Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/7AA2CD46073111EA993EC663C4F9AE02.roa
File:                     7AA2CD46073111EA993EC663C4F9AE02.roa (raw, json)
Hash identifier:          CYK9f7PkALQsQBTl6o8dgHUkp/bZCI+9/pYzX3H0gkI=
Subject key identifier:   19:06:D3:24:E5:85:1F:8E:E2:D9:D6:F7:43:8E:8B:12:80:AE:A7:AF
Certificate issuer:       /CN=A91919EA/serialNumber=7B01CACC170FE6A61B20304185E868946DF7285A
Certificate serial:       0F86
Authority key identifier: 7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/7AA2CD46073111EA993EC663C4F9AE02.roa
Signing time:             Fri 28 Feb 2025 19:30:09 +0000
ROA not before:           Fri 28 Feb 2025 19:30:09 +0000
ROA not after:            Fri 01 May 2026 00:00:00 +0000
asID:                     397232
IP address blocks:        120.29.252.0/24 maxlen: 24
                          120.29.253.0/24 maxlen: 24
                          120.29.254.0/24 maxlen: 24
                          203.17.72.0/24 maxlen: 24
                          2001:dcd:1::/48 maxlen: 48
                          2001:dcd:2::/48 maxlen: 48
                          2001:dcd:3::/48 maxlen: 48
                          2001:dcd:4::/48 maxlen: 48
                          2001:dcd:5::/48 maxlen: 48
                          2001:dcd:6::/48 maxlen: 48
                          2001:dcd:7::/48 maxlen: 48
                          2001:dcd:dd05::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3974 (0xf86)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91919EA
        Validity
            Not Before: Feb 28 19:30:09 2025 GMT
            Not After : May  1 00:00:00 2026 GMT
        Subject: CN=67c20ec1-3847
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:4e:84:72:02:38:2c:88:1c:72:de:9a:bb:3a:
                    b1:a2:a5:ca:f9:76:96:c0:4e:9c:eb:aa:ca:9b:22:
                    15:31:5d:30:53:52:51:76:e9:14:8c:6c:7f:b4:16:
                    3b:7f:a6:cf:2e:3f:9f:60:6f:a1:d3:96:87:6e:c9:
                    f3:cd:a1:b3:9c:67:c2:22:97:a7:8f:6d:04:3f:75:
                    aa:75:6e:27:8d:d7:e6:6e:7d:51:18:66:d4:83:7d:
                    dd:7b:ef:3e:02:8e:d0:13:b7:41:07:37:fc:b8:29:
                    1d:24:d6:c6:85:5d:83:87:3a:6f:c8:93:40:00:7e:
                    8a:7e:3b:19:28:ce:bd:93:91:9a:26:e8:8c:28:90:
                    8c:c3:c4:f3:68:d8:4d:67:cc:b5:84:c7:63:ae:a5:
                    63:e1:0e:7c:21:4c:71:74:a7:0f:95:a4:dd:ec:43:
                    70:91:2a:4e:f7:f9:e4:9f:89:1e:84:cd:cc:27:97:
                    ef:c5:52:fa:53:63:34:0b:9d:62:63:ee:6c:2a:eb:
                    f3:94:01:9f:ad:46:51:d0:5a:ce:38:e8:13:06:a0:
                    32:2c:e6:14:da:ca:85:5a:8b:67:e5:1d:0a:f7:9c:
                    be:b9:6f:2b:28:c0:63:cc:d3:f5:1e:cf:50:5b:d9:
                    28:93:49:7d:e0:28:e6:d2:6a:7e:62:dd:9a:9a:f5:
                    44:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:06:D3:24:E5:85:1F:8E:E2:D9:D6:F7:43:8E:8B:12:80:AE:A7:AF
            X509v3 Authority Key Identifier:
                keyid:7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/ewHKzBcP5qYbIDBBheholG33KFo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/7AA2CD46073111EA993EC663C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  120.29.252.0-120.29.254.255
                  203.17.72.0/24
                IPv6:
                  2001:dcd:1::-2001:dcd:7:ffff:ffff:ffff:ffff:ffff
                  2001:dcd:dd05::/48

    Signature Algorithm: sha256WithRSAEncryption
         89:7d:2f:0f:36:cf:db:61:65:e3:03:f2:d3:30:d5:84:40:36:
         ac:7c:32:cc:b5:72:aa:c9:9c:66:c7:63:7f:00:51:fa:d1:38:
         a2:bf:5d:5b:28:a6:86:69:2b:c7:a3:66:f6:3b:d8:75:2c:57:
         3b:f0:8c:42:2f:22:bf:bb:a9:50:f0:ce:6f:a4:69:b9:5b:46:
         f3:ae:80:60:b6:8c:92:11:61:a5:21:1d:da:8b:9c:7d:33:ee:
         8b:2b:de:37:32:ad:52:67:31:e3:3d:6e:c8:b7:bb:a4:81:54:
         08:ce:22:21:23:a5:db:a7:c6:62:be:7e:34:de:db:04:ac:27:
         10:56:36:d2:d8:7d:ce:86:0e:9a:eb:18:ad:00:df:63:51:9c:
         07:be:07:ee:90:f0:1d:38:54:72:98:70:f0:02:15:fc:30:03:
         a1:42:ee:8f:80:44:c8:c0:e8:0b:81:bb:e1:25:35:c2:b3:2f:
         65:e5:74:d4:3f:45:ab:41:63:44:bb:4c:0d:88:06:c3:16:77:
         2d:42:6d:67:3b:bd:75:96:c7:b6:d7:0b:1a:a8:5d:11:b9:e8:
         73:3a:eb:84:23:4c:dd:65:40:d3:b8:36:04:b4:f1:3a:e3:8e:
         55:11:14:df:fd:f3:b3:e1:29:08:14:73:70:f5:1b:13:dd:18:
         97:53:3c:bf
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgICD4YwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTE5RUExMTAvBgNVBAUTKDdCMDFDQUNDMTcwRkU2QTYxQjIwMzA0MTg1RTg2ODk0
NkRGNzI4NUEwHhcNMjUwMjI4MTkzMDA5WhcNMjYwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2MyMGVjMS0zODQ3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA206EcgI4LIgcct6auzqxoqXK+XaWwE6c66rKmyIVMV0wU1JRdukUjGx/tBY7
f6bPLj+fYG+h05aHbsnzzaGznGfCIpenj20EP3WqdW4njdfmbn1RGGbUg33de+8+
Ao7QE7dBBzf8uCkdJNbGhV2DhzpvyJNAAH6KfjsZKM69k5GaJuiMKJCMw8TzaNhN
Z8y1hMdjrqVj4Q58IUxxdKcPlaTd7ENwkSpO9/nkn4kehM3MJ5fvxVL6U2M0C51i
Y+5sKuvzlAGfrUZR0FrOOOgTBqAyLOYU2sqFWotn5R0K95y+uW8rKMBjzNP1Hs9Q
W9kok0l94Cjm0mp+Yt2amvVEzwIDAQABo4ICyDCCAsQwHQYDVR0OBBYEFBkG0yTl
hR+O4tnW90OOixKArqevMB8GA1UdIwQYMBaAFHsByswXD+amGyAwQYXoaJRt9yha
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5MTlFQS82RDQ2M0NGRTA0
RkQxMUVBODJDQ0NBMThDNEY5QUUwMi9ld0hLekJjUDVxWWJJREJCaGVob2xHMzNL
Rm8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2V3SEt6QmNQNXFZYklEQkJoZWhvbEczM0tGby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTE5RUEvNkQ0NjNDRkUwNEZEMTFFQTgyQ0NDQTE4QzRGOUFFMDIvN0FBMkNENDYw
NzMxMTFFQTk5M0VDNjYzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwUgYIKwYBBQUHAQcBAf8E
QzBBMBoEAgABMBQwDAMEAngd/AMEAHgd/gMEAMsRSDAjBAIAAjAdMBIDBwAgAQ3N
AAEDBwMgAQ3NAAADBwAgAQ3N3QUwDQYJKoZIhvcNAQELBQADggEBAIl9Lw82z9th
ZeMD8tMw1YRANqx8Msy1cqrJnGbHY38AUfrROKK/XVsopoZpK8ejZvY72HUsVzvw
jEIvIr+7qVDwzm+kablbRvOugGC2jJIRYaUhHdqLnH0z7osr3jcyrVJnMeM9bsi3
u6SBVAjOIiEjpdunxmK+fjTe2wSsJxBWNtLYfc6GDprrGK0A32NRnAe+B+6Q8B04
VHKYcPACFfwwA6FC7o+ARMjA6AuBu+ElNcKzL2XldNQ/RatBY0S7TA2IBsMWdy1C
bWc7vXWWx7bXCxqoXRG56HM664QjTN1lQNO4NgS08TrjjlURFN/987PhKQgUc3D1
GxPdGJdTPL8=
-----END CERTIFICATE-----