Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9176EE7/947D4D40D27211ECAFCF3584C4F9AE02/A494C1E60CAF11EDA6E8C661C4F9AE02.roa
File:                     A494C1E60CAF11EDA6E8C661C4F9AE02.roa (raw, json)
Hash identifier:          N3LUffTp77bFHcbw3I3aD8LfovFcKEXIpt5h6/yPp+s=
Subject key identifier:   28:20:50:AE:4E:CA:BA:4A:51:FD:B4:A0:F6:C7:67:08:D3:E9:D1:49
Certificate issuer:       /CN=A9176EE7/serialNumber=ADA93FAD1EB015CDE249718F82352783DCBDF894
Certificate serial:       0200
Authority key identifier: AD:A9:3F:AD:1E:B0:15:CD:E2:49:71:8F:82:35:27:83:DC:BD:F8:94
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rak_rR6wFc3iSXGPgjUng9y9-JQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9176EE7/947D4D40D27211ECAFCF3584C4F9AE02/A494C1E60CAF11EDA6E8C661C4F9AE02.roa
Signing time:             Thu 07 Dec 2023 03:34:16 +0000
ROA not before:           Thu 07 Dec 2023 03:34:16 +0000
ROA not after:            Sun 02 Mar 2025 00:00:00 +0000
asID:                     133861
IP address blocks:        43.225.44.0/24 maxlen: 24
                          43.225.45.0/24 maxlen: 24
                          43.225.46.0/24 maxlen: 24
                          43.225.47.0/24 maxlen: 24
                          103.44.28.0/24 maxlen: 24
                          103.44.29.0/24 maxlen: 24
                          103.44.30.0/24 maxlen: 24
                          103.44.31.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 512 (0x200)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9176EE7/serialNumber=ADA93FAD1EB015CDE249718F82352783DCBDF894
        Validity
            Not Before: Dec  7 03:34:16 2023 GMT
            Not After : Mar  2 00:00:00 2025 GMT
        Subject: CN=65713d38-4c7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:71:a3:db:25:b4:ab:47:d4:59:f8:92:0c:b0:
                    cf:88:64:ec:cf:97:31:60:27:a1:72:c4:7f:a9:ba:
                    87:a5:0b:bb:32:58:3d:d1:4b:be:ba:a0:a7:0a:9c:
                    7b:c1:7d:09:30:48:d0:9f:f2:88:67:bc:7e:8b:bd:
                    d7:70:4c:76:e7:5b:1b:76:08:3b:8e:5e:b4:c5:fe:
                    53:34:7d:85:64:fa:43:0c:d0:60:80:50:9c:3e:3a:
                    c9:92:1f:b0:e3:45:5a:df:4b:34:61:a9:fc:46:1b:
                    5a:30:ee:bd:d7:17:0a:9d:ef:87:a5:67:90:ea:25:
                    bb:f2:71:af:f7:55:af:61:2c:b5:db:f6:24:31:29:
                    8d:43:18:21:04:46:04:8e:b7:3a:1c:38:5c:eb:e4:
                    40:65:d9:12:4c:d7:58:1c:e1:5d:c3:b3:dc:0f:38:
                    38:9f:45:1f:8e:5b:be:18:88:90:c4:4a:cd:e7:26:
                    7a:5a:cd:ad:1e:00:96:fc:d2:00:21:da:9b:2a:4c:
                    44:13:50:63:fa:46:ea:74:88:38:a7:79:d0:e1:ed:
                    b5:dc:44:74:51:5e:b1:7f:1c:35:61:52:8f:7a:27:
                    74:ca:c9:1b:80:fb:f3:8a:2f:0b:5e:08:88:7d:52:
                    64:4e:fc:a7:57:9f:81:be:ac:55:21:6f:db:bd:1d:
                    76:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:20:50:AE:4E:CA:BA:4A:51:FD:B4:A0:F6:C7:67:08:D3:E9:D1:49
            X509v3 Authority Key Identifier:
                keyid:AD:A9:3F:AD:1E:B0:15:CD:E2:49:71:8F:82:35:27:83:DC:BD:F8:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9176EE7/947D4D40D27211ECAFCF3584C4F9AE02/rak_rR6wFc3iSXGPgjUng9y9-JQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rak_rR6wFc3iSXGPgjUng9y9-JQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9176EE7/947D4D40D27211ECAFCF3584C4F9AE02/A494C1E60CAF11EDA6E8C661C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.225.44.0/22
                  103.44.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:a9:70:ef:44:8f:7b:41:2f:8d:85:9d:29:84:a4:b8:50:29:
         22:ba:6e:32:56:ac:0d:89:bb:de:9d:98:61:b3:b7:b5:a4:4e:
         27:68:4c:3a:62:8b:3a:4d:d5:38:a0:ef:70:cb:34:6c:dc:13:
         c6:a7:1c:aa:62:b8:32:90:e9:72:d0:4e:ea:a4:bf:05:e0:ae:
         79:a2:60:d8:c0:07:da:b5:80:55:c3:b1:70:5e:99:4c:09:24:
         74:75:fe:9a:4f:db:34:42:bf:a3:ae:48:fa:e3:4e:f5:ef:33:
         9e:a9:f0:f3:7a:3b:ea:06:ef:9a:d7:f8:6e:3d:78:08:b3:a2:
         63:ca:09:d9:28:a1:41:86:fe:5f:41:e5:2d:ad:ca:25:95:f5:
         57:03:27:50:1e:cc:e1:34:34:3f:7c:0b:76:f5:7c:03:65:25:
         7b:11:ab:de:db:10:d3:87:bf:89:c9:d7:3c:66:2e:d9:75:fe:
         24:48:25:b2:87:da:7b:f2:0f:cd:8a:d7:20:2a:33:6d:04:f5:
         af:26:25:eb:28:17:c8:d9:81:58:00:50:95:4e:9e:f2:28:f4:
         3e:68:2a:1a:95:d5:95:e7:7f:5c:42:8a:88:e0:fd:7b:fb:83:
         9a:d5:49:c6:ae:af:7e:91:93:c4:ef:99:67:52:25:06:2b:12:
         7c:cf:96:32
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICAgAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzZFRTcxMTAvBgNVBAUTKEFEQTkzRkFEMUVCMDE1Q0RFMjQ5NzE4RjgyMzUyNzgz
RENCREY4OTQwHhcNMjMxMjA3MDMzNDE2WhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTcxM2QzOC00YzdkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwHGj2yW0q0fUWfiSDLDPiGTsz5cxYCehcsR/qbqHpQu7Mlg90Uu+uqCnCpx7
wX0JMEjQn/KIZ7x+i73XcEx251sbdgg7jl60xf5TNH2FZPpDDNBggFCcPjrJkh+w
40Va30s0Yan8RhtaMO691xcKne+HpWeQ6iW78nGv91WvYSy12/YkMSmNQxghBEYE
jrc6HDhc6+RAZdkSTNdYHOFdw7PcDzg4n0Ufjlu+GIiQxErN5yZ6Ws2tHgCW/NIA
IdqbKkxEE1Bj+kbqdIg4p3nQ4e213ER0UV6xfxw1YVKPeid0yskbgPvzii8LXgiI
fVJkTvynV5+BvqxVIW/bvR122QIDAQABo4ICmzCCApcwHQYDVR0OBBYEFCggUK5O
yrpKUf20oPbHZwjT6dFJMB8GA1UdIwQYMBaAFK2pP60esBXN4klxj4I1J4PcvfiU
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3NkVFNy85NDdENEQ0MEQy
NzIxMUVDQUZDRjM1ODRDNEY5QUUwMi9yYWtfclI2d0ZjM2lTWEdQZ2pVbmc5eTkt
SlEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3Jha19yUjZ3RmMzaVNYR1BnalVuZzl5OS1KUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzZFRTcvOTQ3RDRENDBEMjcyMTFFQ0FGQ0YzNTg0QzRGOUFFMDIvQTQ5NEMxRTYw
Q0FGMTFFREE2RThDNjYxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAIr4SwDBAJnLBwwDQYJKoZIhvcNAQELBQADggEBADmpcO9E
j3tBL42FnSmEpLhQKSK6bjJWrA2Ju96dmGGzt7WkTidoTDpiizpN1Tig73DLNGzc
E8anHKpiuDKQ6XLQTuqkvwXgrnmiYNjAB9q1gFXDsXBemUwJJHR1/ppP2zRCv6Ou
SPrjTvXvM56p8PN6O+oG75rX+G49eAizomPKCdkooUGG/l9B5S2tyiWV9VcDJ1Ae
zOE0ND98C3b1fANlJXsRq97bENOHv4nJ1zxmLtl1/iRIJbKH2nvyD82K1yAqM20E
9a8mJesoF8jZgVgAUJVOnvIo9D5oKhqV1ZXnf1xCiojg/Xv7g5rVScaur36Rk8Tv
mWdSJQYrEnzPljI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:22 2024 by rpki-client on console-ams.rpki-client.org