Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F363EA80/23D54B28DDDA11ED86532E0D306D8C1D/05E09FE07B3C11EFA2CFEB45762E951A.roa
File:                     05E09FE07B3C11EFA2CFEB45762E951A.roa (raw, json)
Hash identifier:          cVeBq/iu4EVAtdwg8HApbjb07OUiv7eyhugdvSJdFOo=
Subject key identifier:   2C:EB:18:FE:3E:CB:19:36:09:D2:13:6A:E3:74:76:14:D9:3E:C0:A9
Certificate issuer:       /CN=F363EA80AF/serialNumber=C67C6231120941235581D5942565ABF7419DCECC
Certificate serial:       0243
Authority key identifier: C6:7C:62:31:12:09:41:23:55:81:D5:94:25:65:AB:F7:41:9D:CE:CC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/xnxiMRIJQSNVgdWUJWWr90Gdzsw.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F363EA80/23D54B28DDDA11ED86532E0D306D8C1D/05E09FE07B3C11EFA2CFEB45762E951A.roa
Signing time:             Wed 25 Sep 2024 12:45:20 +0000
ROA not before:           Wed 25 Sep 2024 12:45:14 +0000
ROA not after:            Mon 25 Sep 2034 12:45:14 +0000
asID:                     19711
IP address blocks:        41.215.144.0/24 maxlen: 24
                          41.215.145.0/24 maxlen: 24
                          41.215.146.0/24 maxlen: 24
                          41.215.147.0/24 maxlen: 24
                          41.215.148.0/24 maxlen: 24
                          41.215.149.0/24 maxlen: 24
                          41.215.150.0/24 maxlen: 24
                          41.215.151.0/24 maxlen: 24
                          41.215.152.0/23 maxlen: 23
                          41.215.152.0/24 maxlen: 24
                          41.215.153.0/24 maxlen: 24
                          41.215.154.0/23 maxlen: 23
                          41.215.154.0/24 maxlen: 24
                          41.215.155.0/24 maxlen: 24
                          41.215.156.0/24 maxlen: 24
                          41.215.157.0/24 maxlen: 24
                          41.215.158.0/24 maxlen: 24
                          41.215.159.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 579 (0x243)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F363EA80AF
        Validity
            Not Before: Sep 25 12:45:14 2024 GMT
            Not After : Sep 25 12:45:14 2034 GMT
        Subject: CN=66f405e0-2d2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:60:70:58:95:d5:39:19:8c:81:14:6c:95:bb:
                    c5:2e:02:21:0b:1b:ea:e0:e0:c6:e6:1d:89:14:0c:
                    fe:b3:e3:04:32:bd:0c:a0:c1:c0:b1:ab:a1:e8:c7:
                    ec:73:23:3f:b4:96:4b:99:55:d6:9a:db:02:22:4e:
                    04:19:5e:78:38:34:5b:e0:c2:5a:68:1f:a3:05:4f:
                    5c:ac:d7:46:74:72:31:c0:c3:87:68:b0:dc:e8:8d:
                    c2:c8:44:b2:fa:86:d6:fb:bf:5d:48:9d:63:fb:e2:
                    2e:9b:c4:d5:3a:14:e6:a5:fa:18:34:b0:c7:25:56:
                    3e:d3:21:d3:48:3a:51:2a:ce:78:b5:4d:8a:85:08:
                    2b:9c:2e:fd:c3:90:70:6d:fe:6c:c4:27:96:a9:47:
                    e3:dd:c3:fd:8f:ed:de:68:10:7c:cf:8e:ba:6c:3f:
                    44:49:df:55:8a:52:b3:bd:52:79:13:e1:87:f3:bd:
                    9f:e9:32:c7:af:04:cc:b6:e4:91:d6:5d:df:0e:47:
                    ce:82:ae:98:22:d1:82:5d:8b:40:e0:5a:03:ba:8c:
                    11:42:88:91:e9:1a:51:6c:f3:52:2d:1d:4d:62:9a:
                    3c:08:d1:76:c0:5b:8b:a6:fb:c9:82:68:10:42:91:
                    60:57:31:ae:32:2a:d9:e8:72:dc:e6:c2:98:0d:7a:
                    f0:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:EB:18:FE:3E:CB:19:36:09:D2:13:6A:E3:74:76:14:D9:3E:C0:A9
            X509v3 Authority Key Identifier:
                keyid:C6:7C:62:31:12:09:41:23:55:81:D5:94:25:65:AB:F7:41:9D:CE:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F363EA80/23D54B28DDDA11ED86532E0D306D8C1D/xnxiMRIJQSNVgdWUJWWr90Gdzsw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/xnxiMRIJQSNVgdWUJWWr90Gdzsw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F363EA80/23D54B28DDDA11ED86532E0D306D8C1D/05E09FE07B3C11EFA2CFEB45762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  41.215.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         42:8e:37:ee:1d:d7:72:40:2d:75:44:cd:b3:b3:40:d8:c1:71:
         c3:53:8b:9e:16:d7:b9:be:c4:64:54:de:76:33:cd:e3:43:6c:
         3f:f8:f2:ab:72:e0:71:ba:2f:f3:ea:b0:d3:3a:38:d9:22:ee:
         73:84:3d:87:53:de:28:1a:32:95:bc:04:d9:c3:83:4c:5c:86:
         a7:68:fb:1b:d5:e7:e5:34:a5:49:ce:6b:81:33:9e:51:bb:62:
         63:f1:be:1e:1a:43:0e:45:35:64:3b:0b:21:d1:b8:67:59:3c:
         fd:bf:32:90:3d:a2:ee:e7:51:37:26:3d:08:46:ff:ce:40:33:
         70:cb:62:be:4f:a6:8e:8e:05:6f:23:1b:13:fd:60:4e:2f:84:
         06:37:10:f7:09:b4:b2:8c:78:cb:39:c6:6d:cd:91:dd:02:c2:
         a0:c6:42:9e:be:5c:bc:5a:92:ce:af:dc:14:24:9f:90:88:57:
         e1:a7:7c:90:1f:c5:16:97:af:bb:72:26:3a:05:b9:ed:d3:67:
         71:46:a7:96:1c:85:ef:52:dd:43:f3:d8:45:85:22:3f:66:b6:
         21:82:f5:5c:c0:25:86:e1:40:82:26:62:7a:81:b8:ec:b9:52:
         f4:5f:38:85:03:af:2d:a3:06:52:f8:58:62:8f:52:11:14:06:
         fd:51:d0:23
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICAkMwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
M0VBODBBRjExMC8GA1UEBRMoQzY3QzYyMzExMjA5NDEyMzU1ODFENTk0MjU2NUFC
Rjc0MTlEQ0VDQzAeFw0yNDA5MjUxMjQ1MTRaFw0zNDA5MjUxMjQ1MTRaMBgxFjAU
BgNVBAMTDTY2ZjQwNWUwLTJkMmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCvYHBYldU5GYyBFGyVu8UuAiELG+rg4MbmHYkUDP6z4wQyvQygwcCxq6Ho
x+xzIz+0lkuZVdaa2wIiTgQZXng4NFvgwlpoH6MFT1ys10Z0cjHAw4dosNzojcLI
RLL6htb7v11InWP74i6bxNU6FOal+hg0sMclVj7TIdNIOlEqzni1TYqFCCucLv3D
kHBt/mzEJ5apR+Pdw/2P7d5oEHzPjrpsP0RJ31WKUrO9UnkT4YfzvZ/pMsevBMy2
5JHWXd8OR86Crpgi0YJdi0DgWgO6jBFCiJHpGlFs81ItHU1imjwI0XbAW4um+8mC
aBBCkWBXMa4yKtnoctzmwpgNevA7AgMBAAGjggKlMIICoTAdBgNVHQ4EFgQULOsY
/j7LGTYJ0hNq43R2FNk+wKkwHwYDVR0jBBgwFoAUxnxiMRIJQSNVgdWUJWWr90Gd
zswwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjNFQTgwLzIzRDU0QjI4REREQTExRUQ4NjUzMkUwRDMwNkQ4QzFEL3hueGlN
UklKUVNOVmdkV1VKV1dyOTBHZHpzdy5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL3hueGlNUklKUVNOVmdkV1VKV1dyOTBHZHpzdy5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjNFQTgwLzIzRDU0QjI4REREQTExRUQ4NjUzMkUwRDMw
NkQ4QzFELzA1RTA5RkUwN0IzQzExRUZBMkNGRUI0NTc2MkU5NTFBLnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAQp15AwDQYJKoZIhvcNAQEL
BQADggEBAEKON+4d13JALXVEzbOzQNjBccNTi54W17m+xGRU3nYzzeNDbD/48qty
4HG6L/PqsNM6ONki7nOEPYdT3igaMpW8BNnDg0xchqdo+xvV5+U0pUnOa4EznlG7
YmPxvh4aQw5FNWQ7CyHRuGdZPP2/MpA9ou7nUTcmPQhG/85AM3DLYr5Ppo6OBW8j
GxP9YE4vhAY3EPcJtLKMeMs5xm3Nkd0CwqDGQp6+XLxaks6v3BQkn5CIV+GnfJAf
xRaXr7tyJjoFue3TZ3FGp5Yche9S3UPz2EWFIj9mtiGC9VzAJYbhQIImYnqBuOy5
UvRfOIUDry2jBlL4WGKPUhEUBv1R0CM=
-----END CERTIFICATE-----