Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91EA198/AD629222B52511E6AF6C895EC4F9AE02/DF730482A32311EFBE77BA2EC4F9AE02.roa
File:                     DF730482A32311EFBE77BA2EC4F9AE02.roa (raw, json)
Hash identifier:          nvySfMAS7TN3zTFr4mHSPK7RJZZnC8NIvHsh40VIoNk=
Subject key identifier:   1B:96:01:AF:21:DF:CD:97:04:F4:A9:CF:83:4F:F7:8B:4A:71:54:D8
Certificate issuer:       /CN=A91EA198/serialNumber=5FEEDE9D382543F051527FA533D47A917077E632
Certificate serial:       1DC7
Authority key identifier: 5F:EE:DE:9D:38:25:43:F0:51:52:7F:A5:33:D4:7A:91:70:77:E6:32
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/X-7enTglQ_BRUn-lM9R6kXB35jI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91EA198/AD629222B52511E6AF6C895EC4F9AE02/DF730482A32311EFBE77BA2EC4F9AE02.roa
Signing time:             Wed 18 Dec 2024 16:13:54 +0000
ROA not before:           Wed 18 Dec 2024 16:13:54 +0000
ROA not after:            Mon 02 Mar 2026 00:00:00 +0000
asID:                     24429
IP address blocks:        8.148.36.0/24 maxlen: 24
                          8.148.37.0/24 maxlen: 24
                          8.148.38.0/24 maxlen: 24
                          8.148.39.0/24 maxlen: 24
                          8.148.40.0/24 maxlen: 24
                          8.148.41.0/24 maxlen: 24
                          8.148.42.0/24 maxlen: 24
                          8.148.43.0/24 maxlen: 24
                          170.33.98.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7623 (0x1dc7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91EA198
        Validity
            Not Before: Dec 18 16:13:54 2024 GMT
            Not After : Mar  2 00:00:00 2026 GMT
        Subject: CN=6762f4c2-25d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:c7:36:80:47:84:92:a8:25:69:25:1d:1b:54:
                    32:49:d8:b8:41:14:59:b7:b2:bb:f8:cd:58:97:06:
                    24:a8:b9:3a:22:0c:e8:f1:70:0a:93:d4:cb:b7:88:
                    8e:9e:1c:ce:a8:bf:ca:15:46:5e:3b:ec:24:23:c6:
                    92:e7:40:d6:e1:dd:dc:ed:11:7c:6b:df:a4:a4:bd:
                    5a:00:db:2f:2d:bf:5f:4e:0d:50:b2:e4:47:39:c6:
                    61:4b:aa:0b:8a:a8:3a:3d:d1:75:ae:c6:3a:3d:78:
                    12:d8:d8:9c:26:c5:e6:ee:71:b8:87:dd:d6:bd:bc:
                    fb:14:06:3b:c9:71:9d:27:b7:c0:32:2f:f3:0e:30:
                    61:55:2e:c8:bc:e9:36:74:6f:53:a2:e0:99:bc:ad:
                    57:1a:1e:c5:70:bb:12:f0:44:6f:42:ed:fa:a7:8a:
                    6e:d1:41:e6:72:8b:a3:3b:d4:bc:d5:ab:b0:8b:b2:
                    bf:a7:c6:f7:22:f4:44:e8:56:00:ac:72:37:dc:65:
                    9e:37:dc:dc:39:11:49:c3:b8:49:02:48:00:c1:b3:
                    70:99:29:e7:97:f2:65:90:0e:f8:b6:5e:45:3a:fe:
                    a7:96:9c:6c:09:4f:19:a2:da:0d:76:3d:5c:01:16:
                    62:e6:35:08:42:33:c4:c3:8f:03:68:84:ef:5a:b1:
                    d3:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:96:01:AF:21:DF:CD:97:04:F4:A9:CF:83:4F:F7:8B:4A:71:54:D8
            X509v3 Authority Key Identifier:
                keyid:5F:EE:DE:9D:38:25:43:F0:51:52:7F:A5:33:D4:7A:91:70:77:E6:32

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91EA198/AD629222B52511E6AF6C895EC4F9AE02/X-7enTglQ_BRUn-lM9R6kXB35jI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/X-7enTglQ_BRUn-lM9R6kXB35jI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EA198/AD629222B52511E6AF6C895EC4F9AE02/DF730482A32311EFBE77BA2EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  8.148.36.0-8.148.43.255
                  170.33.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:eb:40:36:61:eb:28:26:8e:3a:80:f5:c6:7e:f3:72:ea:3c:
         d2:b2:7b:25:d7:65:45:f1:80:e3:76:20:bd:7f:5f:9f:f2:db:
         6c:18:fd:7c:31:9b:e4:0c:9f:1a:67:aa:e9:ca:a4:03:64:18:
         60:22:16:e5:22:c4:23:5e:f0:df:df:31:4c:db:68:d5:57:c6:
         0a:6b:0e:b0:31:f6:e2:68:ee:cb:bb:ac:64:51:7e:6d:92:c9:
         6c:73:f3:07:8e:54:e0:51:b1:25:1d:36:3a:93:43:e7:cb:ff:
         e6:de:06:bb:f2:f6:20:11:00:29:2a:dd:e6:c4:cb:43:ad:87:
         ac:1c:f6:a0:f5:f0:a0:22:09:20:82:8f:14:51:5f:31:3f:83:
         19:dc:f0:14:f7:c8:3d:0c:6c:c8:93:12:d4:87:3b:6d:4f:68:
         ba:7f:14:f8:44:43:95:8f:74:8c:41:d6:0b:d8:51:8e:18:9e:
         5e:11:cf:59:1e:8a:d8:7e:e5:37:b2:3c:9e:8d:03:1c:3e:8e:
         c1:92:b9:56:ef:5d:3e:0a:f8:f1:90:97:c9:b3:95:40:ca:74:
         18:03:bc:85:3e:77:59:23:97:41:9a:dc:2c:40:05:ee:ae:a7:
         f0:d5:d3:8d:0f:2e:94:0f:da:54:6a:97:b6:86:07:6b:2d:27:
         1a:65:8d:7f
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgICHccwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUExOTgxMTAvBgNVBAUTKDVGRUVERTlEMzgyNTQzRjA1MTUyN0ZBNTMzRDQ3QTkx
NzA3N0U2MzIwHhcNMjQxMjE4MTYxMzU0WhcNMjYwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzYyZjRjMi0yNWQxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAp8c2gEeEkqglaSUdG1QySdi4QRRZt7K7+M1YlwYkqLk6Igzo8XAKk9TLt4iO
nhzOqL/KFUZeO+wkI8aS50DW4d3c7RF8a9+kpL1aANsvLb9fTg1QsuRHOcZhS6oL
iqg6PdF1rsY6PXgS2NicJsXm7nG4h93Wvbz7FAY7yXGdJ7fAMi/zDjBhVS7IvOk2
dG9TouCZvK1XGh7FcLsS8ERvQu36p4pu0UHmcoujO9S81auwi7K/p8b3IvRE6FYA
rHI33GWeN9zcORFJw7hJAkgAwbNwmSnnl/JlkA74tl5FOv6nlpxsCU8ZotoNdj1c
ARZi5jUIQjPEw48DaITvWrHTIQIDAQABo4ICozCCAp8wHQYDVR0OBBYEFBuWAa8h
382XBPSpz4NP94tKcVTYMB8GA1UdIwQYMBaAFF/u3p04JUPwUVJ/pTPUepFwd+Yy
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQTE5OC9BRDYyOTIyMkI1
MjUxMUU2QUY2Qzg5NUVDNEY5QUUwMi9YLTdlblRnbFFfQlJVbi1sTTlSNmtYQjM1
akkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL1gtN2VuVGdsUV9CUlVuLWxNOVI2a1hCMzVqSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUExOTgvQUQ2MjkyMjJCNTI1MTFFNkFGNkM4OTVFQzRGOUFFMDIvREY3MzA0ODJB
MzIzMTFFRkJFNzdCQTJFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLQYIKwYBBQUHAQcBAf8E
HjAcMBoEAgABMBQwDAMEAgiUJAMEAgiUKAMEAKohYjANBgkqhkiG9w0BAQsFAAOC
AQEAF+tANmHrKCaOOoD1xn7zcuo80rJ7JddlRfGA43YgvX9fn/LbbBj9fDGb5Ayf
Gmeq6cqkA2QYYCIW5SLEI17w398xTNto1VfGCmsOsDH24mjuy7usZFF+bZLJbHPz
B45U4FGxJR02OpND58v/5t4Gu/L2IBEAKSrd5sTLQ62HrBz2oPXwoCIJIIKPFFFf
MT+DGdzwFPfIPQxsyJMS1Ic7bU9oun8U+ERDlY90jEHWC9hRjhieXhHPWR6K2H7l
N7I8no0DHD6OwZK5Vu9dPgr48ZCXybOVQMp0GAO8hT53WSOXQZrcLEAF7q6n8NXT
jQ8ulA/aVGqXtoYHay0nGmWNfw==
-----END CERTIFICATE-----