Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A915BA28/A47D2028285511E9AD381151C4F9AE02/C90C4476FBA611E9BA00AB33C4F9AE02.roa
File:                     C90C4476FBA611E9BA00AB33C4F9AE02.roa (raw, json)
Hash identifier:          ibzIHQiS71/cKL/AN17g76C8mULHtazMynL8XoJHu8M=
Subject key identifier:   D3:08:8F:7F:FA:C0:B7:39:53:59:9A:CC:40:74:37:63:D3:D5:9E:3D
Certificate issuer:       /CN=A915BA28/serialNumber=7F6045A376765BF82792AA705BBD899519CB19C7
Certificate serial:       1081
Authority key identifier: 7F:60:45:A3:76:76:5B:F8:27:92:AA:70:5B:BD:89:95:19:CB:19:C7
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/f2BFo3Z2W_gnkqpwW72JlRnLGcc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A915BA28/A47D2028285511E9AD381151C4F9AE02/C90C4476FBA611E9BA00AB33C4F9AE02.roa
Signing time:             Mon 10 Feb 2025 17:35:21 +0000
ROA not before:           Mon 10 Feb 2025 17:35:21 +0000
ROA not after:            Fri 01 May 2026 00:00:00 +0000
asID:                     138596
IP address blocks:        103.134.28.0/22 maxlen: 22
                          103.134.28.0/24 maxlen: 24
                          103.134.29.0/24 maxlen: 24
                          103.134.30.0/24 maxlen: 24
                          103.134.31.0/24 maxlen: 24
                          2404:5bc0::/32 maxlen: 32
                          2404:5bc0:10::/48 maxlen: 48
                          2404:5bc0:20::/48 maxlen: 48
                          2404:5bc0:30::/48 maxlen: 48
                          2404:5bc0:40::/48 maxlen: 48
                          2404:5bc0:50::/48 maxlen: 48
                          2404:5bc0:60::/48 maxlen: 48
                          2404:5bc0:70::/48 maxlen: 48
                          2404:5bc0:80::/48 maxlen: 48
                          2404:5bc0:90::/48 maxlen: 48
                          2404:5bc0:400::/48 maxlen: 48
                          2404:5bc0:401::/48 maxlen: 48
                          2404:5bc0:402::/48 maxlen: 48
                          2404:5bc0:403::/48 maxlen: 48
                          2404:5bc0:800::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4225 (0x1081)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A915BA28
        Validity
            Not Before: Feb 10 17:35:21 2025 GMT
            Not After : May  1 00:00:00 2026 GMT
        Subject: CN=67aa38d9-bc8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a1:9c:48:ca:75:40:26:f2:89:16:e5:b2:98:
                    62:ec:42:97:8f:08:44:7b:11:69:29:8d:fe:d1:36:
                    72:23:7a:d5:91:1b:61:4c:f1:27:67:b0:9b:52:54:
                    f2:47:d3:01:3f:ec:54:48:78:73:66:51:4b:40:78:
                    b4:54:48:67:bd:1c:12:0f:73:47:cb:a3:d2:a1:74:
                    40:c3:68:d1:d9:c7:a4:fe:3e:ea:de:d2:96:5b:01:
                    e9:41:7d:eb:01:42:3e:40:b2:ac:f7:bf:cc:2f:d8:
                    fa:7f:81:5d:f9:f3:b9:35:52:45:8f:0c:99:c3:51:
                    ba:38:a8:82:47:5b:f4:98:f6:b3:fc:c8:4e:36:87:
                    c0:86:37:2d:6e:e6:51:4f:f9:75:c7:3a:d1:53:3d:
                    cc:a4:d0:48:b8:d5:10:8a:b1:e1:7e:4f:60:df:bb:
                    88:40:d9:3b:4f:aa:4a:1f:3d:71:dd:f5:ee:86:aa:
                    a4:e9:da:5b:9a:a6:c9:81:47:91:79:e5:c8:6a:79:
                    b6:85:16:30:47:be:d7:21:f2:c6:e2:7b:f0:96:01:
                    b0:d0:23:21:36:c7:a0:8b:07:c4:97:2b:2e:59:74:
                    a7:86:8c:f1:d3:c6:48:e3:cb:41:66:7b:d6:df:cf:
                    94:cc:b8:b5:08:b0:e7:37:62:40:29:27:c3:e2:32:
                    cc:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:08:8F:7F:FA:C0:B7:39:53:59:9A:CC:40:74:37:63:D3:D5:9E:3D
            X509v3 Authority Key Identifier:
                keyid:7F:60:45:A3:76:76:5B:F8:27:92:AA:70:5B:BD:89:95:19:CB:19:C7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A915BA28/A47D2028285511E9AD381151C4F9AE02/f2BFo3Z2W_gnkqpwW72JlRnLGcc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/f2BFo3Z2W_gnkqpwW72JlRnLGcc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915BA28/A47D2028285511E9AD381151C4F9AE02/C90C4476FBA611E9BA00AB33C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.134.28.0/22
                IPv6:
                  2404:5bc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         a1:e8:f9:db:36:41:ca:96:43:fa:b1:7e:ea:8a:dd:29:3d:56:
         56:57:c8:65:f2:4e:04:59:55:02:02:24:66:3d:60:ab:49:db:
         74:13:9a:ab:07:17:71:4c:70:93:27:56:64:53:f1:d0:60:c4:
         de:a4:62:13:22:f9:29:de:73:08:86:f5:42:64:d0:b4:81:58:
         97:0e:f6:bf:ad:b1:25:97:e7:61:75:24:e2:76:9d:4f:63:6a:
         70:77:7c:14:49:b3:3e:1f:10:bf:3d:2c:0b:51:1b:5b:73:46:
         88:be:3d:75:c6:dd:76:f2:d1:3c:66:66:86:0d:16:f8:f0:98:
         75:46:67:84:0c:47:43:ab:74:bf:df:3f:16:e1:79:3a:bc:92:
         66:3f:f0:e6:8f:91:2e:eb:7b:af:bc:c1:41:fd:87:bf:f6:5f:
         9d:95:26:2e:f7:4f:0c:9d:ad:2b:64:40:af:c6:fc:71:ba:8a:
         0b:45:47:80:ae:0a:b7:1c:e4:7a:3c:40:68:86:33:b5:d3:15:
         b5:76:ed:d3:96:58:ee:2d:8c:26:63:e7:b9:c1:12:63:2d:4e:
         a5:11:57:9e:36:17:25:34:b1:db:fc:97:79:19:8b:c1:36:28:
         f9:05:e2:e9:09:62:ab:6f:e2:d3:ed:3f:4a:c1:7c:64:0a:1e:
         02:ff:77:00
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICEIEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUJBMjgxMTAvBgNVBAUTKDdGNjA0NUEzNzY3NjVCRjgyNzkyQUE3MDVCQkQ4OTk1
MTlDQjE5QzcwHhcNMjUwMjEwMTczNTIxWhcNMjYwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2FhMzhkOS1iYzhkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyKGcSMp1QCbyiRblsphi7EKXjwhEexFpKY3+0TZyI3rVkRthTPEnZ7CbUlTy
R9MBP+xUSHhzZlFLQHi0VEhnvRwSD3NHy6PSoXRAw2jR2cek/j7q3tKWWwHpQX3r
AUI+QLKs97/ML9j6f4Fd+fO5NVJFjwyZw1G6OKiCR1v0mPaz/MhONofAhjctbuZR
T/l1xzrRUz3MpNBIuNUQirHhfk9g37uIQNk7T6pKHz1x3fXuhqqk6dpbmqbJgUeR
eeXIanm2hRYwR77XIfLG4nvwlgGw0CMhNsegiwfElysuWXSnhozx08ZI48tBZnvW
38+UzLi1CLDnN2JAKSfD4jLMIQIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFNMIj3/6
wLc5U1mazEB0N2PT1Z49MB8GA1UdIwQYMBaAFH9gRaN2dlv4J5KqcFu9iZUZyxnH
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QkEyOC9BNDdEMjAyODI4
NTUxMUU5QUQzODExNTFDNEY5QUUwMi9mMkJGbzNaMldfZ25rcXB3VzcySmxSbkxH
Y2MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2YyQkZvM1oyV19nbmtxcHdXNzJKbFJuTEdjYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUJBMjgvQTQ3RDIwMjgyODU1MTFFOUFEMzgxMTUxQzRGOUFFMDIvQzkwQzQ0NzZG
QkE2MTFFOUJBMDBBQjMzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJnhhwwDQQCAAIwBwMFACQEW8AwDQYJKoZIhvcNAQELBQAD
ggEBAKHo+ds2QcqWQ/qxfuqK3Sk9VlZXyGXyTgRZVQICJGY9YKtJ23QTmqsHF3FM
cJMnVmRT8dBgxN6kYhMi+SnecwiG9UJk0LSBWJcO9r+tsSWX52F1JOJ2nU9janB3
fBRJsz4fEL89LAtRG1tzRoi+PXXG3Xby0TxmZoYNFvjwmHVGZ4QMR0OrdL/fPxbh
eTq8kmY/8OaPkS7re6+8wUH9h7/2X52VJi73TwydrStkQK/G/HG6igtFR4CuCrcc
5Ho8QGiGM7XTFbV27dOWWO4tjCZj57nBEmMtTqURV542FyU0sdv8l3kZi8E2KPkF
4ukJYqtv4tPtP0rBfGQKHgL/dwA=
-----END CERTIFICATE-----