Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9164860/B401C982E97011E8B0359359C4F9AE02/6255E0DC0D7A11EDBAD90C57C4F9AE02.roa
File:                     6255E0DC0D7A11EDBAD90C57C4F9AE02.roa (raw, json)
Hash identifier:          D6Jlvrwz1QNb6B04A9D2A5nTZUZ8k77cdtv2PSJJFnI=
Subject key identifier:   3B:C3:19:9B:BD:72:40:07:52:45:7C:2F:81:2E:17:4C:3B:F0:47:B3
Certificate issuer:       /CN=A9164860/serialNumber=BC536C00F85F59041D9C4C2961F72242BF60D51E
Certificate serial:       10EE
Authority key identifier: BC:53:6C:00:F8:5F:59:04:1D:9C:4C:29:61:F7:22:42:BF:60:D5:1E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vFNsAPhfWQQdnEwpYfciQr9g1R4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9164860/B401C982E97011E8B0359359C4F9AE02/6255E0DC0D7A11EDBAD90C57C4F9AE02.roa
Signing time:             Sun 01 Oct 2023 09:27:31 +0000
ROA not before:           Sun 01 Oct 2023 09:27:31 +0000
ROA not after:            Fri 01 Mar 2024 00:00:00 +0000
asID:                     137074
IP address blocks:        43.224.188.0/23 maxlen: 23
                          43.224.190.0/23 maxlen: 23
                          43.226.4.0/24 maxlen: 24
                          43.226.5.0/24 maxlen: 24
                          43.226.6.0/24 maxlen: 24
                          43.226.7.0/24 maxlen: 24
                          103.18.64.0/23 maxlen: 23
                          103.18.66.0/23 maxlen: 23
                          103.43.212.0/23 maxlen: 23
                          103.43.214.0/23 maxlen: 23
                          103.104.16.0/22 maxlen: 24
                          116.89.246.0/23 maxlen: 24
                          203.28.64.0/22 maxlen: 22
                          203.28.64.0/23 maxlen: 23
                          203.28.66.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4334 (0x10ee)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9164860
        Validity
            Not Before: Oct  1 09:27:31 2023 GMT
            Not After : Mar  1 00:00:00 2024 GMT
        Subject: CN=65193b83-d857
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:86:73:9d:2e:6e:e7:ed:df:30:18:c6:f6:1a:
                    5b:b7:e8:ef:51:bd:66:c3:d5:40:af:ae:de:ca:d8:
                    04:e7:8b:41:17:26:dd:a3:67:ad:ec:c4:e4:b2:c2:
                    12:a5:73:b2:97:90:44:cf:ed:38:2c:1e:57:33:a1:
                    c1:fd:53:1c:8b:08:a4:9e:a6:c0:5b:ec:e5:6e:83:
                    37:55:31:aa:91:62:95:7c:c5:fe:c6:ff:7e:c7:f6:
                    e6:81:3a:7e:18:43:f9:6c:94:de:e9:3b:79:5f:c8:
                    63:67:dd:f5:bc:75:ac:5f:06:ab:09:ba:f3:ad:2a:
                    c4:8b:cb:fc:77:34:6e:b6:35:5e:af:0c:8a:68:20:
                    13:c4:49:1a:e0:5d:f9:e5:ed:09:7d:06:71:dd:c1:
                    ab:a4:55:32:ab:1a:1e:9d:11:de:bb:6f:5b:49:98:
                    d3:1b:18:1a:55:3f:37:30:a8:11:4d:25:2a:34:80:
                    16:3f:d0:a9:5d:e6:59:40:27:e2:49:cb:90:51:0c:
                    6c:37:dc:63:44:d2:36:6b:44:b7:1d:9a:24:88:f9:
                    28:11:df:a9:ac:05:28:fa:54:63:37:f9:46:91:69:
                    a3:d2:c2:bf:3e:13:85:07:fe:c4:25:07:38:6f:bb:
                    bc:64:36:4d:76:59:3f:a7:e8:22:43:8f:6d:26:b3:
                    f4:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:C3:19:9B:BD:72:40:07:52:45:7C:2F:81:2E:17:4C:3B:F0:47:B3
            X509v3 Authority Key Identifier:
                keyid:BC:53:6C:00:F8:5F:59:04:1D:9C:4C:29:61:F7:22:42:BF:60:D5:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9164860/B401C982E97011E8B0359359C4F9AE02/vFNsAPhfWQQdnEwpYfciQr9g1R4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vFNsAPhfWQQdnEwpYfciQr9g1R4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9164860/B401C982E97011E8B0359359C4F9AE02/6255E0DC0D7A11EDBAD90C57C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.224.188.0/22
                  43.226.4.0/22
                  103.18.64.0/22
                  103.43.212.0/22
                  103.104.16.0/22
                  116.89.246.0/23
                  203.28.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:c5:65:cd:7c:a2:af:64:58:43:7c:90:31:23:2e:c8:82:27:
         c7:88:2d:19:ba:4b:78:be:c8:b0:58:27:84:e9:11:a9:c4:b2:
         84:e1:1b:c3:79:3b:67:63:05:26:49:d7:29:43:bf:9a:10:dc:
         cb:ab:0a:79:5d:27:72:35:10:0e:90:b7:16:b0:18:a8:da:7b:
         22:5b:a4:2d:58:48:94:7b:3c:91:35:e4:35:b1:b6:ae:4a:29:
         04:3e:eb:15:e7:06:88:20:b1:37:ee:ac:bb:77:12:3e:9f:bb:
         50:60:26:a7:5b:c5:03:5d:3c:c7:de:69:a8:c8:7c:0d:cc:6e:
         85:b2:57:58:71:95:2c:11:5b:28:e2:11:11:5f:1b:0e:fb:be:
         75:e2:41:1e:c4:94:1f:50:ef:d7:10:8e:df:d9:d0:16:85:fa:
         af:34:eb:9d:ab:0e:de:2b:c7:18:4e:41:48:32:74:dd:ca:db:
         2a:ec:18:f2:2a:60:c9:33:81:5b:df:21:b7:c4:2a:b7:13:9c:
         cb:df:23:87:dc:97:ad:65:d0:8e:1b:47:ed:97:e0:21:8f:72:
         f4:c0:df:19:d1:65:2a:0b:8a:a4:f9:79:b2:91:a2:f9:bc:49:
         a5:d4:01:03:e8:8e:e7:a6:78:46:e6:25:93:65:ac:46:f9:5a:
         57:8b:40:f8
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgICEO4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjQ4NjAxMTAvBgNVBAUTKEJDNTM2QzAwRjg1RjU5MDQxRDlDNEMyOTYxRjcyMjQy
QkY2MEQ1MUUwHhcNMjMxMDAxMDkyNzMxWhcNMjQwMzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTE5M2I4My1kODU3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyIZznS5u5+3fMBjG9hpbt+jvUb1mw9VAr67eytgE54tBFybdo2et7MTkssIS
pXOyl5BEz+04LB5XM6HB/VMciwiknqbAW+zlboM3VTGqkWKVfMX+xv9+x/bmgTp+
GEP5bJTe6Tt5X8hjZ931vHWsXwarCbrzrSrEi8v8dzRutjVerwyKaCATxEka4F35
5e0JfQZx3cGrpFUyqxoenRHeu29bSZjTGxgaVT83MKgRTSUqNIAWP9CpXeZZQCfi
ScuQUQxsN9xjRNI2a0S3HZokiPkoEd+prAUo+lRjN/lGkWmj0sK/PhOFB/7EJQc4
b7u8ZDZNdlk/p+giQ49tJrP0mwIDAQABo4ICuTCCArUwHQYDVR0OBBYEFDvDGZu9
ckAHUkV8L4EuF0w78EezMB8GA1UdIwQYMBaAFLxTbAD4X1kEHZxMKWH3IkK/YNUe
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2NDg2MC9CNDAxQzk4MkU5
NzAxMUU4QjAzNTkzNTlDNEY5QUUwMi92Rk5zQVBoZldRUWRuRXdwWWZjaVFyOWcx
UjQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3ZGTnNBUGhmV1FRZG5Fd3BZZmNpUXI5ZzFSNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjQ4NjAvQjQwMUM5ODJFOTcwMTFFOEIwMzU5MzU5QzRGOUFFMDIvNjI1NUUwREMw
RDdBMTFFREJBRDkwQzU3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQwYIKwYBBQUHAQcBAf8E
NDAyMDAEAgABMCoDBAIr4LwDBAIr4gQDBAJnEkADBAJnK9QDBAJnaBADBAF0WfYD
BALLHEAwDQYJKoZIhvcNAQELBQADggEBAJLFZc18oq9kWEN8kDEjLsiCJ8eILRm6
S3i+yLBYJ4TpEanEsoThG8N5O2djBSZJ1ylDv5oQ3MurCnldJ3I1EA6QtxawGKja
eyJbpC1YSJR7PJE15DWxtq5KKQQ+6xXnBoggsTfurLt3Ej6fu1BgJqdbxQNdPMfe
aajIfA3MboWyV1hxlSwRWyjiERFfGw77vnXiQR7ElB9Q79cQjt/Z0BaF+q80652r
Dt4rxxhOQUgydN3K2yrsGPIqYMkzgVvfIbfEKrcTnMvfI4fcl61l0I4bR+2X4CGP
cvTA3xnRZSoLiqT5ebKRovm8SaXUAQPojuemeEbmJZNlrEb5WleLQPg=
-----END CERTIFICATE-----