Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B8D4F/449ECC56EEE111EBBADE2C79C4F9AE02/444AF4A2EEEE11EB90326C4FC4F9AE02.roa
File:                     444AF4A2EEEE11EB90326C4FC4F9AE02.roa (raw, json)
Hash identifier:          eF0G+6ifb25UAZusAYwdTemdFxzFPekwz2YWDDec9y8=
Subject key identifier:   6B:53:FD:C0:15:6A:0A:79:AC:EA:AF:24:2E:E4:71:24:71:B6:A0:6E
Certificate issuer:       /CN=A91B8D4F/serialNumber=05E7C402BCF4821577177BC833055576CE193EB6
Certificate serial:       04CD
Authority key identifier: 05:E7:C4:02:BC:F4:82:15:77:17:7B:C8:33:05:55:76:CE:19:3E:B6
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BefEArz0ghV3F3vIMwVVds4ZPrY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B8D4F/449ECC56EEE111EBBADE2C79C4F9AE02/444AF4A2EEEE11EB90326C4FC4F9AE02.roa
Signing time:             Thu 29 Aug 2024 00:33:09 +0000
ROA not before:           Thu 29 Aug 2024 00:33:09 +0000
ROA not after:            Fri 31 Oct 2025 00:00:00 +0000
asID:                     0
IP address blocks:        103.119.232.0/23 maxlen: 23
                          103.119.234.0/24 maxlen: 24
                          103.119.235.0/24 maxlen: 24
                          2403:4ac0::/48 maxlen: 48
                          2403:4ac0:1::/48 maxlen: 48
                          2403:4ac0:2::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1229 (0x4cd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B8D4F/serialNumber=05E7C402BCF4821577177BC833055576CE193EB6
        Validity
            Not Before: Aug 29 00:33:09 2024 GMT
            Not After : Oct 31 00:00:00 2025 GMT
        Subject: CN=66cfc1c5-ba22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:fe:5d:e0:d5:91:7a:8c:a8:16:dd:af:60:38:
                    85:f7:ce:38:a4:80:32:fb:15:cd:23:e2:96:66:a3:
                    88:a3:cb:02:8d:07:ae:ba:0a:72:6f:0b:92:55:fe:
                    e1:bd:63:73:a3:7d:ef:f8:b5:7a:bb:98:35:f1:13:
                    33:f6:6a:66:b3:6b:e7:3d:06:70:f8:6e:17:8d:22:
                    ea:a7:e0:c0:4c:87:64:67:7c:6b:ca:c5:50:31:9b:
                    4e:7c:ea:dd:fd:29:1e:c3:92:8c:2c:4f:ad:ec:fd:
                    38:db:78:d5:74:a5:41:ae:0a:f5:0b:b0:c6:60:5b:
                    2e:7d:b0:ce:02:ac:c1:ec:89:1d:43:7a:5f:f4:06:
                    ac:94:2f:32:cd:5f:15:ab:36:c1:09:0b:2d:9a:fe:
                    92:a1:88:40:1a:89:b8:9a:48:05:99:eb:67:7e:2c:
                    c8:b3:f1:bc:53:aa:c0:26:2c:ab:1a:c6:47:3f:80:
                    3f:9c:ea:41:17:3d:4d:7c:67:a5:c3:a5:b8:d7:5e:
                    01:8f:7d:5d:89:75:7a:1d:41:d0:94:fb:c3:7e:b1:
                    46:3e:fd:17:27:fc:e7:52:14:43:62:72:3e:a9:82:
                    a4:ae:19:06:b4:ab:32:d1:12:ec:a2:87:5a:7c:44:
                    3b:ec:31:8a:4e:f4:39:6d:a7:cf:ff:47:74:58:44:
                    60:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:53:FD:C0:15:6A:0A:79:AC:EA:AF:24:2E:E4:71:24:71:B6:A0:6E
            X509v3 Authority Key Identifier:
                keyid:05:E7:C4:02:BC:F4:82:15:77:17:7B:C8:33:05:55:76:CE:19:3E:B6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B8D4F/449ECC56EEE111EBBADE2C79C4F9AE02/BefEArz0ghV3F3vIMwVVds4ZPrY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BefEArz0ghV3F3vIMwVVds4ZPrY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B8D4F/449ECC56EEE111EBBADE2C79C4F9AE02/444AF4A2EEEE11EB90326C4FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.119.232.0/22
                IPv6:
                  2403:4ac0::-2403:4ac0:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         74:cb:9a:d4:23:b1:e4:55:e4:a9:c9:47:b5:b7:ba:1f:91:de:
         ca:d7:0a:83:03:e2:d0:fc:b8:30:ab:bb:68:ec:c8:5a:2f:c6:
         bc:9e:cc:2f:84:18:7c:d8:99:a9:9e:70:2d:98:3c:d6:3a:85:
         5d:71:51:79:82:e4:ae:c8:4b:0b:a5:d5:4c:7f:65:e9:24:2f:
         3b:61:60:0e:d2:7d:b6:88:b4:28:9c:8e:ec:ba:87:c4:b4:8d:
         3e:c2:6c:fd:59:dd:5e:91:e2:4d:23:67:f1:49:8f:17:a5:29:
         a2:e2:14:bf:20:10:5c:87:85:69:fd:35:fc:bd:ac:d1:4b:ad:
         12:29:90:22:fe:02:af:8b:f5:5c:04:27:68:4e:95:8b:0e:92:
         a2:b1:fe:fc:57:98:58:07:2e:e7:1c:1e:5e:5e:12:81:02:84:
         8e:12:b7:ef:39:14:9d:33:a7:9a:74:f1:2f:51:b7:33:4b:cc:
         d6:72:ed:01:49:b6:fc:e4:dd:8d:72:87:0d:66:36:cb:37:d7:
         13:58:84:fe:07:09:be:11:11:3f:6d:2c:49:ec:d4:22:c8:d5:
         13:3a:16:f5:d6:83:66:96:35:50:46:41:b1:a3:e1:99:da:ad:
         58:67:4d:d8:3a:84:ab:ef:0c:36:2c:b0:01:58:d6:01:1b:3e:
         12:91:c7:40
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgICBM0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjhENEYxMTAvBgNVBAUTKDA1RTdDNDAyQkNGNDgyMTU3NzE3N0JDODMzMDU1NTc2
Q0UxOTNFQjYwHhcNMjQwODI5MDAzMzA5WhcNMjUxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmNmYzFjNS1iYTIyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2f5d4NWReoyoFt2vYDiF9844pIAy+xXNI+KWZqOIo8sCjQeuugpybwuSVf7h
vWNzo33v+LV6u5g18RMz9mpms2vnPQZw+G4XjSLqp+DATIdkZ3xrysVQMZtOfOrd
/Skew5KMLE+t7P0423jVdKVBrgr1C7DGYFsufbDOAqzB7IkdQ3pf9AaslC8yzV8V
qzbBCQstmv6SoYhAGom4mkgFmetnfizIs/G8U6rAJiyrGsZHP4A/nOpBFz1NfGel
w6W4114Bj31diXV6HUHQlPvDfrFGPv0XJ/znUhRDYnI+qYKkrhkGtKsy0RLsooda
fEQ77DGKTvQ5bafP/0d0WERgewIDAQABo4ICrzCCAqswHQYDVR0OBBYEFGtT/cAV
agp5rOqvJC7kcSRxtqBuMB8GA1UdIwQYMBaAFAXnxAK89IIVdxd7yDMFVXbOGT62
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCOEQ0Ri80NDlFQ0M1NkVF
RTExMUVCQkFERTJDNzlDNEY5QUUwMi9CZWZFQXJ6MGdoVjNGM3ZJTXdWVmRzNFpQ
clkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0JlZkVBcnowZ2hWM0YzdklNd1ZWZHM0WlByWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjhENEYvNDQ5RUNDNTZFRUUxMTFFQkJBREUyQzc5QzRGOUFFMDIvNDQ0QUY0QTJF
RUVFMTFFQjkwMzI2QzRGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOQYIKwYBBQUHAQcBAf8E
KjAoMAwEAgABMAYDBAJnd+gwGAQCAAIwEjAQAwUGJANKwAMHACQDSsAAAjANBgkq
hkiG9w0BAQsFAAOCAQEAdMua1COx5FXkqclHtbe6H5HeytcKgwPi0Py4MKu7aOzI
Wi/GvJ7ML4QYfNiZqZ5wLZg81jqFXXFReYLkrshLC6XVTH9l6SQvO2FgDtJ9toi0
KJyO7LqHxLSNPsJs/VndXpHiTSNn8UmPF6UpouIUvyAQXIeFaf01/L2s0UutEimQ
Iv4Cr4v1XAQnaE6Viw6SorH+/FeYWAcu5xweXl4SgQKEjhK37zkUnTOnmnTxL1G3
M0vM1nLtAUm2/OTdjXKHDWY2yzfXE1iE/gcJvhERP20sSezUIsjVEzoW9daDZpY1
UEZBsaPhmdqtWGdN2DqEq+8MNiywAVjWARs+EpHHQA==
-----END CERTIFICATE-----