Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/152AEBD4040F11F0984E0972762E951A.roa
File:                     152AEBD4040F11F0984E0972762E951A.roa (raw, json)
Hash identifier:          QI/gE3ry/S/n1mL7jTLRNJb7lrLsmtvfdQ26tQBEWoo=
Subject key identifier:   FF:17:8C:35:48:07:0F:6A:91:F0:15:D1:BC:1E:5A:44:1D:52:45:01
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       0174BA
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/152AEBD4040F11F0984E0972762E951A.roa
Signing time:             Tue 18 Mar 2025 15:38:47 +0000
ROA not before:           Tue 18 Mar 2025 15:38:43 +0000
ROA not after:            Mon 05 May 2025 15:38:43 +0000
asID:                     44559
IP address blocks:        154.209.133.0/24 maxlen: 24
                          154.209.135.0/24 maxlen: 24
                          154.209.159.0/24 maxlen: 24
                          154.209.194.0/24 maxlen: 24
                          154.209.195.0/24 maxlen: 24
                          154.209.196.0/24 maxlen: 24
                          154.209.197.0/24 maxlen: 24
                          154.209.199.0/24 maxlen: 24
                          154.209.200.0/24 maxlen: 24
                          154.209.201.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 95418 (0x174ba)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF
        Validity
            Not Before: Mar 18 15:38:43 2025 GMT
            Not After : May  5 15:38:43 2025 GMT
        Subject: CN=67d99387-b4d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:c1:32:ca:56:2a:63:db:c0:06:f9:60:26:89:
                    fb:ec:3a:40:d7:20:ce:fd:f5:1e:9d:83:78:b2:21:
                    f7:98:24:a2:89:c8:f1:af:d8:1d:60:22:bf:95:25:
                    78:bd:a9:2b:d8:ad:0a:96:0f:56:8b:06:36:5d:bb:
                    0e:67:54:82:bd:06:cf:cc:a5:03:b0:24:fc:4d:af:
                    43:23:2d:52:cf:4f:cd:d9:3d:d4:7f:93:65:3e:77:
                    8a:e2:e8:29:e8:f4:2d:5a:f4:00:25:e1:6f:24:d7:
                    69:ef:ee:e0:2c:60:2b:b4:72:a5:ed:f3:a0:26:83:
                    47:19:74:df:d9:ae:48:27:ed:33:3a:91:60:a3:2e:
                    5b:ec:d4:c6:a8:73:27:58:b5:24:7c:d6:38:bc:d1:
                    ca:b5:15:db:0d:a3:cc:a6:a3:73:b0:e5:0b:74:a3:
                    1e:4e:10:e3:11:a9:76:6b:dd:ee:25:3d:a1:47:e8:
                    b2:13:81:d3:91:89:a6:16:94:a0:02:74:8e:b1:c7:
                    16:9d:75:d5:b5:c3:c5:a1:60:7a:06:8b:e2:fe:6e:
                    a8:77:d7:e6:b5:b7:6c:69:d8:b0:f5:2d:c4:bd:0d:
                    dd:25:79:d0:3e:83:3c:de:f5:4c:f8:ac:35:23:e3:
                    40:0c:c7:67:74:41:e0:40:7e:8b:d2:0e:79:7d:35:
                    ce:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:17:8C:35:48:07:0F:6A:91:F0:15:D1:BC:1E:5A:44:1D:52:45:01
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/152AEBD4040F11F0984E0972762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.209.133.0/24
                  154.209.135.0/24
                  154.209.159.0/24
                  154.209.194.0-154.209.197.255
                  154.209.199.0-154.209.201.255

    Signature Algorithm: sha256WithRSAEncryption
         37:80:c5:a6:74:9b:bc:f5:e1:41:94:a5:0a:d5:f0:50:c0:83:
         82:3a:19:8e:93:99:27:db:df:b4:58:84:6a:95:8c:02:e0:32:
         80:58:e4:7d:7c:63:e7:40:ba:47:be:6d:5c:6d:3e:a4:38:f6:
         32:2a:b0:b6:0a:8a:d7:d9:8a:58:71:65:87:25:9f:0a:b1:1f:
         b4:96:8a:05:44:0c:b4:78:5f:86:2a:ae:43:01:f0:b4:a7:76:
         16:68:24:6a:07:f2:cb:bf:e4:07:e0:b2:d8:3f:55:9a:99:a4:
         1f:52:32:3b:c4:13:f8:bc:4b:69:b7:b4:87:5a:b4:3a:3c:51:
         74:4e:9e:0d:3b:37:91:40:ee:47:6f:e1:1f:9c:72:ed:1c:fc:
         7c:c6:00:82:33:2f:18:6a:d8:41:4c:5f:d4:cd:98:07:da:76:
         75:77:35:7a:7d:03:61:be:10:0a:db:0a:8b:c6:21:8d:04:cb:
         1d:d5:39:85:3c:86:0a:a6:09:da:9f:2c:82:2b:98:04:2a:4b:
         b7:af:19:83:e5:38:67:ca:55:2d:ff:6e:41:6c:ec:94:39:f8:
         69:c5:a7:4d:83:48:71:13:8b:fc:fa:b2:a9:5e:1e:83:f6:89:
         aa:c3:be:66:f3:ed:06:c0:f0:fb:20:1c:c5:4d:15:2b:ba:c9:
         1e:d3:31:51
-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgIDAXS6MA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwMzE4MTUzODQzWhcNMjUwNTA1MTUzODQzWjAYMRYw
FAYDVQQDEw02N2Q5OTM4Ny1iNGQ2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAxcEyylYqY9vABvlgJon77DpA1yDO/fUenYN4siH3mCSiicjxr9gdYCK/
lSV4vakr2K0Klg9WiwY2XbsOZ1SCvQbPzKUDsCT8Ta9DIy1Sz0/N2T3Uf5NlPneK
4ugp6PQtWvQAJeFvJNdp7+7gLGArtHKl7fOgJoNHGXTf2a5IJ+0zOpFgoy5b7NTG
qHMnWLUkfNY4vNHKtRXbDaPMpqNzsOULdKMeThDjEal2a93uJT2hR+iyE4HTkYmm
FpSgAnSOsccWnXXVtcPFoWB6Bovi/m6od9fmtbdsadiw9S3EvQ3dJXnQPoM83vVM
+Kw1I+NADMdndEHgQH6L0g55fTXOWwIDAQABo4ICzTCCAskwHQYDVR0OBBYEFP8X
jDVIBw9qkfAV0bweWkQdUkUBMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC8xNTJBRUJENDA0MEYxMUYwOTg0RTA5NzI3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQAmtGFAwQAmtGHAwQAmtGf
MAwDBAGa0cIDBAGa0cQwDAMEAJrRxwMEAZrRyDANBgkqhkiG9w0BAQsFAAOCAQEA
N4DFpnSbvPXhQZSlCtXwUMCDgjoZjpOZJ9vftFiEapWMAuAygFjkfXxj50C6R75t
XG0+pDj2MiqwtgqK19mKWHFlhyWfCrEftJaKBUQMtHhfhiquQwHwtKd2Fmgkagfy
y7/kB+Cy2D9VmpmkH1IyO8QT+LxLabe0h1q0OjxRdE6eDTs3kUDuR2/hH5xy7Rz8
fMYAgjMvGGrYQUxf1M2YB9p2dXc1en0DYb4QCtsKi8YhjQTLHdU5hTyGCqYJ2p8s
giuYBCpLt68Zg+U4Z8pVLf9uQWzslDn4acWnTYNIcROL/PqyqV4eg/aJqsO+ZvPt
BsDw+yAcxU0VK7rJHtMxUQ==
-----END CERTIFICATE-----