Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/034D6A10DC0811EFB7C9DE6D762E951A.roa
File:                     034D6A10DC0811EFB7C9DE6D762E951A.roa (raw, json)
Hash identifier:          CG5CSZiMV8msjwyKJycugdxRAkGH0X5SV/JLs8fHMGE=
Subject key identifier:   43:B0:66:9F:6C:A7:55:03:C5:B2:E5:69:5D:F8:3A:74:CE:DD:79:35
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       011420
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/034D6A10DC0811EFB7C9DE6D762E951A.roa
Signing time:             Sun 26 Jan 2025 17:07:25 +0000
ROA not before:           Sun 26 Jan 2025 17:07:21 +0000
ROA not after:            Sun 23 Mar 2025 17:07:21 +0000
asID:                     63139
IP address blocks:        156.229.30.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 70688 (0x11420)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
        Validity
            Not Before: Jan 26 17:07:21 2025 GMT
            Not After : Mar 23 17:07:21 2025 GMT
        Subject: CN=67966bcc-0759
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:9a:10:3f:3f:f0:ee:ca:c7:9e:1f:e0:f8:9d:
                    1c:14:68:a0:d0:8e:e9:5c:37:c7:81:c9:8a:0f:00:
                    85:8e:d5:c3:c9:2c:66:d0:b3:41:95:8c:8c:ec:0d:
                    e8:c3:52:3e:1d:ae:70:e6:41:e9:af:c1:81:61:f3:
                    73:78:e0:c2:15:54:d5:c3:e7:98:2a:d8:b2:3e:aa:
                    f9:de:0b:ca:1d:9f:d9:8f:d0:52:d2:ed:c7:8b:28:
                    10:9b:4b:b5:2a:04:34:e0:c1:80:f9:ef:82:9e:ab:
                    00:7f:dd:b0:c0:06:73:21:f0:0c:d2:e5:ed:bb:40:
                    97:ea:b1:1d:bf:e6:ce:bb:d5:ba:41:7f:c3:65:62:
                    79:56:b2:0d:9d:fc:e4:22:36:30:0a:aa:5c:d7:0f:
                    c3:b3:40:64:ae:b2:11:42:d4:ec:14:d6:12:7e:20:
                    96:3e:a7:80:1c:93:b2:27:14:95:48:13:f5:2e:09:
                    e0:82:21:0d:04:e6:27:29:1a:23:74:a6:a7:d1:11:
                    89:4c:b6:a4:bb:26:4d:03:c5:7b:61:9e:13:c9:61:
                    8f:e0:09:b8:42:cf:d3:4b:80:29:2a:1a:ed:77:f1:
                    a6:2a:8f:94:e6:b9:72:10:82:ce:59:c5:d7:db:3a:
                    f1:c6:15:bd:4a:c5:7b:79:24:b2:ec:de:84:50:cb:
                    25:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:B0:66:9F:6C:A7:55:03:C5:B2:E5:69:5D:F8:3A:74:CE:DD:79:35
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/034D6A10DC0811EFB7C9DE6D762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.229.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:93:0a:3e:b5:d3:17:2c:6f:3f:a6:ee:a1:01:c1:f0:f5:46:
         35:62:01:4f:51:ab:dd:dd:8d:10:2d:58:92:44:26:a9:1b:19:
         79:7b:fb:c9:e7:7b:bd:96:c2:78:77:52:99:7c:65:54:c4:36:
         cd:ea:bc:82:04:d9:a9:a5:ae:75:46:55:63:5e:25:ac:4f:c1:
         c9:ab:7e:c8:88:93:67:35:02:4c:56:c1:3c:59:d5:21:b2:9b:
         c6:7c:2f:40:87:3d:a3:76:a1:f5:dc:7e:54:a2:82:86:8d:dd:
         a7:71:fc:25:b2:5f:18:ce:f3:6a:c0:04:ca:3c:4e:fa:c3:3a:
         f9:a9:49:c0:7f:09:c0:0e:f0:39:cf:af:d0:cb:06:c7:5d:34:
         f9:f9:42:3d:ef:b2:cf:9a:7f:d9:f9:eb:f7:63:83:96:a3:dd:
         33:16:93:44:e7:6d:ea:4d:b7:71:b1:47:8a:c6:35:f7:36:0c:
         fe:97:07:80:01:f6:51:58:b3:d2:b1:80:71:e0:81:ae:52:b7:
         c9:8f:e1:41:17:ec:d4:f3:6b:98:fc:aa:f8:18:93:f4:27:ef:
         6d:64:f2:53:3c:46:7b:9b:71:f7:6e:18:f0:cb:03:8d:f4:92:
         02:38:a4:0b:66:89:46:8a:30:66:27:c0:29:30:2e:9a:a0:0e:
         64:12:29:e9
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIDARQgMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjUwMTI2MTcwNzIxWhcNMjUwMzIzMTcwNzIxWjAYMRYw
FAYDVQQDEw02Nzk2NmJjYy0wNzU5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAnJoQPz/w7srHnh/g+J0cFGig0I7pXDfHgcmKDwCFjtXDySxm0LNBlYyM
7A3ow1I+Ha5w5kHpr8GBYfNzeODCFVTVw+eYKtiyPqr53gvKHZ/Zj9BS0u3HiygQ
m0u1KgQ04MGA+e+CnqsAf92wwAZzIfAM0uXtu0CX6rEdv+bOu9W6QX/DZWJ5VrIN
nfzkIjYwCqpc1w/Ds0BkrrIRQtTsFNYSfiCWPqeAHJOyJxSVSBP1LgnggiENBOYn
KRojdKan0RGJTLakuyZNA8V7YZ4TyWGP4Am4Qs/TS4ApKhrtd/GmKo+U5rlyEILO
WcXX2zrxxhW9SsV7eSSy7N6EUMslfQIDAQABo4ICojCCAp4wHQYDVR0OBBYEFEOw
Zp9sp1UDxbLlaV34OnTO3Xk1MB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC8wMzRENkExMERDMDgxMUVGQjdDOURFNkQ3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBnOUeMA0GCSqGSIb3DQEBCwUA
A4IBAQBqkwo+tdMXLG8/pu6hAcHw9UY1YgFPUavd3Y0QLViSRCapGxl5e/vJ53u9
lsJ4d1KZfGVUxDbN6ryCBNmppa51RlVjXiWsT8HJq37IiJNnNQJMVsE8WdUhspvG
fC9Ahz2jdqH13H5UooKGjd2ncfwlsl8YzvNqwATKPE76wzr5qUnAfwnADvA5z6/Q
ywbHXTT5+UI977LPmn/Z+ev3Y4OWo90zFpNE523qTbdxsUeKxjX3Ngz+lweAAfZR
WLPSsYBx4IGuUrfJj+FBF+zU82uY/Kr4GJP0J+9tZPJTPEZ7m3H3bhjwywON9JIC
OKQLZolGijBmJ8ApMC6aoA5kEinp
-----END CERTIFICATE-----
Generated at Sat Apr 26 21:53:15 2025 by rpki-client