Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B84BD/533AE67E20AB11EAB8B76119C4F9AE02/88A54AB6F1F011EC920D932DC4F9AE02.roa
File:                     88A54AB6F1F011EC920D932DC4F9AE02.roa (raw, json)
Hash identifier:          d1UnpAIhho4Qp7DYVab1InjGXzEEaZn/lRA1jJRE0rU=
Subject key identifier:   DE:F2:BC:20:9C:52:07:24:EA:9D:62:7D:81:90:9B:C0:0C:27:71:6C
Certificate issuer:       /CN=A91B84BD/serialNumber=8F18B1B61CAA4B680857B5DBD93DCD3E6DD316B5
Certificate serial:       0A32
Authority key identifier: 8F:18:B1:B6:1C:AA:4B:68:08:57:B5:DB:D9:3D:CD:3E:6D:D3:16:B5
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jxixthyqS2gIV7Xb2T3NPm3TFrU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B84BD/533AE67E20AB11EAB8B76119C4F9AE02/88A54AB6F1F011EC920D932DC4F9AE02.roa
Signing time:             Sat 08 Apr 2023 20:57:33 +0000
ROA not before:           Sat 08 Apr 2023 20:57:33 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     142541
IP address blocks:        103.114.128.0/24 maxlen: 24
                          103.114.129.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2610 (0xa32)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B84BD/serialNumber=8F18B1B61CAA4B680857B5DBD93DCD3E6DD316B5
        Validity
            Not Before: Apr  8 20:57:33 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6431d53d-caf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:04:07:5b:8a:55:00:8b:db:54:9b:1e:e0:16:
                    79:0e:4f:9b:af:48:04:12:01:c4:53:c8:4a:53:ae:
                    98:cd:37:3a:6f:d7:64:b8:5a:8f:da:35:b4:4b:c6:
                    fe:49:74:ba:a1:90:f3:10:cf:55:b7:14:2e:73:3f:
                    c2:08:61:fd:ee:23:46:99:ad:01:e3:b5:96:d1:c3:
                    86:b6:20:16:5c:88:c6:04:c2:b1:35:bd:4e:28:84:
                    84:54:16:07:f8:18:99:df:9f:17:ae:93:78:b1:44:
                    0c:40:51:27:39:5a:f4:6a:88:e1:fe:56:f8:4a:f7:
                    4e:7c:56:8d:61:99:69:8c:8e:71:d7:ac:b0:82:2b:
                    76:c5:b2:d1:a8:7c:34:77:36:8a:1e:d0:be:3a:2b:
                    4b:a1:85:ba:89:2c:a3:f6:56:c7:99:6a:fd:5f:25:
                    b9:b0:b2:84:ea:95:e7:90:40:fd:88:55:5d:83:d0:
                    5d:32:a2:82:8c:b3:b2:57:44:b6:ca:94:a7:85:d0:
                    8b:07:b5:5b:7b:67:9f:e2:47:d0:67:f5:c3:4a:18:
                    c3:4d:6a:3b:ea:ef:15:27:ed:03:8a:eb:62:95:bb:
                    e9:e0:fe:55:fb:d3:3f:b7:32:66:4e:86:3f:f1:37:
                    d6:bb:2e:8f:af:8f:83:6e:24:08:0d:fd:56:e8:7a:
                    6a:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:F2:BC:20:9C:52:07:24:EA:9D:62:7D:81:90:9B:C0:0C:27:71:6C
            X509v3 Authority Key Identifier:
                keyid:8F:18:B1:B6:1C:AA:4B:68:08:57:B5:DB:D9:3D:CD:3E:6D:D3:16:B5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B84BD/533AE67E20AB11EAB8B76119C4F9AE02/jxixthyqS2gIV7Xb2T3NPm3TFrU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jxixthyqS2gIV7Xb2T3NPm3TFrU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B84BD/533AE67E20AB11EAB8B76119C4F9AE02/88A54AB6F1F011EC920D932DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.114.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         75:03:c2:1e:f9:59:1d:a3:e5:e8:c6:e7:fa:23:37:cc:ba:92:
         29:9c:3d:96:55:86:9f:5d:87:f9:94:9d:ab:0f:05:d7:0d:88:
         5f:01:56:5e:dd:18:90:d8:ee:60:e7:52:cb:0f:c7:e3:d0:ef:
         56:b5:10:ad:9f:1a:b4:b2:f5:62:86:a5:fa:4d:ca:62:07:2b:
         7f:c6:a4:dd:19:13:ac:83:b3:cb:ff:2a:e2:dd:36:44:a5:f6:
         14:1a:9c:05:f4:59:97:ea:a8:60:ed:73:36:7b:2a:64:40:c3:
         7c:fd:a9:66:5b:b9:97:34:f6:b6:fd:c0:4d:a2:c8:18:f5:fd:
         b9:66:60:20:f6:67:da:a9:5f:d1:2f:a9:fb:b3:db:b3:04:f3:
         b6:fa:09:c4:8e:b0:33:41:60:23:87:82:5a:48:da:ed:04:0e:
         aa:93:f4:cb:b5:e2:62:31:b6:8f:36:33:37:5b:90:e0:9b:92:
         c6:d6:bf:41:f7:69:a8:12:b6:85:ad:74:b7:e7:60:bf:17:1f:
         a3:c1:46:c3:bd:59:fc:07:0d:50:50:ca:67:cf:62:b9:26:c0:
         9c:e4:e7:17:69:9f:34:e9:fe:61:9f:1e:47:1b:4e:d9:ee:ab:
         09:13:79:01:55:70:0f:be:74:9e:be:38:6f:dd:24:2f:d8:c2:
         dc:a1:e1:ac
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICCjIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Qjg0QkQxMTAvBgNVBAUTKDhGMThCMUI2MUNBQTRCNjgwODU3QjVEQkQ5M0RDRDNF
NkREMzE2QjUwHhcNMjMwNDA4MjA1NzMzWhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDMxZDUzZC1jYWY5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqQQHW4pVAIvbVJse4BZ5Dk+br0gEEgHEU8hKU66YzTc6b9dkuFqP2jW0S8b+
SXS6oZDzEM9VtxQucz/CCGH97iNGma0B47WW0cOGtiAWXIjGBMKxNb1OKISEVBYH
+BiZ358XrpN4sUQMQFEnOVr0aojh/lb4SvdOfFaNYZlpjI5x16ywgit2xbLRqHw0
dzaKHtC+OitLoYW6iSyj9lbHmWr9XyW5sLKE6pXnkED9iFVdg9BdMqKCjLOyV0S2
ypSnhdCLB7Vbe2ef4kfQZ/XDShjDTWo76u8VJ+0Diutilbvp4P5V+9M/tzJmToY/
8TfWuy6Pr4+DbiQIDf1W6HpqYwIDAQABo4IClTCCApEwHQYDVR0OBBYEFN7yvCCc
Ugck6p1ifYGQm8AMJ3FsMB8GA1UdIwQYMBaAFI8YsbYcqktoCFe129k9zT5t0xa1
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCODRCRC81MzNBRTY3RTIw
QUIxMUVBQjhCNzYxMTlDNEY5QUUwMi9qeGl4dGh5cVMyZ0lWN1hiMlQzTlBtM1RG
clUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2p4aXh0aHlxUzJnSVY3WGIyVDNOUG0zVEZyVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Qjg0QkQvNTMzQUU2N0UyMEFCMTFFQUI4Qjc2MTE5QzRGOUFFMDIvODhBNTRBQjZG
MUYwMTFFQzkyMEQ5MzJEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFncoAwDQYJKoZIhvcNAQELBQADggEBAHUDwh75WR2j5ejG
5/ojN8y6kimcPZZVhp9dh/mUnasPBdcNiF8BVl7dGJDY7mDnUssPx+PQ71a1EK2f
GrSy9WKGpfpNymIHK3/GpN0ZE6yDs8v/KuLdNkSl9hQanAX0WZfqqGDtczZ7KmRA
w3z9qWZbuZc09rb9wE2iyBj1/blmYCD2Z9qpX9Evqfuz27ME87b6CcSOsDNBYCOH
glpI2u0EDqqT9Mu14mIxto82MzdbkOCbksbWv0H3aagStoWtdLfnYL8XH6PBRsO9
WfwHDVBQymfPYrkmwJzk5xdpnzTp/mGfHkcbTtnuqwkTeQFVcA++dJ6+OG/dJC/Y
wtyh4aw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:38 2024 by rpki-client on console-fra.rpki-client.org