Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B7992/D61274EA3BCA11ECB3252B2CC4F9AE02/D3842D243BCD11EC8086E031C4F9AE02.roa
File:                     D3842D243BCD11EC8086E031C4F9AE02.roa (raw, json)
Hash identifier:          0PDivc1vMw9oWxjNuJcamSI1vynrtz1UY2FSkj4VFsE=
Subject key identifier:   D1:F7:24:12:DE:D8:3A:00:70:89:D0:8A:38:77:6A:69:A3:DF:32:28
Certificate issuer:       /CN=A91B7992/serialNumber=4077216A31826A0A998A1E207FD824DDCBC7E70E
Certificate serial:       4B
Authority key identifier: 40:77:21:6A:31:82:6A:0A:99:8A:1E:20:7F:D8:24:DD:CB:C7:E7:0E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHchajGCagqZih4gf9gk3cvH5w4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B7992/D61274EA3BCA11ECB3252B2CC4F9AE02/D3842D243BCD11EC8086E031C4F9AE02.roa
Signing time:             Mon 06 Dec 2021 04:01:57 +0000
ROA not before:           Mon 06 Dec 2021 04:01:57 +0000
ROA not after:            Thu 02 Mar 2023 00:00:00 +0000
asID:                     40065
IP address blocks:        43.225.28.0/22 maxlen: 22
                          103.44.20.0/22 maxlen: 22
                          103.44.20.0/24 maxlen: 24
                          103.44.21.0/24 maxlen: 24
                          103.44.22.0/24 maxlen: 24
                          103.44.23.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 75 (0x4b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B7992/serialNumber=4077216A31826A0A998A1E207FD824DDCBC7E70E
        Validity
            Not Before: Dec  6 04:01:57 2021 GMT
            Not After : Mar  2 00:00:00 2023 GMT
        Subject: CN=61ad8b35-cd17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:95:94:36:5c:65:30:47:b2:79:f8:15:d4:3e:
                    4b:e7:e1:a3:f3:69:9f:c9:6a:51:d0:bc:fd:80:d9:
                    48:21:cb:6e:49:8d:65:b5:4e:49:d0:42:ad:4d:eb:
                    d5:af:21:fa:58:16:aa:11:d1:f3:38:10:d2:1f:33:
                    f6:5d:e7:af:aa:5c:c4:b0:ff:91:f4:5f:7b:87:15:
                    8c:88:8b:da:5d:47:dc:21:df:23:e6:1f:d5:ee:6f:
                    1b:e6:a6:1f:ec:56:31:4b:af:f6:d5:eb:00:e1:69:
                    a1:d6:c9:29:97:22:04:d2:cc:33:65:78:2e:76:d1:
                    fd:1b:63:ae:e2:43:8f:96:e3:11:6b:13:e2:f5:38:
                    af:b7:70:0c:44:72:f2:fe:5d:cd:78:84:20:cd:f6:
                    bf:d4:5c:a1:d0:fd:87:98:b8:3f:b0:cb:16:0b:c4:
                    ba:9a:2a:d5:f5:1a:ab:11:23:13:11:66:30:31:19:
                    e5:b4:83:b4:f0:db:d4:c9:00:61:24:c1:38:eb:b3:
                    d6:4d:46:b8:14:1b:10:25:fb:6f:d6:bc:d8:fd:5f:
                    ab:b1:61:12:10:4e:21:35:a2:e3:82:f0:7e:94:11:
                    45:ca:f6:5c:a9:11:65:8c:8b:29:09:fe:53:d7:67:
                    c4:f8:27:70:ff:e1:aa:73:84:ed:44:2e:5f:62:1c:
                    af:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:F7:24:12:DE:D8:3A:00:70:89:D0:8A:38:77:6A:69:A3:DF:32:28
            X509v3 Authority Key Identifier:
                keyid:40:77:21:6A:31:82:6A:0A:99:8A:1E:20:7F:D8:24:DD:CB:C7:E7:0E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B7992/D61274EA3BCA11ECB3252B2CC4F9AE02/QHchajGCagqZih4gf9gk3cvH5w4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHchajGCagqZih4gf9gk3cvH5w4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B7992/D61274EA3BCA11ECB3252B2CC4F9AE02/D3842D243BCD11EC8086E031C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.225.28.0/22
                  103.44.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:f7:e9:91:3e:c5:1e:d3:66:f8:90:fd:b3:f6:54:02:f5:aa:
         2f:d6:a5:54:88:90:ad:0e:58:fd:06:80:5d:fc:60:da:40:60:
         e2:41:34:b9:bb:4c:51:06:9b:0f:b7:85:e4:49:be:c6:43:fd:
         b0:f5:dd:1e:e2:2c:a7:e9:55:8c:d8:27:6e:42:9b:19:40:99:
         a9:79:53:e4:ec:23:5c:ec:3c:6b:8f:f9:1b:4d:d1:b5:2a:bc:
         98:94:c5:2e:1f:50:59:45:19:63:04:75:0d:ac:64:85:8c:ee:
         57:23:9e:8e:fc:67:7e:ee:09:9c:38:cd:7a:b7:1b:6d:74:f7:
         9c:03:37:32:03:aa:02:09:05:d3:c7:c3:c0:76:dc:f8:25:d3:
         11:a0:df:5f:33:f8:bd:d6:44:b5:06:1a:57:cd:e1:6f:4c:8a:
         55:3f:6c:d4:4d:ff:fa:33:2c:b9:9b:28:95:33:1b:24:40:fe:
         01:83:49:c0:c7:a2:bf:2b:e6:83:1b:ee:63:16:79:38:a5:9f:
         83:d0:c0:ec:d1:97:c5:fb:7e:78:a3:0d:40:70:f9:74:02:c6:
         03:8a:3a:00:09:5a:18:b9:49:ac:fe:69:dd:23:51:ff:6a:a0:
         7f:89:c8:63:ff:e5:1f:31:70:d4:5d:8c:4e:75:ea:5e:6b:ac:
         e8:9b:e0:e8
-----BEGIN CERTIFICATE-----
MIIFdjCCBF6gAwIBAgIBSzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFC
Nzk5MjExMC8GA1UEBRMoNDA3NzIxNkEzMTgyNkEwQTk5OEExRTIwN0ZEODI0RERD
QkM3RTcwRTAeFw0yMTEyMDYwNDAxNTdaFw0yMzAzMDIwMDAwMDBaMBgxFjAUBgNV
BAMTDTYxYWQ4YjM1LWNkMTcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCmlZQ2XGUwR7J5+BXUPkvn4aPzaZ/JalHQvP2A2Ughy25JjWW1TknQQq1N69Wv
IfpYFqoR0fM4ENIfM/Zd56+qXMSw/5H0X3uHFYyIi9pdR9wh3yPmH9Xubxvmph/s
VjFLr/bV6wDhaaHWySmXIgTSzDNleC520f0bY67iQ4+W4xFrE+L1OK+3cAxEcvL+
Xc14hCDN9r/UXKHQ/YeYuD+wyxYLxLqaKtX1GqsRIxMRZjAxGeW0g7Tw29TJAGEk
wTjrs9ZNRrgUGxAl+2/WvNj9X6uxYRIQTiE1ouOC8H6UEUXK9lypEWWMiykJ/lPX
Z8T4J3D/4apzhO1ELl9iHK/XAgMBAAGjggKbMIIClzAdBgNVHQ4EFgQU0fckEt7Y
OgBwidCKOHdqaaPfMigwHwYDVR0jBBgwFoAUQHchajGCagqZih4gf9gk3cvH5w4w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUI3OTkyL0Q2MTI3NEVBM0JD
QTExRUNCMzI1MkIyQ0M0RjlBRTAyL1FIY2hhakdDYWdxWmloNGdmOWdrM2N2SDV3
NC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvUUhjaGFqR0NhZ3FaaWg0Z2Y5Z2szY3ZINXc0LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFC
Nzk5Mi9ENjEyNzRFQTNCQ0ExMUVDQjMyNTJCMkNDNEY5QUUwMi9EMzg0MkQyNDNC
Q0QxMUVDODA4NkUwMzFDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAlBggrBgEFBQcBBwEB/wQW
MBQwEgQCAAEwDAMEAivhHAMEAmcsFDANBgkqhkiG9w0BAQsFAAOCAQEAV/fpkT7F
HtNm+JD9s/ZUAvWqL9alVIiQrQ5Y/QaAXfxg2kBg4kE0ubtMUQabD7eF5Em+xkP9
sPXdHuIsp+lVjNgnbkKbGUCZqXlT5OwjXOw8a4/5G03RtSq8mJTFLh9QWUUZYwR1
DaxkhYzuVyOejvxnfu4JnDjNercbbXT3nAM3MgOqAgkF08fDwHbc+CXTEaDfXzP4
vdZEtQYaV83hb0yKVT9s1E3/+jMsuZsolTMbJED+AYNJwMeivyvmgxvuYxZ5OKWf
g9DA7NGXxft+eKMNQHD5dALGA4o6AAlaGLlJrP5p3SNR/2qgf4nIY//lHzFw1F2M
TnXqXmus6Jvg6A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:57 2024 by rpki-client on console-ams.rpki-client.org