B09C4F9AE02/A607F8965F4611EE80BD8D2DC4F9AE02.roa
Signing time:             Thu 30 Jan 2025 16:33:50 +0000
ROA not before:           Thu 30 Jan 2025 16:33:50 +0000
ROA not after:            Tue 31 Mar 2026 00:00:00 +0000
asID:                     63927
IP address blocks:        103.44.232.0/22 maxlen: 24
                          2401:da80::/32 maxlen: 32
                          2401:da80::/36 maxlen: 36
                          2401:da80:1000::/36 maxlen: 36
                          2401:da80:2000::/36 maxlen: 36
                          2401:da80:3000::/36 maxlen: 36
                          2401:da80:4000::/36 maxlen: 36
                          2401:da80:5000::/36 maxlen: 36
                          2401:da80:6000::/36 maxlen: 36
                          2401:da80:7000::/36 maxlen: 36
                          2401:da80:8000::/36 maxlen: 36
                          2401:da80:9000::/36 maxlen: 36
                          2401:da80:a000::/36 maxlen: 36
                          2401:da80:b000::/36 maxlen: 36
                          2401:da80:c000::/36 maxlen: 36
                          2401:da80:d000::/36 maxlen: 36
                          2401:da80:e000::/36 maxlen: 36
                          2401:da80:f000::/36 maxlen: 36
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7015 (0x1b67)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9149C2D
        Validity
            Not Before: Jan 30 16:33:50 2025 GMT
            Not After : Mar 31 00:00:00 2026 GMT
        Subject: CN=679ba9ee-7e3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:2c:54:3d:f2:61:dd:8e:2f:fd:4e:b5:24:16:
                    b9:4f:76:8c:cb:43:70:b1:ad:f4:55:62:0b:9f:9a:
                    ed:66:b2:4c:eb:d6:3f:5a:c6:fa:f2:5b:5a:38:fe:
                    e1:eb:e8:84:ee:db:22:7f:9d:28:4c:24:f9:ae:11:
                    ef:dc:ff:48:a4:23:cd:06:18:5c:45:e4:80:29:6b:
                    92:28:2c:b8:fa:e3:ee:b6:e5:e8:07:f5:97:d1:42:
                    50:b5:71:83:70:b5:65:5a:f9:ce:9f:f8:bb:2b:0a:
                    2c:7b:fe:be:59:d7:31:4a:8c:30:76:ad:2f:70:cf:
                    20:50:1f:25:21:d9:9a:42:1a:57:b9:c0:7e:73:8e:
                    43:fa:18:87:97:04:ee:2d:0a:37:ac:f0:68:59:20:
                    22:e4:84:54:73:20:ed:52:dc:9a:06:91:36:54:95:
                    af:66:68:bc:ee:30:43:12:65:5d:a2:26:76:db:73:
                    24:ae:37:92:72:5e:20:01:ee:a7:ff:9b:50:c3:62:
                    c7:80:06:26:d9:74:bd:6f:88:e6:5f:f5:d6:f7:a6:
                    5c:a0:fe:cc:42:bb:c9:44:67:db:ac:c0:5b:d0:63:
                    5d:f9:f7:56:ac:ce:1b:4f:90:50:47:d7:df:9a:42:
                    65:67:c1:c3:88:4e:ce:9b:ec:e7:48:5a:91:4d:0f:
                    a1:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:4C:C4:15:2F:47:54:B3:7E:37:8F:64:71:08:1A:A2:E0:07:6C:7E
            X509v3 Authority Key Identifier:
                keyid:1B:DC:47:67:A6:D5:EB:E0:BE:FA:5C:A1:23:53:08:F7:5E:48:89:1A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9149C2D/4D5A7880087311E79C839B09C4F9AE02/G9xHZ6bV6-C--lyhI1MI915IiRo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/G9xHZ6bV6-C--lyhI1MI915IiRo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9149C2D/4D5A7880087311E79C839B09C4F9AE02/A607F8965F4611EE80BD8D2DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.44.232.0/22
                IPv6:
                  2401:da80::/32

    Signature Algorithm: sha256WithRSAEncryption
         61:df:89:5f:80:c4:d3:7d:0b:d7:2c:b3:e4:b9:1a:96:dc:d3:
         44:c0:16:e9:bc:96:0e:78:5c:72:99:dd:4d:cb:e0:4e:2b:f9:
         46:e6:75:31:2a:85:2e:50:ae:82:7e:57:74:ca:d0:98:ba:6c:
         1c:c0:00:d0:cf:b6:21:e1:04:16:9b:1d:24:2c:c8:79:59:33:
         49:65:97:0d:50:f5:fb:f9:2e:a2:89:a9:45:fd:c1:33:0b:aa:
         64:ee:fc:64:87:93:65:68:b7:44:1f:9a:bc:b8:24:b8:6b:37:
         08:6f:b9:d2:e3:4f:21:79:d5:02:53:9d:4d:38:a3:0e:fa:0b:
         ff:f2:6f:22:e9:5a:c3:d1:9b:fb:68:04:5a:59:32:de:13:5d:
         73:1c:e0:c2:d1:a7:80:76:ae:1d:75:73:4e:ba:d3:37:e0:67:
         cf:6e:f8:73:cf:4a:8d:b8:35:43:a8:dd:c8:b2:c1:be:3d:d9:
         8d:19:84:63:2d:1f:7c:3c:6b:04:55:d3:ba:39:da:54:cf:ef:
         1a:f6:98:bc:ad:7f:97:e1:f6:59:47:3d:54:ad:ba:12:62:f8:
         a8:f2:1d:db:88:98:56:74:7a:5b:67:dd:98:fd:e6:17:8a:b7:
         10:90:73:7d:5c:8c:40:42:ae:6b:23:ac:9c:c4:f3:11:5c:49:
         00:db:47:7e
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICG2cwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDlDMkQxMTAvBgNVBAUTKDFCREM0NzY3QTZENUVCRTBCRUZBNUNBMTIzNTMwOEY3
NUU0ODg5MUEwHhcNMjUwMTMwMTYzMzUwWhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzliYTllZS03ZTNiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzSxUPfJh3Y4v/U61JBa5T3aMy0Nwsa30VWILn5rtZrJM69Y/Wsb68ltaOP7h
6+iE7tsif50oTCT5rhHv3P9IpCPNBhhcReSAKWuSKCy4+uPutuXoB/WX0UJQtXGD
cLVlWvnOn/i7Kwose/6+WdcxSowwdq0vcM8gUB8lIdmaQhpXucB+c45D+hiHlwTu
LQo3rPBoWSAi5IRUcyDtUtyaBpE2VJWvZmi87jBDEmVdoiZ223MkrjeScl4gAe6n
/5tQw2LHgAYm2XS9b4jmX/XW96ZcoP7MQrvJRGfbrMBb0GNd+fdWrM4bT5BQR9ff
mkJlZ8HDiE7Om+znSFqRTQ+h9wIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFI9MxBUv
R1SzfjePZHEIGqLgB2x+MB8GA1UdIwQYMBaAFBvcR2em1evgvvpcoSNTCPdeSIka
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0OUMyRC80RDVBNzg4MDA4
NzMxMUU3OUM4MzlCMDlDNEY5QUUwMi9HOXhIWjZiVjYtQy0tbHloSTFNSTkxNUlp
Um8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0c5eEhaNmJWNi1DLS1seWhJMU1JOTE1SWlSby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDlDMkQvNEQ1QTc4ODAwODczMTFFNzlDODM5QjA5QzRGOUFFMDIvQTYwN0Y4OTY1
RjQ2MTFFRTgwQkQ4RDJEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJnLOgwDQQCAAIwBwMFACQB2oAwDQYJKoZIhvcNAQELBQAD
ggEBAGHfiV+AxNN9C9css+S5Gpbc00TAFum8lg54XHKZ3U3L4E4r+UbmdTEqhS5Q
roJ+V3TK0Ji6bBzAANDPtiHhBBabHSQsyHlZM0lllw1Q9fv5LqKJqUX9wTMLqmTu
/GSHk2Vot0Qfmry4JLhrNwhvudLjTyF51QJTnU04ow76C//ybyLpWsPRm/toBFpZ
Mt4TXXMc4MLRp4B2rh11c0660zfgZ89u+HPPSo24NUOo3ciywb492Y0ZhGMtH3w8
awRV07o52lTP7xr2mLytf5fh9llHPVStuhJi+KjyHduImFZ0eltn3Zj95heKtxCQ
c31cjEBCrmsjrJzE8xFcSQDbR34=
-----END CERTIFICATE-----