Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/8658E82A096811F0BEC614B5762E951A.roa
File:                     8658E82A096811F0BEC614B5762E951A.roa (raw, json)
Hash identifier:          CPuSrAE8hxRlx7N14FTDtFn0VS+bTwWDtUsLIJqQrzE=
Subject key identifier:   59:AB:9B:D7:63:B5:A8:71:79:ED:EF:41:0F:A3:FC:3D:EA:2B:E5:ED
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       01480B
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/8658E82A096811F0BEC614B5762E951A.roa
Signing time:             Tue 25 Mar 2025 11:01:38 +0000
ROA not before:           Tue 25 Mar 2025 11:01:34 +0000
ROA not after:            Sun 25 May 2025 11:01:34 +0000
asID:                     63139
IP address blocks:        156.225.121.0/24 maxlen: 24
                          156.227.220.0/22 maxlen: 24
                          156.227.252.0/22 maxlen: 24
                          156.229.29.0/24 maxlen: 24
                          156.229.30.0/23 maxlen: 24
                          156.229.44.0/23 maxlen: 24
                          156.229.49.0/24 maxlen: 24
                          156.229.51.0/24 maxlen: 24
                          156.229.64.0/24 maxlen: 24
                          156.229.65.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 83979 (0x1480b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR
        Validity
            Not Before: Mar 25 11:01:34 2025 GMT
            Not After : May 25 11:01:34 2025 GMT
        Subject: CN=67e28d12-6c97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:5a:bd:bb:35:15:d8:96:9f:7d:fd:bb:f4:f3:
                    1a:2d:6a:55:7a:2b:07:1e:81:5c:7c:1a:64:a8:95:
                    25:4c:89:bd:3a:8d:40:f7:71:fb:01:25:2c:47:66:
                    31:ae:a7:88:c6:0f:60:5e:7d:4e:3d:7d:50:2c:db:
                    32:58:15:ee:fa:54:05:8d:5c:28:6f:27:b4:8b:11:
                    57:b3:5a:81:0b:ec:5d:04:40:ae:d2:96:6a:a4:2b:
                    c4:5f:9e:d7:84:e7:9f:34:6a:e4:8d:e1:0e:67:69:
                    37:ea:d1:f9:4c:2a:ce:2f:4a:b1:bb:f0:b9:c8:bd:
                    b3:0d:13:da:3f:72:9c:34:e0:a0:08:29:79:6d:54:
                    dd:97:d9:dd:74:af:e1:b4:0f:14:86:6b:1c:3d:f1:
                    39:d6:db:5b:3f:ff:98:b9:a0:f4:b1:98:3b:28:0e:
                    9f:55:a1:8f:da:08:cc:f4:25:0f:e0:5f:02:d2:6e:
                    0f:19:14:6d:83:c3:14:e9:0a:65:e2:8f:7f:69:60:
                    08:14:dd:ad:fe:9c:ab:fa:0d:ac:1b:1c:4a:6b:cf:
                    3c:ef:0a:aa:0f:5f:5a:98:86:26:21:10:ca:12:2d:
                    f6:50:bc:f5:87:b4:d6:11:de:5f:ec:37:c6:af:10:
                    79:35:41:d7:0a:02:38:48:e7:04:70:a4:71:de:ea:
                    45:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:AB:9B:D7:63:B5:A8:71:79:ED:EF:41:0F:A3:FC:3D:EA:2B:E5:ED
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/8658E82A096811F0BEC614B5762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.225.121.0/24
                  156.227.220.0/22
                  156.227.252.0/22
                  156.229.29.0-156.229.31.255
                  156.229.44.0/23
                  156.229.49.0/24
                  156.229.51.0/24
                  156.229.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         93:1f:5f:b8:ab:ae:65:de:f4:7c:5c:ab:d2:76:3c:22:f3:e7:
         0b:05:2a:63:49:38:6e:8f:60:83:e5:f9:37:66:50:98:24:9d:
         0b:db:5c:6d:ba:fc:f3:6d:6b:32:f7:15:e7:6c:cf:14:15:31:
         a7:57:30:aa:bd:13:10:e4:45:33:b8:c6:35:83:00:bc:11:6c:
         d7:03:d4:c4:e2:61:15:20:96:87:18:11:1a:aa:f8:0c:ab:99:
         f2:af:2f:16:0b:6c:18:0f:aa:36:00:9c:c4:d4:6b:3e:26:f5:
         52:28:b9:bb:78:e7:7b:a9:fa:d9:fb:2d:ee:2c:f9:5e:0a:0a:
         f3:a9:b7:0f:dc:52:da:4c:30:20:70:5c:02:cd:ab:1e:10:bd:
         e6:f6:e6:9d:97:d0:f2:56:e9:49:f9:01:0d:e6:8b:e8:cf:49:
         95:88:57:84:cb:db:a6:81:fb:c5:ae:0e:2a:fc:9b:70:8d:0a:
         14:6a:74:e3:57:c7:37:3f:d4:b6:6f:4e:13:16:2f:2f:2b:79:
         b5:50:4c:cf:05:b7:48:f4:6e:c5:4d:0d:6c:9b:31:12:84:af:
         c1:91:06:20:50:28:92:36:50:5c:8f:c3:99:e7:a5:af:6d:54:
         b3:b5:d8:d3:b1:4c:8b:4d:2d:0c:44:07:68:77:79:03:0b:d6:
         03:64:bd:6a
-----BEGIN CERTIFICATE-----
MIIFszCCBJugAwIBAgIDAUgLMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjUwMzI1MTEwMTM0WhcNMjUwNTI1MTEwMTM0WjAYMRYw
FAYDVQQDEw02N2UyOGQxMi02Yzk3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA2Fq9uzUV2Jafff279PMaLWpVeisHHoFcfBpkqJUlTIm9Oo1A93H7ASUs
R2YxrqeIxg9gXn1OPX1QLNsyWBXu+lQFjVwobye0ixFXs1qBC+xdBECu0pZqpCvE
X57XhOefNGrkjeEOZ2k36tH5TCrOL0qxu/C5yL2zDRPaP3KcNOCgCCl5bVTdl9nd
dK/htA8UhmscPfE51ttbP/+YuaD0sZg7KA6fVaGP2gjM9CUP4F8C0m4PGRRtg8MU
6Qpl4o9/aWAIFN2t/pyr+g2sGxxKa8887wqqD19amIYmIRDKEi32ULz1h7TWEd5f
7DfGrxB5NUHXCgI4SOcEcKRx3upFIQIDAQABo4IC1DCCAtAwHQYDVR0OBBYEFFmr
m9djtahxee3vQQ+j/D3qK+XtMB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC84NjU4RTgyQTA5NjgxMUYwQkVDNjE0QjU3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAnOF5AwQCnOPcAwQCnOP8MAwD
BACc5R0DBAWc5QADBAGc5SwDBACc5TEDBACc5TMDBAGc5UAwDQYJKoZIhvcNAQEL
BQADggEBAJMfX7irrmXe9Hxcq9J2PCLz5wsFKmNJOG6PYIPl+TdmUJgknQvbXG26
/PNtazL3FedszxQVMadXMKq9ExDkRTO4xjWDALwRbNcD1MTiYRUglocYERqq+Ayr
mfKvLxYLbBgPqjYAnMTUaz4m9VIoubt453up+tn7Le4s+V4KCvOptw/cUtpMMCBw
XALNqx4Qveb25p2X0PJW6Un5AQ3mi+jPSZWIV4TL26aB+8WuDir8m3CNChRqdONX
xzc/1LZvThMWLy8rebVQTM8Ft0j0bsVNDWybMRKEr8GRBiBQKJI2UFyPw5nnpa9t
VLO12NOxTItNLQxEB2h3eQML1gNkvWo=
-----END CERTIFICATE-----