Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F363DCF2/A18531B6DCBE11EFBE2B50BB762E951A/DF9A8FB2E71511EF89845391762E951A.roa
File:                     DF9A8FB2E71511EF89845391762E951A.roa (raw, json)
Hash identifier:          lYxv4PfU2pGQraX26B+rxFK/U2HF8vmIZzodopdyvFo=
Subject key identifier:   67:56:A4:CA:2E:4E:89:9B:09:12:18:7B:60:A4:48:46:65:62:CD:08
Certificate issuer:       /CN=F363DCF2AR/serialNumber=C4BBCDEF9DC7E68F9184C80C08718C206EDDF70B
Certificate serial:       43
Authority key identifier: C4:BB:CD:EF:9D:C7:E6:8F:91:84:C8:0C:08:71:8C:20:6E:DD:F7:0B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/xLvN753H5o-RhMgMCHGMIG7d9ws.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F363DCF2/A18531B6DCBE11EFBE2B50BB762E951A/DF9A8FB2E71511EF89845391762E951A.roa
Signing time:             Sun 09 Feb 2025 18:44:20 +0000
ROA not before:           Sun 09 Feb 2025 18:44:17 +0000
ROA not after:            Mon 31 Dec 2035 18:44:17 +0000
asID:                     30992
IP address blocks:        129.0.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F363DCF2/A18531B6DCBE11EFBE2B50BB762E951A/xLvN753H5o-RhMgMCHGMIG7d9ws.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F363DCF2/A18531B6DCBE11EFBE2B50BB762E951A/xLvN753H5o-RhMgMCHGMIG7d9ws.mft
                          rsync://rpki.afrinic.net/repository/arin/xLvN753H5o-RhMgMCHGMIG7d9ws.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Mon 14 Apr 2025 00:26:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 67 (0x43)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F363DCF2AR, serialNumber=C4BBCDEF9DC7E68F9184C80C08718C206EDDF70B
        Validity
            Not Before: Feb  9 18:44:17 2025 GMT
            Not After : Dec 31 18:44:17 2035 GMT
        Subject: CN=67a8f784-4f3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:64:32:34:db:3f:f4:f5:cc:54:63:68:25:38:
                    6c:b0:02:bd:63:64:47:68:ec:5d:7a:1f:2c:c4:64:
                    2d:35:f3:4e:79:42:cc:88:05:c6:67:38:62:85:b4:
                    d2:5b:d9:e2:c6:d5:9e:b6:04:c1:15:30:29:cd:c3:
                    27:90:88:df:c5:15:98:af:3a:1e:62:00:66:d1:2d:
                    d1:aa:c2:49:1f:ee:11:f7:1d:47:a7:91:7e:99:ed:
                    76:b7:89:ac:b4:52:19:1a:f3:85:5e:f8:7d:70:7b:
                    96:d9:4a:e8:e6:20:6c:f9:38:34:0b:98:2a:f8:cd:
                    32:58:3d:05:df:8d:0a:9a:63:13:67:ed:a1:a0:44:
                    40:1a:94:f5:1c:8d:37:9e:48:48:c0:51:73:19:35:
                    f5:d5:94:b3:2c:a1:d8:43:c7:dd:bf:e8:5b:cb:51:
                    64:06:92:6f:c0:68:8c:66:f8:72:76:d4:34:24:ea:
                    e5:f6:e5:be:65:5d:15:b0:9f:40:51:28:0d:e7:01:
                    8f:82:9f:9a:5f:96:c6:c9:7f:33:a7:62:cf:30:3f:
                    97:be:7f:4a:6d:6f:04:c5:0f:f2:4a:76:1a:13:66:
                    97:96:36:26:a0:31:7e:2e:30:35:82:9c:cc:f2:2f:
                    60:66:31:ab:92:a8:b3:a4:20:e3:2e:c8:bb:99:cd:
                    ee:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:56:A4:CA:2E:4E:89:9B:09:12:18:7B:60:A4:48:46:65:62:CD:08
            X509v3 Authority Key Identifier:
                keyid:C4:BB:CD:EF:9D:C7:E6:8F:91:84:C8:0C:08:71:8C:20:6E:DD:F7:0B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F363DCF2/A18531B6DCBE11EFBE2B50BB762E951A/xLvN753H5o-RhMgMCHGMIG7d9ws.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/xLvN753H5o-RhMgMCHGMIG7d9ws.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F363DCF2/A18531B6DCBE11EFBE2B50BB762E951A/DF9A8FB2E71511EF89845391762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.0.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:44:a9:20:df:67:82:d7:8f:6c:c0:78:5f:6c:bb:03:d0:13:
         48:4a:69:98:a1:26:89:b9:d9:d4:2c:c6:f6:e1:2c:2f:80:64:
         0d:be:5d:8b:2e:18:23:f6:c3:f7:44:e1:9e:52:e3:e0:a7:f3:
         05:a6:70:95:e5:b6:ab:86:82:02:89:29:d3:1f:62:81:0d:e3:
         15:63:69:c3:b6:ed:de:51:d1:f8:11:e3:3a:aa:38:2a:b0:bf:
         fd:57:93:2b:29:0b:86:61:40:f0:5b:6e:d3:da:55:e1:e3:b0:
         30:43:b9:2d:6d:79:69:82:85:34:88:f6:f0:5a:98:07:b7:25:
         b4:8f:40:af:b9:46:8a:6d:d1:92:59:07:fe:2f:c2:4e:39:04:
         55:29:8e:91:c5:3b:ba:7a:66:3e:89:ce:98:39:cd:c7:e0:87:
         6d:63:98:9d:92:f1:3a:bf:70:a7:63:89:60:6a:a1:4e:8d:db:
         70:b8:c0:ae:c1:51:fe:e5:e2:9f:9d:eb:49:11:f5:00:57:a0:
         8a:90:2f:b4:6a:56:0f:19:d3:d1:07:ae:68:42:5b:26:eb:98:
         27:19:a1:ec:8e:87:bf:12:8a:a9:f9:ee:b5:71:6c:68:74:0c:
         e8:68:29:1e:8b:6b:97:f5:bc:f6:14:d5:d5:fc:ae:15:34:24:
         2b:d7:50:56
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgIBQzANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzYz
RENGMkFSMTEwLwYDVQQFEyhDNEJCQ0RFRjlEQzdFNjhGOTE4NEM4MEMwODcxOEMy
MDZFRERGNzBCMB4XDTI1MDIwOTE4NDQxN1oXDTM1MTIzMTE4NDQxN1owGDEWMBQG
A1UEAxMNNjdhOGY3ODQtNGYzYjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJkMjTbP/T1zFRjaCU4bLACvWNkR2jsXXofLMRkLTXzTnlCzIgFxmc4YoW0
0lvZ4sbVnrYEwRUwKc3DJ5CI38UVmK86HmIAZtEt0arCSR/uEfcdR6eRfpntdreJ
rLRSGRrzhV74fXB7ltlK6OYgbPk4NAuYKvjNMlg9Bd+NCppjE2ftoaBEQBqU9RyN
N55ISMBRcxk19dWUsyyh2EPH3b/oW8tRZAaSb8BojGb4cnbUNCTq5fblvmVdFbCf
QFEoDecBj4Kfml+Wxsl/M6dizzA/l75/Sm1vBMUP8kp2GhNml5Y2JqAxfi4wNYKc
zPIvYGYxq5Kos6Qg4y7Iu5nN7psCAwEAAaOCAqIwggKeMB0GA1UdDgQWBBRnVqTK
Lk6JmwkSGHtgpEhGZWLNCDAfBgNVHSMEGDAWgBTEu83vncfmj5GEyAwIcYwgbt33
CzAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2M0RDRjIvQTE4NTMxQjZEQ0JFMTFFRkJFMkI1MEJCNzYyRTk1MUEveEx2Tjc1
M0g1by1SaE1nTUNIR01JRzdkOXdzLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2FyaW4v
eEx2Tjc1M0g1by1SaE1nTUNIR01JRzdkOXdzLmNlcjBPBgNVHSABAf8ERTBDMEEG
CCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmljLm5l
dC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUFBzAL
hoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3Jl
cG9zaXRvcnkvRjM2M0RDRjIvQTE4NTMxQjZEQ0JFMTFFRkJFMkI1MEJCNzYyRTk1
MUEvREY5QThGQjJFNzE1MTFFRjg5ODQ1MzkxNzYyRTk1MUEucm9hMDUGCCsGAQUF
BzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAIEAVjANBgkqhkiG9w0BAQsFAAOC
AQEAskSpIN9ngtePbMB4X2y7A9ATSEppmKEmibnZ1CzG9uEsL4BkDb5diy4YI/bD
90ThnlLj4KfzBaZwleW2q4aCAokp0x9igQ3jFWNpw7bt3lHR+BHjOqo4KrC//VeT
KykLhmFA8Ftu09pV4eOwMEO5LW15aYKFNIj28FqYB7cltI9Ar7lGim3RklkH/i/C
TjkEVSmOkcU7unpmPonOmDnNx+CHbWOYnZLxOr9wp2OJYGqhTo3bcLjArsFR/uXi
n53rSRH1AFegipAvtGpWDxnT0QeuaEJbJuuYJxmh7I6HvxKKqfnutXFsaHQM6Ggp
Hotrl/W89hTV1fyuFTQkK9dQVg==
-----END CERTIFICATE-----