Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91BDDB8/D3DD37F8F3B311E888D37228C4F9AE02/732BAF02BF5D11EB8199C943C4F9AE02.roa
File:                     732BAF02BF5D11EB8199C943C4F9AE02.roa (raw, json)
Hash identifier:          19PePHoFF22nUkndMtbal1vAJr/Bweg8ayj4IBTrMGk=
Subject key identifier:   25:DF:EA:27:34:39:08:96:BB:AD:3F:5F:BA:62:9E:57:DC:62:BD:D1
Certificate issuer:       /CN=A91BDDB8/serialNumber=73F4BBDBD7A21D6E7B9E4BF5B0C81722CCC21D67
Certificate serial:       11A3
Authority key identifier: 73:F4:BB:DB:D7:A2:1D:6E:7B:9E:4B:F5:B0:C8:17:22:CC:C2:1D:67
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/c_S729eiHW57nkv1sMgXIszCHWc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91BDDB8/D3DD37F8F3B311E888D37228C4F9AE02/732BAF02BF5D11EB8199C943C4F9AE02.roa
Signing time:             Mon 10 Mar 2025 17:36:39 +0000
ROA not before:           Mon 10 Mar 2025 17:36:39 +0000
ROA not after:            Thu 28 May 2026 00:00:00 +0000
asID:                     206264
IP address blocks:        43.243.160.0/22 maxlen: 22
                          43.243.160.0/24 maxlen: 24
                          43.243.161.0/24 maxlen: 24
                          43.243.162.0/24 maxlen: 24
                          43.243.163.0/24 maxlen: 24
                          103.28.88.0/24 maxlen: 24
                          103.28.89.0/24 maxlen: 24
                          103.109.100.0/22 maxlen: 22
                          103.109.102.0/24 maxlen: 24
                          183.81.168.0/23 maxlen: 24
                          2402:7840::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4515 (0x11a3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91BDDB8
        Validity
            Not Before: Mar 10 17:36:39 2025 GMT
            Not After : May 28 00:00:00 2026 GMT
        Subject: CN=67cf2327-8232
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:38:f7:0f:99:37:02:b7:dc:90:81:71:f2:83:
                    da:c7:fb:06:28:2c:05:85:e4:97:dc:85:de:e5:9f:
                    45:80:85:3c:a9:99:1d:68:74:9a:0f:3a:b9:bd:ea:
                    eb:48:3b:aa:f6:1b:aa:63:7a:6a:d5:2e:65:a7:23:
                    b1:da:fe:c3:96:ff:a9:53:cc:9a:09:79:30:10:36:
                    7b:0a:bb:43:e4:6d:8e:65:44:ed:a0:68:31:87:14:
                    4c:de:69:11:2a:ed:d4:93:7e:88:2a:e5:bb:57:3a:
                    04:aa:61:ad:f7:db:18:32:b7:04:a2:50:df:80:f7:
                    9a:ad:82:4d:31:1a:ef:7d:ca:25:5b:dd:2c:7f:99:
                    2f:3d:63:12:18:87:58:71:63:2b:cc:e3:ae:c2:0b:
                    4b:13:97:96:6b:26:c5:2a:6f:a1:62:c1:b3:db:7b:
                    63:2c:05:ab:0a:fb:69:3a:12:01:9c:78:1e:e6:b7:
                    48:02:50:75:e9:9e:c4:3b:a0:a7:3f:b8:c1:45:cd:
                    c2:47:52:3e:47:ad:53:98:80:45:d5:42:86:b9:74:
                    d8:74:88:19:78:fb:06:65:7a:2a:1f:7c:ad:f5:5d:
                    d7:85:6c:70:ff:8e:92:15:89:4f:59:67:f0:ad:f1:
                    69:5b:32:8d:02:96:94:5a:b1:cf:c0:4a:8c:2e:2d:
                    fc:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:DF:EA:27:34:39:08:96:BB:AD:3F:5F:BA:62:9E:57:DC:62:BD:D1
            X509v3 Authority Key Identifier:
                keyid:73:F4:BB:DB:D7:A2:1D:6E:7B:9E:4B:F5:B0:C8:17:22:CC:C2:1D:67

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91BDDB8/D3DD37F8F3B311E888D37228C4F9AE02/c_S729eiHW57nkv1sMgXIszCHWc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/c_S729eiHW57nkv1sMgXIszCHWc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91BDDB8/D3DD37F8F3B311E888D37228C4F9AE02/732BAF02BF5D11EB8199C943C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.243.160.0/22
                  103.28.88.0/23
                  103.109.100.0/22
                  183.81.168.0/23
                IPv6:
                  2402:7840::/32

    Signature Algorithm: sha256WithRSAEncryption
         95:fa:66:aa:a0:7d:02:b6:89:89:2c:72:30:2d:8a:7a:fc:ca:
         7c:e4:c1:48:fc:b9:9f:3d:bc:01:cb:31:c3:55:2f:f0:50:bb:
         b9:64:78:4e:5b:d8:2b:8e:70:42:b5:4f:50:45:15:fe:ed:e4:
         6a:23:97:d5:fe:fa:fc:c4:66:52:d8:bc:34:f1:e2:21:b8:ed:
         92:c6:12:36:9d:a5:62:06:69:af:4c:48:3b:16:16:1e:16:6c:
         05:77:f1:6c:16:08:e7:3e:29:59:56:fc:c6:a2:c7:6a:56:29:
         b1:d8:f6:02:72:ea:8b:5d:cc:eb:80:42:4d:63:c8:2c:09:bf:
         2f:14:d2:92:a6:75:78:74:ad:b5:63:63:b8:a2:54:1f:88:ea:
         13:f2:89:1a:4e:79:fe:e5:8a:80:fd:ca:d1:db:bb:bb:a4:1f:
         77:93:98:d5:fc:44:c4:d9:7d:52:cd:ad:c2:da:53:59:bd:42:
         de:06:0e:61:02:bc:53:e3:4f:89:88:b1:66:71:68:43:4c:4a:
         37:97:1a:aa:dc:52:cb:eb:23:af:15:b5:ca:a8:82:4a:64:f7:
         65:20:41:0b:93:4e:53:ed:ab:14:72:ea:4f:07:b5:e4:f0:9a:
         ee:b9:65:ec:55:7e:4a:16:cb:e2:32:5c:e8:68:72:b3:ec:57:
         a2:82:00:46
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICEaMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QkREQjgxMTAvBgNVBAUTKDczRjRCQkRCRDdBMjFENkU3QjlFNEJGNUIwQzgxNzIy
Q0NDMjFENjcwHhcNMjUwMzEwMTczNjM5WhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02N2NmMjMyNy04MjMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuDj3D5k3ArfckIFx8oPax/sGKCwFheSX3IXe5Z9FgIU8qZkdaHSaDzq5verr
SDuq9huqY3pq1S5lpyOx2v7Dlv+pU8yaCXkwEDZ7CrtD5G2OZUTtoGgxhxRM3mkR
Ku3Uk36IKuW7VzoEqmGt99sYMrcEolDfgPearYJNMRrvfcolW90sf5kvPWMSGIdY
cWMrzOOuwgtLE5eWaybFKm+hYsGz23tjLAWrCvtpOhIBnHge5rdIAlB16Z7EO6Cn
P7jBRc3CR1I+R61TmIBF1UKGuXTYdIgZePsGZXoqH3yt9V3XhWxw/46SFYlPWWfw
rfFpWzKNApaUWrHPwEqMLi38twIDAQABo4ICtjCCArIwHQYDVR0OBBYEFCXf6ic0
OQiWu60/X7pinlfcYr3RMB8GA1UdIwQYMBaAFHP0u9vXoh1ue55L9bDIFyLMwh1n
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCRERCOC9EM0REMzdGOEYz
QjMxMUU4ODhEMzcyMjhDNEY5QUUwMi9jX1M3MjllaUhXNTdua3Yxc01nWElzekNI
V2MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2NfUzcyOWVpSFc1N25rdjFzTWdYSXN6Q0hXYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QkREQjgvRDNERDM3RjhGM0IzMTFFODg4RDM3MjI4QzRGOUFFMDIvNzMyQkFGMDJC
RjVEMTFFQjgxOTlDOTQzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMB4EAgABMBgDBAIr86ADBAFnHFgDBAJnbWQDBAG3UagwDQQCAAIwBwMFACQC
eEAwDQYJKoZIhvcNAQELBQADggEBAJX6ZqqgfQK2iYkscjAtinr8ynzkwUj8uZ89
vAHLMcNVL/BQu7lkeE5b2CuOcEK1T1BFFf7t5Gojl9X++vzEZlLYvDTx4iG47ZLG
EjadpWIGaa9MSDsWFh4WbAV38WwWCOc+KVlW/Maix2pWKbHY9gJy6otdzOuAQk1j
yCwJvy8U0pKmdXh0rbVjY7iiVB+I6hPyiRpOef7lioD9ytHbu7ukH3eTmNX8RMTZ
fVLNrcLaU1m9Qt4GDmECvFPjT4mIsWZxaENMSjeXGqrcUsvrI68Vtcqogkpk92Ug
QQuTTlPtqxRy6k8HteTwmu65ZexVfkoWy+IyXOhocrPsV6KCAEY=
-----END CERTIFICATE-----