Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3640DFD/AE0987D2896E11EF8242EE77762E951A/8E8F306C897011EFA1194284762E951A.roa
File:                     8E8F306C897011EFA1194284762E951A.roa (raw, json)
Hash identifier:          duPpoh38H/b8aRbXp8aKMmt/HI9o5+97KsQBpZxHOfo=
Subject key identifier:   36:E6:6F:B7:52:F8:24:E8:1A:12:85:86:BA:FB:0C:15:95:AD:B3:73
Certificate issuer:       /CN=F3640DFDAF/serialNumber=4E1CF64DA223F8B8A270A1DF0FA8DEC792A45CDB
Certificate serial:       07
Authority key identifier: 4E:1C:F6:4D:A2:23:F8:B8:A2:70:A1:DF:0F:A8:DE:C7:92:A4:5C:DB
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/Thz2TaIj-LiicKHfD6jex5KkXNs.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3640DFD/AE0987D2896E11EF8242EE77762E951A/8E8F306C897011EFA1194284762E951A.roa
Signing time:             Sun 13 Oct 2024 14:36:39 +0000
ROA not before:           Sun 13 Oct 2024 14:36:36 +0000
ROA not after:            Fri 13 Oct 2034 14:36:36 +0000
asID:                     33617
IP address blocks:        154.65.4.0/22 maxlen: 24
                          196.1.176.0/20 maxlen: 24
                          2c0f:f128::/32 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7 (0x7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3640DFDAF/serialNumber=4E1CF64DA223F8B8A270A1DF0FA8DEC792A45CDB
        Validity
            Not Before: Oct 13 14:36:36 2024 GMT
            Not After : Oct 13 14:36:36 2034 GMT
        Subject: CN=670bdaf7-434e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:3d:3e:7d:02:76:8d:ac:ff:91:bd:d0:be:19:
                    ab:42:7b:93:3c:bf:1a:1c:0c:09:88:da:c7:c9:48:
                    2f:07:23:33:1b:5d:10:8f:19:0e:1a:09:03:b1:96:
                    2e:0b:9a:f6:44:e5:dc:82:87:bb:12:40:e4:73:82:
                    30:e1:68:73:7e:92:7d:e6:0f:b1:e1:28:15:09:fb:
                    81:9d:30:8d:16:83:7a:72:d0:1c:ac:80:9b:fa:dc:
                    9b:20:43:0c:ef:0e:f9:19:88:8b:fb:30:de:30:c7:
                    57:ac:64:f3:ff:99:6f:ac:8f:06:af:cf:4f:03:89:
                    fc:e8:f1:29:64:3d:b8:f8:e2:a9:0f:06:1f:58:dd:
                    47:3b:91:8c:22:21:92:b1:fd:62:16:f2:3a:f2:98:
                    54:0f:dd:bb:0d:1b:88:8f:82:77:ef:d3:69:e5:89:
                    c7:1f:72:fa:de:e2:91:38:bb:28:ae:5b:01:41:21:
                    e7:5a:e9:97:68:42:a1:4b:01:dd:21:ed:6d:9e:ac:
                    a7:8f:dd:88:6b:5f:19:6d:52:8b:fa:37:0d:50:24:
                    b2:98:4c:09:39:5b:56:85:5e:72:e6:25:c8:33:0f:
                    7f:be:4e:1e:fc:0a:7a:88:69:91:b9:5a:de:c2:9c:
                    c1:58:03:72:fd:af:84:c7:3b:e4:e8:3a:17:0e:24:
                    cf:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:E6:6F:B7:52:F8:24:E8:1A:12:85:86:BA:FB:0C:15:95:AD:B3:73
            X509v3 Authority Key Identifier:
                keyid:4E:1C:F6:4D:A2:23:F8:B8:A2:70:A1:DF:0F:A8:DE:C7:92:A4:5C:DB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3640DFD/AE0987D2896E11EF8242EE77762E951A/Thz2TaIj-LiicKHfD6jex5KkXNs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/Thz2TaIj-LiicKHfD6jex5KkXNs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3640DFD/AE0987D2896E11EF8242EE77762E951A/8E8F306C897011EFA1194284762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.65.4.0/22
                  196.1.176.0/20
                IPv6:
                  2c0f:f128::/32

    Signature Algorithm: sha256WithRSAEncryption
         2d:95:7d:85:1c:81:57:74:73:14:60:53:29:51:77:6a:a0:f2:
         d4:6e:52:ca:eb:55:6d:04:e7:54:0f:6b:a3:5e:8c:0a:81:e6:
         cf:a2:dd:ff:8b:43:6c:08:30:4f:fd:fa:de:59:54:e9:60:4d:
         ab:33:12:60:7c:ba:ba:a4:35:58:8b:2b:8c:2d:e1:bc:07:e0:
         f8:84:f0:30:7d:2a:86:88:dd:c8:56:0e:4e:f4:3b:46:95:1f:
         15:10:2d:8d:9a:f3:1b:ff:8b:75:45:1c:06:d9:4a:78:aa:12:
         65:7b:45:ce:d1:19:3e:7e:8a:61:a5:f8:5d:a4:76:56:1c:8f:
         94:96:97:d9:73:e7:65:a0:e4:c9:6d:40:72:ff:54:73:1f:05:
         79:9b:5e:45:c7:91:91:3a:65:99:38:b1:ad:b4:ca:01:4f:b9:
         81:79:0d:83:38:8b:0c:46:ce:ee:33:76:63:d8:ca:2c:83:c9:
         05:87:15:91:42:70:59:f6:f2:34:9b:f1:b5:cb:18:af:ff:98:
         61:d1:a1:ca:05:3a:f1:36:ae:c3:85:53:13:be:d4:7b:c0:4c:
         6a:f2:27:8c:eb:32:d4:cf:27:0d:be:67:8d:70:21:84:be:d4:
         17:83:68:d8:c6:b6:43:2e:90:a8:a5:ba:de:cf:4b:1c:ad:28:
         c7:ca:01:41
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgIBBzANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzY0
MERGREFGMTEwLwYDVQQFEyg0RTFDRjY0REEyMjNGOEI4QTI3MEExREYwRkE4REVD
NzkyQTQ1Q0RCMB4XDTI0MTAxMzE0MzYzNloXDTM0MTAxMzE0MzYzNlowGDEWMBQG
A1UEAxMNNjcwYmRhZjctNDM0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALE9Pn0Cdo2s/5G90L4Zq0J7kzy/GhwMCYjax8lILwcjMxtdEI8ZDhoJA7GW
Lgua9kTl3IKHuxJA5HOCMOFoc36SfeYPseEoFQn7gZ0wjRaDenLQHKyAm/rcmyBD
DO8O+RmIi/sw3jDHV6xk8/+Zb6yPBq/PTwOJ/OjxKWQ9uPjiqQ8GH1jdRzuRjCIh
krH9YhbyOvKYVA/duw0biI+Cd+/TaeWJxx9y+t7ikTi7KK5bAUEh51rpl2hCoUsB
3SHtbZ6sp4/diGtfGW1Si/o3DVAksphMCTlbVoVecuYlyDMPf75OHvwKeohpkbla
3sKcwVgDcv2vhMc75Og6Fw4kz4MCAwEAAaOCArowggK2MB0GA1UdDgQWBBQ25m+3
Uvgk6BoShYa6+wwVla2zczAfBgNVHSMEGDAWgBROHPZNoiP4uKJwod8PqN7HkqRc
2zAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2NDBERkQvQUUwOTg3RDI4OTZFMTFFRjgyNDJFRTc3NzYyRTk1MUEvVGh6MlRh
SWotTGlpY0tIZkQ2amV4NUtrWE5zLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvVGh6MlRhSWotTGlpY0tIZkQ2amV4NUtrWE5zLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2NDBERkQvQUUwOTg3RDI4OTZFMTFFRjgyNDJFRTc3NzYy
RTk1MUEvOEU4RjMwNkM4OTcwMTFFRkExMTk0Mjg0NzYyRTk1MUEucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDA0BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEAppBBAMEBMQBsDANBAIAAjAH
AwUALA/xKDANBgkqhkiG9w0BAQsFAAOCAQEALZV9hRyBV3RzFGBTKVF3aqDy1G5S
yutVbQTnVA9ro16MCoHmz6Ld/4tDbAgwT/363llU6WBNqzMSYHy6uqQ1WIsrjC3h
vAfg+ITwMH0qhojdyFYOTvQ7RpUfFRAtjZrzG/+LdUUcBtlKeKoSZXtFztEZPn6K
YaX4XaR2VhyPlJaX2XPnZaDkyW1Acv9Ucx8FeZteRceRkTplmTixrbTKAU+5gXkN
gziLDEbO7jN2Y9jKLIPJBYcVkUJwWfbyNJvxtcsYr/+YYdGhygU68Tauw4VTE77U
e8BMavInjOsy1M8nDb5njXAhhL7UF4No2Ma2Qy6QqKW63s9LHK0ox8oBQQ==
-----END CERTIFICATE-----
Generated at Tue Oct 22 17:30:58 2024 by rpki-client on console-fra.rpki-client.org