Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91FBECF/B8F59F20183C11EBB945EC0BC4F9AE02/8C7351567CD511EBA76D3567C4F9AE02.roa
File:                     8C7351567CD511EBA76D3567C4F9AE02.roa (raw, json)
Hash identifier:          WhRd+C0iJWBO1kyk87a3yjd8a3dkhcoeZWok8tqvIls=
Subject key identifier:   FB:C9:4C:D0:76:4F:45:78:AC:9F:95:2E:CA:B0:08:32:4C:12:C9:2F
Certificate issuer:       /CN=A91FBECF/serialNumber=7CB09D2FA2F3F0914A97E594F80BF7B1E3E34E61
Certificate serial:       066B
Authority key identifier: 7C:B0:9D:2F:A2:F3:F0:91:4A:97:E5:94:F8:0B:F7:B1:E3:E3:4E:61
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/fLCdL6Lz8JFKl-WU-Av3sePjTmE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91FBECF/B8F59F20183C11EBB945EC0BC4F9AE02/8C7351567CD511EBA76D3567C4F9AE02.roa
Signing time:             Thu 14 Dec 2023 23:11:37 +0000
ROA not before:           Thu 14 Dec 2023 23:11:37 +0000
ROA not after:            Sun 02 Mar 2025 00:00:00 +0000
asID:                     59243
IP address blocks:        146.88.92.0/24 maxlen: 24
                          146.88.95.0/24 maxlen: 24
                          159.117.40.0/21 maxlen: 24
                          159.117.96.0/21 maxlen: 21

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1643 (0x66b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91FBECF/serialNumber=7CB09D2FA2F3F0914A97E594F80BF7B1E3E34E61
        Validity
            Not Before: Dec 14 23:11:37 2023 GMT
            Not After : Mar  2 00:00:00 2025 GMT
        Subject: CN=657b8ba8-577f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a0:28:55:1f:63:3a:cd:92:fb:23:da:da:96:
                    16:73:ce:40:3f:5a:50:95:80:53:8a:f9:da:e6:38:
                    35:2b:1f:26:38:e0:66:48:fe:83:33:d8:64:e3:e4:
                    07:b4:a6:a4:30:37:4e:4a:df:27:64:e3:5a:57:60:
                    c2:e4:96:f1:c9:9e:d2:d0:e8:e5:58:93:6e:10:c2:
                    c3:48:c4:22:12:c0:61:59:0b:4c:8b:d2:78:a5:03:
                    b2:39:88:c8:98:87:f8:8e:52:bd:8e:3e:9f:b4:bb:
                    4a:9a:59:c2:aa:2b:0e:a6:79:d3:59:07:dd:33:79:
                    6a:96:3f:76:83:a6:f3:e5:88:55:df:f4:bb:da:8c:
                    a2:32:6c:48:e0:62:31:fc:93:b5:1b:3e:ad:91:89:
                    f2:8d:07:94:82:8c:52:0a:9a:18:ba:d3:3e:1c:20:
                    16:8f:57:b4:20:70:4e:6e:06:45:76:5d:f2:f2:98:
                    9b:1e:45:df:c2:1a:dd:ad:8e:f1:93:cb:d9:b9:f1:
                    b6:dd:1c:b4:b4:40:56:1b:3c:16:6f:f3:b8:df:ed:
                    ef:ba:a6:4d:a1:8c:bd:cc:7c:57:88:64:df:69:0c:
                    9d:50:b3:e8:6c:93:c1:18:8c:18:3e:92:58:26:73:
                    fa:95:58:ab:83:bc:c3:1f:3d:bc:43:5d:42:5c:5b:
                    36:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:C9:4C:D0:76:4F:45:78:AC:9F:95:2E:CA:B0:08:32:4C:12:C9:2F
            X509v3 Authority Key Identifier:
                keyid:7C:B0:9D:2F:A2:F3:F0:91:4A:97:E5:94:F8:0B:F7:B1:E3:E3:4E:61

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91FBECF/B8F59F20183C11EBB945EC0BC4F9AE02/fLCdL6Lz8JFKl-WU-Av3sePjTmE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/fLCdL6Lz8JFKl-WU-Av3sePjTmE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91FBECF/B8F59F20183C11EBB945EC0BC4F9AE02/8C7351567CD511EBA76D3567C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.88.92.0/24
                  146.88.95.0/24
                  159.117.40.0/21
                  159.117.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         ae:c7:99:a0:6f:db:73:81:6b:e8:89:54:d8:a5:31:40:61:61:
         de:64:8e:6f:70:4e:09:5b:02:ce:5e:a2:b7:94:e9:bc:7f:09:
         a1:e4:6a:04:65:c5:5a:3a:58:8e:d6:9e:b4:2c:ed:f1:8c:1f:
         e7:d1:35:13:ab:4d:27:c9:ee:7d:2d:13:a4:f0:37:d2:a5:d4:
         ae:85:65:a2:52:aa:55:0a:ad:b6:4a:9b:6d:97:d9:cb:f2:e3:
         e5:bc:c8:ba:94:f8:14:35:b3:71:19:10:fa:0a:44:f6:20:06:
         ce:45:1c:a7:05:59:95:39:d5:00:5a:a5:ce:7c:20:41:16:95:
         69:b4:3b:33:2d:ed:89:9c:9e:01:0a:4d:33:8c:89:bb:1f:df:
         23:d9:62:70:d3:5e:0f:29:98:32:bc:bf:f8:72:4d:f2:2e:df:
         a2:fa:dd:00:5a:c9:50:16:e8:87:29:77:83:db:33:76:db:39:
         40:b7:77:70:31:8c:78:92:ae:d8:b7:9a:66:e0:59:38:33:92:
         15:77:f3:28:d4:7b:aa:c8:ce:7a:80:ec:66:0d:0e:24:65:8d:
         92:a2:52:03:43:df:87:7a:aa:47:84:67:1d:79:8f:44:f9:31:
         65:19:6a:ea:e4:d5:52:45:d1:2d:09:ba:c2:7b:8d:37:49:f5:
         ed:6a:33:ab
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICBmswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RkJFQ0YxMTAvBgNVBAUTKDdDQjA5RDJGQTJGM0YwOTE0QTk3RTU5NEY4MEJGN0Ix
RTNFMzRFNjEwHhcNMjMxMjE0MjMxMTM3WhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTdiOGJhOC01NzdmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAo6AoVR9jOs2S+yPa2pYWc85AP1pQlYBTivna5jg1Kx8mOOBmSP6DM9hk4+QH
tKakMDdOSt8nZONaV2DC5JbxyZ7S0OjlWJNuEMLDSMQiEsBhWQtMi9J4pQOyOYjI
mIf4jlK9jj6ftLtKmlnCqisOpnnTWQfdM3lqlj92g6bz5YhV3/S72oyiMmxI4GIx
/JO1Gz6tkYnyjQeUgoxSCpoYutM+HCAWj1e0IHBObgZFdl3y8pibHkXfwhrdrY7x
k8vZufG23Ry0tEBWGzwWb/O43+3vuqZNoYy9zHxXiGTfaQydULPobJPBGIwYPpJY
JnP6lVirg7zDHz28Q11CXFs2YwIDAQABo4ICpzCCAqMwHQYDVR0OBBYEFPvJTNB2
T0V4rJ+VLsqwCDJMEskvMB8GA1UdIwQYMBaAFHywnS+i8/CRSpfllPgL97Hj405h
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGQkVDRi9COEY1OUYyMDE4
M0MxMUVCQjk0NUVDMEJDNEY5QUUwMi9mTENkTDZMejhKRktsLVdVLUF2M3NlUGpU
bUUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2ZMQ2RMNkx6OEpGS2wtV1UtQXYzc2VQalRtRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RkJFQ0YvQjhGNTlGMjAxODNDMTFFQkI5NDVFQzBCQzRGOUFFMDIvOEM3MzUxNTY3
Q0Q1MTFFQkE3NkQzNTY3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMQYIKwYBBQUHAQcBAf8E
IjAgMB4EAgABMBgDBACSWFwDBACSWF8DBAOfdSgDBAOfdWAwDQYJKoZIhvcNAQEL
BQADggEBAK7HmaBv23OBa+iJVNilMUBhYd5kjm9wTglbAs5eoreU6bx/CaHkagRl
xVo6WI7WnrQs7fGMH+fRNROrTSfJ7n0tE6TwN9Kl1K6FZaJSqlUKrbZKm22X2cvy
4+W8yLqU+BQ1s3EZEPoKRPYgBs5FHKcFWZU51QBapc58IEEWlWm0OzMt7YmcngEK
TTOMibsf3yPZYnDTXg8pmDK8v/hyTfIu36L63QBayVAW6Icpd4PbM3bbOUC3d3Ax
jHiSrti3mmbgWTgzkhV38yjUe6rIznqA7GYNDiRljZKiUgND34d6qkeEZx15j0T5
MWUZaurk1VJF0S0JusJ7jTdJ9e1qM6s=
-----END CERTIFICATE-----