Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DC4E1/2004F144160111E7A8AC225DC4F9AE02/20772F82207611E7AD8F8459C4F9AE02.roa
File:                     20772F82207611E7AD8F8459C4F9AE02.roa (raw, json)
Hash identifier:          Pb6kM9WouPrp2XawpESgoX55xTNZIYJEDsvGscWBa08=
Subject key identifier:   A0:88:88:F0:8C:71:3E:C6:0C:02:15:A4:42:EC:2A:3A:8C:B9:F4:57
Certificate issuer:       /CN=A91DC4E1/serialNumber=DC1B39B54F60891AC778A9316D71B0BE8006396E
Certificate serial:       1A8D
Authority key identifier: DC:1B:39:B5:4F:60:89:1A:C7:78:A9:31:6D:71:B0:BE:80:06:39:6E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3Bs5tU9giRrHeKkxbXGwvoAGOW4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DC4E1/2004F144160111E7A8AC225DC4F9AE02/20772F82207611E7AD8F8459C4F9AE02.roa
Signing time:             Thu 02 May 2024 17:04:49 +0000
ROA not before:           Thu 02 May 2024 17:04:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136473
IP address blocks:        103.89.140.0/22 maxlen: 22
                          103.89.140.0/24 maxlen: 24
                          103.89.141.0/24 maxlen: 24
                          103.89.142.0/24 maxlen: 24
                          103.89.143.0/24 maxlen: 24
                          202.14.204.0/22 maxlen: 22
                          202.14.204.0/24 maxlen: 24
                          202.14.205.0/24 maxlen: 24
                          202.14.206.0/24 maxlen: 24
                          202.14.207.0/24 maxlen: 24
                          2400:f040::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6797 (0x1a8d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DC4E1
        Validity
            Not Before: May  2 17:04:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6633c7b1-c2e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:0f:2f:c8:79:32:64:25:d5:87:dd:e8:28:4a:
                    19:8f:53:ac:24:2c:27:8b:44:a6:0a:cb:da:d9:7b:
                    2e:77:f6:aa:6b:6d:ed:c6:fb:3a:7a:46:7d:e3:34:
                    99:8e:11:4a:a8:ca:bd:06:37:cd:07:13:20:9b:e0:
                    c3:0d:38:d2:34:aa:1c:8e:b4:91:e5:85:08:d7:bc:
                    a7:94:42:8e:b3:3e:78:09:b1:6c:6d:2b:5b:8a:b3:
                    ea:50:d7:95:f7:b2:6d:05:b7:24:10:f8:6d:35:45:
                    40:c2:c8:f6:4d:ae:fa:8f:68:fd:d6:95:48:f5:2f:
                    69:66:b2:10:0c:04:26:a8:75:cf:03:73:19:fc:96:
                    1c:cc:4f:3a:3c:9f:c7:f8:6a:99:2e:5e:b3:da:05:
                    5a:41:29:48:01:8e:bb:49:56:46:46:03:ac:a3:35:
                    2c:e8:10:12:fe:bd:e4:28:ce:89:57:07:de:9e:a1:
                    05:9e:1b:3e:92:2b:cc:37:ed:3e:58:52:38:8b:e0:
                    e3:0c:18:1a:ed:d5:2e:5e:14:ad:ff:1b:31:0e:8d:
                    13:9b:a9:7a:5c:f1:1e:aa:eb:5a:ee:0d:7e:0e:f7:
                    d5:3f:19:25:1c:56:54:7b:08:59:b0:8d:c1:87:87:
                    16:60:a1:84:2d:66:b5:0d:06:c6:5b:f9:a2:b1:1c:
                    25:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:88:88:F0:8C:71:3E:C6:0C:02:15:A4:42:EC:2A:3A:8C:B9:F4:57
            X509v3 Authority Key Identifier:
                keyid:DC:1B:39:B5:4F:60:89:1A:C7:78:A9:31:6D:71:B0:BE:80:06:39:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DC4E1/2004F144160111E7A8AC225DC4F9AE02/3Bs5tU9giRrHeKkxbXGwvoAGOW4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3Bs5tU9giRrHeKkxbXGwvoAGOW4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DC4E1/2004F144160111E7A8AC225DC4F9AE02/20772F82207611E7AD8F8459C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.89.140.0/22
                  202.14.204.0/22
                IPv6:
                  2400:f040::/32

    Signature Algorithm: sha256WithRSAEncryption
         1d:07:a1:b0:b3:d3:5c:c3:f9:52:0d:c7:f8:d2:15:b1:b3:2f:
         8a:30:20:4d:fc:ea:d4:f8:4f:3a:77:64:3e:e9:8e:2b:52:c1:
         84:76:51:59:2d:a5:84:7c:32:62:63:e1:53:01:b6:f7:cc:be:
         2f:04:6d:18:9a:0c:38:38:43:f0:e9:a7:a7:11:84:df:e0:80:
         59:f2:79:1c:53:e7:14:41:40:f9:79:82:7b:8e:17:bf:4c:26:
         be:b7:57:08:6e:ae:1b:10:68:2a:e7:c4:a4:34:d8:fe:ee:3f:
         7b:a4:33:19:33:e6:90:d6:23:e6:d8:33:7a:13:f1:8f:ec:25:
         cc:84:c0:62:13:3e:92:43:85:12:10:7f:da:2d:b7:3e:8b:c1:
         a8:0a:62:e2:43:19:11:c3:0a:8a:8e:99:2d:0d:c7:b3:af:e8:
         ca:e4:d8:73:0f:53:16:c1:26:7e:0f:e5:f4:df:38:5d:4c:12:
         3c:39:e5:49:42:dc:31:e5:a8:27:f2:09:06:5b:40:69:61:7c:
         78:ee:73:e0:dc:00:34:8b:a9:25:96:60:3a:31:25:c5:dd:d0:
         b4:a8:fc:bc:70:60:25:dc:c1:c1:43:5d:0b:aa:83:09:cd:46:
         78:df:40:3f:17:75:d4:ff:7e:58:77:a2:ae:e6:0f:fc:87:55:
         eb:ba:f5:00
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICGo0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REM0RTExMTAvBgNVBAUTKERDMUIzOUI1NEY2MDg5MUFDNzc4QTkzMTZENzFCMEJF
ODAwNjM5NkUwHhcNMjQwNTAyMTcwNDQ5WhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjMzYzdiMS1jMmU4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4A8vyHkyZCXVh93oKEoZj1OsJCwni0SmCsva2Xsud/aqa23txvs6ekZ94zSZ
jhFKqMq9BjfNBxMgm+DDDTjSNKocjrSR5YUI17ynlEKOsz54CbFsbStbirPqUNeV
97JtBbckEPhtNUVAwsj2Ta76j2j91pVI9S9pZrIQDAQmqHXPA3MZ/JYczE86PJ/H
+GqZLl6z2gVaQSlIAY67SVZGRgOsozUs6BAS/r3kKM6JVwfenqEFnhs+kivMN+0+
WFI4i+DjDBga7dUuXhSt/xsxDo0Tm6l6XPEequta7g1+DvfVPxklHFZUewhZsI3B
h4cWYKGELWa1DQbGW/misRwlCwIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFKCIiPCM
cT7GDAIVpELsKjqMufRXMB8GA1UdIwQYMBaAFNwbObVPYIkax3ipMW1xsL6ABjlu
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEQzRFMS8yMDA0RjE0NDE2
MDExMUU3QThBQzIyNURDNEY5QUUwMi8zQnM1dFU5Z2lSckhlS2t4YlhHd3ZvQUdP
VzQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzNCczV0VTlnaVJySGVLa3hiWEd3dm9BR09XNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REM0RTEvMjAwNEYxNDQxNjAxMTFFN0E4QUMyMjVEQzRGOUFFMDIvMjA3NzJGODIy
MDc2MTFFN0FEOEY4NDU5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAJnWYwDBALKDswwDQQCAAIwBwMFACQA8EAwDQYJKoZIhvcN
AQELBQADggEBAB0HobCz01zD+VINx/jSFbGzL4owIE386tT4Tzp3ZD7pjitSwYR2
UVktpYR8MmJj4VMBtvfMvi8EbRiaDDg4Q/Dpp6cRhN/ggFnyeRxT5xRBQPl5gnuO
F79MJr63VwhurhsQaCrnxKQ02P7uP3ukMxkz5pDWI+bYM3oT8Y/sJcyEwGITPpJD
hRIQf9ottz6LwagKYuJDGRHDCoqOmS0Nx7Ov6Mrk2HMPUxbBJn4P5fTfOF1MEjw5
5UlC3DHlqCfyCQZbQGlhfHjuc+DcADSLqSWWYDoxJcXd0LSo/LxwYCXcwcFDXQuq
gwnNRnjfQD8XddT/flh3oq7mD/yHVeu69QA=
-----END CERTIFICATE-----