Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9170982/D8B68696AC1311ECB776B209C4F9AE02/24D4FB0E081A11EDAC057F3AC4F9AE02.roa
File:                     24D4FB0E081A11EDAC057F3AC4F9AE02.roa (raw, json)
Hash identifier:          2LU51rvJelBJXa1Ayc1KnSV0gtpIO16bxKLkZ72tKSg=
Subject key identifier:   A9:9E:DA:C9:81:26:87:EC:0A:A3:AC:23:CA:67:12:77:E7:8D:85:5E
Certificate issuer:       /CN=A9170982/serialNumber=E621469CD5A578F947AB47EB0ECE88939B87EBFB
Certificate serial:       01CA
Authority key identifier: E6:21:46:9C:D5:A5:78:F9:47:AB:47:EB:0E:CE:88:93:9B:87:EB:FB
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5iFGnNWlePlHq0frDs6Ik5uH6_s.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9170982/D8B68696AC1311ECB776B209C4F9AE02/24D4FB0E081A11EDAC057F3AC4F9AE02.roa
Signing time:             Thu 08 Dec 2022 17:13:58 +0000
ROA not before:           Thu 08 Dec 2022 17:13:58 +0000
ROA not after:            Wed 31 Jan 2024 00:00:00 +0000
asID:                     16839
IP address blocks:        103.23.64.0/22 maxlen: 24
                          2406:9f00::/32 maxlen: 32
                          2406:9f00:6100::/40 maxlen: 40
                          2406:9f00:6110::/48 maxlen: 48
                          2406:9f00:6120::/48 maxlen: 48
                          2406:9f00:6500::/40 maxlen: 40
                          2406:9f00:6510::/48 maxlen: 48
                          2406:9f00:6520::/48 maxlen: 48
                          2406:9f00:8100::/40 maxlen: 40
                          2406:9f00:8110::/48 maxlen: 48
                          2406:9f00:8120::/48 maxlen: 48
                          2406:9f00:8200::/40 maxlen: 40
                          2406:9f00:8210::/48 maxlen: 48
                          2406:9f00:8220::/48 maxlen: 48
                          2406:9f00:9100::/40 maxlen: 40
                          2406:9f00:9110::/48 maxlen: 48
                          2406:9f00:9120::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 458 (0x1ca)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9170982
        Validity
            Not Before: Dec  8 17:13:58 2022 GMT
            Not After : Jan 31 00:00:00 2024 GMT
        Subject: CN=63921b56-7d55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:db:14:8e:e8:1b:af:1f:00:88:b4:ce:8b:51:
                    ca:2c:7a:e9:fc:e0:be:b3:8c:f0:19:1a:4b:75:4b:
                    f5:8d:8f:91:87:8c:fe:3d:f9:af:80:c2:ce:01:20:
                    0e:6e:28:ca:a8:ea:5b:93:9b:88:8c:2d:22:bf:b6:
                    2a:cc:9d:8f:c1:16:d7:a4:29:63:24:0c:a3:6c:87:
                    39:a2:88:2c:19:d4:89:d0:4c:72:d7:f8:ee:8e:08:
                    16:2a:0e:3a:8c:86:11:47:7b:9b:8a:e3:5d:f2:c5:
                    2b:c0:e7:37:68:f7:f0:f4:d1:ad:20:59:36:75:5a:
                    5a:98:21:8c:a6:fa:da:94:03:64:63:ba:4c:fc:ae:
                    f0:9f:43:1a:99:e4:54:08:a6:0e:53:6e:92:e9:0c:
                    20:91:84:7b:ac:19:d5:5b:4e:a0:84:14:67:8b:fd:
                    9d:8a:3d:da:1c:7a:48:60:67:9d:43:49:0a:71:2e:
                    39:36:2d:1c:e0:82:54:60:7c:32:fc:60:a9:de:81:
                    39:a3:30:64:eb:91:87:f3:1b:7c:ab:e0:26:26:ef:
                    e5:42:99:2f:4f:ed:e3:fb:08:95:ee:f1:39:12:5f:
                    ff:9f:19:58:2e:95:5d:e9:3f:68:ac:3e:87:42:fc:
                    b1:a1:e7:43:74:c3:c8:a6:70:7c:67:01:ae:78:48:
                    7d:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:9E:DA:C9:81:26:87:EC:0A:A3:AC:23:CA:67:12:77:E7:8D:85:5E
            X509v3 Authority Key Identifier:
                keyid:E6:21:46:9C:D5:A5:78:F9:47:AB:47:EB:0E:CE:88:93:9B:87:EB:FB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9170982/D8B68696AC1311ECB776B209C4F9AE02/5iFGnNWlePlHq0frDs6Ik5uH6_s.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5iFGnNWlePlHq0frDs6Ik5uH6_s.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9170982/D8B68696AC1311ECB776B209C4F9AE02/24D4FB0E081A11EDAC057F3AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.23.64.0/22
                IPv6:
                  2406:9f00::/32

    Signature Algorithm: sha256WithRSAEncryption
         5a:9e:99:e0:62:54:2f:8b:c1:cc:45:5e:44:0d:af:72:09:75:
         a2:5f:3b:c3:a2:10:31:2c:26:1c:cf:13:44:87:32:fc:51:8e:
         66:8d:58:37:2d:66:e2:3b:cd:3e:82:4a:ba:0f:2c:59:3f:8c:
         6b:1b:3f:e4:ec:9e:e4:f0:01:e7:b4:6a:96:cb:fe:ee:24:83:
         4c:69:39:36:f3:f9:d8:9a:c1:28:13:f7:af:08:6a:31:5d:24:
         ac:e0:ed:19:d9:a2:56:51:26:d5:41:ce:ff:1d:ca:18:62:41:
         3b:ff:70:79:91:d9:24:73:03:06:37:38:cd:1b:00:68:c0:bc:
         f0:9a:c8:03:4a:b1:d9:8e:06:ca:88:f1:cd:f1:10:63:3a:9d:
         05:ac:c6:50:93:6a:fe:41:76:b7:4b:3a:54:56:00:6c:a1:fe:
         77:50:dc:2e:8a:ed:06:b0:ed:42:61:2d:5e:e5:cb:88:1a:40:
         e8:9d:32:08:27:8f:e9:a2:cb:1a:41:71:ec:d4:84:da:ea:79:
         27:a7:7f:c6:17:9d:ba:42:73:b1:93:4d:86:29:b4:23:e1:4e:
         97:1f:92:81:a5:4a:eb:3a:81:f2:88:32:81:35:12:16:b9:32:
         56:07:75:76:ad:63:b2:ef:6d:fd:a6:22:7b:77:0f:49:ce:07:
         00:a1:ef:f5
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICAcowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzA5ODIxMTAvBgNVBAUTKEU2MjE0NjlDRDVBNTc4Rjk0N0FCNDdFQjBFQ0U4ODkz
OUI4N0VCRkIwHhcNMjIxMjA4MTcxMzU4WhcNMjQwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzkyMWI1Ni03ZDU1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1dsUjugbrx8AiLTOi1HKLHrp/OC+s4zwGRpLdUv1jY+Rh4z+PfmvgMLOASAO
bijKqOpbk5uIjC0iv7YqzJ2PwRbXpCljJAyjbIc5oogsGdSJ0Exy1/jujggWKg46
jIYRR3ubiuNd8sUrwOc3aPfw9NGtIFk2dVpamCGMpvralANkY7pM/K7wn0MameRU
CKYOU26S6QwgkYR7rBnVW06ghBRni/2dij3aHHpIYGedQ0kKcS45Ni0c4IJUYHwy
/GCp3oE5ozBk65GH8xt8q+AmJu/lQpkvT+3j+wiV7vE5El//nxlYLpVd6T9orD6H
QvyxoedDdMPIpnB8ZwGueEh9pwIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFKme2smB
JofsCqOsI8pnEnfnjYVeMB8GA1UdIwQYMBaAFOYhRpzVpXj5R6tH6w7OiJObh+v7
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3MDk4Mi9EOEI2ODY5NkFD
MTMxMUVDQjc3NkIyMDlDNEY5QUUwMi81aUZHbk5XbGVQbEhxMGZyRHM2SWs1dUg2
X3MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzVpRkduTldsZVBsSHEwZnJEczZJazV1SDZfcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzA5ODIvRDhCNjg2OTZBQzEzMTFFQ0I3NzZCMjA5QzRGOUFFMDIvMjRENEZCMEUw
ODFBMTFFREFDMDU3RjNBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJnF0AwDQQCAAIwBwMFACQGnwAwDQYJKoZIhvcNAQELBQAD
ggEBAFqemeBiVC+LwcxFXkQNr3IJdaJfO8OiEDEsJhzPE0SHMvxRjmaNWDctZuI7
zT6CSroPLFk/jGsbP+TsnuTwAee0apbL/u4kg0xpOTbz+diawSgT968IajFdJKzg
7RnZolZRJtVBzv8dyhhiQTv/cHmR2SRzAwY3OM0bAGjAvPCayANKsdmOBsqI8c3x
EGM6nQWsxlCTav5BdrdLOlRWAGyh/ndQ3C6K7Qaw7UJhLV7ly4gaQOidMggnj+mi
yxpBcezUhNrqeSenf8YXnbpCc7GTTYYptCPhTpcfkoGlSus6gfKIMoE1Eha5MlYH
dXatY7Lvbf2mInt3D0nOBwCh7/U=
-----END CERTIFICATE-----