Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91F8534/6E6A462CFEDD11E5B4905D7CC4F9AE02/173CA1AABCA011ED914D176DC4F9AE02.roa
File:                     173CA1AABCA011ED914D176DC4F9AE02.roa (raw, json)
Hash identifier:          hUdH/uVzYkF0LtRZr5OEyKuVBZZQ6yEh3YtiBoLV0Iw=
Subject key identifier:   B8:CA:C1:ED:B9:B3:D8:13:26:F2:20:E1:C9:16:CB:4E:C3:25:49:EE
Certificate issuer:       /CN=A91F8534/serialNumber=FE1D5BF902FA912D7E0B5E980CF91DBDFD2BB64F
Certificate serial:       20B2
Authority key identifier: FE:1D:5B:F9:02:FA:91:2D:7E:0B:5E:98:0C:F9:1D:BD:FD:2B:B6:4F
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_h1b-QL6kS1-C16YDPkdvf0rtk8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91F8534/6E6A462CFEDD11E5B4905D7CC4F9AE02/173CA1AABCA011ED914D176DC4F9AE02.roa
Signing time:             Fri 14 Feb 2025 16:33:53 +0000
ROA not before:           Fri 14 Feb 2025 16:33:53 +0000
ROA not after:            Tue 31 Mar 2026 00:00:00 +0000
asID:                     64072
IP address blocks:        103.25.120.0/22 maxlen: 24
                          2404:bc80::/32 maxlen: 32
                          2404:bc80::/48 maxlen: 48
                          2404:bc80:1::/48 maxlen: 48
                          2404:bc80:2::/48 maxlen: 48
                          2404:bc80:3::/48 maxlen: 48
                          2404:bc80:4::/48 maxlen: 48
                          2404:bc80:5::/48 maxlen: 48
                          2404:bc80:6::/48 maxlen: 48
                          2404:bc80:7::/48 maxlen: 48
                          2404:bc80:8::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8370 (0x20b2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F8534
        Validity
            Not Before: Feb 14 16:33:53 2025 GMT
            Not After : Mar 31 00:00:00 2026 GMT
        Subject: CN=67af7071-2655
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e3:70:9b:f3:26:53:e2:2c:0b:04:41:0a:cd:
                    e9:f4:21:24:c0:c2:3d:28:66:bd:1e:7b:b8:21:45:
                    13:85:e8:40:ac:66:b7:40:3d:fb:cc:65:7c:63:c9:
                    50:4f:b6:9f:41:7f:dc:9b:b6:3b:06:61:6a:23:35:
                    0b:e9:c0:84:ea:f8:68:32:19:f8:42:21:38:34:b1:
                    85:1f:52:3a:00:4b:2d:a6:2b:99:92:94:86:9d:1e:
                    c2:4e:17:10:ea:55:5e:17:2e:ad:3f:4b:18:cf:2f:
                    f8:96:f1:19:56:91:18:fa:9f:cb:cb:ef:0c:3c:89:
                    5b:2d:08:97:f6:38:c1:f1:b7:4f:80:df:ef:e9:19:
                    e5:7a:67:02:b6:ce:9b:df:b0:f4:16:d6:89:20:4e:
                    9b:93:ba:58:6f:f1:b8:8b:2f:8a:27:ad:54:e4:cf:
                    f0:b2:90:0d:3a:3d:a4:8c:0c:98:6d:ee:34:f5:39:
                    a2:d2:19:c5:61:56:e6:b5:a7:30:70:8c:9b:e2:cc:
                    9e:1d:01:3e:69:93:22:71:3f:8e:d1:70:68:3c:f9:
                    6d:c7:4f:ee:8e:50:82:d9:e7:25:82:61:99:2a:a0:
                    be:ff:a3:a3:16:e2:3b:23:57:fc:b7:2f:eb:7c:6c:
                    f0:78:11:dc:c1:03:8f:11:15:37:aa:22:eb:40:34:
                    66:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:CA:C1:ED:B9:B3:D8:13:26:F2:20:E1:C9:16:CB:4E:C3:25:49:EE
            X509v3 Authority Key Identifier:
                keyid:FE:1D:5B:F9:02:FA:91:2D:7E:0B:5E:98:0C:F9:1D:BD:FD:2B:B6:4F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91F8534/6E6A462CFEDD11E5B4905D7CC4F9AE02/_h1b-QL6kS1-C16YDPkdvf0rtk8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_h1b-QL6kS1-C16YDPkdvf0rtk8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F8534/6E6A462CFEDD11E5B4905D7CC4F9AE02/173CA1AABCA011ED914D176DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.25.120.0/22
                IPv6:
                  2404:bc80::/32

    Signature Algorithm: sha256WithRSAEncryption
         79:d1:0c:9a:8d:62:72:49:3f:70:0f:23:c9:ed:ad:57:83:1a:
         ad:d9:ce:28:b3:a1:bf:61:c7:2b:e1:89:19:8c:0b:d9:05:85:
         63:1b:56:75:6c:6b:b1:61:c8:52:a7:bb:e7:5d:3d:fc:49:1a:
         98:92:c0:76:e8:04:0b:47:af:ff:0f:14:52:7d:44:b3:da:6b:
         57:3b:3b:82:58:61:90:99:01:2f:4c:1e:93:92:4c:6a:02:67:
         00:ef:ee:64:92:23:7c:37:99:d3:59:7e:c4:15:f6:00:9a:c6:
         87:7b:20:ce:a0:91:5d:e7:f2:eb:d2:ed:f7:e3:0e:07:dd:41:
         59:52:bb:a4:77:e2:9b:5f:a8:2f:5c:f0:8f:c0:da:80:4c:db:
         8d:9f:66:44:50:92:7f:a8:14:f9:e7:45:76:86:56:96:37:22:
         f9:32:c3:f6:06:38:ae:4a:56:87:cc:ad:56:89:5f:56:0f:9f:
         33:73:24:5e:52:4a:3f:f1:90:aa:72:f9:39:ec:d2:2c:88:30:
         a8:89:c3:c1:f3:ab:f4:b8:c4:9c:6a:d3:98:bf:10:3d:9e:0f:
         a6:25:d3:b5:94:7f:d0:14:60:4b:8c:70:f6:a2:27:98:0d:fd:
         78:df:28:e3:ed:17:5f:09:90:c2:de:e0:a6:68:4f:65:24:e6:
         1e:5b:cf:37
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICILIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Rjg1MzQxMTAvBgNVBAUTKEZFMUQ1QkY5MDJGQTkxMkQ3RTBCNUU5ODBDRjkxREJE
RkQyQkI2NEYwHhcNMjUwMjE0MTYzMzUzWhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2FmNzA3MS0yNjU1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsuNwm/MmU+IsCwRBCs3p9CEkwMI9KGa9Hnu4IUUThehArGa3QD37zGV8Y8lQ
T7afQX/cm7Y7BmFqIzUL6cCE6vhoMhn4QiE4NLGFH1I6AEstpiuZkpSGnR7CThcQ
6lVeFy6tP0sYzy/4lvEZVpEY+p/Ly+8MPIlbLQiX9jjB8bdPgN/v6RnlemcCts6b
37D0FtaJIE6bk7pYb/G4iy+KJ61U5M/wspANOj2kjAyYbe409Tmi0hnFYVbmtacw
cIyb4syeHQE+aZMicT+O0XBoPPltx0/ujlCC2eclgmGZKqC+/6OjFuI7I1f8ty/r
fGzweBHcwQOPERU3qiLrQDRmfQIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFLjKwe25
s9gTJvIg4ckWy07DJUnuMB8GA1UdIwQYMBaAFP4dW/kC+pEtfgtemAz5Hb39K7ZP
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGODUzNC82RTZBNDYyQ0ZF
REQxMUU1QjQ5MDVEN0NDNEY5QUUwMi9faDFiLVFMNmtTMS1DMTZZRFBrZHZmMHJ0
azguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL19oMWItUUw2a1MxLUMxNllEUGtkdmYwcnRrOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Rjg1MzQvNkU2QTQ2MkNGRUREMTFFNUI0OTA1RDdDQzRGOUFFMDIvMTczQ0ExQUFC
Q0EwMTFFRDkxNEQxNzZEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJnGXgwDQQCAAIwBwMFACQEvIAwDQYJKoZIhvcNAQELBQAD
ggEBAHnRDJqNYnJJP3API8ntrVeDGq3Zziizob9hxyvhiRmMC9kFhWMbVnVsa7Fh
yFKnu+ddPfxJGpiSwHboBAtHr/8PFFJ9RLPaa1c7O4JYYZCZAS9MHpOSTGoCZwDv
7mSSI3w3mdNZfsQV9gCaxod7IM6gkV3n8uvS7ffjDgfdQVlSu6R34ptfqC9c8I/A
2oBM242fZkRQkn+oFPnnRXaGVpY3Ivkyw/YGOK5KVofMrVaJX1YPnzNzJF5SSj/x
kKpy+Tns0iyIMKiJw8Hzq/S4xJxq05i/ED2eD6Yl07WUf9AUYEuMcPaiJ5gN/Xjf
KOPtF18JkMLe4KZoT2Uk5h5bzzc=
-----END CERTIFICATE-----