Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/5724909AF8E211EF929A0F78762E951A.roa
File:                     5724909AF8E211EF929A0F78762E951A.roa (raw, json)
Hash identifier:          GQN5CqqRSMPoyTOMOh9X6SNhUCfxFGEYgUibffD1ygs=
Subject key identifier:   7F:31:DA:79:45:0E:BA:38:D7:2F:06:9D:B5:4A:AF:B6:D4:00:65:0D
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       0171AE
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/5724909AF8E211EF929A0F78762E951A.roa
Signing time:             Tue 04 Mar 2025 10:20:48 +0000
ROA not before:           Tue 04 Mar 2025 10:20:44 +0000
ROA not after:            Sun 06 Apr 2025 10:20:44 +0000
asID:                     203020
IP address blocks:        154.217.0.0/24 maxlen: 24
                          154.217.1.0/24 maxlen: 24
                          154.217.2.0/24 maxlen: 24
                          154.217.3.0/24 maxlen: 24
                          154.217.4.0/24 maxlen: 24
                          154.217.96.0/19 maxlen: 24
                          154.217.160.0/22 maxlen: 24
                          154.217.164.0/22 maxlen: 24
                          154.217.168.0/21 maxlen: 24
                          154.217.178.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 94638 (0x171ae)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF
        Validity
            Not Before: Mar  4 10:20:44 2025 GMT
            Not After : Apr  6 10:20:44 2025 GMT
        Subject: CN=67c6d400-0b16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:16:94:d3:53:06:8d:43:72:14:bc:87:97:7a:
                    c5:80:cd:2c:62:62:92:fe:4c:f2:56:2f:92:cc:c9:
                    fc:5a:d6:b1:b8:9b:b4:6b:ca:a9:a5:2a:30:c7:e7:
                    a8:c8:ae:b7:0a:1d:b5:2b:c7:47:d6:cd:a8:6f:4a:
                    98:cc:2b:ef:31:a7:35:50:ac:8d:b6:cd:d2:40:3e:
                    ac:0a:12:ab:42:d4:29:8a:4e:1b:59:1f:bc:9b:2c:
                    00:e6:83:bb:57:0e:66:9a:d2:f0:32:f4:1b:2d:62:
                    cb:f6:d4:83:23:b8:89:68:9b:b4:26:9b:91:89:a1:
                    16:0d:3d:fd:de:b2:af:bb:97:da:ef:0e:28:52:33:
                    0c:a9:d3:9c:4f:18:81:55:ed:bb:cf:b4:9c:dd:cf:
                    77:af:56:8e:1b:d6:a3:ef:ae:50:0c:fa:00:6d:3d:
                    ee:1c:52:1d:ec:e8:b8:17:1f:fe:d1:63:3c:3b:5b:
                    96:c5:42:14:2a:ba:52:4c:11:17:10:c2:92:18:3e:
                    3a:ba:b3:30:89:ab:74:d1:63:10:f3:f0:39:da:c5:
                    3f:f7:d4:6f:9b:13:24:8d:42:87:d3:bf:1b:4a:a6:
                    54:88:81:8f:8b:45:3a:54:e8:80:20:99:62:31:c2:
                    cf:4f:ac:d2:10:e5:70:98:61:e4:c0:b6:7a:38:e9:
                    64:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:31:DA:79:45:0E:BA:38:D7:2F:06:9D:B5:4A:AF:B6:D4:00:65:0D
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/5724909AF8E211EF929A0F78762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.217.0.0-154.217.4.255
                  154.217.96.0/19
                  154.217.160.0/20
                  154.217.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:39:3a:54:4d:e3:db:92:7a:fe:c0:6e:77:7a:4c:0e:c3:8c:
         d9:3a:80:5a:10:4b:65:11:54:c4:63:43:82:6c:8c:37:ee:c1:
         0e:13:fa:c9:43:a9:00:ce:99:bb:e2:67:c7:21:68:19:a7:07:
         26:fd:0e:04:9e:b0:14:89:14:79:2e:2e:51:2f:c1:6d:c5:d7:
         91:85:03:90:5a:51:01:b0:4a:c6:a7:b2:5c:0c:98:90:20:bc:
         6a:91:e0:e3:aa:1f:19:1a:6b:80:e9:16:ce:f2:18:b2:9f:5c:
         dc:71:fe:64:ef:27:a7:6d:66:09:f3:ab:2a:f2:4a:40:6c:dd:
         c3:df:c5:77:8f:4d:51:16:06:8b:7a:ba:08:28:ee:f2:5a:81:
         bf:8c:0a:29:1b:32:d5:a1:5b:97:fe:9f:3b:04:d7:0e:5c:94:
         00:90:aa:bc:85:31:b1:d4:fe:b1:5e:a5:5e:d0:86:b9:ce:99:
         01:25:d9:4a:d5:7a:d8:89:86:b8:b5:57:d9:3d:f0:2b:63:78:
         4c:f7:c3:78:5c:a9:78:9f:85:01:30:52:ca:96:cb:dd:90:09:
         99:21:aa:43:74:6f:b9:4b:f7:6a:2c:c6:ac:7f:fb:84:d0:33:
         56:82:4d:fa:0c:e4:b3:f1:88:05:cf:75:ee:83:9d:45:3f:51:
         e2:5e:bb:72
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgIDAXGuMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwMzA0MTAyMDQ0WhcNMjUwNDA2MTAyMDQ0WjAYMRYw
FAYDVQQDEw02N2M2ZDQwMC0wYjE2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAvxaU01MGjUNyFLyHl3rFgM0sYmKS/kzyVi+SzMn8WtaxuJu0a8qppSow
x+eoyK63Ch21K8dH1s2ob0qYzCvvMac1UKyNts3SQD6sChKrQtQpik4bWR+8mywA
5oO7Vw5mmtLwMvQbLWLL9tSDI7iJaJu0JpuRiaEWDT393rKvu5fa7w4oUjMMqdOc
TxiBVe27z7Sc3c93r1aOG9aj765QDPoAbT3uHFId7Oi4Fx/+0WM8O1uWxUIUKrpS
TBEXEMKSGD46urMwiat00WMQ8/A52sU/99RvmxMkjUKH078bSqZUiIGPi0U6VOiA
IJliMcLPT6zSEOVwmGHkwLZ6OOlkwwIDAQABo4ICvjCCArowHQYDVR0OBBYEFH8x
2nlFDro41y8GnbVKr7bUAGUNMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC81NzI0OTA5QUY4RTIxMUVGOTI5QTBGNzg3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMDgGCCsGAQUFBwEHAQH/BCkwJzAlBAIAATAfMAsDAwCa2QMEAJrZBAMEBZrZ
YAMEBJrZoAMEAJrZsjANBgkqhkiG9w0BAQsFAAOCAQEAuzk6VE3j25J6/sBud3pM
DsOM2TqAWhBLZRFUxGNDgmyMN+7BDhP6yUOpAM6Zu+JnxyFoGacHJv0OBJ6wFIkU
eS4uUS/BbcXXkYUDkFpRAbBKxqeyXAyYkCC8apHg46ofGRprgOkWzvIYsp9c3HH+
ZO8np21mCfOrKvJKQGzdw9/Fd49NURYGi3q6CCju8lqBv4wKKRsy1aFbl/6fOwTX
DlyUAJCqvIUxsdT+sV6lXtCGuc6ZASXZStV62ImGuLVX2T3wK2N4TPfDeFypeJ+F
ATBSypbL3ZAJmSGqQ3RvuUv3aizGrH/7hNAzVoJN+gzks/GIBc917oOdRT9R4l67
cg==
-----END CERTIFICATE-----