Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914E556/2EAAFECA0C3711EBA8AA8222C4F9AE02/375F7DAA0C3911EB828BDC25C4F9AE02.roa
File:                     375F7DAA0C3911EB828BDC25C4F9AE02.roa (raw, json)
Hash identifier:          +IWbZ/7PgA6d6vOIX20SVgEuJVAS5imzV4sSU3cCP90=
Subject key identifier:   58:AD:83:DC:50:02:C5:0D:DF:0E:E2:77:C9:94:93:8A:7A:99:3F:5F
Certificate issuer:       /CN=A914E556/serialNumber=879EC9AFCDFA27A3CE7B5D43787A2F890385586E
Certificate serial:       06C2
Authority key identifier: 87:9E:C9:AF:CD:FA:27:A3:CE:7B:5D:43:78:7A:2F:89:03:85:58:6E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/h57Jr836J6POe11DeHoviQOFWG4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914E556/2EAAFECA0C3711EBA8AA8222C4F9AE02/375F7DAA0C3911EB828BDC25C4F9AE02.roa
Signing time:             Thu 04 Apr 2024 23:32:41 +0000
ROA not before:           Thu 04 Apr 2024 23:32:41 +0000
ROA not after:            Wed 28 May 2025 00:00:00 +0000
asID:                     24572
IP address blocks:        103.2.72.0/22 maxlen: 22
                          114.110.48.0/20 maxlen: 20
                          114.111.64.0/18 maxlen: 18
                          124.83.128.0/17 maxlen: 17
                          183.79.0.0/16 maxlen: 16
                          2400:7e00::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1730 (0x6c2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914E556
        Validity
            Not Before: Apr  4 23:32:41 2024 GMT
            Not After : May 28 00:00:00 2025 GMT
        Subject: CN=660f3899-3e09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a7:96:1c:51:ea:11:1c:9c:9d:f6:f6:4a:42:
                    72:2c:ac:35:5c:87:dc:80:4e:08:c7:22:c2:4c:21:
                    65:87:2c:df:59:31:df:5c:40:eb:f9:66:13:4d:ab:
                    ae:64:91:f3:1f:4f:fa:f5:01:26:2a:04:e3:66:22:
                    e4:b0:9d:56:27:a1:77:3f:73:db:fa:fc:65:0f:d3:
                    0f:50:5a:a4:c4:0b:7d:cf:a6:da:f7:75:93:43:42:
                    0e:2f:a6:84:f6:51:20:82:22:2a:1f:9b:0e:70:48:
                    fa:22:fb:5b:ad:70:c6:09:82:b2:d1:45:1a:64:3c:
                    83:9a:35:8b:f7:a8:9d:34:0b:56:67:2d:bc:f1:c1:
                    39:44:9b:a6:9b:d4:84:bc:a3:41:03:e9:1e:ba:a4:
                    a7:45:f5:e4:86:77:f2:38:b6:c3:a7:d1:11:90:e2:
                    81:84:10:1e:19:70:d4:48:02:29:51:61:36:fc:74:
                    0e:40:9c:56:45:82:5a:a3:4c:94:e4:a0:13:fb:2a:
                    b0:c6:99:62:a5:43:df:02:78:77:b0:49:7b:1b:d6:
                    79:84:f8:2b:8b:f4:4b:24:0c:c9:4a:14:af:5e:e0:
                    fc:5b:fc:65:34:57:94:58:e4:9e:07:1c:6c:b1:d1:
                    39:84:8f:fa:b0:a1:fd:c9:68:21:21:27:c5:a8:01:
                    6f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:AD:83:DC:50:02:C5:0D:DF:0E:E2:77:C9:94:93:8A:7A:99:3F:5F
            X509v3 Authority Key Identifier:
                keyid:87:9E:C9:AF:CD:FA:27:A3:CE:7B:5D:43:78:7A:2F:89:03:85:58:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914E556/2EAAFECA0C3711EBA8AA8222C4F9AE02/h57Jr836J6POe11DeHoviQOFWG4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/h57Jr836J6POe11DeHoviQOFWG4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914E556/2EAAFECA0C3711EBA8AA8222C4F9AE02/375F7DAA0C3911EB828BDC25C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.2.72.0/22
                  114.110.48.0/20
                  114.111.64.0/18
                  124.83.128.0/17
                  183.79.0.0/16
                IPv6:
                  2400:7e00::/32

    Signature Algorithm: sha256WithRSAEncryption
         38:e4:27:fa:f7:d7:88:0b:74:2f:79:5d:64:f1:9d:b3:a0:44:
         ca:b7:72:63:9f:36:e0:eb:92:01:09:b8:7e:e5:2c:1e:57:09:
         8d:96:44:5d:12:8e:9d:20:a1:ee:38:2f:69:3e:95:e4:e0:38:
         36:12:2c:72:b1:b8:3d:3c:d0:98:22:cd:44:cf:51:70:fb:ce:
         b2:db:1b:13:ae:ac:05:67:10:86:43:ba:7d:08:38:ad:ad:7a:
         22:ce:92:35:46:a9:c0:82:37:76:ab:f8:60:9f:24:cd:18:ac:
         3c:18:47:82:b4:50:3c:34:91:e6:98:b6:4a:86:3d:f6:e1:8f:
         fd:9d:ac:96:d4:50:f7:a0:b6:91:08:9b:90:4f:19:2b:67:30:
         c0:aa:40:b9:69:d1:9e:1c:63:e8:57:8e:f9:e5:8b:82:81:37:
         48:64:6f:74:36:7e:09:68:fc:0d:06:cb:49:a5:45:ad:63:f6:
         63:6b:8f:38:b0:7a:67:41:f6:e9:e9:9a:cd:c2:5e:b2:ce:30:
         88:ab:6b:dd:d6:01:3a:ff:73:06:56:93:f9:b4:8e:7f:84:75:
         64:80:f3:da:5a:f9:45:7f:b6:e5:b8:fc:14:c8:04:68:2c:93:
         03:f3:59:9c:3c:c2:47:7a:47:9a:f2:d5:af:2c:d8:66:08:ff:
         13:7b:1a:45
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgICBsIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEU1NTYxMTAvBgNVBAUTKDg3OUVDOUFGQ0RGQTI3QTNDRTdCNUQ0Mzc4N0EyRjg5
MDM4NTU4NkUwHhcNMjQwNDA0MjMzMjQxWhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NjBmMzg5OS0zZTA5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuaeWHFHqERycnfb2SkJyLKw1XIfcgE4IxyLCTCFlhyzfWTHfXEDr+WYTTauu
ZJHzH0/69QEmKgTjZiLksJ1WJ6F3P3Pb+vxlD9MPUFqkxAt9z6ba93WTQ0IOL6aE
9lEggiIqH5sOcEj6IvtbrXDGCYKy0UUaZDyDmjWL96idNAtWZy288cE5RJumm9SE
vKNBA+keuqSnRfXkhnfyOLbDp9ERkOKBhBAeGXDUSAIpUWE2/HQOQJxWRYJao0yU
5KAT+yqwxplipUPfAnh3sEl7G9Z5hPgri/RLJAzJShSvXuD8W/xlNFeUWOSeBxxs
sdE5hI/6sKH9yWghISfFqAFvZQIDAQABo4ICuzCCArcwHQYDVR0OBBYEFFitg9xQ
AsUN3w7id8mUk4p6mT9fMB8GA1UdIwQYMBaAFIeeya/N+iejzntdQ3h6L4kDhVhu
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0RTU1Ni8yRUFBRkVDQTBD
MzcxMUVCQThBQTgyMjJDNEY5QUUwMi9oNTdKcjgzNko2UE9lMTFEZUhvdmlRT0ZX
RzQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2g1N0pyODM2SjZQT2UxMURlSG92aVFPRldHNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEU1NTYvMkVBQUZFQ0EwQzM3MTFFQkE4QUE4MjIyQzRGOUFFMDIvMzc1RjdEQUEw
QzM5MTFFQjgyOEJEQzI1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRQYIKwYBBQUHAQcBAf8E
NjA0MCMEAgABMB0DBAJnAkgDBARybjADBAZyb0ADBAd8U4ADAwC3TzANBAIAAjAH
AwUAJAB+ADANBgkqhkiG9w0BAQsFAAOCAQEAOOQn+vfXiAt0L3ldZPGds6BEyrdy
Y5824OuSAQm4fuUsHlcJjZZEXRKOnSCh7jgvaT6V5OA4NhIscrG4PTzQmCLNRM9R
cPvOstsbE66sBWcQhkO6fQg4ra16Is6SNUapwII3dqv4YJ8kzRisPBhHgrRQPDSR
5pi2SoY99uGP/Z2sltRQ96C2kQibkE8ZK2cwwKpAuWnRnhxj6FeO+eWLgoE3SGRv
dDZ+CWj8DQbLSaVFrWP2Y2uPOLB6Z0H26emazcJess4wiKtr3dYBOv9zBlaT+bSO
f4R1ZIDz2lr5RX+25bj8FMgEaCyTA/NZnDzCR3pHmvLVryzYZgj/E3saRQ==
-----END CERTIFICATE-----