Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914D13C/EB78DCEE341111E8AFAC7327C4F9AE02/1CDF7932F1D911EAB8116783C4F9AE02.roa
File:                     1CDF7932F1D911EAB8116783C4F9AE02.roa (raw, json)
Hash identifier:          /WUm7KgmbZBS6V2clu9e9GPP3CniS7Xqn/fiN/8h9RA=
Subject key identifier:   85:57:A6:05:90:98:38:A1:6E:66:96:00:A6:28:5A:39:7F:76:B2:98
Certificate issuer:       /CN=A914D13C/serialNumber=761B8984E2BD7837F8B5AA9AA535525C008EB086
Certificate serial:       1414
Authority key identifier: 76:1B:89:84:E2:BD:78:37:F8:B5:AA:9A:A5:35:52:5C:00:8E:B0:86
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/dhuJhOK9eDf4taqapTVSXACOsIY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914D13C/EB78DCEE341111E8AFAC7327C4F9AE02/1CDF7932F1D911EAB8116783C4F9AE02.roa
Signing time:             Thu 22 Jun 2023 17:46:26 +0000
ROA not before:           Thu 22 Jun 2023 17:46:26 +0000
ROA not after:            Sat 31 Aug 2024 00:00:00 +0000
asID:                     17747
IP address blocks:        45.117.204.0/24 maxlen: 24
                          45.117.205.0/24 maxlen: 24
                          45.117.206.0/24 maxlen: 24
                          45.117.207.0/24 maxlen: 24
                          103.57.240.0/24 maxlen: 24
                          103.57.241.0/24 maxlen: 24
                          103.57.242.0/24 maxlen: 24
                          103.57.243.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5140 (0x1414)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914D13C/serialNumber=761B8984E2BD7837F8B5AA9AA535525C008EB086
        Validity
            Not Before: Jun 22 17:46:26 2023 GMT
            Not After : Aug 31 00:00:00 2024 GMT
        Subject: CN=649488f2-9144
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:2b:28:5e:59:68:6e:90:0d:cf:35:97:73:98:
                    f8:5d:0d:60:38:e8:aa:62:2f:7f:0a:a1:27:5e:71:
                    e2:15:71:f1:b2:b1:ea:dc:24:83:ac:28:4e:94:89:
                    cd:e9:19:3c:2f:55:a9:01:b1:0f:e9:e0:bd:61:20:
                    49:3d:25:7d:ac:b7:b4:92:45:6d:84:c1:d5:6a:e6:
                    af:bd:61:04:5c:cc:a5:c7:62:81:a1:3a:8a:63:02:
                    c5:c8:67:60:15:ab:1c:46:aa:f1:fb:93:81:27:da:
                    64:16:bc:41:f0:87:fb:f6:c5:65:14:45:6a:17:af:
                    cf:07:3a:38:96:93:f5:5a:4d:a7:b5:90:42:ba:5c:
                    89:38:bd:76:2c:9e:56:83:81:78:0a:c5:a3:23:07:
                    ea:e9:23:c0:a5:55:04:01:ac:f3:79:88:ac:49:39:
                    38:69:04:d2:7d:3a:66:e1:c9:94:85:f9:d9:74:8e:
                    03:7a:6c:b4:df:8b:30:8b:9a:03:b7:c6:7c:1b:bf:
                    94:3b:3b:e8:2f:64:41:96:c2:4c:67:10:7f:09:7f:
                    10:1a:b3:5b:e8:d2:e4:49:fa:95:43:83:32:22:d0:
                    1f:54:2d:39:97:fc:90:31:a6:eb:be:ff:ca:8a:7a:
                    ea:27:50:a0:b8:b9:d4:5b:f8:23:90:d0:d1:f3:d2:
                    77:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:57:A6:05:90:98:38:A1:6E:66:96:00:A6:28:5A:39:7F:76:B2:98
            X509v3 Authority Key Identifier:
                keyid:76:1B:89:84:E2:BD:78:37:F8:B5:AA:9A:A5:35:52:5C:00:8E:B0:86

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914D13C/EB78DCEE341111E8AFAC7327C4F9AE02/dhuJhOK9eDf4taqapTVSXACOsIY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/dhuJhOK9eDf4taqapTVSXACOsIY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914D13C/EB78DCEE341111E8AFAC7327C4F9AE02/1CDF7932F1D911EAB8116783C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.117.204.0/22
                  103.57.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:16:d5:6a:e8:35:a8:2f:10:3d:4a:08:0c:c6:21:ec:d0:4e:
         ee:30:1e:24:23:f9:2b:a5:2d:bd:02:86:7f:28:93:38:5c:e8:
         ab:59:66:cd:93:e1:15:d9:a5:b2:63:5f:43:97:b4:5a:f7:a4:
         84:47:a1:30:49:c0:02:bb:24:46:30:69:de:d6:2a:9f:a5:52:
         8c:d4:64:cc:55:36:58:44:a0:d3:1c:79:51:6e:2f:59:b3:f7:
         1b:7f:30:88:7f:e9:55:5a:99:e9:30:ae:99:60:df:52:f5:7d:
         d5:d5:26:3b:0c:0c:84:cd:d3:76:bf:dc:7f:45:b5:ea:aa:8d:
         93:1a:67:b7:97:58:8f:c5:25:4b:1c:1f:fb:e6:ba:e8:ab:71:
         8e:b1:5e:bb:98:09:e6:20:d9:41:b2:37:26:cd:ee:70:5d:1c:
         6b:a3:c6:86:35:9a:76:4f:85:dd:7f:88:f1:cc:40:e6:f1:8f:
         29:72:f0:1d:0c:92:9d:4b:26:1e:c8:52:f9:44:a6:5f:ed:88:
         06:c1:1a:02:a9:01:73:00:b5:55:86:c7:2e:45:2b:ec:44:e3:
         bc:38:6e:ec:25:0b:a3:ce:e3:14:d1:83:1f:7e:4e:5b:b1:23:
         be:8f:e5:8e:74:a1:96:90:94:0e:64:cc:60:70:91:de:7c:d7:
         35:ed:a2:70
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICFBQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEQxM0MxMTAvBgNVBAUTKDc2MUI4OTg0RTJCRDc4MzdGOEI1QUE5QUE1MzU1MjVD
MDA4RUIwODYwHhcNMjMwNjIyMTc0NjI2WhcNMjQwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDk0ODhmMi05MTQ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyisoXllobpANzzWXc5j4XQ1gOOiqYi9/CqEnXnHiFXHxsrHq3CSDrChOlInN
6Rk8L1WpAbEP6eC9YSBJPSV9rLe0kkVthMHVauavvWEEXMylx2KBoTqKYwLFyGdg
FascRqrx+5OBJ9pkFrxB8If79sVlFEVqF6/PBzo4lpP1Wk2ntZBCulyJOL12LJ5W
g4F4CsWjIwfq6SPApVUEAazzeYisSTk4aQTSfTpm4cmUhfnZdI4Demy034swi5oD
t8Z8G7+UOzvoL2RBlsJMZxB/CX8QGrNb6NLkSfqVQ4MyItAfVC05l/yQMabrvv/K
inrqJ1CguLnUW/gjkNDR89J33wIDAQABo4ICmzCCApcwHQYDVR0OBBYEFIVXpgWQ
mDihbmaWAKYoWjl/drKYMB8GA1UdIwQYMBaAFHYbiYTivXg3+LWqmqU1UlwAjrCG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0RDEzQy9FQjc4RENFRTM0
MTExMUU4QUZBQzczMjdDNEY5QUUwMi9kaHVKaE9LOWVEZjR0YXFhcFRWU1hBQ09z
SVkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2RodUpoT0s5ZURmNHRhcWFwVFZTWEFDT3NJWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEQxM0MvRUI3OERDRUUzNDExMTFFOEFGQUM3MzI3QzRGOUFFMDIvMUNERjc5MzJG
MUQ5MTFFQUI4MTE2NzgzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAItdcwDBAJnOfAwDQYJKoZIhvcNAQELBQADggEBABkW1Wro
NagvED1KCAzGIezQTu4wHiQj+SulLb0Chn8okzhc6KtZZs2T4RXZpbJjX0OXtFr3
pIRHoTBJwAK7JEYwad7WKp+lUozUZMxVNlhEoNMceVFuL1mz9xt/MIh/6VVamekw
rplg31L1fdXVJjsMDITN03a/3H9FteqqjZMaZ7eXWI/FJUscH/vmuuircY6xXruY
CeYg2UGyNybN7nBdHGujxoY1mnZPhd1/iPHMQObxjyly8B0Mkp1LJh7IUvlEpl/t
iAbBGgKpAXMAtVWGxy5FK+xE47w4buwlC6PO4xTRgx9+TluxI76P5Y50oZaQlA5k
zGBwkd581zXtonA=
-----END CERTIFICATE-----