Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/C9355AD6FE4E11EFB40DE98F762E951A.roa
File:                     C9355AD6FE4E11EFB40DE98F762E951A.roa (raw, json)
Hash identifier:          X4BdXhNs1FQn8bYFrOsrrLIZYq0rfkKNClUzmjagYD8=
Subject key identifier:   D1:6F:9F:19:82:7A:EA:B0:71:13:60:20:6C:D7:E7:75:1F:86:E9:77
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       017370
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/C9355AD6FE4E11EFB40DE98F762E951A.roa
Signing time:             Tue 11 Mar 2025 07:59:41 +0000
ROA not before:           Tue 11 Mar 2025 07:59:37 +0000
ROA not after:            Sun 13 Apr 2025 07:59:37 +0000
asID:                     54801
IP address blocks:        154.204.0.0/24 maxlen: 24
                          154.208.12.0/22 maxlen: 24
                          154.208.16.0/20 maxlen: 24
                          154.212.128.0/24 maxlen: 24
                          154.214.32.0/19 maxlen: 24
                          154.215.0.0/24 maxlen: 24
                          154.216.128.0/18 maxlen: 24
                          154.218.0.0/24 maxlen: 24
                          154.221.0.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 95088 (0x17370)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF
        Validity
            Not Before: Mar 11 07:59:37 2025 GMT
            Not After : Apr 13 07:59:37 2025 GMT
        Subject: CN=67cfed6d-8ad0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:84:25:52:cd:93:d9:39:78:4b:3d:f8:41:ff:
                    c1:c8:7d:76:13:ff:8a:dc:7c:70:f5:93:0d:49:91:
                    d5:7a:ce:e4:28:00:da:38:3a:fc:24:ec:dc:e9:c9:
                    87:d9:38:15:3a:eb:39:e6:eb:17:c0:68:15:ad:dc:
                    48:68:69:89:c1:ec:f9:57:76:4c:6e:61:1c:a1:bb:
                    96:8f:bd:8a:32:05:08:f4:47:6f:57:be:88:b1:a6:
                    fd:1d:f4:84:2d:5b:11:e2:02:9e:c5:da:ea:26:81:
                    f9:5f:bf:0b:70:bb:c1:00:ff:f2:ca:b3:0c:79:80:
                    eb:bc:ea:3e:5b:cf:8e:97:b6:2d:91:2a:dc:1c:e5:
                    d1:9d:87:25:29:7b:d5:20:2e:f6:f8:22:6a:9d:1e:
                    09:1c:ef:d8:df:61:4e:2d:77:67:d8:27:4a:d4:2d:
                    6d:83:df:5d:6c:7f:a4:4b:2b:9c:b7:31:f4:df:7a:
                    bd:e5:db:af:06:8e:d1:f8:eb:fd:ad:12:1b:62:d0:
                    80:4c:4d:7a:1d:66:c6:8b:f9:cc:8a:22:ed:68:34:
                    37:38:77:33:46:bb:42:97:a4:64:2c:3f:2d:e0:aa:
                    a6:79:43:de:fa:09:95:7a:1f:ad:8b:48:db:c1:f1:
                    5f:84:34:ec:d3:5b:a9:fc:66:8b:c3:12:76:95:95:
                    d6:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:6F:9F:19:82:7A:EA:B0:71:13:60:20:6C:D7:E7:75:1F:86:E9:77
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/C9355AD6FE4E11EFB40DE98F762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.204.0.0/24
                  154.208.12.0-154.208.31.255
                  154.212.128.0/24
                  154.214.32.0/19
                  154.215.0.0/24
                  154.216.128.0/18
                  154.218.0.0/24
                  154.221.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:65:26:82:66:9a:db:7a:23:93:94:fa:5a:2a:d7:93:76:ed:
         aa:82:dc:ce:f5:60:65:d9:80:c1:8f:2c:c3:62:6c:f6:10:21:
         1a:b1:0e:a8:73:83:67:e1:b4:45:3f:b4:87:a5:94:ff:9f:17:
         4a:88:ef:c3:92:36:33:0c:97:72:95:2f:63:8d:3e:8f:40:42:
         1e:5b:03:04:a6:64:b8:f0:02:ad:27:6b:3d:bd:d2:62:0b:49:
         0f:05:54:69:7c:90:d5:c8:cd:6f:d5:fc:81:56:62:74:09:ca:
         73:f7:67:90:59:a9:57:93:8f:68:3d:3b:4c:d4:0c:e7:25:cb:
         9e:06:92:c6:c4:e2:ba:e6:19:17:83:d1:79:75:e9:2c:79:78:
         2b:d1:cb:4e:35:ac:80:e5:a8:b3:fd:c6:6c:36:63:f8:45:9c:
         05:b5:c1:f3:17:69:48:a1:4a:cd:80:79:2d:f9:f7:c6:6f:31:
         5e:5f:68:29:a4:fc:a7:d6:08:88:90:51:97:32:48:b9:0a:15:
         54:6c:cc:92:ba:b6:04:66:19:99:a2:52:45:1e:a6:8a:ff:30:
         2b:a3:0f:96:5e:a6:28:b1:c9:f0:55:5f:d2:60:d4:41:ad:4b:
         22:13:f6:bf:8e:00:58:83:df:47:c4:79:16:83:b3:f2:3d:96:
         7b:83:d3:9f
-----BEGIN CERTIFICATE-----
MIIFtjCCBJ6gAwIBAgIDAXNwMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwMzExMDc1OTM3WhcNMjUwNDEzMDc1OTM3WjAYMRYw
FAYDVQQDEw02N2NmZWQ2ZC04YWQwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAtYQlUs2T2Tl4Sz34Qf/ByH12E/+K3Hxw9ZMNSZHVes7kKADaODr8JOzc
6cmH2TgVOus55usXwGgVrdxIaGmJwez5V3ZMbmEcobuWj72KMgUI9EdvV76Isab9
HfSELVsR4gKexdrqJoH5X78LcLvBAP/yyrMMeYDrvOo+W8+Ol7YtkSrcHOXRnYcl
KXvVIC72+CJqnR4JHO/Y32FOLXdn2CdK1C1tg99dbH+kSyuctzH033q95duvBo7R
+Ov9rRIbYtCATE16HWbGi/nMiiLtaDQ3OHczRrtCl6RkLD8t4KqmeUPe+gmVeh+t
i0jbwfFfhDTs01up/GaLwxJ2lZXW2wIDAQABo4IC1zCCAtMwHQYDVR0OBBYEFNFv
nxmCeuqwcRNgIGzX53Ufhul3MB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC9DOTM1NUFENkZFNEUxMUVGQjQwREU5OEY3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAmswAMAwDBAKa0AwDBAWa
0AADBACa1IADBAWa1iADBACa1wADBAaa2IADBACa2gADBACa3QAwDQYJKoZIhvcN
AQELBQADggEBAJdlJoJmmtt6I5OU+loq15N27aqC3M71YGXZgMGPLMNibPYQIRqx
Dqhzg2fhtEU/tIellP+fF0qI78OSNjMMl3KVL2ONPo9AQh5bAwSmZLjwAq0naz29
0mILSQ8FVGl8kNXIzW/V/IFWYnQJynP3Z5BZqVeTj2g9O0zUDOcly54GksbE4rrm
GReD0Xl16Sx5eCvRy041rIDlqLP9xmw2Y/hFnAW1wfMXaUihSs2AeS3598ZvMV5f
aCmk/KfWCIiQUZcySLkKFVRszJK6tgRmGZmiUkUepor/MCujD5ZepiixyfBVX9Jg
1EGtSyIT9r+OAFiD30fEeRaDs/I9lnuD058=
-----END CERTIFICATE-----