Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91BDE77/3A66965C1D8411E291A515DA08B02CD2/C58FAB9EC98C11E5915CA987C4F9AE02.roa
File:                     C58FAB9EC98C11E5915CA987C4F9AE02.roa (raw, json)
Hash identifier:          ssefbRJCKASuSQXdO77udYDKzaCFaoW6o5mz0qbq3U8=
Subject key identifier:   F5:C0:46:22:00:8A:71:03:7F:3C:1B:17:77:FA:4A:04:33:02:7D:8E
Certificate issuer:       /CN=A91BDE77/serialNumber=9C0BD53F9C4B7C8E3C1C0C7F2BD3FD17CE2C2FE2
Certificate serial:       3331
Authority key identifier: 9C:0B:D5:3F:9C:4B:7C:8E:3C:1C:0C:7F:2B:D3:FD:17:CE:2C:2F:E2
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nAvVP5xLfI48HAx_K9P9F84sL-I.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91BDE77/3A66965C1D8411E291A515DA08B02CD2/C58FAB9EC98C11E5915CA987C4F9AE02.roa
Signing time:             Tue 16 Aug 2022 02:30:19 +0000
ROA not before:           Tue 16 Aug 2022 02:30:19 +0000
ROA not after:            Tue 31 Oct 2023 00:00:00 +0000
asID:                     24514
IP address blocks:        1.9.21.0/24 maxlen: 24
                          1.9.65.0/24 maxlen: 24
                          203.106.56.0/21 maxlen: 21
                          203.106.64.0/22 maxlen: 22

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13105 (0x3331)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91BDE77/serialNumber=9C0BD53F9C4B7C8E3C1C0C7F2BD3FD17CE2C2FE2
        Validity
            Not Before: Aug 16 02:30:19 2022 GMT
            Not After : Oct 31 00:00:00 2023 GMT
        Subject: CN=62fb013b-b396
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:07:79:55:f5:f5:35:87:ab:9a:e8:58:e5:b3:
                    9c:ec:04:96:e4:44:8e:da:3e:f7:36:d4:9e:8f:28:
                    9f:0c:09:ee:dc:a2:28:36:7d:3c:be:06:37:74:23:
                    02:43:cd:24:33:37:ef:b6:fd:bc:bf:0e:de:2c:0e:
                    9e:26:56:62:52:81:c3:cd:7f:c3:17:f2:56:c9:1c:
                    34:e3:7b:f5:2e:7e:ee:a8:7b:9e:69:4d:90:e0:66:
                    6e:ca:60:d0:92:c6:0f:56:e2:94:d5:6a:1d:cb:09:
                    72:85:1a:85:5d:8f:aa:07:d7:3e:a6:a4:98:f1:23:
                    7a:d2:de:07:23:3b:5a:ce:18:9c:e1:71:eb:e7:f6:
                    b2:8d:7d:da:26:93:3c:62:15:9f:39:f6:1c:5d:f9:
                    55:0c:87:c9:e6:56:ac:d6:c0:a4:e4:6f:f9:5b:89:
                    9c:6e:d5:64:76:30:c1:93:e4:69:4d:5c:97:83:a7:
                    3d:6d:58:f2:ba:8d:ce:66:61:99:c0:c3:8a:42:3d:
                    4a:89:c8:b9:0d:56:75:f8:82:2c:b6:dc:0a:a9:74:
                    b9:43:b2:0e:c5:2d:c0:28:3f:c7:cf:56:f4:9a:cc:
                    bb:3d:dc:84:1c:1b:86:14:3b:96:e4:63:df:2f:31:
                    1c:44:8a:46:a0:7f:72:8d:fd:61:ff:b5:1b:aa:92:
                    0e:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:C0:46:22:00:8A:71:03:7F:3C:1B:17:77:FA:4A:04:33:02:7D:8E
            X509v3 Authority Key Identifier:
                keyid:9C:0B:D5:3F:9C:4B:7C:8E:3C:1C:0C:7F:2B:D3:FD:17:CE:2C:2F:E2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91BDE77/3A66965C1D8411E291A515DA08B02CD2/nAvVP5xLfI48HAx_K9P9F84sL-I.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nAvVP5xLfI48HAx_K9P9F84sL-I.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91BDE77/3A66965C1D8411E291A515DA08B02CD2/C58FAB9EC98C11E5915CA987C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  1.9.21.0/24
                  1.9.65.0/24
                  203.106.56.0-203.106.67.255

    Signature Algorithm: sha256WithRSAEncryption
         7d:ba:69:43:e1:45:0d:72:61:ea:6d:4f:64:9d:a0:64:4d:08:
         e3:c9:c0:8a:3f:f8:96:1c:48:35:8b:8b:e0:6d:92:a5:07:39:
         a1:99:93:b6:63:ea:10:73:9a:55:9f:3c:83:88:66:df:e6:ac:
         d1:73:8c:ec:63:8e:37:2f:18:e0:1c:6a:b6:a3:cf:4a:db:8f:
         05:66:92:67:88:77:19:3d:86:48:33:f8:2c:54:1c:0f:02:d8:
         f5:fa:00:67:fb:4d:81:5f:82:3d:65:65:82:a6:1b:a2:44:f1:
         34:2d:20:66:e9:f8:3d:bb:3b:c3:1d:61:30:83:0d:75:77:cc:
         79:c0:cc:6b:a7:65:58:62:81:9b:11:93:49:10:e9:7d:0a:63:
         f3:3d:ee:d0:ed:bf:9c:dd:19:45:3b:dc:96:61:26:1c:5b:b6:
         92:e7:46:d1:1f:6d:cd:fc:86:0e:ad:34:f9:68:b7:40:d1:3b:
         5b:b9:2a:e1:ad:d3:d0:2e:70:24:58:68:2b:30:42:17:22:66:
         33:85:2a:96:ec:e6:3f:ac:37:2b:67:7b:15:c4:a4:08:fa:19:
         65:96:0f:80:a4:80:64:42:9e:80:8f:06:0a:e1:06:03:ae:b3:
         26:cc:ef:2d:58:47:1d:f2:a2:64:97:f6:07:db:97:66:8e:9f:
         97:a2:e5:2d
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgICMzEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QkRFNzcxMTAvBgNVBAUTKDlDMEJENTNGOUM0QjdDOEUzQzFDMEM3RjJCRDNGRDE3
Q0UyQzJGRTIwHhcNMjIwODE2MDIzMDE5WhcNMjMxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MmZiMDEzYi1iMzk2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtQd5VfX1NYermuhY5bOc7ASW5ESO2j73NtSejyifDAnu3KIoNn08vgY3dCMC
Q80kMzfvtv28vw7eLA6eJlZiUoHDzX/DF/JWyRw043v1Ln7uqHueaU2Q4GZuymDQ
ksYPVuKU1WodywlyhRqFXY+qB9c+pqSY8SN60t4HIztazhic4XHr5/ayjX3aJpM8
YhWfOfYcXflVDIfJ5las1sCk5G/5W4mcbtVkdjDBk+RpTVyXg6c9bVjyuo3OZmGZ
wMOKQj1Kici5DVZ1+IIsttwKqXS5Q7IOxS3AKD/Hz1b0msy7PdyEHBuGFDuW5GPf
LzEcRIpGoH9yjf1h/7UbqpIOEwIDAQABo4ICqTCCAqUwHQYDVR0OBBYEFPXARiIA
inEDfzwbF3f6SgQzAn2OMB8GA1UdIwQYMBaAFJwL1T+cS3yOPBwMfyvT/RfOLC/i
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCREU3Ny8zQTY2OTY1QzFE
ODQxMUUyOTFBNTE1REEwOEIwMkNEMi9uQXZWUDV4TGZJNDhIQXhfSzlQOUY4NHNM
LUkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL25BdlZQNXhMZkk0OEhBeF9LOVA5Rjg0c0wtSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QkRFNzcvM0E2Njk2NUMxRDg0MTFFMjkxQTUxNURBMDhCMDJDRDIvQzU4RkFCOUVD
OThDMTFFNTkxNUNBOTg3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMwYIKwYBBQUHAQcBAf8E
JDAiMCAEAgABMBoDBAABCRUDBAABCUEwDAMEA8tqOAMEAstqQDANBgkqhkiG9w0B
AQsFAAOCAQEAfbppQ+FFDXJh6m1PZJ2gZE0I48nAij/4lhxINYuL4G2SpQc5oZmT
tmPqEHOaVZ88g4hm3+as0XOM7GOONy8Y4BxqtqPPStuPBWaSZ4h3GT2GSDP4LFQc
DwLY9foAZ/tNgV+CPWVlgqYbokTxNC0gZun4Pbs7wx1hMIMNdXfMecDMa6dlWGKB
mxGTSRDpfQpj8z3u0O2/nN0ZRTvclmEmHFu2kudG0R9tzfyGDq00+Wi3QNE7W7kq
4a3T0C5wJFhoKzBCFyJmM4UqluzmP6w3K2d7FcSkCPoZZZYPgKSAZEKegI8GCuEG
A66zJszvLVhHHfKiZJf2B9uXZo6fl6LlLQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:24 2024 by rpki-client on console-ams.rpki-client.org