Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/42C9FE0C77ED11EBBFBAF568C4F9AE02.roa
File:                     42C9FE0C77ED11EBBFBAF568C4F9AE02.roa (raw, json)
Hash identifier:          wPaJnYT2o0UAaRMN2nkywoIUWjPOmXPWmigfrwybkDc=
Subject key identifier:   47:FA:43:FE:52:06:DD:28:ED:65:C9:69:79:B4:E7:BC:98:C6:95:44
Certificate issuer:       /CN=A91919EA/serialNumber=7B01CACC170FE6A61B20304185E868946DF7285A
Certificate serial:       0F72
Authority key identifier: 7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/42C9FE0C77ED11EBBFBAF568C4F9AE02.roa
Signing time:             Fri 28 Feb 2025 19:29:43 +0000
ROA not before:           Fri 28 Feb 2025 19:29:43 +0000
ROA not after:            Fri 01 May 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        120.29.252.0/24 maxlen: 24
                          120.29.253.0/24 maxlen: 24
                          120.29.254.0/24 maxlen: 24
                          203.17.72.0/24 maxlen: 24
                          2001:dcd:1::/48 maxlen: 48
                          2001:dcd:2::/48 maxlen: 48
                          2001:dcd:3::/48 maxlen: 48
                          2001:dcd:4::/48 maxlen: 48
                          2001:dcd:5::/48 maxlen: 48
                          2001:dcd:6::/48 maxlen: 48
                          2001:dcd:7::/48 maxlen: 48
                          2001:dcd:dd05::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3954 (0xf72)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91919EA
        Validity
            Not Before: Feb 28 19:29:43 2025 GMT
            Not After : May  1 00:00:00 2026 GMT
        Subject: CN=67c20ea7-199e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:95:35:b3:f9:7c:01:3b:e2:e5:bb:2f:6e:32:
                    c9:28:3d:7b:da:28:5d:30:3d:fe:dd:d9:63:6f:89:
                    09:79:3e:a3:1d:01:d3:0b:7d:3a:ad:30:f2:7d:f3:
                    78:45:5b:cc:48:58:92:3f:ce:05:3c:84:88:0e:28:
                    6c:8a:e6:d8:43:5c:5a:3c:50:a0:20:d5:48:4d:58:
                    08:f8:dc:d5:89:f7:a9:7e:59:e1:85:7b:45:87:9c:
                    c1:3a:d9:09:c3:6a:b4:32:c0:55:67:2c:12:4b:9e:
                    cb:db:99:02:35:e4:e8:3a:06:d6:1b:4f:10:f5:03:
                    04:97:1e:a9:40:4a:ad:0e:11:5a:16:56:ff:eb:eb:
                    60:49:69:20:5a:4a:29:de:dd:83:61:81:08:c8:d6:
                    76:6f:41:80:9f:4c:aa:5a:61:7d:47:bc:94:33:b4:
                    06:3c:36:b0:bd:52:98:f8:ff:6a:76:8e:93:7a:0c:
                    cd:b2:ab:62:e8:8a:47:27:03:80:fe:93:c6:cb:9f:
                    be:1b:6a:9f:16:82:d1:f6:94:b8:11:91:30:39:4b:
                    c4:9a:c4:d4:65:23:94:08:a3:ac:bb:44:d7:a2:76:
                    fc:0c:f4:4a:9d:08:b3:a6:f8:62:5e:dd:7c:6a:76:
                    80:76:d7:32:ef:0e:fc:2e:0d:8e:ff:0a:1f:ba:79:
                    8a:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:FA:43:FE:52:06:DD:28:ED:65:C9:69:79:B4:E7:BC:98:C6:95:44
            X509v3 Authority Key Identifier:
                keyid:7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/ewHKzBcP5qYbIDBBheholG33KFo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/42C9FE0C77ED11EBBFBAF568C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  120.29.252.0-120.29.254.255
                  203.17.72.0/24
                IPv6:
                  2001:dcd:1::-2001:dcd:7:ffff:ffff:ffff:ffff:ffff
                  2001:dcd:dd05::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:b9:c4:ab:f0:6b:97:2d:e9:fb:ec:5b:48:5c:10:60:09:2e:
         37:f6:f8:a6:0e:90:28:9d:7f:18:72:10:ec:52:f4:8f:dd:3f:
         af:4d:2d:a0:a9:bd:81:fb:fe:fb:ea:90:a7:73:d2:fe:d8:2e:
         86:ed:c6:98:a3:76:77:cb:44:f0:55:c3:bd:1a:26:68:10:60:
         85:0f:bb:f2:69:03:ce:99:ec:b8:4e:01:3a:c1:82:04:1c:ae:
         34:32:5f:55:50:08:69:ba:cf:b7:6a:f6:83:2f:bf:94:99:60:
         a1:4f:ec:1d:fe:19:6d:06:8d:5c:27:d3:c9:42:84:d1:bb:5d:
         13:01:9e:71:9e:16:51:c0:d8:a3:ef:00:8a:4e:94:0b:3e:24:
         b6:35:a0:f5:bb:8b:29:23:e9:9a:4b:34:03:4b:a6:3e:a5:6b:
         6f:fb:f0:99:e3:49:c7:16:ed:db:bc:12:bb:ea:04:25:3b:a0:
         09:58:2b:89:0a:25:8f:a2:34:0e:03:fb:88:af:57:bc:0c:ac:
         0c:e8:15:04:af:84:1e:d6:7b:1e:b9:72:76:34:a9:89:a5:7f:
         b4:e7:18:34:13:f7:3f:a2:9b:d3:ce:46:3b:58:13:86:71:ff:
         35:8a:ac:ff:b6:8f:10:44:e6:3b:08:39:7c:8b:af:8f:f6:55:
         75:69:ca:77
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgICD3IwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTE5RUExMTAvBgNVBAUTKDdCMDFDQUNDMTcwRkU2QTYxQjIwMzA0MTg1RTg2ODk0
NkRGNzI4NUEwHhcNMjUwMjI4MTkyOTQzWhcNMjYwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2MyMGVhNy0xOTllMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArpU1s/l8ATvi5bsvbjLJKD172ihdMD3+3dljb4kJeT6jHQHTC306rTDyffN4
RVvMSFiSP84FPISIDihsiubYQ1xaPFCgINVITVgI+NzVifepflnhhXtFh5zBOtkJ
w2q0MsBVZywSS57L25kCNeToOgbWG08Q9QMElx6pQEqtDhFaFlb/6+tgSWkgWkop
3t2DYYEIyNZ2b0GAn0yqWmF9R7yUM7QGPDawvVKY+P9qdo6TegzNsqti6IpHJwOA
/pPGy5++G2qfFoLR9pS4EZEwOUvEmsTUZSOUCKOsu0TXonb8DPRKnQizpvhiXt18
anaAdtcy7w78Lg2O/wofunmKQwIDAQABo4ICyDCCAsQwHQYDVR0OBBYEFEf6Q/5S
Bt0o7WXJaXm057yYxpVEMB8GA1UdIwQYMBaAFHsByswXD+amGyAwQYXoaJRt9yha
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5MTlFQS82RDQ2M0NGRTA0
RkQxMUVBODJDQ0NBMThDNEY5QUUwMi9ld0hLekJjUDVxWWJJREJCaGVob2xHMzNL
Rm8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2V3SEt6QmNQNXFZYklEQkJoZWhvbEczM0tGby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTE5RUEvNkQ0NjNDRkUwNEZEMTFFQTgyQ0NDQTE4QzRGOUFFMDIvNDJDOUZFMEM3
N0VEMTFFQkJGQkFGNTY4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwUgYIKwYBBQUHAQcBAf8E
QzBBMBoEAgABMBQwDAMEAngd/AMEAHgd/gMEAMsRSDAjBAIAAjAdMBIDBwAgAQ3N
AAEDBwMgAQ3NAAADBwAgAQ3N3QUwDQYJKoZIhvcNAQELBQADggEBAD25xKvwa5ct
6fvsW0hcEGAJLjf2+KYOkCidfxhyEOxS9I/dP69NLaCpvYH7/vvqkKdz0v7YLobt
xpijdnfLRPBVw70aJmgQYIUPu/JpA86Z7LhOATrBggQcrjQyX1VQCGm6z7dq9oMv
v5SZYKFP7B3+GW0GjVwn08lChNG7XRMBnnGeFlHA2KPvAIpOlAs+JLY1oPW7iykj
6ZpLNANLpj6la2/78JnjSccW7du8ErvqBCU7oAlYK4kKJY+iNA4D+4ivV7wMrAzo
FQSvhB7Wex65cnY0qYmlf7TnGDQT9z+im9PORjtYE4Zx/zWKrP+2jxBE5jsIOXyL
r4/2VXVpync=
-----END CERTIFICATE-----