Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/F2D46CA0099A11EAB5891D5BC4F9AE02.roa
File:                     F2D46CA0099A11EAB5891D5BC4F9AE02.roa (raw, json)
Hash identifier:          Ghvi3pGT4pcObcWFUQUF1+74t/jTPSzrTwMbuA1l0j4=
Subject key identifier:   6C:A0:B2:4F:C1:DF:21:F4:7F:BD:16:37:8F:DD:76:BC:BD:DE:3F:60
Certificate issuer:       /CN=A91919EA/serialNumber=7B01CACC170FE6A61B20304185E868946DF7285A
Certificate serial:       0F8B
Authority key identifier: 7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/F2D46CA0099A11EAB5891D5BC4F9AE02.roa
Signing time:             Fri 28 Feb 2025 19:30:15 +0000
ROA not before:           Fri 28 Feb 2025 19:30:15 +0000
ROA not after:            Fri 01 May 2026 00:00:00 +0000
asID:                     397237
IP address blocks:        120.29.252.0/24 maxlen: 24
                          120.29.253.0/24 maxlen: 24
                          120.29.254.0/24 maxlen: 24
                          203.17.72.0/24 maxlen: 24
                          2001:dcd:1::/48 maxlen: 48
                          2001:dcd:2::/48 maxlen: 48
                          2001:dcd:3::/48 maxlen: 48
                          2001:dcd:4::/48 maxlen: 48
                          2001:dcd:5::/48 maxlen: 48
                          2001:dcd:6::/48 maxlen: 48
                          2001:dcd:7::/48 maxlen: 48
                          2001:dcd:dd05::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3979 (0xf8b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91919EA
        Validity
            Not Before: Feb 28 19:30:15 2025 GMT
            Not After : May  1 00:00:00 2026 GMT
        Subject: CN=67c20ec7-04cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:3e:37:2f:2e:b7:18:fc:5b:62:bd:db:31:35:
                    94:03:4b:f2:ed:07:ea:0e:73:37:cd:45:7b:ac:e6:
                    c2:12:26:11:a4:fc:58:24:4c:2a:f4:74:30:e3:47:
                    36:f9:90:9c:26:17:51:e3:2a:ce:34:be:b8:57:86:
                    2b:5b:31:4f:43:3d:59:6d:b2:e7:d6:fe:60:52:d6:
                    ce:d8:16:51:a7:4e:13:fc:8e:4e:f8:3f:4a:d1:32:
                    44:97:c3:4b:46:7f:ce:5a:b3:4d:09:27:df:ba:99:
                    16:ec:c7:eb:66:b9:38:55:13:d5:55:b8:a5:21:34:
                    4b:87:d8:e7:1c:c2:29:ee:89:ff:cd:90:3a:08:5e:
                    42:42:12:4d:d3:f5:22:3d:a9:01:af:23:7a:56:1f:
                    44:db:b2:9d:75:e8:39:80:30:5f:7d:f6:54:25:18:
                    2b:1e:dd:39:59:04:0c:34:2a:11:5e:9f:b1:a3:4e:
                    6b:5a:01:c3:5c:4f:86:8a:bf:d7:2a:71:0e:3f:35:
                    1a:ff:52:66:2b:1f:c5:3c:52:33:08:51:d4:69:07:
                    85:08:8d:e0:f9:00:f3:4d:3d:88:8d:33:c2:29:29:
                    0c:d8:df:c3:60:d9:87:61:2b:bb:d1:ca:9d:fe:bb:
                    54:ea:1b:fa:2c:8c:34:d1:36:86:83:ff:36:2d:a5:
                    6b:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:A0:B2:4F:C1:DF:21:F4:7F:BD:16:37:8F:DD:76:BC:BD:DE:3F:60
            X509v3 Authority Key Identifier:
                keyid:7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/ewHKzBcP5qYbIDBBheholG33KFo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/F2D46CA0099A11EAB5891D5BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  120.29.252.0-120.29.254.255
                  203.17.72.0/24
                IPv6:
                  2001:dcd:1::-2001:dcd:7:ffff:ffff:ffff:ffff:ffff
                  2001:dcd:dd05::/48

    Signature Algorithm: sha256WithRSAEncryption
         36:c2:36:49:e0:7d:c4:f9:da:68:71:46:fc:58:4a:5f:4f:e8:
         11:c2:5f:1e:3b:d0:c9:aa:42:60:ff:41:94:74:e2:8d:6e:26:
         ab:f8:95:04:64:ce:c2:c6:f5:ca:fe:d2:fe:97:25:8e:bc:ae:
         5e:94:e8:d6:97:98:cf:35:51:3c:fe:97:fa:11:dd:de:a3:70:
         c8:ae:84:3a:ab:97:72:a4:8d:93:bf:97:08:04:4b:37:d3:ed:
         1f:6b:79:57:fb:7f:eb:03:aa:c0:80:13:c6:0f:57:93:b0:7a:
         e8:2e:e0:71:5a:91:08:01:74:6f:e8:23:9e:71:14:41:09:2a:
         83:91:37:f0:08:db:5e:9a:97:6f:6a:fa:15:fb:42:ea:a8:6d:
         2c:7c:06:b5:44:ee:b1:56:21:5d:2a:03:3b:f8:7b:3a:e3:ae:
         bd:9f:c1:a7:08:8f:f8:90:e1:e8:25:1c:cc:f9:fd:1f:10:8a:
         7e:27:af:84:a6:98:0f:a9:46:fb:02:9b:dd:e6:9e:43:64:06:
         74:5d:70:d5:d6:06:9b:2b:94:2f:e8:7a:c8:bb:78:c3:49:fd:
         ca:40:25:20:8d:c5:34:76:13:14:64:1f:19:ca:18:a0:de:b7:
         6e:86:b3:31:fb:97:86:77:50:d6:92:de:af:75:92:cc:5d:89:
         90:aa:4f:42
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgICD4swDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTE5RUExMTAvBgNVBAUTKDdCMDFDQUNDMTcwRkU2QTYxQjIwMzA0MTg1RTg2ODk0
NkRGNzI4NUEwHhcNMjUwMjI4MTkzMDE1WhcNMjYwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2MyMGVjNy0wNGNjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4T43Ly63GPxbYr3bMTWUA0vy7QfqDnM3zUV7rObCEiYRpPxYJEwq9HQw40c2
+ZCcJhdR4yrONL64V4YrWzFPQz1ZbbLn1v5gUtbO2BZRp04T/I5O+D9K0TJEl8NL
Rn/OWrNNCSffupkW7MfrZrk4VRPVVbilITRLh9jnHMIp7on/zZA6CF5CQhJN0/Ui
PakBryN6Vh9E27Kddeg5gDBfffZUJRgrHt05WQQMNCoRXp+xo05rWgHDXE+Gir/X
KnEOPzUa/1JmKx/FPFIzCFHUaQeFCI3g+QDzTT2IjTPCKSkM2N/DYNmHYSu70cqd
/rtU6hv6LIw00TaGg/82LaVrGwIDAQABo4ICyDCCAsQwHQYDVR0OBBYEFGygsk/B
3yH0f70WN4/ddry93j9gMB8GA1UdIwQYMBaAFHsByswXD+amGyAwQYXoaJRt9yha
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5MTlFQS82RDQ2M0NGRTA0
RkQxMUVBODJDQ0NBMThDNEY5QUUwMi9ld0hLekJjUDVxWWJJREJCaGVob2xHMzNL
Rm8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2V3SEt6QmNQNXFZYklEQkJoZWhvbEczM0tGby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTE5RUEvNkQ0NjNDRkUwNEZEMTFFQTgyQ0NDQTE4QzRGOUFFMDIvRjJENDZDQTAw
OTlBMTFFQUI1ODkxRDVCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwUgYIKwYBBQUHAQcBAf8E
QzBBMBoEAgABMBQwDAMEAngd/AMEAHgd/gMEAMsRSDAjBAIAAjAdMBIDBwAgAQ3N
AAEDBwMgAQ3NAAADBwAgAQ3N3QUwDQYJKoZIhvcNAQELBQADggEBADbCNkngfcT5
2mhxRvxYSl9P6BHCXx470MmqQmD/QZR04o1uJqv4lQRkzsLG9cr+0v6XJY68rl6U
6NaXmM81UTz+l/oR3d6jcMiuhDqrl3KkjZO/lwgESzfT7R9reVf7f+sDqsCAE8YP
V5Oweugu4HFakQgBdG/oI55xFEEJKoORN/AI216al29q+hX7QuqobSx8BrVE7rFW
IV0qAzv4ezrjrr2fwacIj/iQ4eglHMz5/R8Qin4nr4SmmA+pRvsCm93mnkNkBnRd
cNXWBpsrlC/oesi7eMNJ/cpAJSCNxTR2ExRkHxnKGKDet26GszH7l4Z3UNaS3q91
ksxdiZCqT0I=
-----END CERTIFICATE-----