Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91856F6/879F388E869E11EB9A049627C4F9AE02/B65D242CBB5E11EEBC438075C4F9AE02.roa
File:                     B65D242CBB5E11EEBC438075C4F9AE02.roa (raw, json)
Hash identifier:          uiZlfNC22D75uQ6GLRg8DF6433jH4HTs5D5Ndscm9xs=
Subject key identifier:   72:2B:50:8C:C0:F5:D2:F3:6B:B4:97:2A:5D:07:6E:11:65:6B:7C:6C
Certificate issuer:       /CN=A91856F6/serialNumber=3A084422257FF5F179A50ECBFC02EBF725BB9343
Certificate serial:       05B3
Authority key identifier: 3A:08:44:22:25:7F:F5:F1:79:A5:0E:CB:FC:02:EB:F7:25:BB:93:43
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OghEIiV_9fF5pQ7L_ALr9yW7k0M.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91856F6/879F388E869E11EB9A049627C4F9AE02/B65D242CBB5E11EEBC438075C4F9AE02.roa
Signing time:             Thu 25 Jan 2024 08:49:56 +0000
ROA not before:           Thu 25 Jan 2024 08:49:56 +0000
ROA not after:            Mon 30 Dec 2024 00:00:00 +0000
asID:                     24192
IP address blocks:        103.253.192.0/24 maxlen: 24
                          103.253.194.0/23 maxlen: 24
                          202.174.112.0/21 maxlen: 21
                          2406:1200::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1459 (0x5b3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91856F6, serialNumber=3A084422257FF5F179A50ECBFC02EBF725BB9343
        Validity
            Not Before: Jan 25 08:49:56 2024 GMT
            Not After : Dec 30 00:00:00 2024 GMT
        Subject: CN=65b220b3-375c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:36:c0:2e:17:16:81:01:52:c2:f7:bc:0e:01:
                    0b:5d:3c:82:b3:79:71:17:71:28:c1:b9:c3:39:f7:
                    da:b5:1d:0f:9d:34:19:db:31:a8:96:8b:b3:6a:74:
                    0b:1e:9b:1d:02:fc:2b:a2:a0:d5:c3:60:b0:50:05:
                    4b:eb:cb:fc:b4:03:90:8e:34:1f:3a:e7:63:3b:5f:
                    80:47:75:9f:05:21:9e:9d:e2:d0:97:4e:06:43:7d:
                    53:bc:2b:14:fc:44:04:d1:76:54:3f:a2:21:43:29:
                    e2:6e:9d:6e:3a:f1:4c:17:1b:68:2f:75:26:29:c7:
                    92:47:ec:7a:54:2d:ca:72:86:8a:d9:70:75:01:28:
                    34:ec:9d:5a:ee:1d:70:bf:84:69:81:77:cc:b4:bc:
                    9c:57:c2:a4:3b:a3:ac:ee:0e:35:c9:58:4a:75:6f:
                    64:ab:10:87:98:a7:db:24:f3:b0:7f:b8:15:06:8e:
                    d0:ac:04:fe:e8:9d:06:45:98:21:16:5f:9c:e1:df:
                    c5:c4:27:58:64:84:49:5a:0a:5b:00:92:dc:82:1e:
                    f7:07:50:cb:78:fd:1a:33:36:84:71:b6:ad:5a:92:
                    cf:25:59:52:d3:c3:90:72:e1:b6:7a:42:83:b6:72:
                    28:ab:3c:f4:45:a3:fe:de:1a:e7:5b:c0:7d:66:01:
                    b6:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:2B:50:8C:C0:F5:D2:F3:6B:B4:97:2A:5D:07:6E:11:65:6B:7C:6C
            X509v3 Authority Key Identifier:
                keyid:3A:08:44:22:25:7F:F5:F1:79:A5:0E:CB:FC:02:EB:F7:25:BB:93:43

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91856F6/879F388E869E11EB9A049627C4F9AE02/OghEIiV_9fF5pQ7L_ALr9yW7k0M.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OghEIiV_9fF5pQ7L_ALr9yW7k0M.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91856F6/879F388E869E11EB9A049627C4F9AE02/B65D242CBB5E11EEBC438075C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.253.192.0/24
                  103.253.194.0/23
                  202.174.112.0/21
                IPv6:
                  2406:1200::/32

    Signature Algorithm: sha256WithRSAEncryption
         14:a0:4f:90:2f:86:e0:d5:45:a6:1d:4a:34:f9:30:5b:be:14:
         86:db:fa:ff:26:b5:5f:4e:a1:52:63:ec:63:be:f5:b1:a1:32:
         44:8f:e3:d8:7f:7e:06:4c:6a:58:75:9d:e1:4e:0e:41:fd:8c:
         3c:bb:90:68:64:98:0b:f2:d8:85:db:04:24:58:58:2d:ee:a1:
         f4:c1:b4:32:5f:73:db:49:5b:51:78:f5:54:a3:20:29:b9:35:
         81:fe:e7:4e:6f:3d:9f:dd:41:53:5c:e0:a8:ab:5f:a2:cb:16:
         e1:f9:c1:5e:0a:fc:b2:ef:f1:5e:7d:54:15:3f:a3:7f:e9:ce:
         48:a5:0b:3b:ef:a1:58:f8:5d:3e:1e:d0:62:4e:e3:b2:56:1e:
         a0:3e:66:2e:8d:26:d3:97:5c:6e:34:f5:98:be:ea:6e:f6:8a:
         90:45:d6:46:30:d7:66:db:39:13:6a:9a:f8:1d:d8:ab:6f:16:
         47:ed:3b:bb:4c:78:18:ce:88:c7:22:67:fa:97:df:48:27:9d:
         c5:24:b9:21:84:38:5c:fa:b2:c3:ac:00:3f:9f:31:a5:9f:37:
         9a:37:b0:23:96:6d:a6:b7:0f:5d:32:65:83:36:fb:34:a1:04:
         eb:a7:61:09:93:10:4b:d5:49:48:d4:6f:79:05:4c:d9:2c:c0:
         45:1e:68:94
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICBbMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODU2RjYxMTAvBgNVBAUTKDNBMDg0NDIyMjU3RkY1RjE3OUE1MEVDQkZDMDJFQkY3
MjVCQjkzNDMwHhcNMjQwMTI1MDg0OTU2WhcNMjQxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWIyMjBiMy0zNzVjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1jbALhcWgQFSwve8DgELXTyCs3lxF3EowbnDOffatR0PnTQZ2zGolouzanQL
HpsdAvwroqDVw2CwUAVL68v8tAOQjjQfOudjO1+AR3WfBSGeneLQl04GQ31TvCsU
/EQE0XZUP6IhQynibp1uOvFMFxtoL3UmKceSR+x6VC3KcoaK2XB1ASg07J1a7h1w
v4RpgXfMtLycV8KkO6Os7g41yVhKdW9kqxCHmKfbJPOwf7gVBo7QrAT+6J0GRZgh
Fl+c4d/FxCdYZIRJWgpbAJLcgh73B1DLeP0aMzaEcbatWpLPJVlS08OQcuG2ekKD
tnIoqzz0RaP+3hrnW8B9ZgG2DQIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFHIrUIzA
9dLza7SXKl0HbhFla3xsMB8GA1UdIwQYMBaAFDoIRCIlf/XxeaUOy/wC6/clu5ND
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4NTZGNi84NzlGMzg4RTg2
OUUxMUVCOUEwNDk2MjdDNEY5QUUwMi9PZ2hFSWlWXzlmRjVwUTdMX0FMcjl5Vzdr
ME0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09naEVJaVZfOWZGNXBRN0xfQUxyOXlXN2swTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODU2RjYvODc5RjM4OEU4NjlFMTFFQjlBMDQ5NjI3QzRGOUFFMDIvQjY1RDI0MkNC
QjVFMTFFRUJDNDM4MDc1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOgYIKwYBBQUHAQcBAf8E
KzApMBgEAgABMBIDBABn/cADBAFn/cIDBAPKrnAwDQQCAAIwBwMFACQGEgAwDQYJ
KoZIhvcNAQELBQADggEBABSgT5AvhuDVRaYdSjT5MFu+FIbb+v8mtV9OoVJj7GO+
9bGhMkSP49h/fgZMalh1neFODkH9jDy7kGhkmAvy2IXbBCRYWC3uofTBtDJfc9tJ
W1F49VSjICm5NYH+505vPZ/dQVNc4KirX6LLFuH5wV4K/LLv8V59VBU/o3/pzkil
CzvvoVj4XT4e0GJO47JWHqA+Zi6NJtOXXG409Zi+6m72ipBF1kYw12bbORNqmvgd
2KtvFkftO7tMeBjOiMciZ/qX30gnncUkuSGEOFz6ssOsAD+fMaWfN5o3sCOWbaa3
D10yZYM2+zShBOunYQmTEEvVSUjUb3kFTNkswEUeaJQ=
-----END CERTIFICATE-----