Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91FCE8A/006FE54A5DE311E6A5AA364DC4F9AE02/7D3258F05DE411E6A6B7E453C4F9AE02.roa
File:                     7D3258F05DE411E6A6B7E453C4F9AE02.roa (raw, json)
Hash identifier:          MNPpKXI7rDTsc2IwG3nfzqQ+63tnxXRUb/qsMVHa/HQ=
Subject key identifier:   6C:A5:F2:CD:CC:10:36:99:B5:46:2F:0A:86:A8:91:11:99:68:73:71
Certificate issuer:       /CN=A91FCE8A/serialNumber=D424453667D6FCB2D8C854D6A59B781DFFFB52C6
Certificate serial:       1D1C
Authority key identifier: D4:24:45:36:67:D6:FC:B2:D8:C8:54:D6:A5:9B:78:1D:FF:FB:52:C6
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1CRFNmfW_LLYyFTWpZt4Hf_7UsY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91FCE8A/006FE54A5DE311E6A5AA364DC4F9AE02/7D3258F05DE411E6A6B7E453C4F9AE02.roa
Signing time:             Tue 20 Dec 2022 16:53:00 +0000
ROA not before:           Tue 20 Dec 2022 16:53:00 +0000
ROA not after:            Wed 31 Jan 2024 00:00:00 +0000
asID:                     134743
IP address blocks:        45.253.128.0/23 maxlen: 23
                          45.253.128.0/23 maxlen: 24
                          45.253.128.0/24 maxlen: 24
                          45.253.129.0/24 maxlen: 24
                          103.197.212.0/23 maxlen: 23
                          103.197.212.0/24 maxlen: 24
                          103.197.213.0/24 maxlen: 24
                          103.223.136.0/23 maxlen: 23
                          103.223.136.0/23 maxlen: 24
                          103.223.136.0/24 maxlen: 24
                          103.223.137.0/24 maxlen: 24
                          2405:9f80::/32 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7452 (0x1d1c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91FCE8A/serialNumber=D424453667D6FCB2D8C854D6A59B781DFFFB52C6
        Validity
            Not Before: Dec 20 16:53:00 2022 GMT
            Not After : Jan 31 00:00:00 2024 GMT
        Subject: CN=63a1e86c-9136
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:8c:5d:39:01:b1:ce:e7:54:ff:76:ce:cf:c9:
                    63:57:f9:ee:d8:08:66:0a:5c:4c:46:39:65:34:0e:
                    a9:5e:e3:9b:32:6d:6f:ed:1c:d7:2a:fd:61:3a:22:
                    ee:be:6f:a6:20:60:f7:94:5d:b3:fd:0a:a1:3e:e9:
                    25:41:9a:65:19:09:64:14:be:7c:fc:49:3e:31:f1:
                    28:80:ca:c1:a7:53:ff:4e:1a:44:d3:39:b5:79:92:
                    af:2d:42:63:99:bc:05:30:81:9a:43:07:4f:5e:42:
                    7b:32:80:dc:08:7f:31:18:4d:da:6f:35:ba:bd:1c:
                    7c:8a:d3:c6:4d:31:62:bd:1a:d8:3b:ab:c4:31:0a:
                    01:34:0c:b4:45:50:fa:b0:bf:90:0e:55:73:cf:7e:
                    dd:41:76:7d:c4:bb:9f:d6:76:42:f8:df:73:cb:fd:
                    c1:bb:dd:12:bf:34:5d:ed:db:d6:13:69:55:7d:af:
                    f0:9e:51:5f:5f:e3:0e:b0:49:ed:ba:bc:51:db:e6:
                    d7:7d:94:90:46:63:10:1a:ad:c5:24:47:4b:22:b9:
                    a6:d7:c3:85:46:80:a6:a0:80:f8:ac:9f:27:b7:61:
                    15:42:3a:50:22:8a:02:22:80:bf:13:1c:ae:cb:e4:
                    46:c5:c3:25:3f:fd:fe:d3:1f:3c:b8:97:62:ec:2e:
                    6d:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:A5:F2:CD:CC:10:36:99:B5:46:2F:0A:86:A8:91:11:99:68:73:71
            X509v3 Authority Key Identifier:
                keyid:D4:24:45:36:67:D6:FC:B2:D8:C8:54:D6:A5:9B:78:1D:FF:FB:52:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91FCE8A/006FE54A5DE311E6A5AA364DC4F9AE02/1CRFNmfW_LLYyFTWpZt4Hf_7UsY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1CRFNmfW_LLYyFTWpZt4Hf_7UsY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91FCE8A/006FE54A5DE311E6A5AA364DC4F9AE02/7D3258F05DE411E6A6B7E453C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.253.128.0/23
                  103.197.212.0/23
                  103.223.136.0/23
                IPv6:
                  2405:9f80::/32

    Signature Algorithm: sha256WithRSAEncryption
         70:31:8d:99:d1:d0:f1:1d:34:0e:ec:20:6b:1e:ff:48:df:21:
         4d:f8:d3:ee:aa:26:db:97:4a:71:c8:f5:44:34:27:cd:98:12:
         de:c5:60:33:a4:8d:1a:80:b0:72:1b:78:b5:97:a2:e2:c4:90:
         5b:69:59:26:10:ac:c5:d0:a3:47:8b:f7:f1:7a:a8:07:85:48:
         70:60:5c:52:64:03:19:3f:a0:16:8f:e1:e2:b1:6f:d1:da:72:
         76:95:a2:ab:b6:bc:87:c5:f0:de:92:f8:6c:6d:89:02:16:71:
         7c:71:24:d2:44:60:1a:76:2f:a0:ce:d8:e4:47:5c:d7:99:45:
         99:69:17:1d:fb:7b:7d:49:30:26:fc:1f:bf:33:2a:62:68:92:
         7b:42:de:40:81:8f:f1:01:f3:5f:1f:7a:f6:04:11:84:12:8f:
         21:37:41:d8:d1:df:6c:03:45:f9:69:67:57:61:8e:d3:f2:dd:
         65:42:e4:fd:22:87:0f:e7:25:fa:44:24:93:05:3e:46:e1:f5:
         10:f8:4b:4e:0a:2f:b5:25:aa:9b:77:f4:c0:f8:d2:9d:dc:f5:
         47:2c:b0:43:61:dd:31:c8:10:46:bd:a7:e5:2f:6a:9d:8a:8c:
         99:cd:3a:f0:e2:42:50:3f:f8:99:31:eb:14:0e:81:2b:dc:22:
         57:91:78:15
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICHRwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RkNFOEExMTAvBgNVBAUTKEQ0MjQ0NTM2NjdENkZDQjJEOEM4NTRENkE1OUI3ODFE
RkZGQjUyQzYwHhcNMjIxMjIwMTY1MzAwWhcNMjQwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2ExZTg2Yy05MTM2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvIxdOQGxzudU/3bOz8ljV/nu2AhmClxMRjllNA6pXuObMm1v7RzXKv1hOiLu
vm+mIGD3lF2z/QqhPuklQZplGQlkFL58/Ek+MfEogMrBp1P/ThpE0zm1eZKvLUJj
mbwFMIGaQwdPXkJ7MoDcCH8xGE3abzW6vRx8itPGTTFivRrYO6vEMQoBNAy0RVD6
sL+QDlVzz37dQXZ9xLuf1nZC+N9zy/3Bu90SvzRd7dvWE2lVfa/wnlFfX+MOsEnt
urxR2+bXfZSQRmMQGq3FJEdLIrmm18OFRoCmoID4rJ8nt2EVQjpQIooCIoC/Exyu
y+RGxcMlP/3+0x88uJdi7C5tZQIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFGyl8s3M
EDaZtUYvCoaokRGZaHNxMB8GA1UdIwQYMBaAFNQkRTZn1vyy2MhU1qWbeB3/+1LG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGQ0U4QS8wMDZGRTU0QTVE
RTMxMUU2QTVBQTM2NERDNEY5QUUwMi8xQ1JGTm1mV19MTFl5RlRXcFp0NEhmXzdV
c1kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzFDUkZObWZXX0xMWXlGVFdwWnQ0SGZfN1VzWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RkNFOEEvMDA2RkU1NEE1REUzMTFFNkE1QUEzNjREQzRGOUFFMDIvN0QzMjU4RjA1
REU0MTFFNkE2QjdFNDUzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOgYIKwYBBQUHAQcBAf8E
KzApMBgEAgABMBIDBAEt/YADBAFnxdQDBAFn34gwDQQCAAIwBwMFACQFn4AwDQYJ
KoZIhvcNAQELBQADggEBAHAxjZnR0PEdNA7sIGse/0jfIU340+6qJtuXSnHI9UQ0
J82YEt7FYDOkjRqAsHIbeLWXouLEkFtpWSYQrMXQo0eL9/F6qAeFSHBgXFJkAxk/
oBaP4eKxb9HacnaVoqu2vIfF8N6S+GxtiQIWcXxxJNJEYBp2L6DO2ORHXNeZRZlp
Fx37e31JMCb8H78zKmJokntC3kCBj/EB818fevYEEYQSjyE3QdjR32wDRflpZ1dh
jtPy3WVC5P0ihw/nJfpEJJMFPkbh9RD4S04KL7Ulqpt39MD40p3c9UcssENh3THI
EEa9p+Uvap2KjJnNOvDiQlA/+Jkx6xQOgSvcIleReBU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:52 2024 by rpki-client on console-fra.rpki-client.org