Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/42CE2AF4CE3D11EFB64C2D1BC4F9AE02.roa
File:                     42CE2AF4CE3D11EFB64C2D1BC4F9AE02.roa (raw, json)
Hash identifier:          7RI6gGG5abykra9eO+wuyvEKRvpTZqzvQjrSdU6nEa8=
Subject key identifier:   E5:44:47:F7:E3:82:EA:4F:B5:4C:74:30:74:16:CB:D1:53:90:FE:60
Certificate issuer:       /CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
Certificate serial:       4A29
Authority key identifier: 16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/42CE2AF4CE3D11EFB64C2D1BC4F9AE02.roa
Signing time:             Thu 20 Mar 2025 15:35:41 +0000
ROA not before:           Thu 20 Mar 2025 15:35:41 +0000
ROA not after:            Fri 31 Oct 2025 00:00:00 +0000
asID:                     131386
IP address blocks:        45.119.80.0/22 maxlen: 24
                          45.119.84.0/22 maxlen: 24
                          103.2.228.0/22 maxlen: 24
                          103.27.236.0/22 maxlen: 24
                          103.87.220.0/22 maxlen: 24
                          103.95.156.0/22 maxlen: 24
                          103.200.24.0/22 maxlen: 24
                          2403:bf40::/48 maxlen: 48
                          2403:bf40:2::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 18985 (0x4a29)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A560A
        Validity
            Not Before: Mar 20 15:35:41 2025 GMT
            Not After : Oct 31 00:00:00 2025 GMT
        Subject: CN=67dc35cd-5dae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:28:a9:35:a0:bd:61:71:43:2e:46:f9:29:eb:
                    25:f2:44:9a:05:d1:2c:fe:28:7e:87:4c:c1:da:48:
                    4c:19:fb:0d:45:d1:16:38:fa:07:59:9a:e4:d0:bc:
                    8d:8a:87:89:64:e1:98:8d:67:77:3a:fd:a8:d9:1a:
                    13:72:f9:e5:0f:5c:0a:b5:51:7c:43:2e:8a:be:fc:
                    ec:ca:fb:e4:ca:13:20:c5:de:c4:1d:fe:e5:42:2d:
                    e0:a8:0d:68:29:ec:6d:28:ec:1d:18:c1:dc:f3:0d:
                    ce:a8:35:8c:b2:c2:d9:6a:71:40:2f:4a:6e:6e:62:
                    1d:32:6e:8d:bf:33:f9:d5:13:2d:49:f6:00:18:4a:
                    3a:ae:88:a9:9b:9b:27:1f:29:54:0b:3b:6c:2e:ad:
                    6b:a9:8d:01:2b:8f:50:e5:b9:8f:8e:5a:f6:5e:ec:
                    2f:b4:a6:0d:22:a0:5d:67:17:25:3a:32:c3:db:e0:
                    ac:b7:60:ec:67:3e:49:56:b0:77:a2:34:fb:d5:b8:
                    11:67:7e:05:93:16:08:46:9d:d1:d4:85:3a:24:de:
                    d9:55:25:fc:d5:93:ad:c5:e2:dd:19:39:e0:c9:ff:
                    9d:b6:06:fb:94:97:b2:b9:84:df:16:d5:18:1b:24:
                    00:29:4e:62:bc:93:2a:37:ec:77:cf:d9:cb:b0:3a:
                    83:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:44:47:F7:E3:82:EA:4F:B5:4C:74:30:74:16:CB:D1:53:90:FE:60
            X509v3 Authority Key Identifier:
                keyid:16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/42CE2AF4CE3D11EFB64C2D1BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.119.80.0/21
                  103.2.228.0/22
                  103.27.236.0/22
                  103.87.220.0/22
                  103.95.156.0/22
                  103.200.24.0/22
                IPv6:
                  2403:bf40::/48
                  2403:bf40:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:9c:b4:85:97:4a:54:05:75:9c:4c:28:41:6a:bb:f8:c6:d1:
         d1:83:0d:58:9e:ff:42:e9:ad:ff:06:cf:cc:a3:37:3c:a4:6e:
         66:ca:81:0f:75:af:f0:3d:a3:73:44:3c:8a:12:be:85:27:19:
         e1:6c:58:e4:1e:59:c9:70:cc:5b:c5:bc:39:75:1d:6e:e1:1d:
         b9:ce:53:8b:00:ff:67:52:e8:8d:03:ac:ae:b6:8d:1b:88:d2:
         21:41:e7:c3:cb:5d:b1:03:48:f6:f4:c3:a1:52:c3:56:55:78:
         0d:d4:bd:20:d6:1f:da:9b:1b:64:e9:d7:34:aa:17:73:ae:34:
         cf:d3:76:89:32:f7:0d:02:8d:f3:be:25:84:63:47:68:5c:6d:
         65:1d:3a:56:a8:8b:9b:72:54:3c:30:1e:f0:a6:25:bc:a9:e2:
         50:99:87:73:3c:6c:6d:1a:d8:ff:37:2a:be:b0:c3:8a:92:01:
         ae:b7:e3:51:f3:df:ba:2a:bf:c6:8b:ec:8f:0f:29:15:ae:50:
         0e:0a:54:97:fb:73:a9:fe:5a:5b:c3:52:07:75:25:47:32:53:
         77:9f:1c:03:2f:99:15:e6:d1:1d:69:0b:1d:0e:7b:f0:ed:9b:
         54:50:be:fe:c7:f9:b6:b8:e2:63:4f:bb:36:88:1f:1b:c4:04:
         b2:80:e7:72
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgICSikwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU2MEExMTAvBgNVBAUTKDE2N0MzQjIyMTc3NUZFQzA1MDM5NDY4MTUwQ0U4MTQ3
NTZBQzZGMEEwHhcNMjUwMzIwMTUzNTQxWhcNMjUxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2RjMzVjZC01ZGFlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArSipNaC9YXFDLkb5Kesl8kSaBdEs/ih+h0zB2khMGfsNRdEWOPoHWZrk0LyN
ioeJZOGYjWd3Ov2o2RoTcvnlD1wKtVF8Qy6KvvzsyvvkyhMgxd7EHf7lQi3gqA1o
KextKOwdGMHc8w3OqDWMssLZanFAL0pubmIdMm6NvzP51RMtSfYAGEo6roipm5sn
HylUCztsLq1rqY0BK49Q5bmPjlr2XuwvtKYNIqBdZxclOjLD2+Cst2DsZz5JVrB3
ojT71bgRZ34FkxYIRp3R1IU6JN7ZVSX81ZOtxeLdGTngyf+dtgb7lJeyuYTfFtUY
GyQAKU5ivJMqN+x3z9nLsDqDPwIDAQABo4ICzTCCAskwHQYDVR0OBBYEFOVER/fj
gupPtUx0MHQWy9FTkP5gMB8GA1UdIwQYMBaAFBZ8OyIXdf7AUDlGgVDOgUdWrG8K
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTYwQS9BQUVCMTkxQTFE
OEExMUUyQTM4N0QwRTQwOEIwMkNEMi9Gbnc3SWhkMV9zQlFPVWFCVU02QlIxYXNi
d28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0ZudzdJaGQxX3NCUU9VYUJVTTZCUjFhc2J3by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU2MEEvQUFFQjE5MUExRDhBMTFFMkEzODdEMEU0MDhCMDJDRDIvNDJDRTJBRjRD
RTNEMTFFRkI2NEMyRDFCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwVwYIKwYBBQUHAQcBAf8E
SDBGMCoEAgABMCQDBAMtd1ADBAJnAuQDBAJnG+wDBAJnV9wDBAJnX5wDBAJnyBgw
GAQCAAIwEgMHACQDv0AAAAMHACQDv0AAAjANBgkqhkiG9w0BAQsFAAOCAQEAr5y0
hZdKVAV1nEwoQWq7+MbR0YMNWJ7/Qumt/wbPzKM3PKRuZsqBD3Wv8D2jc0Q8ihK+
hScZ4WxY5B5ZyXDMW8W8OXUdbuEduc5TiwD/Z1LojQOsrraNG4jSIUHnw8tdsQNI
9vTDoVLDVlV4DdS9INYf2psbZOnXNKoXc640z9N2iTL3DQKN874lhGNHaFxtZR06
VqiLm3JUPDAe8KYlvKniUJmHczxsbRrY/zcqvrDDipIBrrfjUfPfuiq/xovsjw8p
Fa5QDgpUl/tzqf5aW8NSB3UlRzJTd58cAy+ZFebRHWkLHQ578O2bVFC+/sf5trji
Y0+7NogfG8QEsoDncg==
-----END CERTIFICATE-----