Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91FAF20/65A9A242F5C411E68AAA0085C4F9AE02/D59EA6F4F5C611E6A4FFEF0AC4F9AE02.roa
File:                     D59EA6F4F5C611E6A4FFEF0AC4F9AE02.roa (raw, json)
Hash identifier:          fVTj+Nhy/WhakS8dFaROX7k0zNO3tiUAb5xWLcSpOW0=
Subject key identifier:   97:97:CB:26:DC:70:62:B0:00:CB:06:5E:63:F4:C4:2C:5C:81:9A:7C
Certificate issuer:       /CN=A91FAF20/serialNumber=0F8DBDA7D0C9A1ECA1945C61B72920F5AA0E9467
Certificate serial:       1BBF
Authority key identifier: 0F:8D:BD:A7:D0:C9:A1:EC:A1:94:5C:61:B7:29:20:F5:AA:0E:94:67
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/D429p9DJoeyhlFxhtykg9aoOlGc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91FAF20/65A9A242F5C411E68AAA0085C4F9AE02/D59EA6F4F5C611E6A4FFEF0AC4F9AE02.roa
Signing time:             Thu 06 Mar 2025 16:34:19 +0000
ROA not before:           Thu 06 Mar 2025 16:34:19 +0000
ROA not after:            Thu 28 May 2026 00:00:00 +0000
asID:                     20546
IP address blocks:        45.112.84.0/24 maxlen: 24
                          45.112.85.0/24 maxlen: 24
                          45.112.86.0/24 maxlen: 24
                          45.112.87.0/24 maxlen: 24
                          103.51.164.0/24 maxlen: 24
                          103.51.165.0/24 maxlen: 24
                          103.51.166.0/24 maxlen: 24
                          103.51.167.0/24 maxlen: 24
                          2402:1880::/32 maxlen: 32
                          2402:1881::/32 maxlen: 32
                          2402:1882::/32 maxlen: 32
                          2402:1883::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7103 (0x1bbf)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91FAF20
        Validity
            Not Before: Mar  6 16:34:19 2025 GMT
            Not After : May 28 00:00:00 2026 GMT
        Subject: CN=67c9ce8b-35b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:0f:84:fa:10:5b:ec:96:d2:66:0d:af:5a:6e:
                    21:c9:e4:58:8c:e8:16:fd:8a:53:cd:be:0d:92:a2:
                    02:ec:55:16:4d:a2:04:21:14:8c:d1:13:7c:05:e1:
                    02:65:eb:a9:42:85:df:86:57:cf:5b:c7:25:f3:61:
                    88:0c:40:84:a5:d9:8a:4a:40:e0:86:10:61:a9:cb:
                    37:50:92:40:b5:e1:38:fe:c2:28:63:4d:42:41:fa:
                    6c:7c:27:54:fc:4f:4f:2b:8c:93:1f:cc:85:17:20:
                    03:b1:9c:ca:f3:32:35:53:98:35:53:2d:4e:ff:f5:
                    fc:33:16:bf:c7:7e:53:5a:eb:d7:45:67:b1:e5:4e:
                    8f:af:eb:ee:0c:78:fa:f1:ce:fa:c5:7e:c1:a9:90:
                    8e:ed:13:65:f9:94:48:56:a8:17:e8:33:90:b6:e7:
                    e4:87:64:f8:38:61:ff:1a:7b:ff:04:6d:50:6a:88:
                    f7:56:e4:1e:5c:1c:43:de:e1:90:2a:73:1e:3f:b4:
                    f7:c9:b8:eb:0a:16:10:47:b2:86:26:53:5f:07:65:
                    7e:9d:20:43:c3:c2:6b:e1:fd:ed:2c:1d:d4:c1:2f:
                    9a:3b:79:0c:e4:79:10:d7:41:6c:ea:6a:5c:bf:1f:
                    76:01:b3:1a:b1:8c:12:90:60:d7:90:b9:27:25:df:
                    83:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:97:CB:26:DC:70:62:B0:00:CB:06:5E:63:F4:C4:2C:5C:81:9A:7C
            X509v3 Authority Key Identifier:
                keyid:0F:8D:BD:A7:D0:C9:A1:EC:A1:94:5C:61:B7:29:20:F5:AA:0E:94:67

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91FAF20/65A9A242F5C411E68AAA0085C4F9AE02/D429p9DJoeyhlFxhtykg9aoOlGc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/D429p9DJoeyhlFxhtykg9aoOlGc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91FAF20/65A9A242F5C411E68AAA0085C4F9AE02/D59EA6F4F5C611E6A4FFEF0AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.112.84.0/22
                  103.51.164.0/22
                IPv6:
                  2402:1880::/30

    Signature Algorithm: sha256WithRSAEncryption
         7a:d6:c4:c6:b0:92:26:c1:7f:99:f4:2d:29:f0:6e:01:70:67:
         52:50:0f:ec:db:5a:c7:eb:35:20:80:68:df:34:99:53:23:9a:
         2a:21:dc:38:00:c1:6d:15:92:b2:c3:f3:3c:a0:a7:34:75:cb:
         3a:b2:bb:a6:6a:05:ab:e9:3d:e4:13:06:f6:1d:ba:a6:99:1e:
         40:05:95:e1:4b:15:9c:5d:a9:c9:86:87:7f:a2:94:01:d6:b7:
         97:d0:6e:c4:d7:ba:cf:d9:9d:57:b2:72:c4:d1:ad:0f:5c:b8:
         eb:0b:7f:61:2b:93:6c:8b:2e:75:39:f2:bf:e7:a7:6b:b8:c2:
         54:77:08:46:c3:72:ec:72:cd:fd:70:36:ec:39:be:b6:26:fb:
         ce:43:c9:29:14:98:c0:a6:9b:9b:4a:20:0b:39:44:d1:9f:b9:
         a3:d9:91:d4:10:14:94:c0:6c:42:d8:1f:88:91:62:cc:fb:15:
         c3:ac:67:a7:9f:49:5e:70:48:af:02:37:58:cb:f8:a2:d3:77:
         84:2b:c1:dd:42:d9:7f:46:0f:d6:a3:c9:b5:6b:ff:a2:98:ea:
         48:cb:db:b6:35:e6:1b:c5:76:fb:41:bd:44:c2:2a:55:38:e7:
         d6:ea:ee:1b:70:30:c9:8f:eb:20:f9:d3:57:2e:b7:c0:2b:47:
         b7:1c:60:d8
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICG78wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RkFGMjAxMTAvBgNVBAUTKDBGOERCREE3RDBDOUExRUNBMTk0NUM2MUI3MjkyMEY1
QUEwRTk0NjcwHhcNMjUwMzA2MTYzNDE5WhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02N2M5Y2U4Yi0zNWIwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4A+E+hBb7JbSZg2vWm4hyeRYjOgW/YpTzb4NkqIC7FUWTaIEIRSM0RN8BeEC
ZeupQoXfhlfPW8cl82GIDECEpdmKSkDghhBhqcs3UJJAteE4/sIoY01CQfpsfCdU
/E9PK4yTH8yFFyADsZzK8zI1U5g1Uy1O//X8Mxa/x35TWuvXRWex5U6Pr+vuDHj6
8c76xX7BqZCO7RNl+ZRIVqgX6DOQtufkh2T4OGH/Gnv/BG1Qaoj3VuQeXBxD3uGQ
KnMeP7T3ybjrChYQR7KGJlNfB2V+nSBDw8Jr4f3tLB3UwS+aO3kM5HkQ10Fs6mpc
vx92AbMasYwSkGDXkLknJd+DgQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFJeXyybc
cGKwAMsGXmP0xCxcgZp8MB8GA1UdIwQYMBaAFA+NvafQyaHsoZRcYbcpIPWqDpRn
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGQUYyMC82NUE5QTI0MkY1
QzQxMUU2OEFBQTAwODVDNEY5QUUwMi9ENDI5cDlESm9leWhsRnhodHlrZzlhb09s
R2MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0Q0MjlwOURKb2V5aGxGeGh0eWtnOWFvT2xHYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RkFGMjAvNjVBOUEyNDJGNUM0MTFFNjhBQUEwMDg1QzRGOUFFMDIvRDU5RUE2RjRG
NUM2MTFFNkE0RkZFRjBBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAItcFQDBAJnM6QwDQQCAAIwBwMFAiQCGIAwDQYJKoZIhvcN
AQELBQADggEBAHrWxMawkibBf5n0LSnwbgFwZ1JQD+zbWsfrNSCAaN80mVMjmioh
3DgAwW0VkrLD8zygpzR1yzqyu6ZqBavpPeQTBvYduqaZHkAFleFLFZxdqcmGh3+i
lAHWt5fQbsTXus/ZnVeycsTRrQ9cuOsLf2Erk2yLLnU58r/np2u4wlR3CEbDcuxy
zf1wNuw5vrYm+85DySkUmMCmm5tKIAs5RNGfuaPZkdQQFJTAbELYH4iRYsz7FcOs
Z6efSV5wSK8CN1jL+KLTd4Qrwd1C2X9GD9ajybVr/6KY6kjL27Y15hvFdvtBvUTC
KlU459bq7htwMMmP6yD501cut8ArR7ccYNg=
-----END CERTIFICATE-----