Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/EFDC701A099A11EAB5891D5BC4F9AE02.roa
File:                     EFDC701A099A11EAB5891D5BC4F9AE02.roa (raw, json)
Hash identifier:          30Q0tmGYk+osax1btnB3QB7qbDwmHH34cIJNiTAsjqg=
Subject key identifier:   43:C5:2E:8E:9B:A9:07:50:EF:F7:FD:7C:1B:D7:F5:B2:BC:F3:83:1A
Certificate issuer:       /CN=A91919EA/serialNumber=7B01CACC170FE6A61B20304185E868946DF7285A
Certificate serial:       0F75
Authority key identifier: 7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/EFDC701A099A11EAB5891D5BC4F9AE02.roa
Signing time:             Fri 28 Feb 2025 19:29:46 +0000
ROA not before:           Fri 28 Feb 2025 19:29:46 +0000
ROA not after:            Fri 01 May 2026 00:00:00 +0000
asID:                     397215
IP address blocks:        120.29.252.0/24 maxlen: 24
                          120.29.253.0/24 maxlen: 24
                          120.29.254.0/24 maxlen: 24
                          203.17.72.0/24 maxlen: 24
                          2001:dcd:1::/48 maxlen: 48
                          2001:dcd:2::/48 maxlen: 48
                          2001:dcd:3::/48 maxlen: 48
                          2001:dcd:4::/48 maxlen: 48
                          2001:dcd:5::/48 maxlen: 48
                          2001:dcd:6::/48 maxlen: 48
                          2001:dcd:7::/48 maxlen: 48
                          2001:dcd:dd05::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3957 (0xf75)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91919EA
        Validity
            Not Before: Feb 28 19:29:46 2025 GMT
            Not After : May  1 00:00:00 2026 GMT
        Subject: CN=67c20eaa-eee7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:2e:cc:a2:27:5b:74:c9:26:f7:01:c5:1f:8b:
                    8f:0b:6c:9a:8a:52:2e:c1:78:79:c8:b2:af:5a:27:
                    d1:05:23:91:83:24:8d:d2:3d:db:a5:f5:13:cd:17:
                    d7:76:53:d7:c0:3c:d4:ca:4b:cf:c7:b6:d6:2e:bd:
                    9c:4d:9b:15:38:6a:da:b6:43:be:dd:6c:74:36:bb:
                    6d:3a:25:2b:6e:0c:f3:a2:7b:55:75:3b:07:ae:c7:
                    55:fd:82:47:55:32:8a:d1:70:32:57:c4:54:77:c3:
                    3a:c3:83:b0:61:e3:25:86:95:8a:c4:4d:37:8e:16:
                    9a:fe:44:6c:1f:1b:9d:ce:bd:af:29:fa:fa:7a:3a:
                    80:36:6a:52:a0:dc:c9:c7:b5:76:90:ea:dd:0c:bb:
                    13:c6:b0:75:18:76:d6:5f:33:6a:01:de:67:23:67:
                    03:5a:68:aa:94:6f:c7:04:92:b0:4b:94:20:c8:b3:
                    ab:10:e5:ad:32:84:91:8c:34:c8:fd:87:45:87:9a:
                    4a:eb:f2:d1:c8:95:fa:27:66:7f:54:c2:d3:15:15:
                    1a:24:f1:87:ee:7d:68:cb:aa:e7:a7:b5:b1:50:46:
                    cb:37:f0:4d:94:f4:b9:d8:db:26:27:18:d2:9e:c5:
                    76:a1:dc:78:c0:66:e4:f8:a0:18:97:18:72:8a:b5:
                    22:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:C5:2E:8E:9B:A9:07:50:EF:F7:FD:7C:1B:D7:F5:B2:BC:F3:83:1A
            X509v3 Authority Key Identifier:
                keyid:7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/ewHKzBcP5qYbIDBBheholG33KFo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/EFDC701A099A11EAB5891D5BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  120.29.252.0-120.29.254.255
                  203.17.72.0/24
                IPv6:
                  2001:dcd:1::-2001:dcd:7:ffff:ffff:ffff:ffff:ffff
                  2001:dcd:dd05::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:1a:da:20:d7:92:62:46:be:77:40:f9:d7:78:3f:6b:65:02:
         d3:20:a4:15:28:ad:47:77:c2:05:f2:bf:0c:4f:a0:5c:93:1d:
         f1:6c:b7:44:b9:72:40:31:38:42:04:0b:a7:fd:53:4c:6e:1c:
         70:e7:80:d5:c5:31:3e:20:6a:89:78:3e:37:47:f8:18:a8:bb:
         ba:b6:cb:9b:e4:3f:00:ef:25:fb:82:28:9d:7c:58:e7:49:01:
         84:34:9b:c8:26:21:fe:52:45:e0:8c:53:b3:9e:09:b1:a2:94:
         72:a2:53:36:6a:9c:2f:e2:b8:2e:21:bf:24:59:6e:54:fc:fd:
         c7:ca:d2:b1:83:7d:7a:c6:cc:0b:a4:0d:09:83:00:57:4d:0c:
         fe:6f:2c:33:61:73:2d:bd:fb:af:4e:be:39:c4:38:cb:30:c5:
         9f:dc:5a:d8:90:5c:e3:38:be:d9:65:0c:9d:dc:81:53:fa:07:
         eb:d4:cb:c8:54:20:19:e0:2d:cd:49:88:a9:e3:92:14:de:f7:
         1d:5f:5c:84:4e:5e:09:3c:92:4e:95:29:69:cc:9c:44:4f:6e:
         24:1b:66:31:77:21:a6:b5:fa:18:c9:7e:1a:10:e3:b9:47:c5:
         af:ff:80:22:cf:dc:2f:9b:4e:a0:92:0b:3b:d6:30:80:2f:77:
         d0:7d:28:ea
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgICD3UwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTE5RUExMTAvBgNVBAUTKDdCMDFDQUNDMTcwRkU2QTYxQjIwMzA0MTg1RTg2ODk0
NkRGNzI4NUEwHhcNMjUwMjI4MTkyOTQ2WhcNMjYwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2MyMGVhYS1lZWU3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2C7MoidbdMkm9wHFH4uPC2yailIuwXh5yLKvWifRBSORgySN0j3bpfUTzRfX
dlPXwDzUykvPx7bWLr2cTZsVOGratkO+3Wx0NrttOiUrbgzzontVdTsHrsdV/YJH
VTKK0XAyV8RUd8M6w4OwYeMlhpWKxE03jhaa/kRsHxudzr2vKfr6ejqANmpSoNzJ
x7V2kOrdDLsTxrB1GHbWXzNqAd5nI2cDWmiqlG/HBJKwS5QgyLOrEOWtMoSRjDTI
/YdFh5pK6/LRyJX6J2Z/VMLTFRUaJPGH7n1oy6rnp7WxUEbLN/BNlPS52NsmJxjS
nsV2odx4wGbk+KAYlxhyirUiYwIDAQABo4ICyDCCAsQwHQYDVR0OBBYEFEPFLo6b
qQdQ7/f9fBvX9bK884MaMB8GA1UdIwQYMBaAFHsByswXD+amGyAwQYXoaJRt9yha
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5MTlFQS82RDQ2M0NGRTA0
RkQxMUVBODJDQ0NBMThDNEY5QUUwMi9ld0hLekJjUDVxWWJJREJCaGVob2xHMzNL
Rm8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2V3SEt6QmNQNXFZYklEQkJoZWhvbEczM0tGby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTE5RUEvNkQ0NjNDRkUwNEZEMTFFQTgyQ0NDQTE4QzRGOUFFMDIvRUZEQzcwMUEw
OTlBMTFFQUI1ODkxRDVCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwUgYIKwYBBQUHAQcBAf8E
QzBBMBoEAgABMBQwDAMEAngd/AMEAHgd/gMEAMsRSDAjBAIAAjAdMBIDBwAgAQ3N
AAEDBwMgAQ3NAAADBwAgAQ3N3QUwDQYJKoZIhvcNAQELBQADggEBAHAa2iDXkmJG
vndA+dd4P2tlAtMgpBUorUd3wgXyvwxPoFyTHfFst0S5ckAxOEIEC6f9U0xuHHDn
gNXFMT4gaol4PjdH+Biou7q2y5vkPwDvJfuCKJ18WOdJAYQ0m8gmIf5SReCMU7Oe
CbGilHKiUzZqnC/iuC4hvyRZblT8/cfK0rGDfXrGzAukDQmDAFdNDP5vLDNhcy29
+69OvjnEOMswxZ/cWtiQXOM4vtllDJ3cgVP6B+vUy8hUIBngLc1JiKnjkhTe9x1f
XIROXgk8kk6VKWnMnERPbiQbZjF3Iaa1+hjJfhoQ47lHxa//gCLP3C+bTqCSCzvW
MIAvd9B9KOo=
-----END CERTIFICATE-----