Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/3D948C20088211F09A5F73B7762E951A.roa
File:                     3D948C20088211F09A5F73B7762E951A.roa (raw, json)
Hash identifier:          0K01/gzYCGNWOrO+MAgfDV28eRQskjDBJdoUuvChyYg=
Subject key identifier:   53:23:02:79:EB:64:8E:40:D0:12:38:0B:CD:C0:93:84:B8:EC:DA:E4
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       0175C2
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/3D948C20088211F09A5F73B7762E951A.roa
Signing time:             Mon 24 Mar 2025 07:33:12 +0000
ROA not before:           Mon 24 Mar 2025 07:33:08 +0000
ROA not after:            Thu 24 Apr 2025 07:33:08 +0000
asID:                     8796
IP address blocks:        154.202.117.0/24 maxlen: 24
                          154.202.120.0/21 maxlen: 24
                          154.217.234.0/23 maxlen: 24
                          154.217.236.0/22 maxlen: 24
                          154.217.240.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 95682 (0x175c2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF
        Validity
            Not Before: Mar 24 07:33:08 2025 GMT
            Not After : Apr 24 07:33:08 2025 GMT
        Subject: CN=67e10ab8-bd48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:49:9d:88:62:d9:a9:95:f9:84:a9:f5:a5:b6:
                    1e:df:10:98:f5:a4:af:b1:cd:3a:f3:ea:63:e6:87:
                    30:9b:f1:35:2d:7c:6a:c3:1c:3a:2b:0d:4d:46:58:
                    88:33:b5:06:72:50:ae:d3:1d:dd:2a:d0:7c:57:fe:
                    51:66:c7:5e:8f:60:e5:fa:d9:33:50:22:fc:d0:fd:
                    a3:9a:12:39:d7:7e:11:6e:8f:c5:ad:e7:16:e4:b9:
                    db:a3:13:bb:9f:39:5c:65:29:4d:0e:44:54:9b:11:
                    21:e2:d6:73:f2:b6:f0:7c:b0:2b:53:d1:29:1f:8b:
                    0e:2d:13:fc:4f:3a:ed:db:33:74:62:76:8a:cc:41:
                    b2:7c:df:f7:a7:5c:c2:bd:51:7f:e1:86:63:7b:33:
                    17:5d:c7:b8:99:a6:59:11:b7:01:c2:87:c0:3c:18:
                    00:4f:03:6a:dd:1d:e0:b1:fd:4d:89:63:3d:94:81:
                    1b:78:85:5e:85:b1:36:ce:34:27:87:00:4b:c0:09:
                    e8:98:01:6b:e7:37:ed:e8:3d:d7:23:79:03:8c:07:
                    5c:49:18:ea:d5:d4:03:50:a0:17:ba:cf:ea:30:cd:
                    00:bf:bb:c7:11:9a:f4:f6:d8:c6:50:81:84:0f:c6:
                    5c:df:15:05:11:f0:ed:7b:a4:a2:a5:3f:bd:ca:84:
                    a6:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:23:02:79:EB:64:8E:40:D0:12:38:0B:CD:C0:93:84:B8:EC:DA:E4
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/3D948C20088211F09A5F73B7762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.202.117.0/24
                  154.202.120.0/21
                  154.217.234.0-154.217.255.255

    Signature Algorithm: sha256WithRSAEncryption
         1e:ce:36:56:84:8f:03:c0:6e:5c:7e:b6:24:0e:1e:7c:f4:1a:
         60:b1:0e:03:38:57:49:a6:e0:82:75:8c:7f:60:1b:10:fb:ae:
         f7:83:07:e4:8f:af:f1:41:e3:19:a8:eb:c3:46:62:cd:2b:9c:
         3d:2f:98:9f:56:9f:32:71:25:28:f0:63:c4:cc:38:43:5c:c8:
         e9:25:ea:29:1c:e3:ae:d9:45:b3:ed:7c:c7:4b:a9:bc:80:8b:
         a9:6a:45:25:5e:9c:f2:89:ad:9e:b6:b2:46:c4:52:95:bb:50:
         1f:eb:29:6c:ab:11:22:c9:d6:2f:12:7f:d2:52:ac:62:37:17:
         09:8a:34:62:4c:ea:ff:60:9f:e5:33:7b:8a:bd:ae:d8:0a:8b:
         35:7c:43:90:58:d1:32:d1:de:1a:bc:7e:10:bd:80:75:9a:f3:
         30:c1:46:9d:60:e4:91:30:a3:4f:15:19:f0:54:d9:09:20:c7:
         6d:2b:5d:50:4b:92:87:80:b9:10:aa:fc:b1:3a:4c:b3:06:af:
         a8:e2:d3:30:0d:88:3a:15:e0:51:11:97:06:cd:d6:4a:07:7d:
         99:e9:ff:65:39:ec:b4:5d:2c:3e:d8:73:02:af:c0:d6:96:ee:
         b3:83:36:04:cf:bc:32:a4:56:bc:cb:29:48:29:f6:52:c7:40:
         38:d7:80:4f
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgIDAXXCMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwMzI0MDczMzA4WhcNMjUwNDI0MDczMzA4WjAYMRYw
FAYDVQQDEw02N2UxMGFiOC1iZDQ4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEApEmdiGLZqZX5hKn1pbYe3xCY9aSvsc068+pj5ocwm/E1LXxqwxw6Kw1N
RliIM7UGclCu0x3dKtB8V/5RZsdej2Dl+tkzUCL80P2jmhI5134Rbo/FrecW5Lnb
oxO7nzlcZSlNDkRUmxEh4tZz8rbwfLArU9EpH4sOLRP8Tzrt2zN0YnaKzEGyfN/3
p1zCvVF/4YZjezMXXce4maZZEbcBwofAPBgATwNq3R3gsf1NiWM9lIEbeIVehbE2
zjQnhwBLwAnomAFr5zft6D3XI3kDjAdcSRjq1dQDUKAXus/qMM0Av7vHEZr09tjG
UIGED8Zc3xUFEfDte6SipT+9yoSmVQIDAQABo4ICuDCCArQwHQYDVR0OBBYEFFMj
AnnrZI5A0BI4C83Ak4S47NrkMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC8zRDk0OEMyMDA4ODIxMUYwOUE1RjczQjc3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMDIGCCsGAQUFBwEHAQH/BCMwITAfBAIAATAZAwQAmsp1AwQDmsp4MAsDBAGa
2eoDAwGa2DANBgkqhkiG9w0BAQsFAAOCAQEAHs42VoSPA8BuXH62JA4efPQaYLEO
AzhXSabggnWMf2AbEPuu94MH5I+v8UHjGajrw0ZizSucPS+Yn1afMnElKPBjxMw4
Q1zI6SXqKRzjrtlFs+18x0upvICLqWpFJV6c8omtnrayRsRSlbtQH+spbKsRIsnW
LxJ/0lKsYjcXCYo0Ykzq/2Cf5TN7ir2u2AqLNXxDkFjRMtHeGrx+EL2AdZrzMMFG
nWDkkTCjTxUZ8FTZCSDHbStdUEuSh4C5EKr8sTpMswavqOLTMA2IOhXgURGXBs3W
Sgd9men/ZTnstF0sPthzAq/A1pbus4M2BM+8MqRWvMspSCn2UsdAONeATw==
-----END CERTIFICATE-----