Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9152F52/88EBCFDC1D4911EAAE775B34C4F9AE02/20F4644647A811EAB74E6635C4F9AE02.roa
File:                     20F4644647A811EAB74E6635C4F9AE02.roa (raw, json)
Hash identifier:          WV0iaT4o4mWVunpYKv9lK4g2zUj7MAoL1rXYJ9vhunc=
Subject key identifier:   D0:22:02:DB:76:26:E3:41:A5:38:4A:DE:74:CC:4C:10:8B:09:85:64
Certificate issuer:       /CN=A9152F52/serialNumber=81428A01C51691E7A8C5D843ECB6B1D3D9AE424E
Certificate serial:       0ACA
Authority key identifier: 81:42:8A:01:C5:16:91:E7:A8:C5:D8:43:EC:B6:B1:D3:D9:AE:42:4E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gUKKAcUWkeeoxdhD7Lax09muQk4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9152F52/88EBCFDC1D4911EAAE775B34C4F9AE02/20F4644647A811EAB74E6635C4F9AE02.roa
Signing time:             Mon 31 Jul 2023 19:57:26 +0000
ROA not before:           Mon 31 Jul 2023 19:57:26 +0000
ROA not after:            Mon 30 Sep 2024 00:00:00 +0000
asID:                     24446
IP address blocks:        27.121.64.0/21 maxlen: 21
                          114.31.72.0/21 maxlen: 21
                          114.141.204.0/22 maxlen: 22
                          117.58.248.0/21 maxlen: 21
                          180.235.128.0/22 maxlen: 22
                          202.47.0.0/21 maxlen: 21
                          202.124.240.0/21 maxlen: 21
                          202.131.95.0/24 maxlen: 24
                          202.191.60.0/22 maxlen: 22
                          203.2.122.0/24 maxlen: 24
                          203.8.188.0/23 maxlen: 23
                          203.19.190.0/23 maxlen: 23
                          203.30.252.0/24 maxlen: 24
                          203.55.142.0/24 maxlen: 24
                          203.55.143.0/24 maxlen: 24
                          203.210.96.0/19 maxlen: 19
                          2403:1400::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2762 (0xaca)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9152F52/serialNumber=81428A01C51691E7A8C5D843ECB6B1D3D9AE424E
        Validity
            Not Before: Jul 31 19:57:26 2023 GMT
            Not After : Sep 30 00:00:00 2024 GMT
        Subject: CN=64c81225-02a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:be:78:6d:dc:e2:39:c9:7c:c3:88:0e:c2:38:
                    aa:10:36:f8:ed:63:7c:57:7a:9e:89:fe:dd:02:06:
                    22:51:b1:88:18:e0:f6:da:bf:30:67:a0:05:40:0e:
                    94:a5:5a:79:cc:16:6d:0b:36:65:c9:93:eb:be:28:
                    f1:4f:bd:ab:0a:5f:5d:ed:03:1f:8f:cd:11:c2:76:
                    c7:52:e6:02:85:1e:a0:dd:44:7d:ec:ed:aa:5a:c5:
                    fd:4f:a0:17:a1:0e:c7:f2:c1:b0:42:65:01:86:e8:
                    9a:31:5a:ce:56:d6:79:6a:b4:22:a6:f0:81:61:20:
                    b2:eb:17:33:4c:e7:ac:3e:33:b8:be:6f:ab:51:db:
                    90:ef:d8:fe:1d:8f:ae:9c:50:a9:ad:d8:f5:a9:14:
                    4a:8e:d3:93:46:34:66:af:b2:59:aa:5a:0d:92:a2:
                    98:e9:15:0a:77:92:c7:33:ae:41:25:fd:39:bd:24:
                    8e:b2:3a:d9:32:64:18:a6:84:2c:f5:6f:49:ca:6f:
                    77:a8:cc:5b:85:df:4b:fa:0e:bb:13:10:f3:41:6c:
                    70:8c:4f:9c:bb:9c:ba:46:c6:24:1e:2b:07:28:b5:
                    bb:44:57:be:21:e7:a8:19:e2:45:c7:59:b3:f5:20:
                    8f:56:d4:3e:52:fa:14:ca:c2:41:9e:cc:7b:06:50:
                    24:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:22:02:DB:76:26:E3:41:A5:38:4A:DE:74:CC:4C:10:8B:09:85:64
            X509v3 Authority Key Identifier:
                keyid:81:42:8A:01:C5:16:91:E7:A8:C5:D8:43:EC:B6:B1:D3:D9:AE:42:4E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9152F52/88EBCFDC1D4911EAAE775B34C4F9AE02/gUKKAcUWkeeoxdhD7Lax09muQk4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gUKKAcUWkeeoxdhD7Lax09muQk4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9152F52/88EBCFDC1D4911EAAE775B34C4F9AE02/20F4644647A811EAB74E6635C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.121.64.0/21
                  114.31.72.0/21
                  114.141.204.0/22
                  117.58.248.0/21
                  180.235.128.0/22
                  202.47.0.0/21
                  202.124.240.0/21
                  202.131.95.0/24
                  202.191.60.0/22
                  203.2.122.0/24
                  203.8.188.0/23
                  203.19.190.0/23
                  203.30.252.0/24
                  203.55.142.0/23
                  203.210.96.0/19
                IPv6:
                  2403:1400::/32

    Signature Algorithm: sha256WithRSAEncryption
         dd:26:16:22:51:42:5f:f8:87:80:c5:df:d7:ed:e8:ec:c7:9c:
         e5:98:d4:1f:5f:9a:c0:69:fc:0b:83:6b:5d:d5:2d:28:38:e1:
         af:01:9d:a1:1d:8c:6e:21:d0:b9:97:ff:e7:f1:c6:68:c9:53:
         33:97:62:c4:0d:75:38:8d:48:25:f1:b6:24:9b:0e:39:43:4d:
         39:1a:f4:81:b5:25:63:ac:9f:2d:fc:2e:2b:f3:41:66:c9:a3:
         8b:cc:ac:28:c7:38:8c:28:3e:ca:d5:53:9a:bf:da:02:f4:51:
         82:ee:f0:65:6a:0a:4b:b4:1a:12:a5:25:8d:6e:d5:9c:f0:8f:
         88:ef:3b:f3:4b:7a:c8:db:97:11:a6:a3:bf:7a:6a:e0:89:c3:
         b8:7a:59:0c:6e:1d:9a:36:73:b1:c8:c8:92:05:ca:f2:31:c4:
         2e:11:15:5b:3a:1e:09:50:2b:75:c8:da:e4:ac:e4:0d:f7:a7:
         54:6d:29:0f:6f:d1:26:93:0e:8d:3c:2a:e9:b5:d1:3e:5a:4d:
         e5:22:8c:73:3f:da:b5:c9:5a:b3:65:96:0b:b8:3b:30:d6:61:
         9e:d2:29:73:8f:39:03:4d:47:3b:cf:bf:fd:86:0e:82:e8:c5:
         92:5a:9e:b3:0d:05:93:28:a7:68:70:79:54:4f:db:8b:7e:77:
         3d:6b:78:69
-----BEGIN CERTIFICATE-----
MIIF1TCCBL2gAwIBAgICCsowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTJGNTIxMTAvBgNVBAUTKDgxNDI4QTAxQzUxNjkxRTdBOEM1RDg0M0VDQjZCMUQz
RDlBRTQyNEUwHhcNMjMwNzMxMTk1NzI2WhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGM4MTIyNS0wMmE1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyr54bdziOcl8w4gOwjiqEDb47WN8V3qeif7dAgYiUbGIGOD22r8wZ6AFQA6U
pVp5zBZtCzZlyZPrvijxT72rCl9d7QMfj80RwnbHUuYChR6g3UR97O2qWsX9T6AX
oQ7H8sGwQmUBhuiaMVrOVtZ5arQipvCBYSCy6xczTOesPjO4vm+rUduQ79j+HY+u
nFCprdj1qRRKjtOTRjRmr7JZqloNkqKY6RUKd5LHM65BJf05vSSOsjrZMmQYpoQs
9W9Jym93qMxbhd9L+g67ExDzQWxwjE+cu5y6RsYkHisHKLW7RFe+IeeoGeJFx1mz
9SCPVtQ+UvoUysJBnsx7BlAkjQIDAQABo4IC+TCCAvUwHQYDVR0OBBYEFNAiAtt2
JuNBpThK3nTMTBCLCYVkMB8GA1UdIwQYMBaAFIFCigHFFpHnqMXYQ+y2sdPZrkJO
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1MkY1Mi84OEVCQ0ZEQzFE
NDkxMUVBQUU3NzVCMzRDNEY5QUUwMi9nVUtLQWNVV2tlZW94ZGhEN0xheDA5bXVR
azQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2dVS0tBY1VXa2Vlb3hkaEQ3TGF4MDltdVFrNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTJGNTIvODhFQkNGREMxRDQ5MTFFQUFFNzc1QjM0QzRGOUFFMDIvMjBGNDY0NDY0
N0E4MTFFQUI3NEU2NjM1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgYIGCCsGAQUFBwEHAQH/
BHMwcTBgBAIAATBaAwQDG3lAAwQDch9IAwQCco3MAwQDdTr4AwQCtOuAAwQDyi8A
AwQDynzwAwQAyoNfAwQCyr88AwQAywJ6AwQBywi8AwQByxO+AwQAyx78AwQByzeO
AwQFy9JgMA0EAgACMAcDBQAkAxQAMA0GCSqGSIb3DQEBCwUAA4IBAQDdJhYiUUJf
+IeAxd/X7ejsx5zlmNQfX5rAafwLg2td1S0oOOGvAZ2hHYxuIdC5l//n8cZoyVMz
l2LEDXU4jUgl8bYkmw45Q005GvSBtSVjrJ8t/C4r80FmyaOLzKwoxziMKD7K1VOa
v9oC9FGC7vBlagpLtBoSpSWNbtWc8I+I7zvzS3rI25cRpqO/emrgicO4elkMbh2a
NnOxyMiSBcryMcQuERVbOh4JUCt1yNrkrOQN96dUbSkPb9Emkw6NPCrptdE+Wk3l
IoxzP9q1yVqzZZYLuDsw1mGe0ilzjzkDTUc7z7/9hg6C6MWSWp6zDQWTKKdocHlU
T9uLfnc9a3hp
-----END CERTIFICATE-----
Generated at Fri Jul 19 18:33:19 2024 by rpki-client on console-fra.rpki-client.org