Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/E272B230F4FA11EF84DB2A5A762E951A.roa
File:                     E272B230F4FA11EF84DB2A5A762E951A.roa (raw, json)
Hash identifier:          gy96d1jl3rLkRpO82Mpa9hV0vMS8fQcAxsqEZiyFtTc=
Subject key identifier:   3C:F5:FA:F0:5D:97:B7:79:C6:F1:12:ED:EB:EC:65:8B:97:85:5B:42
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       0139F9
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/E272B230F4FA11EF84DB2A5A762E951A.roa
Signing time:             Thu 27 Feb 2025 11:06:25 +0000
ROA not before:           Thu 27 Feb 2025 11:06:21 +0000
ROA not after:            Sat 19 Feb 2028 11:06:21 +0000
asID:                     17561
IP address blocks:        156.227.41.0/24 maxlen: 24
                          156.227.42.0/24 maxlen: 24
                          156.227.43.0/24 maxlen: 24
                          156.227.44.0/24 maxlen: 24
                          156.227.45.0/24 maxlen: 24
                          156.227.46.0/24 maxlen: 24
                          156.227.47.0/24 maxlen: 24
                          156.227.48.0/24 maxlen: 24
                          156.227.49.0/24 maxlen: 24
                          156.227.50.0/24 maxlen: 24
                          156.227.51.0/24 maxlen: 24
                          156.227.52.0/24 maxlen: 24
                          156.227.53.0/24 maxlen: 24
                          156.227.54.0/24 maxlen: 24
                          156.227.55.0/24 maxlen: 24
                          156.227.56.0/24 maxlen: 24
                          156.227.57.0/24 maxlen: 24
                          156.227.58.0/24 maxlen: 24
                          156.227.59.0/24 maxlen: 24
                          156.227.60.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 80377 (0x139f9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR
        Validity
            Not Before: Feb 27 11:06:21 2025 GMT
            Not After : Feb 19 11:06:21 2028 GMT
        Subject: CN=67c04731-4045
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:62:de:c4:2f:8a:36:e4:7b:d0:74:25:84:2c:
                    fd:6f:6b:e7:44:e8:6f:37:38:c2:86:9c:62:ea:14:
                    0f:4c:a5:b2:a3:6e:1a:ed:3a:95:5e:83:e1:3b:80:
                    3e:8d:82:08:47:33:97:b9:8e:d0:b2:a6:f8:1d:ae:
                    0d:73:de:c1:0c:de:d5:65:a9:c3:c1:7c:7f:d6:fd:
                    fb:c5:8d:29:9f:bb:60:1d:e6:79:25:b9:6b:4c:86:
                    68:9f:b7:e2:06:2a:3f:0e:ac:3a:d8:68:6d:fa:88:
                    68:c0:7a:50:55:3e:4c:72:f7:a7:eb:df:29:7c:a2:
                    41:db:a4:be:bb:a0:80:8f:d3:21:89:b8:a4:ed:13:
                    e4:fe:02:e4:2b:75:31:f1:ed:d9:a1:ec:9e:65:f0:
                    91:f2:c8:07:ad:c7:01:8e:65:6f:7e:cc:9e:25:a9:
                    f0:3a:1c:ea:ea:f1:17:b1:c2:f5:96:8f:ea:3f:55:
                    31:4d:48:bd:57:36:e2:15:68:3f:c2:24:9d:3d:13:
                    56:88:ae:2f:d0:4b:71:bc:9c:7c:41:e6:fe:b8:c8:
                    da:15:5e:74:e2:60:c2:26:ef:12:e2:14:bf:f9:ee:
                    2c:f4:9b:a7:e3:5f:66:69:1d:e1:c5:b7:df:77:7a:
                    4c:40:b5:47:75:6d:b0:ca:f1:eb:00:86:5b:f8:59:
                    d8:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:F5:FA:F0:5D:97:B7:79:C6:F1:12:ED:EB:EC:65:8B:97:85:5B:42
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/E272B230F4FA11EF84DB2A5A762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.227.41.0-156.227.60.255

    Signature Algorithm: sha256WithRSAEncryption
         01:2c:d9:c1:30:16:7f:a2:16:34:9f:47:fb:a8:0d:9e:4b:da:
         bf:8d:64:81:81:dc:6b:69:61:c9:e0:7c:0c:a7:81:9c:13:06:
         25:b2:c6:73:a2:67:ca:29:fd:9a:e2:ff:23:2e:7e:10:49:e2:
         08:db:cf:c7:e3:c0:cc:3d:ff:bc:34:e9:9b:27:f5:16:75:24:
         ad:a7:74:79:6c:b3:2e:ce:bf:cf:65:d4:27:ae:d4:7f:26:ab:
         d0:7c:a7:e6:70:a6:41:24:d9:a6:d3:12:66:01:1e:5b:e6:84:
         58:07:cc:31:95:f2:69:4a:c1:55:5f:ee:bc:48:d0:1e:0a:3e:
         2a:5b:f0:7b:ed:4c:0e:6f:0a:d6:f0:e6:6e:05:53:65:dc:5c:
         5c:4c:05:3a:d5:9d:65:27:dc:99:e4:f5:46:82:1d:57:96:72:
         45:ec:36:91:9b:8f:c0:41:cd:c6:76:2f:ef:e4:53:d5:0a:e6:
         7f:d0:b9:73:a0:5c:52:e1:5f:d1:e6:08:32:f2:09:21:60:e0:
         47:78:17:a2:8a:89:e0:58:9e:3d:dd:d8:0e:d1:1a:a7:bc:f3:
         97:87:9d:29:e9:f4:0b:42:c3:b4:0b:ba:a2:58:af:94:85:06:
         f6:bd:33:39:b4:87:37:9d:90:6c:11:ae:c0:60:57:50:0b:fe:
         b2:be:d6:a8
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgIDATn5MA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjUwMjI3MTEwNjIxWhcNMjgwMjE5MTEwNjIxWjAYMRYw
FAYDVQQDEw02N2MwNDczMS00MDQ1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAwGLexC+KNuR70HQlhCz9b2vnROhvNzjChpxi6hQPTKWyo24a7TqVXoPh
O4A+jYIIRzOXuY7Qsqb4Ha4Nc97BDN7VZanDwXx/1v37xY0pn7tgHeZ5JblrTIZo
n7fiBio/Dqw62Ght+ohowHpQVT5Mcven698pfKJB26S+u6CAj9Mhibik7RPk/gLk
K3Ux8e3ZoeyeZfCR8sgHrccBjmVvfsyeJanwOhzq6vEXscL1lo/qP1UxTUi9Vzbi
FWg/wiSdPRNWiK4v0EtxvJx8Qeb+uMjaFV504mDCJu8S4hS/+e4s9Jun419maR3h
xbffd3pMQLVHdW2wyvHrAIZb+FnY4QIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFDz1
+vBdl7d5xvES7evsZYuXhVtCMB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC9FMjcyQjIzMEY0RkExMUVGODREQjJBNUE3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACc4ykDBACc4zwwDQYJKoZI
hvcNAQELBQADggEBAAEs2cEwFn+iFjSfR/uoDZ5L2r+NZIGB3GtpYcngfAyngZwT
BiWyxnOiZ8op/Zri/yMufhBJ4gjbz8fjwMw9/7w06Zsn9RZ1JK2ndHlssy7Ov89l
1Ceu1H8mq9B8p+ZwpkEk2abTEmYBHlvmhFgHzDGV8mlKwVVf7rxI0B4KPipb8Hvt
TA5vCtbw5m4FU2XcXFxMBTrVnWUn3Jnk9UaCHVeWckXsNpGbj8BBzcZ2L+/kU9UK
5n/QuXOgXFLhX9HmCDLyCSFg4Ed4F6KKieBYnj3d2A7RGqe885eHnSnp9AtCw7QL
uqJYr5SFBva9Mzm0hzedkGwRrsBgV1AL/rK+1qg=
-----END CERTIFICATE-----