Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91D1216/DC78268CB94B11EC832B7419C4F9AE02/AD17704445F611EE97DF317CC4F9AE02.roa
File:                     AD17704445F611EE97DF317CC4F9AE02.roa (raw, json)
Hash identifier:          sdrVSjIs8Qd6YgjT3RuNMeG76kE1PDfBoWYkgwiCgcM=
Subject key identifier:   D2:5F:51:03:3F:CC:2D:E3:46:89:97:3B:65:3B:E2:F7:E5:AD:4D:46
Certificate issuer:       /CN=A91D1216/serialNumber=6DBD5C4D0121FCB318E78C451B6F567320986002
Certificate serial:       035D
Authority key identifier: 6D:BD:5C:4D:01:21:FC:B3:18:E7:8C:45:1B:6F:56:73:20:98:60:02
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bb1cTQEh_LMY54xFG29WcyCYYAI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91D1216/DC78268CB94B11EC832B7419C4F9AE02/AD17704445F611EE97DF317CC4F9AE02.roa
Signing time:             Wed 11 Dec 2024 01:15:01 +0000
ROA not before:           Wed 11 Dec 2024 01:15:01 +0000
ROA not after:            Sat 31 Jan 2026 00:00:00 +0000
asID:                     137549
IP address blocks:        125.254.120.0/21 maxlen: 21
                          125.254.120.0/22 maxlen: 22
                          125.254.124.0/22 maxlen: 22
                          202.169.16.0/21 maxlen: 21
                          202.169.16.0/22 maxlen: 22
                          202.169.16.0/23 maxlen: 23
                          202.169.18.0/23 maxlen: 23
                          202.169.20.0/23 maxlen: 23
                          202.169.20.0/24 maxlen: 24
                          202.169.21.0/24 maxlen: 24
                          202.169.23.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 861 (0x35d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91D1216
        Validity
            Not Before: Dec 11 01:15:01 2024 GMT
            Not After : Jan 31 00:00:00 2026 GMT
        Subject: CN=6758e794-ad50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:76:7f:f2:90:29:b1:58:8b:e6:27:46:06:60:
                    f2:9e:03:ad:fd:a6:9a:7d:ee:cb:dc:2e:a2:96:e2:
                    4c:e2:58:1d:98:45:a7:e5:9b:99:7b:5f:5a:c7:02:
                    c6:24:88:55:49:ac:f5:a2:db:13:18:28:13:67:34:
                    43:e1:03:02:17:08:42:f9:e4:11:bc:f7:10:d5:de:
                    6d:e1:4e:4e:b3:41:ff:0c:ab:3d:75:86:f5:a4:f5:
                    f5:03:4e:0f:26:da:6e:ad:df:0f:66:d2:8d:17:d8:
                    7a:db:8e:ce:b6:d0:9a:05:40:20:14:0b:ea:50:f2:
                    12:89:33:70:a4:2a:13:d7:4d:55:d0:2c:62:20:8b:
                    65:ef:40:b1:0e:c8:fd:94:04:25:01:32:11:2f:62:
                    c1:93:d5:fe:10:2a:31:81:86:c8:07:85:d3:d2:df:
                    f0:4c:a0:b9:4b:72:fe:7a:f4:48:a3:39:8c:e5:42:
                    f8:4b:e1:68:35:5e:60:99:a6:d9:19:0b:48:a5:44:
                    60:93:71:f6:03:b4:cc:c5:ab:26:58:dc:1b:cd:6f:
                    b0:75:4e:54:c6:29:41:f2:42:69:e7:7e:fd:7c:e3:
                    5a:86:3c:ee:a5:2e:ed:15:70:45:63:63:31:72:4d:
                    b3:ae:b3:c0:bc:f5:2a:48:5c:9b:cd:c1:98:00:31:
                    c8:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:5F:51:03:3F:CC:2D:E3:46:89:97:3B:65:3B:E2:F7:E5:AD:4D:46
            X509v3 Authority Key Identifier:
                keyid:6D:BD:5C:4D:01:21:FC:B3:18:E7:8C:45:1B:6F:56:73:20:98:60:02

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91D1216/DC78268CB94B11EC832B7419C4F9AE02/bb1cTQEh_LMY54xFG29WcyCYYAI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bb1cTQEh_LMY54xFG29WcyCYYAI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D1216/DC78268CB94B11EC832B7419C4F9AE02/AD17704445F611EE97DF317CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  125.254.120.0/21
                  202.169.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8a:4f:44:9a:ca:d3:cb:a9:1b:9a:e4:9f:4c:63:a1:dd:24:3a:
         fa:48:0d:d4:8f:cb:f5:26:02:42:c9:04:e9:45:c3:c2:37:4f:
         9d:2c:df:38:85:5f:ab:9d:aa:ed:d3:cb:07:13:60:5b:59:5d:
         d6:16:f5:81:be:ba:e0:c1:97:12:31:73:b5:c4:6e:31:a7:3b:
         1e:ca:fc:61:11:ae:d3:a4:7c:58:3b:51:98:d3:aa:55:d0:07:
         9b:dc:5f:aa:9a:47:6c:94:df:fe:a7:a7:00:1e:9d:4a:62:cf:
         6f:9a:98:24:16:e5:11:5b:5f:77:e6:17:44:49:86:89:6e:0f:
         b8:17:ed:9b:d7:02:0d:b8:22:03:4d:94:95:5c:c3:40:3a:87:
         d6:59:a5:cf:d7:01:3d:9a:3f:50:1f:7d:be:1d:93:f1:ad:75:
         af:da:16:35:85:98:ea:1e:c3:16:e7:00:ec:30:ba:fa:e8:6e:
         43:5b:00:9a:89:42:1a:37:94:b4:d5:a2:bb:cb:ff:32:1f:b8:
         f6:5f:30:0d:bc:5f:58:82:46:9a:53:df:24:b6:22:86:51:e9:
         fe:76:f9:d3:c5:25:3d:65:98:a3:14:0a:f6:6b:0a:e0:d5:eb:
         60:4e:48:17:22:b0:96:52:91:c6:db:25:b6:31:a0:2c:4f:5a:
         9f:99:c5:a7
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICA10wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDEyMTYxMTAvBgNVBAUTKDZEQkQ1QzREMDEyMUZDQjMxOEU3OEM0NTFCNkY1Njcz
MjA5ODYwMDIwHhcNMjQxMjExMDExNTAxWhcNMjYwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzU4ZTc5NC1hZDUwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzXZ/8pApsViL5idGBmDyngOt/aaafe7L3C6iluJM4lgdmEWn5ZuZe19axwLG
JIhVSaz1otsTGCgTZzRD4QMCFwhC+eQRvPcQ1d5t4U5Os0H/DKs9dYb1pPX1A04P
Jtpurd8PZtKNF9h6247OttCaBUAgFAvqUPISiTNwpCoT101V0CxiIItl70CxDsj9
lAQlATIRL2LBk9X+ECoxgYbIB4XT0t/wTKC5S3L+evRIozmM5UL4S+FoNV5gmabZ
GQtIpURgk3H2A7TMxasmWNwbzW+wdU5UxilB8kJp5379fONahjzupS7tFXBFY2Mx
ck2zrrPAvPUqSFybzcGYADHIxQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFNJfUQM/
zC3jRomXO2U74vflrU1GMB8GA1UdIwQYMBaAFG29XE0BIfyzGOeMRRtvVnMgmGAC
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEMTIxNi9EQzc4MjY4Q0I5
NEIxMUVDODMyQjc0MTlDNEY5QUUwMi9iYjFjVFFFaF9MTVk1NHhGRzI5V2N5Q1lZ
QUkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2JiMWNUUUVoX0xNWTU0eEZHMjlXY3lDWVlBSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDEyMTYvREM3ODI2OENCOTRCMTFFQzgzMkI3NDE5QzRGOUFFMDIvQUQxNzcwNDQ0
NUY2MTFFRTk3REYzMTdDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAN9/ngDBAPKqRAwDQYJKoZIhvcNAQELBQADggEBAIpPRJrK
08upG5rkn0xjod0kOvpIDdSPy/UmAkLJBOlFw8I3T50s3ziFX6udqu3TywcTYFtZ
XdYW9YG+uuDBlxIxc7XEbjGnOx7K/GERrtOkfFg7UZjTqlXQB5vcX6qaR2yU3/6n
pwAenUpiz2+amCQW5RFbX3fmF0RJholuD7gX7ZvXAg24IgNNlJVcw0A6h9ZZpc/X
AT2aP1Affb4dk/Gtda/aFjWFmOoewxbnAOwwuvrobkNbAJqJQho3lLTVorvL/zIf
uPZfMA28X1iCRppT3yS2IoZR6f52+dPFJT1lmKMUCvZrCuDV62BOSBcisJZSkcbb
JbYxoCxPWp+Zxac=
-----END CERTIFICATE-----