Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/C3CDF84207AD11F096889EA9762E951A.roa
File:                     C3CDF84207AD11F096889EA9762E951A.roa (raw, json)
Hash identifier:          ZBg+hW3QQs262oPdFSdYXbdQHfmtjz4fkoJALQbYYNs=
Subject key identifier:   BF:3C:80:59:9C:22:85:E4:F5:6D:CE:A1:2B:0E:42:A4:53:A2:DB:2D
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       0147AC
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/C3CDF84207AD11F096889EA9762E951A.roa
Signing time:             Sun 23 Mar 2025 06:12:14 +0000
ROA not before:           Sun 23 Mar 2025 06:12:11 +0000
ROA not after:            Tue 08 Apr 2025 06:12:11 +0000
asID:                     39600
IP address blocks:        156.232.80.0/21 maxlen: 24
                          156.235.80.0/21 maxlen: 24
                          156.238.136.0/21 maxlen: 24
                          156.252.8.0/24 maxlen: 24
                          156.252.9.0/24 maxlen: 24
                          156.252.10.0/24 maxlen: 24
                          156.252.12.0/24 maxlen: 24
                          156.252.13.0/24 maxlen: 24
                          156.252.14.0/24 maxlen: 24
                          156.252.15.0/24 maxlen: 24
                          156.255.80.0/24 maxlen: 24
                          156.255.81.0/24 maxlen: 24
                          156.255.82.0/24 maxlen: 24
                          156.255.83.0/24 maxlen: 24
                          156.255.84.0/24 maxlen: 24
                          156.255.85.0/24 maxlen: 24
                          156.255.86.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 83884 (0x147ac)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR
        Validity
            Not Before: Mar 23 06:12:11 2025 GMT
            Not After : Apr  8 06:12:11 2025 GMT
        Subject: CN=67dfa63e-6996
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:3c:d2:e6:ea:45:fb:23:f0:f7:d0:ee:3f:a0:
                    e2:ce:a8:71:c2:76:90:78:ae:94:cc:76:ae:01:55:
                    5a:6a:1b:22:1d:00:62:15:ee:b1:c0:c0:79:b4:bb:
                    91:de:e8:71:e6:3c:6b:7c:60:b3:d7:8d:79:8a:4f:
                    c5:20:08:64:0e:44:3b:b1:63:0b:5e:6e:f9:84:da:
                    d7:55:40:9a:bc:81:33:d6:49:7f:3d:ef:bd:82:7b:
                    56:3f:94:21:4f:3d:99:fb:13:7f:f4:91:79:c9:cf:
                    de:11:12:c7:e1:19:52:6b:a4:46:73:64:3a:7c:99:
                    a8:d8:00:8e:a1:84:65:8b:e2:b3:d4:40:1a:87:31:
                    51:1c:d4:b2:cc:e4:55:f9:53:7a:61:0d:88:13:2a:
                    11:0f:81:ee:ac:8b:61:6a:16:78:8b:1b:0a:f9:84:
                    57:ee:ed:8b:ee:da:55:4f:26:16:73:2c:7e:13:6f:
                    67:cd:37:b9:22:da:fa:75:30:cc:aa:08:d0:18:cd:
                    25:92:e4:dc:c2:2f:b4:97:7a:43:c6:a5:02:d0:1a:
                    62:b2:aa:bd:ee:73:31:aa:fe:a4:d3:f9:5d:c3:da:
                    ee:0b:8b:19:eb:9b:86:fb:9c:77:71:ca:21:01:6a:
                    58:58:7e:27:ca:7c:52:3a:60:93:f9:9e:04:80:98:
                    3b:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:3C:80:59:9C:22:85:E4:F5:6D:CE:A1:2B:0E:42:A4:53:A2:DB:2D
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/C3CDF84207AD11F096889EA9762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.232.80.0/21
                  156.235.80.0/21
                  156.238.136.0/21
                  156.252.8.0-156.252.10.255
                  156.252.12.0/22
                  156.255.80.0-156.255.86.255

    Signature Algorithm: sha256WithRSAEncryption
         57:2a:ca:47:7c:77:6d:76:00:6f:15:9d:69:c5:8d:39:71:be:
         3b:02:ca:9c:90:c5:fa:5e:97:f7:79:a2:56:ad:4f:50:1d:d8:
         1b:bb:82:a7:2d:b0:d7:04:d8:d4:9c:a9:db:82:0c:f3:66:4c:
         c2:25:f0:30:6b:79:e3:35:00:67:00:f3:24:88:6e:5c:5d:73:
         3a:c7:f3:a1:e8:0a:c3:8d:e0:d5:07:4b:71:93:d2:97:36:02:
         d9:fb:02:f6:8b:18:3f:c8:73:c6:fd:a0:98:ea:fd:64:e9:78:
         12:3d:54:b6:2a:e7:a8:7e:ab:68:b5:ed:2f:af:24:62:12:f2:
         13:3d:da:7b:bb:64:b2:7f:a8:c3:02:0f:a6:1d:a8:88:1b:65:
         6d:3a:f4:74:56:b6:cc:e2:21:3d:97:f6:78:22:c1:7b:f5:72:
         71:e2:48:73:6c:bb:2b:fc:d9:8f:df:5b:6a:ea:0d:9d:7f:fc:
         ad:a7:4f:76:a6:ae:8a:93:67:0a:f2:6c:b2:9a:d4:14:88:61:
         27:c5:d5:12:1a:e6:2c:57:40:d2:98:a9:71:f8:25:4b:20:3c:
         c4:fb:37:a9:2b:b7:30:92:f7:b5:f9:61:a3:b3:73:95:c3:10:
         b6:d4:cf:9f:64:e2:e1:ef:62:89:5c:a0:81:ca:34:18:91:18:
         31:26:28:e0
-----BEGIN CERTIFICATE-----
MIIFrzCCBJegAwIBAgIDAUesMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjUwMzIzMDYxMjExWhcNMjUwNDA4MDYxMjExWjAYMRYw
FAYDVQQDEw02N2RmYTYzZS02OTk2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAljzS5upF+yPw99DuP6DizqhxwnaQeK6UzHauAVVaahsiHQBiFe6xwMB5
tLuR3uhx5jxrfGCz1415ik/FIAhkDkQ7sWMLXm75hNrXVUCavIEz1kl/Pe+9gntW
P5QhTz2Z+xN/9JF5yc/eERLH4RlSa6RGc2Q6fJmo2ACOoYRli+Kz1EAahzFRHNSy
zORV+VN6YQ2IEyoRD4HurIthahZ4ixsK+YRX7u2L7tpVTyYWcyx+E29nzTe5Itr6
dTDMqgjQGM0lkuTcwi+0l3pDxqUC0Bpisqq97nMxqv6k0/ldw9ruC4sZ65uG+5x3
ccohAWpYWH4nynxSOmCT+Z4EgJg7qwIDAQABo4IC0DCCAswwHQYDVR0OBBYEFL88
gFmcIoXk9W3OoSsOQqRTotstMB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC9DM0NERjg0MjA3QUQxMUYwOTY4ODlFQTk3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
ME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0AwQDnOhQAwQDnOtQAwQDnO6IMAwD
BAOc/AgDBACc/AoDBAKc/AwwDAMEBJz/UAMEAJz/VjANBgkqhkiG9w0BAQsFAAOC
AQEAVyrKR3x3bXYAbxWdacWNOXG+OwLKnJDF+l6X93miVq1PUB3YG7uCpy2w1wTY
1Jyp24IM82ZMwiXwMGt54zUAZwDzJIhuXF1zOsfzoegKw43g1QdLcZPSlzYC2fsC
9osYP8hzxv2gmOr9ZOl4Ej1UtirnqH6raLXtL68kYhLyEz3ae7tksn+owwIPph2o
iBtlbTr0dFa2zOIhPZf2eCLBe/VyceJIc2y7K/zZj99bauoNnX/8radPdqauipNn
CvJssprUFIhhJ8XVEhrmLFdA0pipcfglSyA8xPs3qSu3MJL3tflho7NzlcMQttTP
n2Ti4e9iiVyggco0GJEYMSYo4A==
-----END CERTIFICATE-----