Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9170982/D8B68696AC1311ECB776B209C4F9AE02/C8165660822F11EEABA7D533C4F9AE02.roa
File:                     C8165660822F11EEABA7D533C4F9AE02.roa (raw, json)
Hash identifier:          G6DqHnh4blUKVwDCX+3yAB5EHH1Zl+1SenKDUoryx8Y=
Subject key identifier:   B2:0E:85:8A:F6:96:BC:CA:11:70:6E:77:43:39:92:E0:03:F0:46:15
Certificate issuer:       /CN=A9170982/serialNumber=E621469CD5A578F947AB47EB0ECE88939B87EBFB
Certificate serial:       034D
Authority key identifier: E6:21:46:9C:D5:A5:78:F9:47:AB:47:EB:0E:CE:88:93:9B:87:EB:FB
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5iFGnNWlePlHq0frDs6Ik5uH6_s.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9170982/D8B68696AC1311ECB776B209C4F9AE02/C8165660822F11EEABA7D533C4F9AE02.roa
Signing time:             Thu 05 Dec 2024 00:54:11 +0000
ROA not before:           Thu 05 Dec 2024 00:54:11 +0000
ROA not after:            Sat 31 Jan 2026 00:00:00 +0000
asID:                     16839
IP address blocks:        103.23.64.0/22 maxlen: 24
                          2406:9f00::/32 maxlen: 32
                          2406:9f00:6100::/40 maxlen: 40
                          2406:9f00:6110::/48 maxlen: 48
                          2406:9f00:6120::/48 maxlen: 48
                          2406:9f00:6500::/40 maxlen: 40
                          2406:9f00:6510::/48 maxlen: 48
                          2406:9f00:6520::/48 maxlen: 48
                          2406:9f00:8100::/40 maxlen: 40
                          2406:9f00:8110::/48 maxlen: 48
                          2406:9f00:8120::/48 maxlen: 48
                          2406:9f00:8200::/40 maxlen: 40
                          2406:9f00:8210::/48 maxlen: 48
                          2406:9f00:8220::/48 maxlen: 48
                          2406:9f00:9100::/40 maxlen: 40
                          2406:9f00:9110::/48 maxlen: 48
                          2406:9f00:9120::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 845 (0x34d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9170982
        Validity
            Not Before: Dec  5 00:54:11 2024 GMT
            Not After : Jan 31 00:00:00 2026 GMT
        Subject: CN=6750f9b3-1c75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:b4:a1:ea:97:40:22:f3:e4:4d:68:a5:c1:35:
                    df:40:88:87:77:71:14:d2:fb:1e:39:87:3a:b2:5a:
                    58:c8:43:67:fe:55:b8:50:2b:c9:75:11:88:03:bc:
                    97:37:d5:4e:a4:63:0f:3c:23:86:f5:14:73:ca:25:
                    6e:6e:1b:e4:da:86:64:a7:4d:7e:32:26:ca:ba:82:
                    f2:f9:7c:1d:a1:ff:0e:7c:28:3d:38:62:8f:22:ec:
                    88:c0:78:95:b3:8a:b2:81:84:cf:29:02:7f:27:31:
                    32:87:6d:25:45:3c:50:4b:f2:15:a7:e4:3e:e8:44:
                    98:83:55:57:5e:78:f4:84:7c:4c:ca:9d:00:23:d5:
                    52:ad:3d:bc:5f:d0:dc:7a:6c:97:92:0f:de:26:66:
                    bc:ed:4b:f1:46:08:5a:b7:d4:b3:53:6f:a5:ac:0c:
                    2e:c0:19:4e:33:2a:d0:0e:5c:7f:9d:df:6f:b8:e9:
                    e6:d5:bb:19:42:16:69:36:f7:88:3a:4e:e4:63:3e:
                    6d:c2:51:42:7e:0f:de:1d:34:d1:7c:e3:f9:bb:6a:
                    99:81:0a:9c:a8:f9:d9:95:d1:d3:6e:e4:a0:47:14:
                    0c:c9:4e:f1:37:e6:d2:bb:f1:71:a1:54:08:e1:ee:
                    26:30:3e:e1:54:71:0e:f8:c9:59:2f:be:f0:db:7a:
                    65:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:0E:85:8A:F6:96:BC:CA:11:70:6E:77:43:39:92:E0:03:F0:46:15
            X509v3 Authority Key Identifier:
                keyid:E6:21:46:9C:D5:A5:78:F9:47:AB:47:EB:0E:CE:88:93:9B:87:EB:FB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9170982/D8B68696AC1311ECB776B209C4F9AE02/5iFGnNWlePlHq0frDs6Ik5uH6_s.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5iFGnNWlePlHq0frDs6Ik5uH6_s.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9170982/D8B68696AC1311ECB776B209C4F9AE02/C8165660822F11EEABA7D533C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.23.64.0/22
                IPv6:
                  2406:9f00::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:24:08:d4:18:28:31:66:2e:7f:5c:4e:cf:12:81:fa:8f:cc:
         8c:57:b1:a6:27:c3:97:31:e7:4e:98:1a:11:ba:8a:ef:db:37:
         db:00:4c:51:ba:77:ee:84:0f:f5:c1:12:71:1d:87:87:3c:27:
         13:48:79:c6:91:65:e6:e0:81:47:be:a2:0b:5e:2e:8d:30:3e:
         f6:5f:32:1c:d8:87:28:de:d7:55:98:9a:3d:89:59:ce:9e:d9:
         3a:7e:ff:9c:ad:f2:63:01:46:0b:de:57:86:08:be:80:c0:de:
         d8:3a:ee:bd:1f:ce:50:93:8e:b3:01:28:b5:fe:3d:fa:11:28:
         2d:c5:52:2c:32:f0:d0:f6:fd:5c:ea:ed:99:89:26:3c:11:7f:
         b3:f9:14:f3:d7:0d:26:6c:29:c3:49:06:e2:c3:a1:06:69:cd:
         de:76:22:16:91:0d:30:2c:a8:fa:57:c9:9a:6a:b7:d7:d4:b1:
         d4:11:8e:b6:9c:24:3d:b8:f4:1d:7b:d3:24:90:97:14:02:8b:
         71:f8:37:5d:ff:c1:c2:8a:7d:ac:6f:a8:2d:0b:eb:99:af:93:
         8d:ca:ff:a5:97:84:fa:00:b0:90:a8:ed:c1:69:78:db:b8:76:
         0d:8c:c7:41:5d:7d:26:99:5a:b6:4a:19:09:df:df:23:7a:cd:
         65:f9:53:0f
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICA00wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzA5ODIxMTAvBgNVBAUTKEU2MjE0NjlDRDVBNTc4Rjk0N0FCNDdFQjBFQ0U4ODkz
OUI4N0VCRkIwHhcNMjQxMjA1MDA1NDExWhcNMjYwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzUwZjliMy0xYzc1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA07Sh6pdAIvPkTWilwTXfQIiHd3EU0vseOYc6slpYyENn/lW4UCvJdRGIA7yX
N9VOpGMPPCOG9RRzyiVubhvk2oZkp01+MibKuoLy+Xwdof8OfCg9OGKPIuyIwHiV
s4qygYTPKQJ/JzEyh20lRTxQS/IVp+Q+6ESYg1VXXnj0hHxMyp0AI9VSrT28X9Dc
emyXkg/eJma87UvxRghat9SzU2+lrAwuwBlOMyrQDlx/nd9vuOnm1bsZQhZpNveI
Ok7kYz5twlFCfg/eHTTRfOP5u2qZgQqcqPnZldHTbuSgRxQMyU7xN+bSu/FxoVQI
4e4mMD7hVHEO+MlZL77w23plOQIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFLIOhYr2
lrzKEXBud0M5kuAD8EYVMB8GA1UdIwQYMBaAFOYhRpzVpXj5R6tH6w7OiJObh+v7
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3MDk4Mi9EOEI2ODY5NkFD
MTMxMUVDQjc3NkIyMDlDNEY5QUUwMi81aUZHbk5XbGVQbEhxMGZyRHM2SWs1dUg2
X3MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzVpRkduTldsZVBsSHEwZnJEczZJazV1SDZfcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzA5ODIvRDhCNjg2OTZBQzEzMTFFQ0I3NzZCMjA5QzRGOUFFMDIvQzgxNjU2NjA4
MjJGMTFFRUFCQTdENTMzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJnF0AwDQQCAAIwBwMFACQGnwAwDQYJKoZIhvcNAQELBQAD
ggEBACUkCNQYKDFmLn9cTs8SgfqPzIxXsaYnw5cx506YGhG6iu/bN9sATFG6d+6E
D/XBEnEdh4c8JxNIecaRZebggUe+ogteLo0wPvZfMhzYhyje11WYmj2JWc6e2Tp+
/5yt8mMBRgveV4YIvoDA3tg67r0fzlCTjrMBKLX+PfoRKC3FUiwy8ND2/Vzq7ZmJ
JjwRf7P5FPPXDSZsKcNJBuLDoQZpzd52IhaRDTAsqPpXyZpqt9fUsdQRjracJD24
9B170ySQlxQCi3H4N13/wcKKfaxvqC0L65mvk43K/6WXhPoAsJCo7cFpeNu4dg2M
x0FdfSaZWrZKGQnf3yN6zWX5Uw8=
-----END CERTIFICATE-----