Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/08BC6366CCD611EFB2A042A0762E951A.roa
File:                     08BC6366CCD611EFB2A042A0762E951A.roa (raw, json)
Hash identifier:          MNz7mEIYhdtM4WaC19D4tMAq/MBzc1FByERm9NulHkg=
Subject key identifier:   C2:8A:C7:78:71:20:2A:63:99:77:97:3E:4B:70:DF:DC:8F:EE:A9:F9
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       FB03
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/08BC6366CCD611EFB2A042A0762E951A.roa
Signing time:             Tue 07 Jan 2025 09:01:51 +0000
ROA not before:           Tue 07 Jan 2025 09:01:48 +0000
ROA not after:            Sat 13 Dec 2025 09:01:48 +0000
asID:                     984
IP address blocks:        156.233.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.mft
                          rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Fri 07 Feb 2025 00:26:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 64259 (0xfb03)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR
        Validity
            Not Before: Jan  7 09:01:48 2025 GMT
            Not After : Dec 13 09:01:48 2025 GMT
        Subject: CN=677ced7f-d1b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:6c:fa:20:8a:07:6e:d5:49:a8:db:1a:9a:6a:
                    7e:74:35:de:2b:43:7f:91:a0:23:6c:22:c9:f9:5f:
                    d0:b7:e1:bd:cc:f0:73:f9:4e:fd:a4:db:a1:67:c1:
                    23:e2:35:76:d4:48:46:a8:30:58:1a:09:2a:49:e1:
                    8f:4a:67:3b:e6:92:0e:f5:12:b3:d1:ad:f0:04:a2:
                    a4:1e:73:9a:96:b2:f8:da:f7:68:d3:8a:75:c2:87:
                    3a:11:78:1e:4d:f6:80:0f:c3:69:5b:2c:82:16:81:
                    84:bf:f4:e6:67:64:13:0b:d6:a9:88:80:e3:b6:96:
                    75:80:5c:e8:6f:09:17:8e:83:9c:16:e2:52:d4:da:
                    c7:3f:52:1b:81:ac:df:a6:20:ab:a4:b4:40:01:33:
                    f6:8b:8e:b6:6d:29:0e:07:1e:29:be:3f:59:b0:25:
                    68:76:c4:5c:54:6c:a8:61:21:36:1d:89:a8:8f:4a:
                    79:ba:d6:08:c5:cd:dc:53:9f:f0:d2:28:2a:d6:8f:
                    c0:ec:8a:2d:84:03:e4:3e:74:bf:99:14:42:97:96:
                    58:ea:02:20:19:ca:61:4f:5d:28:0c:d1:9d:77:23:
                    44:31:6c:db:fd:d7:55:d4:6f:d5:b7:2a:9d:5d:0a:
                    03:e4:0a:f7:19:e3:55:3a:74:0b:45:16:c4:d1:a0:
                    70:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:8A:C7:78:71:20:2A:63:99:77:97:3E:4B:70:DF:DC:8F:EE:A9:F9
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/08BC6366CCD611EFB2A042A0762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.233.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:69:d6:82:28:a7:ed:a3:a2:81:ec:d2:6f:22:c0:52:12:18:
         c4:58:20:95:ed:08:2f:f4:e9:4a:85:b4:0f:23:15:80:81:96:
         bd:7c:b2:f7:a5:22:9c:7a:3e:06:93:79:87:8f:6b:5b:0a:47:
         66:09:67:20:ca:f8:a8:62:89:77:7d:74:2a:b3:09:f6:d4:37:
         be:cc:23:88:40:94:99:c1:cd:23:37:a6:bd:a8:fb:96:f1:0a:
         5d:51:e7:39:3f:1c:b6:39:fc:7d:01:73:e2:43:24:41:65:3a:
         42:c9:76:15:51:90:54:a4:86:03:83:4e:8b:30:16:16:2e:b2:
         82:41:f0:dc:4b:c0:46:21:7c:64:b0:ef:c5:5e:b3:11:43:53:
         ea:62:08:45:36:20:29:a5:3d:e1:1b:4d:a2:8a:bf:7f:d7:c9:
         14:7d:1c:78:7f:6a:07:3f:9c:37:0b:95:e1:65:7b:4f:2b:17:
         ec:17:8d:4d:19:df:ee:75:f1:1e:cc:af:73:6b:22:86:c5:c0:
         eb:d9:1a:11:f9:b7:f8:bd:a1:3c:86:93:3c:6a:ed:11:7a:6f:
         88:8c:22:a5:2b:59:c9:e6:80:07:f7:99:65:04:e1:b0:be:bf:
         a1:ee:52:6f:63:61:f8:dd:0d:fe:da:f1:31:ea:4c:83:38:03:
         0c:79:39:60
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIDAPsDMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjUwMTA3MDkwMTQ4WhcNMjUxMjEzMDkwMTQ4WjAYMRYw
FAYDVQQDEw02NzdjZWQ3Zi1kMWIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA5Wz6IIoHbtVJqNsammp+dDXeK0N/kaAjbCLJ+V/Qt+G9zPBz+U79pNuh
Z8Ej4jV21EhGqDBYGgkqSeGPSmc75pIO9RKz0a3wBKKkHnOalrL42vdo04p1woc6
EXgeTfaAD8NpWyyCFoGEv/TmZ2QTC9apiIDjtpZ1gFzobwkXjoOcFuJS1NrHP1Ib
gazfpiCrpLRAATP2i462bSkOBx4pvj9ZsCVodsRcVGyoYSE2HYmoj0p5utYIxc3c
U5/w0igq1o/A7IothAPkPnS/mRRCl5ZY6gIgGcphT10oDNGddyNEMWzb/ddV1G/V
tyqdXQoD5Ar3GeNVOnQLRRbE0aBwGwIDAQABo4ICojCCAp4wHQYDVR0OBBYEFMKK
x3hxICpjmXeXPktw39yP7qn5MB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC8wOEJDNjM2NkNDRDYxMUVGQjJBMDQyQTA3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnOmvMA0GCSqGSIb3DQEBCwUA
A4IBAQAxadaCKKfto6KB7NJvIsBSEhjEWCCV7Qgv9OlKhbQPIxWAgZa9fLL3pSKc
ej4Gk3mHj2tbCkdmCWcgyvioYol3fXQqswn21De+zCOIQJSZwc0jN6a9qPuW8Qpd
Uec5Pxy2Ofx9AXPiQyRBZTpCyXYVUZBUpIYDg06LMBYWLrKCQfDcS8BGIXxksO/F
XrMRQ1PqYghFNiAppT3hG02iir9/18kUfRx4f2oHP5w3C5XhZXtPKxfsF41NGd/u
dfEezK9zayKGxcDr2RoR+bf4vaE8hpM8au0Rem+IjCKlK1nJ5oAH95llBOGwvr+h
7lJvY2H43Q3+2vEx6kyDOAMMeTlg
-----END CERTIFICATE-----