Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91597D0/CD4572203DB311EA8BF93A0EC4F9AE02/0BBEE5C0B67611EDA32C9C33C4F9AE02.roa
File:                     0BBEE5C0B67611EDA32C9C33C4F9AE02.roa (raw, json)
Hash identifier:          oOULCt95BeXdDifohovHDDJ5mob/Av4iYkb/opM/DGQ=
Subject key identifier:   22:E1:94:F2:BB:43:5E:C6:8E:EA:0C:28:96:43:53:9A:17:D0:2E:F6
Certificate issuer:       /CN=A91597D0/serialNumber=314246901FA7D6505D97AA1C0140BBCA0E8C294F
Certificate serial:       0A2D
Authority key identifier: 31:42:46:90:1F:A7:D6:50:5D:97:AA:1C:01:40:BB:CA:0E:8C:29:4F
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MUJGkB-n1lBdl6ocAUC7yg6MKU8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91597D0/CD4572203DB311EA8BF93A0EC4F9AE02/0BBEE5C0B67611EDA32C9C33C4F9AE02.roa
Signing time:             Sun 31 Dec 2023 20:38:17 +0000
ROA not before:           Sun 31 Dec 2023 20:38:17 +0000
ROA not after:            Wed 01 May 2024 00:00:00 +0000
asID:                     134824
IP address blocks:        2404:c180::/32 maxlen: 32
                          2404:c180:2000::/36 maxlen: 36
                          2404:c180:3000::/36 maxlen: 36
                          2404:c180:4000::/34 maxlen: 36
                          2404:c180:8000::/33 maxlen: 36

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2605 (0xa2d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91597D0/serialNumber=314246901FA7D6505D97AA1C0140BBCA0E8C294F
        Validity
            Not Before: Dec 31 20:38:17 2023 GMT
            Not After : May  1 00:00:00 2024 GMT
        Subject: CN=6591d139-9fe0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:b9:95:98:68:cf:99:b9:b8:ec:05:11:c3:4d:
                    b2:ae:57:d9:49:f9:d4:60:e9:6e:1a:3a:03:40:99:
                    37:c9:b6:4b:d8:38:a0:94:d4:26:3c:98:da:57:59:
                    e4:5b:63:45:fc:c0:da:7f:03:36:f2:33:7a:1b:fa:
                    ca:bf:0a:91:66:72:f1:98:29:da:8d:07:54:c9:af:
                    48:8a:2b:05:64:6d:c7:d0:48:fa:63:a3:30:db:ef:
                    6b:d0:2f:cb:47:c3:00:ed:b9:e6:a3:ca:dc:8a:d0:
                    73:3a:69:58:41:46:cc:49:c8:25:13:35:f6:5b:e6:
                    41:00:c9:59:03:44:da:56:12:35:b3:aa:38:0c:48:
                    23:e6:b5:99:f1:8d:16:b8:56:50:cb:29:7b:8c:01:
                    52:bd:46:85:e2:08:5a:b2:49:98:70:da:47:69:b6:
                    b6:da:c4:64:56:3c:a1:8f:76:1a:37:6f:a5:0a:b1:
                    5e:1a:26:87:d1:43:18:3a:f6:83:60:2b:82:a9:57:
                    36:15:67:3c:ee:36:f8:1e:fb:cd:1f:dc:ee:4f:fb:
                    5a:36:cd:4b:0d:dc:ca:a3:f2:39:27:b4:a3:90:aa:
                    a1:4e:4c:d3:78:fe:69:b7:99:58:9c:a2:59:d4:e4:
                    9b:68:97:8e:19:6c:f6:ca:a6:98:7a:1f:d1:88:ed:
                    5d:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:E1:94:F2:BB:43:5E:C6:8E:EA:0C:28:96:43:53:9A:17:D0:2E:F6
            X509v3 Authority Key Identifier:
                keyid:31:42:46:90:1F:A7:D6:50:5D:97:AA:1C:01:40:BB:CA:0E:8C:29:4F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91597D0/CD4572203DB311EA8BF93A0EC4F9AE02/MUJGkB-n1lBdl6ocAUC7yg6MKU8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MUJGkB-n1lBdl6ocAUC7yg6MKU8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91597D0/CD4572203DB311EA8BF93A0EC4F9AE02/0BBEE5C0B67611EDA32C9C33C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2404:c180::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:88:8e:20:38:65:c7:7c:3d:dc:ad:d1:2e:53:a8:2d:0a:d2:
         07:94:bb:82:3c:75:c6:2a:9c:a8:34:89:18:79:d9:fd:b8:4f:
         72:95:84:1a:9d:a0:04:88:f0:0b:9e:95:7b:62:39:35:f1:b9:
         0c:8e:f1:0a:96:d2:16:98:b7:1c:3c:28:76:a1:04:3a:2c:fd:
         18:5d:07:0b:9d:6a:06:c8:67:aa:e5:5e:07:9d:15:8a:2c:20:
         df:5a:e4:59:f8:8c:75:44:65:46:44:a6:37:dd:9a:ef:c7:74:
         8d:43:67:37:d7:cc:21:bf:15:14:7d:81:1d:af:42:34:47:7a:
         1c:27:c5:2c:88:b3:3b:f5:94:a2:e6:0c:68:45:63:6f:af:a8:
         d1:43:47:d0:92:43:6f:cb:99:14:74:23:f3:71:81:2c:31:f9:
         70:0e:06:c8:ad:16:82:21:a2:6b:d1:15:02:e8:80:da:c8:64:
         68:a0:3c:6b:42:77:b3:85:bf:ba:26:42:51:cb:32:d4:23:f7:
         c6:77:58:87:25:33:56:b3:ff:79:10:07:0f:98:c1:0d:9c:bc:
         bc:9d:c7:26:45:06:0c:6d:81:0b:51:11:22:68:94:26:ad:ef:
         28:ee:15:95:85:f6:bf:27:1e:db:29:dd:03:08:4c:87:a5:72:
         e3:93:1b:01
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgICCi0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTk3RDAxMTAvBgNVBAUTKDMxNDI0NjkwMUZBN0Q2NTA1RDk3QUExQzAxNDBCQkNB
MEU4QzI5NEYwHhcNMjMxMjMxMjAzODE3WhcNMjQwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTkxZDEzOS05ZmUwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzLmVmGjPmbm47AURw02yrlfZSfnUYOluGjoDQJk3ybZL2DiglNQmPJjaV1nk
W2NF/MDafwM28jN6G/rKvwqRZnLxmCnajQdUya9IiisFZG3H0Ej6Y6Mw2+9r0C/L
R8MA7bnmo8rcitBzOmlYQUbMScglEzX2W+ZBAMlZA0TaVhI1s6o4DEgj5rWZ8Y0W
uFZQyyl7jAFSvUaF4ghaskmYcNpHaba22sRkVjyhj3YaN2+lCrFeGiaH0UMYOvaD
YCuCqVc2FWc87jb4HvvNH9zuT/taNs1LDdzKo/I5J7SjkKqhTkzTeP5pt5lYnKJZ
1OSbaJeOGWz2yqaYeh/RiO1dcwIDAQABo4ICljCCApIwHQYDVR0OBBYEFCLhlPK7
Q17GjuoMKJZDU5oX0C72MB8GA1UdIwQYMBaAFDFCRpAfp9ZQXZeqHAFAu8oOjClP
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1OTdEMC9DRDQ1NzIyMDNE
QjMxMUVBOEJGOTNBMEVDNEY5QUUwMi9NVUpHa0ItbjFsQmRsNm9jQVVDN3lnNk1L
VTguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL01VSkdrQi1uMWxCZGw2b2NBVUM3eWc2TUtVOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTk3RDAvQ0Q0NTcyMjAzREIzMTFFQThCRjkzQTBFQzRGOUFFMDIvMEJCRUU1QzBC
Njc2MTFFREEzMkM5QzMzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIAYIKwYBBQUHAQcBAf8E
ETAPMA0EAgACMAcDBQAkBMGAMA0GCSqGSIb3DQEBCwUAA4IBAQBAiI4gOGXHfD3c
rdEuU6gtCtIHlLuCPHXGKpyoNIkYedn9uE9ylYQanaAEiPALnpV7Yjk18bkMjvEK
ltIWmLccPCh2oQQ6LP0YXQcLnWoGyGeq5V4HnRWKLCDfWuRZ+Ix1RGVGRKY33Zrv
x3SNQ2c318whvxUUfYEdr0I0R3ocJ8UsiLM79ZSi5gxoRWNvr6jRQ0fQkkNvy5kU
dCPzcYEsMflwDgbIrRaCIaJr0RUC6IDayGRooDxrQnezhb+6JkJRyzLUI/fGd1iH
JTNWs/95EAcPmMENnLy8nccmRQYMbYELUREiaJQmre8o7hWVhfa/Jx7bKd0DCEyH
pXLjkxsB
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:07 2024 by rpki-client on console-fra.rpki-client.org