Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91D83D0/0A16208AAFBC11EAA961CB86C4F9AE02/5353EA28781F11EEBA05B17FC4F9AE02.roa
File:                     5353EA28781F11EEBA05B17FC4F9AE02.roa (raw, json)
Hash identifier:          Del+9YrkACA6yrhYJeSPVVuh01l/16gJ82iy69S9BRo=
Subject key identifier:   B6:DA:87:7C:DA:2F:25:B2:E9:D7:55:07:F6:38:4C:4E:7F:10:60:F6
Certificate issuer:       /CN=A91D83D0/serialNumber=C4E4F0DA010AF58637CC59628471E998B7243C52
Certificate serial:       08DF
Authority key identifier: C4:E4:F0:DA:01:0A:F5:86:37:CC:59:62:84:71:E9:98:B7:24:3C:52
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xOTw2gEK9YY3zFlihHHpmLckPFI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91D83D0/0A16208AAFBC11EAA961CB86C4F9AE02/5353EA28781F11EEBA05B17FC4F9AE02.roa
Signing time:             Fri 28 Mar 2025 21:13:45 +0000
ROA not before:           Fri 28 Mar 2025 21:13:45 +0000
ROA not after:            Thu 28 May 2026 00:00:00 +0000
asID:                     26496
IP address blocks:        43.255.152.0/22 maxlen: 24
                          103.1.172.0/22 maxlen: 24
                          118.139.160.0/19 maxlen: 24
                          182.50.128.0/19 maxlen: 24
                          203.124.96.0/19 maxlen: 24
                          2407:1c00::/32 maxlen: 32
                          2407:1c00:6100::/40 maxlen: 48
                          2407:1c00:6400::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2271 (0x8df)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91D83D0
        Validity
            Not Before: Mar 28 21:13:45 2025 GMT
            Not After : May 28 00:00:00 2026 GMT
        Subject: CN=67e71109-9332
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:bc:2b:c2:df:65:79:6d:c9:5f:43:30:c9:1d:
                    41:5b:2f:7e:7f:d0:06:6c:a6:40:f5:4f:e9:25:68:
                    be:b6:45:7e:ba:e8:4b:16:86:33:78:a7:48:3d:ca:
                    1d:50:ed:c6:b5:c3:5f:14:b3:4c:e4:97:9e:77:e9:
                    71:f6:82:16:f3:97:c3:89:33:31:9c:e3:0c:37:98:
                    b3:24:28:51:4b:cc:9f:53:d4:ce:0f:cb:8c:51:52:
                    29:ef:d8:89:f5:8a:1d:95:6a:22:d0:98:c2:f9:b4:
                    bb:c3:52:a7:8c:6e:03:51:d6:c4:6c:5d:ed:f4:4c:
                    7b:cc:58:b0:91:c1:22:c0:59:76:4a:c1:3a:4a:4f:
                    50:27:21:c5:92:79:ee:f5:91:a7:38:f7:01:8b:26:
                    f4:24:48:82:e2:dc:c0:6c:22:0d:7a:19:58:fc:35:
                    a4:5f:d9:d7:98:ca:0e:85:4a:2e:55:d2:ed:f5:e3:
                    18:25:ab:0f:95:04:09:83:f3:89:86:7e:22:33:ee:
                    c7:c3:6c:94:de:2d:9f:12:59:eb:30:40:8c:24:7b:
                    d1:18:54:b5:23:9d:a7:18:03:0c:57:0a:8f:2d:9d:
                    3a:79:35:6f:ac:c8:1d:4e:fb:aa:fc:4a:96:5f:cd:
                    df:cb:ec:24:88:04:77:ab:e2:15:cf:7f:f3:cb:1e:
                    e8:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:DA:87:7C:DA:2F:25:B2:E9:D7:55:07:F6:38:4C:4E:7F:10:60:F6
            X509v3 Authority Key Identifier:
                keyid:C4:E4:F0:DA:01:0A:F5:86:37:CC:59:62:84:71:E9:98:B7:24:3C:52

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91D83D0/0A16208AAFBC11EAA961CB86C4F9AE02/xOTw2gEK9YY3zFlihHHpmLckPFI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xOTw2gEK9YY3zFlihHHpmLckPFI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D83D0/0A16208AAFBC11EAA961CB86C4F9AE02/5353EA28781F11EEBA05B17FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.255.152.0/22
                  103.1.172.0/22
                  118.139.160.0/19
                  182.50.128.0/19
                  203.124.96.0/19
                IPv6:
                  2407:1c00::/32

    Signature Algorithm: sha256WithRSAEncryption
         0c:9d:74:9e:65:f1:9e:c1:29:19:b8:6e:d2:04:d0:f2:34:68:
         eb:29:92:30:ba:9a:0c:6f:7e:c6:53:94:ae:42:94:0f:57:23:
         53:19:b7:d7:b3:c9:24:72:7a:32:7c:9e:23:4d:e3:52:8f:96:
         df:23:dd:bd:9a:88:04:c9:3b:65:76:c0:f9:79:b3:77:2d:9a:
         bc:a7:c1:3f:0a:9b:0a:6a:9c:1e:3d:e3:d3:38:f1:10:2b:10:
         32:80:68:c9:df:31:54:55:a0:f0:37:91:a6:cf:25:99:f1:c8:
         1b:e8:25:46:41:1b:78:7e:d7:05:2d:af:d1:bf:7c:52:07:3e:
         65:8b:dc:46:38:b9:16:24:8b:eb:24:f0:e8:bf:41:bc:f6:f2:
         76:14:99:38:72:71:a8:18:02:9f:20:48:fd:c6:e9:da:95:34:
         28:7f:42:67:91:c4:02:ed:b8:a8:92:4b:eb:12:3c:10:41:85:
         4f:17:76:1b:8b:25:62:be:54:32:8b:60:e6:4f:1b:72:5b:1f:
         83:6a:1e:76:1c:0a:02:8e:de:be:c2:bf:8b:6c:a4:32:0f:63:
         b3:88:68:48:77:4a:f3:82:f9:74:f3:38:20:99:62:ae:7f:21:
         1e:65:85:58:72:72:4a:dc:7b:7b:d7:c0:14:0e:e8:31:76:da:
         b5:a9:55:75
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgICCN8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDgzRDAxMTAvBgNVBAUTKEM0RTRGMERBMDEwQUY1ODYzN0NDNTk2Mjg0NzFFOTk4
QjcyNDNDNTIwHhcNMjUwMzI4MjExMzQ1WhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02N2U3MTEwOS05MzMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyLwrwt9leW3JX0MwyR1BWy9+f9AGbKZA9U/pJWi+tkV+uuhLFoYzeKdIPcod
UO3GtcNfFLNM5Jeed+lx9oIW85fDiTMxnOMMN5izJChRS8yfU9TOD8uMUVIp79iJ
9YodlWoi0JjC+bS7w1KnjG4DUdbEbF3t9Ex7zFiwkcEiwFl2SsE6Sk9QJyHFknnu
9ZGnOPcBiyb0JEiC4tzAbCINehlY/DWkX9nXmMoOhUouVdLt9eMYJasPlQQJg/OJ
hn4iM+7Hw2yU3i2fElnrMECMJHvRGFS1I52nGAMMVwqPLZ06eTVvrMgdTvuq/EqW
X83fy+wkiAR3q+IVz3/zyx7o/QIDAQABo4ICvDCCArgwHQYDVR0OBBYEFLbah3za
LyWy6ddVB/Y4TE5/EGD2MB8GA1UdIwQYMBaAFMTk8NoBCvWGN8xZYoRx6Zi3JDxS
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEODNEMC8wQTE2MjA4QUFG
QkMxMUVBQTk2MUNCODZDNEY5QUUwMi94T1R3MmdFSzlZWTN6RmxpaEhIcG1MY2tQ
RkkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3hPVHcyZ0VLOVlZM3pGbGloSEhwbUxja1BGSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDgzRDAvMEExNjIwOEFBRkJDMTFFQUE5NjFDQjg2QzRGOUFFMDIvNTM1M0VBMjg3
ODFGMTFFRUJBMDVCMTdGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRgYIKwYBBQUHAQcBAf8E
NzA1MCQEAgABMB4DBAIr/5gDBAJnAawDBAV2i6ADBAW2MoADBAXLfGAwDQQCAAIw
BwMFACQHHAAwDQYJKoZIhvcNAQELBQADggEBAAyddJ5l8Z7BKRm4btIE0PI0aOsp
kjC6mgxvfsZTlK5ClA9XI1MZt9ezySRyejJ8niNN41KPlt8j3b2aiATJO2V2wPl5
s3ctmrynwT8KmwpqnB4949M48RArEDKAaMnfMVRVoPA3kabPJZnxyBvoJUZBG3h+
1wUtr9G/fFIHPmWL3EY4uRYki+sk8Oi/Qbz28nYUmThycagYAp8gSP3G6dqVNCh/
QmeRxALtuKiSS+sSPBBBhU8XdhuLJWK+VDKLYOZPG3JbH4NqHnYcCgKO3r7Cv4ts
pDIPY7OIaEh3SvOC+XTzOCCZYq5/IR5lhVhyckrce3vXwBQO6DF22rWpVXU=
-----END CERTIFICATE-----