Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3645721/4D8578E037FD11EDB8A2ADF9F1222468/23ABB3A2D17C11EFB156ACA7762E951A.roa
File:                     23ABB3A2D17C11EFB156ACA7762E951A.roa (raw, json)
Hash identifier:          JnjC+h0l3NXiTvyHQEAdv5zJ5PF/QKPMrh4aJd626Kc=
Subject key identifier:   FA:09:C2:AB:FC:EF:72:58:DB:7A:5E:D6:5F:F6:AE:B7:F4:7B:F8:13
Certificate issuer:       /CN=F3645721AF/serialNumber=87F3ADC3A50A77763836AE8E37F5D938695711CA
Certificate serial:       0389
Authority key identifier: 87:F3:AD:C3:A5:0A:77:76:38:36:AE:8E:37:F5:D9:38:69:57:11:CA
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/h_Otw6UKd3Y4Nq6ON_XZOGlXEco.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3645721/4D8578E037FD11EDB8A2ADF9F1222468/23ABB3A2D17C11EFB156ACA7762E951A.roa
Signing time:             Mon 13 Jan 2025 07:00:58 +0000
ROA not before:           Mon 13 Jan 2025 07:00:54 +0000
ROA not after:            Thu 15 Jan 2026 07:00:54 +0000
asID:                     328271
IP address blocks:        102.22.208.0/21 maxlen: 21
                          102.22.208.0/24 maxlen: 24
                          102.22.209.0/24 maxlen: 24
                          102.22.210.0/24 maxlen: 24
                          102.22.211.0/24 maxlen: 24
                          102.22.212.0/24 maxlen: 24
                          102.22.213.0/24 maxlen: 24
                          102.22.214.0/24 maxlen: 24
                          102.22.215.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 905 (0x389)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3645721AF
        Validity
            Not Before: Jan 13 07:00:54 2025 GMT
            Not After : Jan 15 07:00:54 2026 GMT
        Subject: CN=6784ba2a-1687
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:0c:30:e8:14:7e:29:88:fe:12:7b:8b:36:39:
                    b5:09:ca:61:c9:5b:9e:f6:2a:20:1b:4f:fc:f2:b6:
                    fa:6e:09:f6:dc:83:0d:81:cd:3d:67:7b:48:1e:e9:
                    4e:78:de:9d:40:95:f4:27:e9:75:54:8d:9f:22:e7:
                    2c:e1:94:ad:c8:26:97:c9:9f:4e:10:93:cc:34:39:
                    17:81:0d:69:1c:8f:22:4d:29:a8:07:e0:3b:26:53:
                    1c:d3:3a:3c:df:50:a1:fb:39:82:64:5c:09:35:32:
                    ae:be:b7:98:d2:eb:26:05:76:f4:e0:77:ab:e2:c8:
                    b7:c3:5d:fe:67:24:13:39:32:a9:19:34:55:6a:05:
                    f6:5a:93:73:c2:9c:56:6b:cf:d8:2b:ae:ff:93:c3:
                    91:f6:c6:a2:e6:57:7a:24:a0:87:73:e9:b4:bf:5f:
                    5f:d5:27:51:d2:d9:44:52:39:ba:2b:e2:09:ab:59:
                    b7:92:fd:b9:74:55:ab:88:35:f4:cd:20:dc:fb:1c:
                    00:ba:b4:5a:41:ce:33:da:79:84:68:6a:70:18:61:
                    a4:ad:cf:23:03:90:19:0a:ef:4d:a4:46:96:26:6c:
                    c6:3f:49:58:8c:fb:6a:67:d4:df:c4:42:b4:7b:d9:
                    32:46:33:fd:ba:62:55:cc:c9:25:92:e9:f3:10:4c:
                    07:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:09:C2:AB:FC:EF:72:58:DB:7A:5E:D6:5F:F6:AE:B7:F4:7B:F8:13
            X509v3 Authority Key Identifier:
                keyid:87:F3:AD:C3:A5:0A:77:76:38:36:AE:8E:37:F5:D9:38:69:57:11:CA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3645721/4D8578E037FD11EDB8A2ADF9F1222468/h_Otw6UKd3Y4Nq6ON_XZOGlXEco.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/h_Otw6UKd3Y4Nq6ON_XZOGlXEco.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3645721/4D8578E037FD11EDB8A2ADF9F1222468/23ABB3A2D17C11EFB156ACA7762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.22.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         78:5d:0a:bf:1d:c9:25:34:71:39:c2:fb:c3:bd:35:be:1a:b8:
         41:72:11:4b:d4:9a:d9:c9:f7:23:99:ef:68:dd:50:b4:e2:9d:
         ee:21:9f:d3:9f:af:9b:32:3d:1f:4f:c1:a3:fc:48:13:8e:85:
         39:08:08:a8:c3:67:1f:fb:ce:cf:7c:dc:79:b6:fd:4e:c8:76:
         fc:a4:84:db:b8:67:a3:7e:0a:85:de:3e:39:25:6f:d7:73:3e:
         c5:1e:7f:c2:14:73:7c:c3:5e:1f:2d:02:72:60:8f:c5:6d:68:
         7e:be:86:52:0a:11:3a:7b:44:60:e7:14:2e:cc:12:9a:8d:c1:
         9c:7b:c7:d0:35:82:e1:6d:ca:cb:07:95:50:63:39:cc:78:7d:
         17:07:dc:1d:60:0d:b9:b7:f8:e8:20:50:53:b3:3e:8b:8f:78:
         a6:39:32:f4:24:a1:91:b2:0c:36:be:4a:2b:f0:3d:72:a5:ac:
         da:0d:55:15:6b:8e:a6:38:28:44:ce:30:08:a4:13:0e:84:eb:
         24:60:5d:38:70:19:23:8a:91:87:e5:f4:6c:29:c2:d1:ba:e8:
         54:c3:4e:58:49:94:1e:33:42:9b:53:8f:fd:0d:71:be:12:c6:
         df:c5:bd:64:80:50:3a:89:3a:7c:fc:96:24:60:a2:4f:d3:bc:
         a7:8d:9b:da
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICA4kwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
NDU3MjFBRjExMC8GA1UEBRMoODdGM0FEQzNBNTBBNzc3NjM4MzZBRThFMzdGNUQ5
Mzg2OTU3MTFDQTAeFw0yNTAxMTMwNzAwNTRaFw0yNjAxMTUwNzAwNTRaMBgxFjAU
BgNVBAMTDTY3ODRiYTJhLTE2ODcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDFDDDoFH4piP4Se4s2ObUJymHJW572KiAbT/zytvpuCfbcgw2BzT1ne0ge
6U543p1AlfQn6XVUjZ8i5yzhlK3IJpfJn04Qk8w0OReBDWkcjyJNKagH4DsmUxzT
OjzfUKH7OYJkXAk1Mq6+t5jS6yYFdvTgd6viyLfDXf5nJBM5MqkZNFVqBfZak3PC
nFZrz9grrv+Tw5H2xqLmV3okoIdz6bS/X1/VJ1HS2URSObor4gmrWbeS/bl0VauI
NfTNINz7HAC6tFpBzjPaeYRoanAYYaStzyMDkBkK702kRpYmbMY/SViM+2pn1N/E
QrR72TJGM/26YlXMySWS6fMQTAfxAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQU+gnC
q/zvcljbel7WX/aut/R7+BMwHwYDVR0jBBgwFoAUh/Otw6UKd3Y4Nq6ON/XZOGlX
EcowDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjQ1NzIxLzREODU3OEUwMzdGRDExRURCOEEyQURGOUYxMjIyNDY4L2hfT3R3
NlVLZDNZNE5xNk9OX1haT0dsWEVjby5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL2hfT3R3NlVLZDNZNE5xNk9OX1haT0dsWEVjby5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjQ1NzIxLzREODU3OEUwMzdGRDExRURCOEEyQURGOUYx
MjIyNDY4LzIzQUJCM0EyRDE3QzExRUZCMTU2QUNBNzc2MkU5NTFBLnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBANmFtAwDQYJKoZIhvcNAQEL
BQADggEBAHhdCr8dySU0cTnC+8O9Nb4auEFyEUvUmtnJ9yOZ72jdULTine4hn9Of
r5syPR9PwaP8SBOOhTkICKjDZx/7zs983Hm2/U7IdvykhNu4Z6N+CoXePjklb9dz
PsUef8IUc3zDXh8tAnJgj8VtaH6+hlIKETp7RGDnFC7MEpqNwZx7x9A1guFtyssH
lVBjOcx4fRcH3B1gDbm3+OggUFOzPouPeKY5MvQkoZGyDDa+SivwPXKlrNoNVRVr
jqY4KETOMAikEw6E6yRgXThwGSOKkYfl9GwpwtG66FTDTlhJlB4zQptTj/0Ncb4S
xt/FvWSAUDqJOnz8liRgok/TvKeNm9o=
-----END CERTIFICATE-----