Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91EC8D7/E38BCA5EEFEB11E993365459C4F9AE02/881A2B2AE84C11EA96A88328C4F9AE02.roa
File:                     881A2B2AE84C11EA96A88328C4F9AE02.roa (raw, json)
Hash identifier:          /zdGRJunOjXswngjAjl+B07L0DYm3GD3VU5MD71sEJo=
Subject key identifier:   15:F0:57:6E:30:66:C5:76:A7:0F:7B:5D:16:27:D2:57:4D:65:A8:24
Certificate issuer:       /CN=A91EC8D7/serialNumber=AB8729A2141A45C1FF407F22266F9FE6D3C18D80
Certificate serial:       06C8
Authority key identifier: AB:87:29:A2:14:1A:45:C1:FF:40:7F:22:26:6F:9F:E6:D3:C1:8D:80
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/q4cpohQaRcH_QH8iJm-f5tPBjYA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91EC8D7/E38BCA5EEFEB11E993365459C4F9AE02/881A2B2AE84C11EA96A88328C4F9AE02.roa
Signing time:             Fri 14 May 2021 07:44:27 +0000
ROA not before:           Fri 14 May 2021 07:44:27 +0000
ROA not after:            Sat 30 Jul 2022 00:00:00 +0000
asID:                     23860
IP address blocks:        45.249.72.0/22 maxlen: 23
                          45.249.72.0/24 maxlen: 24
                          45.249.73.0/24 maxlen: 24
                          45.249.74.0/24 maxlen: 24
                          45.249.75.0/24 maxlen: 24
                          103.217.232.0/22 maxlen: 23
                          103.217.232.0/24 maxlen: 24
                          103.217.233.0/24 maxlen: 24
                          103.217.234.0/24 maxlen: 24
                          103.217.235.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1736 (0x6c8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91EC8D7/serialNumber=AB8729A2141A45C1FF407F22266F9FE6D3C18D80
        Validity
            Not Before: May 14 07:44:27 2021 GMT
            Not After : Jul 30 00:00:00 2022 GMT
        Subject: CN=609e2a5b-072f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:db:24:5b:f1:00:8d:49:b0:36:ad:51:91:63:
                    10:c0:dc:70:cf:8a:7a:ef:a8:70:da:60:1e:9b:88:
                    92:f9:82:91:64:f4:e2:8a:64:1d:e2:74:c5:67:75:
                    60:f6:76:40:a1:c4:37:d7:e8:dd:fc:76:3f:dc:e5:
                    14:d0:aa:56:21:23:7b:1e:15:f6:5f:15:5e:5f:e0:
                    ea:e3:43:24:43:dd:87:96:8e:6b:74:05:67:86:09:
                    32:14:67:56:f3:a8:f4:bc:4f:1f:ce:29:7c:49:ba:
                    d1:9e:c5:9b:da:2c:00:d4:53:9a:6b:27:fd:c3:15:
                    60:6b:c3:29:01:2d:b8:32:ae:f1:ec:80:60:4b:f5:
                    15:1f:66:b1:a5:fd:7e:a7:9f:8d:97:cc:2d:d5:23:
                    a3:d4:39:b9:d2:2a:7a:dd:08:21:62:db:42:ef:5e:
                    73:c9:0c:a4:2c:19:06:79:39:cc:b8:2d:24:e5:a3:
                    54:e4:97:3b:4a:76:b2:49:f1:89:0d:48:68:10:5d:
                    2f:8b:25:97:54:5e:64:7d:39:85:51:58:58:eb:86:
                    33:a2:42:45:4f:7c:93:e5:88:7e:67:ea:f6:4d:57:
                    d1:c0:51:0c:d5:cc:3d:da:7b:41:fe:4d:1b:f4:b0:
                    1b:e0:0e:2c:f4:51:9e:d7:cf:e5:c9:f9:01:15:12:
                    fb:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:F0:57:6E:30:66:C5:76:A7:0F:7B:5D:16:27:D2:57:4D:65:A8:24
            X509v3 Authority Key Identifier:
                keyid:AB:87:29:A2:14:1A:45:C1:FF:40:7F:22:26:6F:9F:E6:D3:C1:8D:80

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91EC8D7/E38BCA5EEFEB11E993365459C4F9AE02/q4cpohQaRcH_QH8iJm-f5tPBjYA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/q4cpohQaRcH_QH8iJm-f5tPBjYA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EC8D7/E38BCA5EEFEB11E993365459C4F9AE02/881A2B2AE84C11EA96A88328C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.249.72.0/22
                  103.217.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         58:92:fd:d2:f4:75:b2:53:61:9c:70:2b:5b:9b:e7:98:20:ed:
         0b:04:d6:a8:1a:40:bf:2c:e4:be:a0:59:db:b5:a0:b4:71:43:
         af:38:49:f1:42:40:49:73:c5:a7:fa:5a:e6:c7:ed:d9:e7:ac:
         47:fe:65:4c:b6:8d:fb:dc:10:e7:2d:d7:31:e4:ff:9a:51:78:
         e2:98:71:71:35:c4:69:ca:76:c3:d9:54:fa:8c:29:7f:7e:79:
         59:4e:94:e5:16:26:d0:96:0e:37:75:a1:a7:83:c2:d9:d5:87:
         b3:18:92:61:85:c9:ed:0d:a9:70:40:f2:f8:06:86:a1:56:85:
         69:b4:6d:6f:b7:df:c2:e6:62:fc:8d:6d:3a:b3:eb:2c:45:33:
         98:5a:86:cc:2f:fa:05:76:a4:0f:5e:0e:f7:40:a6:be:db:6d:
         74:74:b6:04:fc:c9:60:01:0f:cb:7c:79:e1:81:0b:a1:0e:5f:
         7c:41:f5:71:6a:e7:72:46:05:0d:0e:2e:8d:4b:69:9a:af:9a:
         45:ad:02:8c:3c:79:67:11:be:dc:5e:98:19:02:13:c0:e1:eb:
         73:f3:92:99:e4:83:30:1c:b7:f3:72:3b:1f:77:24:ba:57:d3:
         72:89:39:e8:fe:12:a5:99:35:9f:cd:12:fd:74:88:05:63:b1:
         c5:45:bb:10
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICBsgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUM4RDcxMTAvBgNVBAUTKEFCODcyOUEyMTQxQTQ1QzFGRjQwN0YyMjI2NkY5RkU2
RDNDMThEODAwHhcNMjEwNTE0MDc0NDI3WhcNMjIwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MDllMmE1Yi0wNzJmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA8tskW/EAjUmwNq1RkWMQwNxwz4p676hw2mAem4iS+YKRZPTiimQd4nTFZ3Vg
9nZAocQ31+jd/HY/3OUU0KpWISN7HhX2XxVeX+Dq40MkQ92Hlo5rdAVnhgkyFGdW
86j0vE8fzil8SbrRnsWb2iwA1FOaayf9wxVga8MpAS24Mq7x7IBgS/UVH2axpf1+
p5+Nl8wt1SOj1Dm50ip63QghYttC715zyQykLBkGeTnMuC0k5aNU5Jc7SnaySfGJ
DUhoEF0viyWXVF5kfTmFUVhY64YzokJFT3yT5Yh+Z+r2TVfRwFEM1cw92ntB/k0b
9LAb4A4s9FGe18/lyfkBFRL7ZwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFBXwV24w
ZsV2pw97XRYn0ldNZagkMB8GA1UdIwQYMBaAFKuHKaIUGkXB/0B/IiZvn+bTwY2A
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQzhENy9FMzhCQ0E1RUVG
RUIxMUU5OTMzNjU0NTlDNEY5QUUwMi9xNGNwb2hRYVJjSF9RSDhpSm0tZjV0UEJq
WUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3E0Y3BvaFFhUmNIX1FIOGlKbS1mNXRQQmpZQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUM4RDcvRTM4QkNBNUVFRkVCMTFFOTkzMzY1NDU5QzRGOUFFMDIvODgxQTJCMkFF
ODRDMTFFQTk2QTg4MzI4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAIt+UgDBAJn2egwDQYJKoZIhvcNAQELBQADggEBAFiS/dL0
dbJTYZxwK1ub55gg7QsE1qgaQL8s5L6gWdu1oLRxQ684SfFCQElzxaf6WubH7dnn
rEf+ZUy2jfvcEOct1zHk/5pReOKYcXE1xGnKdsPZVPqMKX9+eVlOlOUWJtCWDjd1
oaeDwtnVh7MYkmGFye0NqXBA8vgGhqFWhWm0bW+338LmYvyNbTqz6yxFM5hahswv
+gV2pA9eDvdApr7bbXR0tgT8yWABD8t8eeGBC6EOX3xB9XFq53JGBQ0OLo1LaZqv
mkWtAow8eWcRvtxemBkCE8Dh63PzkpnkgzAct/NyOx93JLpX03KJOej+EqWZNZ/N
Ev10iAVjscVFuxA=
-----END CERTIFICATE-----