Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A129B/38C35252343E11E680B1E72CC4F9AE02/5D643D22561D11E7B003DF26C4F9AE02.roa
File:                     5D643D22561D11E7B003DF26C4F9AE02.roa (raw, json)
Hash identifier:          WK6JgszWlQZS7djPJEepY1zjU+haZQHQqPiLwF6Fxp0=
Subject key identifier:   B9:EF:F7:21:82:33:11:E6:D7:84:DF:19:31:B1:15:63:70:45:20:C3
Certificate issuer:       /CN=A91A129B/serialNumber=BC7A905EA763CE702FC26DC0FC2FB82542BC1300
Certificate serial:       1CF9
Authority key identifier: BC:7A:90:5E:A7:63:CE:70:2F:C2:6D:C0:FC:2F:B8:25:42:BC:13:00
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/vHqQXqdjznAvwm3A_C-4JUK8EwA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A129B/38C35252343E11E680B1E72CC4F9AE02/5D643D22561D11E7B003DF26C4F9AE02.roa
Signing time:             Thu 19 May 2022 04:39:23 +0000
ROA not before:           Thu 19 May 2022 04:39:23 +0000
ROA not after:            Sun 30 Jul 2023 00:00:00 +0000
asID:                     3598
IP address blocks:        167.220.224.0/20 maxlen: 20
                          167.220.236.0/22 maxlen: 24
                          167.220.248.0/21 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7417 (0x1cf9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A129B/serialNumber=BC7A905EA763CE702FC26DC0FC2FB82542BC1300
        Validity
            Not Before: May 19 04:39:23 2022 GMT
            Not After : Jul 30 00:00:00 2023 GMT
        Subject: CN=6285c9fb-10ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:d4:9c:8e:ca:0f:f3:8f:c1:4d:6d:fb:c8:5c:
                    34:3a:31:4e:63:1a:25:25:16:3e:24:e6:a4:42:41:
                    60:a5:3a:33:4b:7d:ff:7d:1f:ef:56:d5:e5:c1:8d:
                    93:cd:4a:d7:e0:73:c1:6b:d9:4e:81:ed:71:f2:1a:
                    fe:e9:ca:7c:75:09:13:c0:76:9d:11:66:4a:90:b2:
                    8d:e1:bf:e9:03:ca:80:d0:3c:7f:7c:1e:2f:9a:80:
                    f2:76:c7:3a:de:8e:e5:1d:12:4c:74:4c:37:d6:52:
                    a1:9e:f9:75:a5:b2:3d:9c:d1:90:87:1c:48:fe:02:
                    bc:2a:9d:2e:ae:14:41:52:5d:9f:d3:10:6d:4c:4f:
                    c5:bc:30:de:bd:90:94:63:92:dc:09:49:d8:b2:ab:
                    51:c0:45:2a:b7:1e:e5:2f:b9:8c:16:e0:83:76:b2:
                    fe:49:76:e4:8d:e2:97:57:1a:d7:0d:b8:49:8e:00:
                    6a:0c:79:d1:ea:21:ac:e6:d3:6a:c2:e4:df:d9:20:
                    77:07:86:44:18:c9:10:dc:ff:e2:0f:f0:2a:68:95:
                    83:a3:a2:34:0d:11:ec:b9:89:4c:dd:a9:45:c2:7c:
                    93:1c:80:7a:6d:70:c4:8f:fc:80:25:a9:03:32:a1:
                    3e:8f:64:8a:c8:b4:82:3d:75:7d:2d:b6:69:47:24:
                    3b:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:EF:F7:21:82:33:11:E6:D7:84:DF:19:31:B1:15:63:70:45:20:C3
            X509v3 Authority Key Identifier:
                keyid:BC:7A:90:5E:A7:63:CE:70:2F:C2:6D:C0:FC:2F:B8:25:42:BC:13:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A129B/38C35252343E11E680B1E72CC4F9AE02/vHqQXqdjznAvwm3A_C-4JUK8EwA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/vHqQXqdjznAvwm3A_C-4JUK8EwA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A129B/38C35252343E11E680B1E72CC4F9AE02/5D643D22561D11E7B003DF26C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.220.224.0/20
                  167.220.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         67:98:70:d9:07:a8:46:ae:16:d1:13:b6:47:7f:3f:ea:71:ef:
         5a:94:b3:4a:09:6e:e4:ca:96:81:4f:00:96:8e:f3:c4:5f:9b:
         9d:d7:fe:52:13:db:a3:51:47:5b:c0:c0:3a:db:12:94:9a:f5:
         7b:22:07:63:74:0b:2f:40:db:95:7d:ea:25:be:d4:82:bb:64:
         30:03:e5:b6:b0:ff:7c:12:f9:57:6f:b1:18:f6:14:72:41:c9:
         38:fc:4a:67:30:08:81:84:52:9c:16:81:99:25:d8:a0:07:e7:
         73:e1:4e:98:a4:6a:5a:23:e1:38:bd:63:e5:cb:bb:56:ac:90:
         4e:2e:e4:bd:eb:18:46:f0:4b:dc:4d:da:99:3a:ed:1e:45:06:
         1c:e0:b2:cf:4b:13:22:b9:4e:00:1d:0f:77:d4:4f:c3:aa:c9:
         d7:b6:41:b6:db:84:08:a9:7a:3a:c2:96:4a:ee:d7:da:1f:45:
         b8:66:1c:6b:71:f4:70:83:8e:32:c4:66:a2:7c:b5:77:10:9a:
         8d:3e:86:da:51:77:fc:43:d8:0f:d7:33:da:b7:1b:53:e6:cc:
         cd:4a:99:b2:21:1f:27:2f:e0:c4:53:cc:a3:ea:04:cd:04:46:
         a3:9c:f8:ca:aa:d4:bd:e6:42:0f:7a:35:03:a7:37:10:4b:65:
         45:78:68:c8
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICHPkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTEyOUIxMTAvBgNVBAUTKEJDN0E5MDVFQTc2M0NFNzAyRkMyNkRDMEZDMkZCODI1
NDJCQzEzMDAwHhcNMjIwNTE5MDQzOTIzWhcNMjMwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02Mjg1YzlmYi0xMGVkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvtScjsoP84/BTW37yFw0OjFOYxolJRY+JOakQkFgpTozS33/fR/vVtXlwY2T
zUrX4HPBa9lOge1x8hr+6cp8dQkTwHadEWZKkLKN4b/pA8qA0Dx/fB4vmoDydsc6
3o7lHRJMdEw31lKhnvl1pbI9nNGQhxxI/gK8Kp0urhRBUl2f0xBtTE/FvDDevZCU
Y5LcCUnYsqtRwEUqtx7lL7mMFuCDdrL+SXbkjeKXVxrXDbhJjgBqDHnR6iGs5tNq
wuTf2SB3B4ZEGMkQ3P/iD/AqaJWDo6I0DRHsuYlM3alFwnyTHIB6bXDEj/yAJakD
MqE+j2SKyLSCPXV9LbZpRyQ7mwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFLnv9yGC
MxHm14TfGTGxFWNwRSDDMB8GA1UdIwQYMBaAFLx6kF6nY85wL8JtwPwvuCVCvBMA
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMTI5Qi8zOEMzNTI1MjM0
M0UxMUU2ODBCMUU3MkNDNEY5QUUwMi92SHFRWHFkanpuQXZ3bTNBX0MtNEpVSzhF
d0EuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL3ZIcVFYcWRqem5BdndtM0FfQy00SlVLOEV3QS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTEyOUIvMzhDMzUyNTIzNDNFMTFFNjgwQjFFNzJDQzRGOUFFMDIvNUQ2NDNEMjI1
NjFEMTFFN0IwMDNERjI2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBASn3OADBAOn3PgwDQYJKoZIhvcNAQELBQADggEBAGeYcNkH
qEauFtETtkd/P+px71qUs0oJbuTKloFPAJaO88Rfm53X/lIT26NRR1vAwDrbEpSa
9XsiB2N0Cy9A25V96iW+1IK7ZDAD5baw/3wS+VdvsRj2FHJByTj8SmcwCIGEUpwW
gZkl2KAH53PhTpikaloj4Ti9Y+XLu1askE4u5L3rGEbwS9xN2pk67R5FBhzgss9L
EyK5TgAdD3fUT8Oqyde2QbbbhAipejrClkru19ofRbhmHGtx9HCDjjLEZqJ8tXcQ
mo0+htpRd/xD2A/XM9q3G1PmzM1KmbIhHycv4MRTzKPqBM0ERqOc+Mqq1L3mQg96
NQOnNxBLZUV4aMg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:35 2024 by rpki-client on console-fra.rpki-client.org