Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91903B4/401B81A61D9411E295BC4EF808B02CD2/42C5427E4C4611E9B4848E3BC4F9AE02.roa
File:                     42C5427E4C4611E9B4848E3BC4F9AE02.roa (raw, json)
Hash identifier:          ADErC655Gm4smO8qKIycm+ZCjzv8mpk53kdkSKb09p8=
Subject key identifier:   86:8A:F1:78:B3:31:C3:F8:0B:F3:C9:CA:8B:28:A8:D2:ED:A2:06:9B
Certificate issuer:       /CN=A91903B4/serialNumber=6F7E09A20EF1007439103BA7EDAC64E9066A2193
Certificate serial:       330C
Authority key identifier: 6F:7E:09:A2:0E:F1:00:74:39:10:3B:A7:ED:AC:64:E9:06:6A:21:93
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/b34Jog7xAHQ5EDun7axk6QZqIZM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91903B4/401B81A61D9411E295BC4EF808B02CD2/42C5427E4C4611E9B4848E3BC4F9AE02.roa
Signing time:             Sun 30 Apr 2023 15:10:42 +0000
ROA not before:           Sun 30 Apr 2023 15:10:42 +0000
ROA not after:            Mon 28 Aug 2023 00:00:00 +0000
asID:                     38460
IP address blocks:        123.242.200.0/24 maxlen: 24
                          123.242.201.0/24 maxlen: 24
                          123.242.202.0/24 maxlen: 24
                          123.242.203.0/24 maxlen: 24
                          123.242.204.0/24 maxlen: 24
                          123.242.205.0/24 maxlen: 24
                          123.242.206.0/24 maxlen: 24
                          123.242.207.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13068 (0x330c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91903B4/serialNumber=6F7E09A20EF1007439103BA7EDAC64E9066A2193
        Validity
            Not Before: Apr 30 15:10:42 2023 GMT
            Not After : Aug 28 00:00:00 2023 GMT
        Subject: CN=644e84f2-2d09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:57:bf:e3:57:e3:4a:52:0c:be:88:03:d1:f6:
                    75:4f:40:49:7c:ad:8b:e7:1d:33:1a:cd:e7:2d:45:
                    1c:92:c6:8e:9f:bc:e6:d3:de:51:03:26:89:43:36:
                    29:66:63:f8:b3:68:00:e7:9d:44:c4:3d:22:dd:e0:
                    c1:04:5d:27:06:f9:b7:89:ed:02:a6:c2:60:e6:2b:
                    30:03:8f:b6:da:11:c9:cb:56:e0:22:2b:f8:7e:44:
                    fa:16:87:61:ed:83:01:55:a9:16:68:4d:15:29:55:
                    d4:e8:16:75:d3:0e:46:29:fa:cb:43:14:c9:d5:59:
                    90:04:80:6b:54:2f:20:63:e6:fc:e3:d4:73:9e:8d:
                    41:21:b7:bc:34:dd:d2:c8:b3:d0:21:df:e0:2e:a2:
                    b3:7c:fa:54:9e:79:ac:71:40:6a:ee:2a:47:e4:e4:
                    d3:09:86:8d:8e:4f:0c:2a:a8:6f:a5:b0:66:03:7c:
                    36:49:f3:d0:cf:46:a5:f1:c9:d2:00:ae:77:49:35:
                    56:c7:b6:96:28:2b:87:89:3e:33:f3:96:11:bf:d1:
                    d2:13:96:cd:b8:11:1d:f5:63:5f:b8:46:30:f9:91:
                    5e:b4:bb:70:04:0d:7c:26:bb:bd:08:ec:75:28:00:
                    c9:fb:a3:a4:3e:fb:ba:72:8e:53:a2:87:76:b4:0b:
                    da:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:8A:F1:78:B3:31:C3:F8:0B:F3:C9:CA:8B:28:A8:D2:ED:A2:06:9B
            X509v3 Authority Key Identifier:
                keyid:6F:7E:09:A2:0E:F1:00:74:39:10:3B:A7:ED:AC:64:E9:06:6A:21:93

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91903B4/401B81A61D9411E295BC4EF808B02CD2/b34Jog7xAHQ5EDun7axk6QZqIZM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/b34Jog7xAHQ5EDun7axk6QZqIZM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91903B4/401B81A61D9411E295BC4EF808B02CD2/42C5427E4C4611E9B4848E3BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  123.242.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         26:42:d5:4d:db:20:6b:45:7b:85:a9:7a:29:08:4f:c7:28:4a:
         6d:76:a7:42:1f:ba:c1:4a:f1:1a:5d:e7:30:c8:72:e5:2c:f0:
         8a:91:d5:91:e3:09:a0:62:75:7d:82:74:bc:e9:b3:79:65:18:
         7e:3c:5d:17:3e:19:e7:f0:1d:03:55:4c:75:93:f4:bf:3f:ba:
         4f:49:f0:c0:b8:c3:a2:9c:79:7b:99:a3:d4:5c:2c:b7:56:35:
         a2:d9:45:9b:3a:86:6c:06:47:86:1d:ef:09:89:5d:2c:82:0c:
         fd:10:90:37:ff:0f:f3:8d:df:7d:a2:50:11:90:6f:7c:cd:b5:
         62:ca:39:94:87:70:22:5d:67:d8:31:ea:4a:21:6e:3f:5c:7e:
         fa:c1:62:3d:89:85:f7:54:92:89:67:b0:6c:47:a4:8d:d5:4f:
         6c:f3:d2:da:67:de:1d:30:ab:96:e9:f5:6c:b3:14:c9:1b:38:
         76:22:dd:44:e9:45:a9:59:6d:d7:e1:98:b4:1b:14:3e:32:59:
         91:36:4f:fc:02:c5:4b:6e:68:b4:56:59:de:30:b3:4b:a8:d8:
         16:34:9c:62:22:c3:66:42:99:a1:da:31:2e:68:11:19:5b:66:
         17:a0:57:dc:e2:67:9c:04:33:60:0f:1c:a5:49:57:13:75:c9:
         1d:10:e8:d9
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICMwwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTAzQjQxMTAvBgNVBAUTKDZGN0UwOUEyMEVGMTAwNzQzOTEwM0JBN0VEQUM2NEU5
MDY2QTIxOTMwHhcNMjMwNDMwMTUxMDQyWhcNMjMwODI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NDRlODRmMi0yZDA5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6le/41fjSlIMvogD0fZ1T0BJfK2L5x0zGs3nLUUcksaOn7zm095RAyaJQzYp
ZmP4s2gA551ExD0i3eDBBF0nBvm3ie0CpsJg5iswA4+22hHJy1bgIiv4fkT6Fodh
7YMBVakWaE0VKVXU6BZ10w5GKfrLQxTJ1VmQBIBrVC8gY+b849Rzno1BIbe8NN3S
yLPQId/gLqKzfPpUnnmscUBq7ipH5OTTCYaNjk8MKqhvpbBmA3w2SfPQz0al8cnS
AK53STVWx7aWKCuHiT4z85YRv9HSE5bNuBEd9WNfuEYw+ZFetLtwBA18Jru9COx1
KADJ+6OkPvu6co5Tood2tAvadwIDAQABo4IClTCCApEwHQYDVR0OBBYEFIaK8Xiz
McP4C/PJyosoqNLtogabMB8GA1UdIwQYMBaAFG9+CaIO8QB0ORA7p+2sZOkGaiGT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5MDNCNC80MDFCODFBNjFE
OTQxMUUyOTVCQzRFRjgwOEIwMkNEMi9iMzRKb2c3eEFIUTVFRHVuN2F4azZRWnFJ
Wk0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2IzNEpvZzd4QUhRNUVEdW43YXhrNlFacUlaTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTAzQjQvNDAxQjgxQTYxRDk0MTFFMjk1QkM0RUY4MDhCMDJDRDIvNDJDNTQyN0U0
QzQ2MTFFOUI0ODQ4RTNCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAN78sgwDQYJKoZIhvcNAQELBQADggEBACZC1U3bIGtFe4Wp
eikIT8coSm12p0IfusFK8Rpd5zDIcuUs8IqR1ZHjCaBidX2CdLzps3llGH48XRc+
GefwHQNVTHWT9L8/uk9J8MC4w6KceXuZo9RcLLdWNaLZRZs6hmwGR4Yd7wmJXSyC
DP0QkDf/D/ON332iUBGQb3zNtWLKOZSHcCJdZ9gx6kohbj9cfvrBYj2JhfdUkoln
sGxHpI3VT2zz0tpn3h0wq5bp9WyzFMkbOHYi3UTpRalZbdfhmLQbFD4yWZE2T/wC
xUtuaLRWWd4ws0uo2BY0nGIiw2ZCmaHaMS5oERlbZhegV9ziZ5wEM2APHKVJVxN1
yR0Q6Nk=
-----END CERTIFICATE-----