Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914DC5D/39E7146C2A3311EB929DC07CC4F9AE02/55493366013C11ED9864F33CC4F9AE02.roa
File:                     55493366013C11ED9864F33CC4F9AE02.roa (raw, json)
Hash identifier:          0qVhe66/0pu/dhz2TXJhU0ebQFEgZUWbuY+h0HJ2A+s=
Subject key identifier:   6F:61:1B:70:49:9E:D8:3C:6A:61:CF:63:E3:1D:75:DE:91:BA:3A:9F
Certificate issuer:       /CN=A914DC5D/serialNumber=20F2531A7BA8212D2BB0900D576372D33F846928
Certificate serial:       07B6
Authority key identifier: 20:F2:53:1A:7B:A8:21:2D:2B:B0:90:0D:57:63:72:D3:3F:84:69:28
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/IPJTGnuoIS0rsJANV2Ny0z-EaSg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914DC5D/39E7146C2A3311EB929DC07CC4F9AE02/55493366013C11ED9864F33CC4F9AE02.roa
Signing time:             Thu 19 Sep 2024 12:10:22 +0000
ROA not before:           Thu 19 Sep 2024 12:10:22 +0000
ROA not after:            Tue 30 Sep 2025 00:00:00 +0000
asID:                     135381
IP address blocks:        202.44.217.0/24 maxlen: 24
                          202.44.218.0/24 maxlen: 24
                          202.44.229.0/24 maxlen: 24
                          202.44.230.0/24 maxlen: 24
                          202.44.231.0/24 maxlen: 24
                          202.44.232.0/24 maxlen: 24
                          202.44.233.0/24 maxlen: 24
                          202.44.252.0/24 maxlen: 24
                          202.44.255.0/24 maxlen: 24
                          203.150.118.0/24 maxlen: 24
                          203.150.121.0/24 maxlen: 24
                          203.150.122.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1974 (0x7b6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914DC5D
        Validity
            Not Before: Sep 19 12:10:22 2024 GMT
            Not After : Sep 30 00:00:00 2025 GMT
        Subject: CN=66ec14ae-a5b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d5:c4:a0:09:32:5e:4a:2e:72:5a:0c:0c:63:
                    0e:41:85:72:9f:79:80:59:79:fe:9f:57:85:86:fb:
                    a6:6b:6e:8d:31:6b:b1:6e:f8:36:bf:9e:5d:2b:e4:
                    a1:f9:46:43:fd:d7:6f:5f:63:d3:90:08:a0:15:b8:
                    b0:d6:a3:f1:ca:03:de:51:56:9d:fd:2a:c1:69:1c:
                    6d:e2:e3:e5:10:ef:5c:b3:a3:22:f9:fc:31:a1:ca:
                    15:74:7b:e8:d8:19:f6:60:52:6a:ff:1e:f3:1a:66:
                    55:c9:5c:50:17:4d:eb:d4:d8:1d:13:c8:32:19:de:
                    17:f0:60:a7:41:ec:17:c9:cc:66:11:e6:b4:a0:4e:
                    0d:9f:18:11:70:de:24:2e:dd:94:ed:37:77:d0:3c:
                    8d:51:43:35:93:3c:bf:41:f2:0d:e2:65:7e:91:ad:
                    a8:c7:40:04:82:3f:30:c1:7a:05:f0:90:88:5d:c5:
                    31:3f:31:51:5f:cd:df:83:0a:4a:4f:a9:77:46:22:
                    11:fe:8e:c6:df:74:33:15:41:c3:ae:fb:47:80:0f:
                    b6:0a:c7:9e:28:93:8b:42:b4:5b:ec:e7:06:82:fe:
                    63:be:1c:64:d1:bd:b9:07:f7:ef:6e:ea:58:a1:7c:
                    db:9d:de:97:56:de:a3:b3:e2:8f:66:54:91:25:b4:
                    00:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:61:1B:70:49:9E:D8:3C:6A:61:CF:63:E3:1D:75:DE:91:BA:3A:9F
            X509v3 Authority Key Identifier:
                keyid:20:F2:53:1A:7B:A8:21:2D:2B:B0:90:0D:57:63:72:D3:3F:84:69:28

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914DC5D/39E7146C2A3311EB929DC07CC4F9AE02/IPJTGnuoIS0rsJANV2Ny0z-EaSg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/IPJTGnuoIS0rsJANV2Ny0z-EaSg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914DC5D/39E7146C2A3311EB929DC07CC4F9AE02/55493366013C11ED9864F33CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.44.217.0-202.44.218.255
                  202.44.229.0-202.44.233.255
                  202.44.252.0/24
                  202.44.255.0/24
                  203.150.118.0/24
                  203.150.121.0-203.150.122.255

    Signature Algorithm: sha256WithRSAEncryption
         ac:ec:a9:fc:51:a5:44:02:86:e8:e6:1b:a6:8d:9a:92:23:e9:
         e6:24:dd:29:dd:63:e9:97:69:8d:bb:9e:bd:c8:a0:95:77:1e:
         60:94:53:32:2f:59:99:ae:d2:5e:22:c2:23:2f:17:1c:a3:70:
         52:f3:dd:7b:9c:78:a2:a7:08:15:7d:37:ec:2c:a8:16:01:8f:
         c7:31:b1:fe:2b:96:e2:8d:90:9b:c8:6e:2f:3e:23:86:bc:fb:
         fd:ea:77:1d:5b:8e:2f:c9:f0:ef:a0:72:d5:fc:2f:7f:71:fb:
         d4:00:47:96:e3:be:d2:89:a0:3f:48:eb:1f:d1:64:24:75:50:
         93:21:a2:62:f8:ff:30:4b:06:56:af:69:0f:c0:93:4f:6f:24:
         45:cf:1e:b3:11:08:43:14:b2:11:8a:9f:70:08:28:79:77:d7:
         f8:a0:b1:30:d5:c2:3f:6c:f6:7b:ef:0b:06:40:3e:1a:ad:7c:
         85:f4:7a:4c:8d:ff:38:e2:d0:8d:1a:0e:e4:78:12:67:3d:48:
         b4:5e:72:62:74:ee:14:30:da:ca:36:f2:93:a2:59:41:6e:e4:
         ad:97:19:7e:91:40:d4:91:fd:a5:24:55:af:88:2e:c8:2a:08:
         30:76:2d:8c:17:9e:0e:ce:34:2a:16:d6:73:58:2e:ff:43:b5:
         1e:ed:e8:bc
-----BEGIN CERTIFICATE-----
MIIFpzCCBI+gAwIBAgICB7YwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NERDNUQxMTAvBgNVBAUTKDIwRjI1MzFBN0JBODIxMkQyQkIwOTAwRDU3NjM3MkQz
M0Y4NDY5MjgwHhcNMjQwOTE5MTIxMDIyWhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmVjMTRhZS1hNWIwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAstXEoAkyXkoucloMDGMOQYVyn3mAWXn+n1eFhvuma26NMWuxbvg2v55dK+Sh
+UZD/ddvX2PTkAigFbiw1qPxygPeUVad/SrBaRxt4uPlEO9cs6Mi+fwxocoVdHvo
2Bn2YFJq/x7zGmZVyVxQF03r1NgdE8gyGd4X8GCnQewXycxmEea0oE4NnxgRcN4k
Lt2U7Td30DyNUUM1kzy/QfIN4mV+ka2ox0AEgj8wwXoF8JCIXcUxPzFRX83fgwpK
T6l3RiIR/o7G33QzFUHDrvtHgA+2CseeKJOLQrRb7OcGgv5jvhxk0b25B/fvbupY
oXzbnd6XVt6js+KPZlSRJbQAAwIDAQABo4ICyzCCAscwHQYDVR0OBBYEFG9hG3BJ
ntg8amHPY+Mddd6RujqfMB8GA1UdIwQYMBaAFCDyUxp7qCEtK7CQDVdjctM/hGko
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0REM1RC8zOUU3MTQ2QzJB
MzMxMUVCOTI5REMwN0NDNEY5QUUwMi9JUEpUR251b0lTMHJzSkFOVjJOeTB6LUVh
U2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0lQSlRHbnVvSVMwcnNKQU5WMk55MHotRWFTZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NERDNUQvMzlFNzE0NkMyQTMzMTFFQjkyOURDMDdDQzRGOUFFMDIvNTU0OTMzNjYw
MTNDMTFFRDk4NjRGMzNDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwVQYIKwYBBQUHAQcBAf8E
RjBEMEIEAgABMDwwDAMEAMos2QMEAMos2jAMAwQAyizlAwQByizoAwQAyiz8AwQA
yiz/AwQAy5Z2MAwDBADLlnkDBADLlnowDQYJKoZIhvcNAQELBQADggEBAKzsqfxR
pUQChujmG6aNmpIj6eYk3SndY+mXaY27nr3IoJV3HmCUUzIvWZmu0l4iwiMvFxyj
cFLz3XuceKKnCBV9N+wsqBYBj8cxsf4rluKNkJvIbi8+I4a8+/3qdx1bji/J8O+g
ctX8L39x+9QAR5bjvtKJoD9I6x/RZCR1UJMhomL4/zBLBlavaQ/Ak09vJEXPHrMR
CEMUshGKn3AIKHl31/igsTDVwj9s9nvvCwZAPhqtfIX0ekyN/zji0I0aDuR4Emc9
SLRecmJ07hQw2so28pOiWUFu5K2XGX6RQNSR/aUkVa+ILsgqCDB2LYwXng7ONCoW
1nNYLv9DtR7t6Lw=
-----END CERTIFICATE-----