Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E7AC7/F413D708A64911EAB3DB0C6EC4F9AE02/E23FE8F6A71A11EA89325F29C4F9AE02.roa
File:                     E23FE8F6A71A11EA89325F29C4F9AE02.roa (raw, json)
Hash identifier:          Thgke631zR7Hc/BXaD7728C0zFg87r9c7RoNb8FhZIY=
Subject key identifier:   8D:A8:7C:91:4D:82:98:EF:83:73:E7:99:81:2D:40:D3:4C:66:57:B9
Certificate issuer:       /CN=A91E7AC7/serialNumber=E62727F198AB8F22CF38F4D03F6A3DF266EE80F2
Certificate serial:       072B
Authority key identifier: E6:27:27:F1:98:AB:8F:22:CF:38:F4:D0:3F:6A:3D:F2:66:EE:80:F2
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5icn8ZirjyLPOPTQP2o98mbugPI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E7AC7/F413D708A64911EAB3DB0C6EC4F9AE02/E23FE8F6A71A11EA89325F29C4F9AE02.roa
Signing time:             Fri 04 Nov 2022 22:28:21 +0000
ROA not before:           Fri 04 Nov 2022 22:28:21 +0000
ROA not after:            Wed 31 Jan 2024 00:00:00 +0000
asID:                     45504
IP address blocks:        103.22.156.0/22 maxlen: 24
                          103.253.184.0/22 maxlen: 24
                          123.255.224.0/24 maxlen: 24
                          123.255.225.0/24 maxlen: 24
                          123.255.226.0/24 maxlen: 24
                          123.255.227.0/24 maxlen: 24
                          123.255.228.0/24 maxlen: 24
                          123.255.229.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1835 (0x72b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E7AC7/serialNumber=E62727F198AB8F22CF38F4D03F6A3DF266EE80F2
        Validity
            Not Before: Nov  4 22:28:21 2022 GMT
            Not After : Jan 31 00:00:00 2024 GMT
        Subject: CN=63659205-df56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:f6:f0:9f:ef:36:b2:75:3e:8c:ef:ee:ac:40:
                    28:4a:d7:9b:1c:81:13:98:b0:21:6b:49:f4:54:cc:
                    de:c6:d7:b0:07:4d:18:86:9c:60:bf:2f:30:fc:24:
                    05:3b:05:bc:36:60:4a:ca:18:a4:05:0f:64:9a:b1:
                    ed:2a:37:b7:d2:fc:72:13:2d:8d:0e:a5:b1:1c:02:
                    e6:5e:4e:20:4a:87:0a:96:91:3b:2d:17:c5:c0:cd:
                    bd:a0:f0:66:20:36:e4:55:b8:90:3b:94:a9:37:77:
                    d7:81:2b:9d:32:d3:3f:14:f5:88:87:ff:db:d5:ed:
                    7f:25:19:66:36:41:3d:3c:89:6c:f7:6a:e2:1b:ea:
                    21:c3:6d:8a:4d:ab:db:f0:a1:66:44:34:e0:06:d0:
                    3d:c7:63:c4:83:7e:d4:14:c2:55:50:42:1d:bf:ae:
                    08:00:d3:70:c0:1b:da:55:f6:6d:cb:26:fd:1d:5d:
                    40:69:cf:b8:95:a7:c6:e1:ed:82:d2:a3:50:98:40:
                    e9:1e:91:c3:f7:21:1b:7f:1b:45:56:de:ae:0d:f4:
                    c0:3d:8b:8b:64:ae:e4:5e:a1:3b:0d:79:76:ed:7e:
                    0c:fc:bf:c1:c4:64:3d:7e:ea:da:e2:d0:6b:7c:25:
                    2d:99:da:87:e9:f9:41:76:d6:04:57:03:53:b7:14:
                    d0:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:A8:7C:91:4D:82:98:EF:83:73:E7:99:81:2D:40:D3:4C:66:57:B9
            X509v3 Authority Key Identifier:
                keyid:E6:27:27:F1:98:AB:8F:22:CF:38:F4:D0:3F:6A:3D:F2:66:EE:80:F2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E7AC7/F413D708A64911EAB3DB0C6EC4F9AE02/5icn8ZirjyLPOPTQP2o98mbugPI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5icn8ZirjyLPOPTQP2o98mbugPI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E7AC7/F413D708A64911EAB3DB0C6EC4F9AE02/E23FE8F6A71A11EA89325F29C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.22.156.0/22
                  103.253.184.0/22
                  123.255.224.0-123.255.229.255

    Signature Algorithm: sha256WithRSAEncryption
         1d:50:38:f9:74:3d:6b:6c:6d:fb:0e:5a:59:ec:dd:29:d3:cd:
         ab:22:62:35:1d:8e:8e:d5:41:77:6c:10:92:f8:f6:9f:79:50:
         74:95:be:80:e3:5e:14:71:dc:ec:78:ce:78:49:f0:cd:f1:24:
         98:28:68:36:95:54:9a:e4:c5:5a:ba:0c:0a:28:de:15:ca:2b:
         b1:2d:0b:ce:d7:25:7d:60:e5:32:11:3b:e3:49:f2:e7:6f:6d:
         a7:ad:71:ad:86:c0:b4:b0:bf:e2:aa:b7:68:c8:e2:9a:63:1d:
         c9:0c:b6:52:d0:ef:c3:e3:bf:c1:1e:41:f7:23:7d:ed:65:e0:
         db:5f:6e:44:81:76:00:83:c9:78:45:5c:75:00:0f:10:74:c7:
         c7:db:22:ae:d1:ab:26:2a:ad:23:15:97:f2:2c:d0:e3:77:8f:
         f2:9b:e4:cc:2d:83:2b:3d:35:e4:df:61:2e:d2:02:fe:43:2e:
         36:09:9a:2a:91:cd:e8:88:bb:a5:22:8f:6a:40:11:63:ab:b2:
         17:f9:2d:97:20:9f:e4:20:f6:0a:51:e7:bc:44:18:6f:04:48:
         3e:31:7e:3a:84:60:90:fb:60:b5:f5:32:f0:c3:ea:4e:f3:a5:
         62:94:f0:2f:29:7c:7d:3f:16:62:8e:4d:9b:4e:24:f5:9a:60:
         7d:f7:a2:70
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgICByswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTdBQzcxMTAvBgNVBAUTKEU2MjcyN0YxOThBQjhGMjJDRjM4RjREMDNGNkEzREYy
NjZFRTgwRjIwHhcNMjIxMTA0MjIyODIxWhcNMjQwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzY1OTIwNS1kZjU2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxPbwn+82snU+jO/urEAoStebHIETmLAha0n0VMzextewB00Yhpxgvy8w/CQF
OwW8NmBKyhikBQ9kmrHtKje30vxyEy2NDqWxHALmXk4gSocKlpE7LRfFwM29oPBm
IDbkVbiQO5SpN3fXgSudMtM/FPWIh//b1e1/JRlmNkE9PIls92riG+ohw22KTavb
8KFmRDTgBtA9x2PEg37UFMJVUEIdv64IANNwwBvaVfZtyyb9HV1Aac+4lafG4e2C
0qNQmEDpHpHD9yEbfxtFVt6uDfTAPYuLZK7kXqE7DXl27X4M/L/BxGQ9fura4tBr
fCUtmdqH6flBdtYEVwNTtxTQCwIDAQABo4ICqTCCAqUwHQYDVR0OBBYEFI2ofJFN
gpjvg3PnmYEtQNNMZle5MB8GA1UdIwQYMBaAFOYnJ/GYq48izzj00D9qPfJm7oDy
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFN0FDNy9GNDEzRDcwOEE2
NDkxMUVBQjNEQjBDNkVDNEY5QUUwMi81aWNuOFppcmp5TFBPUFRRUDJvOThtYnVn
UEkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzVpY244WmlyanlMUE9QVFFQMm85OG1idWdQSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTdBQzcvRjQxM0Q3MDhBNjQ5MTFFQUIzREIwQzZFQzRGOUFFMDIvRTIzRkU4RjZB
NzFBMTFFQTg5MzI1RjI5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMwYIKwYBBQUHAQcBAf8E
JDAiMCAEAgABMBoDBAJnFpwDBAJn/bgwDAMEBXv/4AMEAXv/5DANBgkqhkiG9w0B
AQsFAAOCAQEAHVA4+XQ9a2xt+w5aWezdKdPNqyJiNR2OjtVBd2wQkvj2n3lQdJW+
gONeFHHc7HjOeEnwzfEkmChoNpVUmuTFWroMCijeFcorsS0LztclfWDlMhE740ny
529tp61xrYbAtLC/4qq3aMjimmMdyQy2UtDvw+O/wR5B9yN97WXg219uRIF2AIPJ
eEVcdQAPEHTHx9sirtGrJiqtIxWX8izQ43eP8pvkzC2DKz015N9hLtIC/kMuNgma
KpHN6Ii7pSKPakARY6uyF/ktlyCf5CD2ClHnvEQYbwRIPjF+OoRgkPtgtfUy8MPq
TvOlYpTwLyl8fT8WYo5Nm04k9ZpgffeicA==
-----END CERTIFICATE-----