Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/2391D1F6CD2D11EF8BA27846762E951A.roa
File:                     2391D1F6CD2D11EF8BA27846762E951A.roa (raw, json)
Hash identifier:          3kSZm2mWT83Wf8Jxa3VvqsmQeT+1yzjTccdMHO8/RZc=
Subject key identifier:   72:4D:78:3F:43:BF:7E:25:6F:B7:BF:0C:BA:DB:4D:2E:9E:E8:A0:C4
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       FDD3
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/2391D1F6CD2D11EF8BA27846762E951A.roa
Signing time:             Tue 07 Jan 2025 19:25:23 +0000
ROA not before:           Tue 07 Jan 2025 19:25:19 +0000
ROA not after:            Sat 13 Dec 2025 19:25:19 +0000
asID:                     984
IP address blocks:        156.241.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.mft
                          rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Fri 07 Feb 2025 00:26:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 64979 (0xfdd3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR
        Validity
            Not Before: Jan  7 19:25:19 2025 GMT
            Not After : Dec 13 19:25:19 2025 GMT
        Subject: CN=677d7fa2-12cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e9:f6:cb:6c:67:9e:15:bc:92:f4:9d:63:cb:
                    dc:61:64:b6:79:71:7d:8a:80:dc:8b:9a:03:4d:ce:
                    62:c9:39:0d:31:f4:79:2f:88:43:34:18:7d:a9:a0:
                    7d:f9:3f:ba:0b:a8:ac:f5:6a:0b:95:22:82:ee:21:
                    8f:87:dd:b8:a8:23:e9:a6:7b:b0:fb:c7:de:65:78:
                    fa:c9:ea:ae:39:7a:e0:14:01:ee:fe:bd:c9:c9:13:
                    e8:63:d4:fc:74:e7:af:37:77:81:e9:88:ec:f9:25:
                    d9:33:38:c6:41:ae:e2:e7:3e:4b:47:2a:ea:73:c5:
                    f1:0d:cc:32:3a:d8:20:e3:30:6a:81:27:9e:b0:f5:
                    a6:3a:e4:9c:c5:21:82:b9:15:d1:bd:f1:7c:63:5d:
                    e2:c5:fa:63:08:89:78:48:4e:e0:3d:95:6b:bb:52:
                    b5:1e:ec:f8:22:74:f8:5f:ec:9f:d3:db:61:e7:22:
                    95:b3:59:ab:7e:8f:5e:fc:6e:fe:69:eb:4d:1a:26:
                    ec:85:6d:b8:07:af:81:90:8e:e4:27:d2:93:f3:28:
                    7f:83:46:60:60:67:6c:51:7e:c1:f7:be:46:cf:8f:
                    32:12:f2:20:35:c8:99:95:ee:38:f9:dc:62:86:54:
                    f9:63:4b:5a:25:68:f6:d3:d8:28:27:e0:fb:3a:f7:
                    4a:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:4D:78:3F:43:BF:7E:25:6F:B7:BF:0C:BA:DB:4D:2E:9E:E8:A0:C4
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/2391D1F6CD2D11EF8BA27846762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.241.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:e0:cb:28:3d:f9:6a:6e:c7:8c:cc:4e:a1:a2:9a:24:17:10:
         a5:9e:d2:8d:08:97:4e:a6:fc:1c:d8:b5:c9:40:13:ca:cf:45:
         40:6a:27:30:5f:93:b4:5c:f0:ea:af:62:c1:83:72:63:93:19:
         9e:10:ee:6f:ff:aa:12:03:75:70:ce:4c:57:b5:21:dc:e4:e0:
         fa:7d:62:9b:bd:5d:68:4a:44:a9:2b:60:59:3c:55:00:19:98:
         60:a0:b7:ad:db:22:bc:fe:db:c5:93:28:ec:94:9b:45:2f:17:
         e2:17:4c:d2:be:ca:b3:dd:31:ef:1a:42:5f:7f:e8:75:e6:1a:
         0e:24:78:aa:7b:52:68:34:3c:b6:6a:ee:da:74:58:5b:93:77:
         d7:4a:84:29:3e:b7:9a:2d:71:72:f2:8f:b3:28:92:f8:f8:14:
         9e:4f:4c:61:a3:bb:e7:04:b7:62:63:5a:6a:3d:74:33:cd:72:
         36:06:4e:26:0b:b0:0b:cc:c5:0a:7d:8c:63:4c:be:0b:20:cd:
         08:4f:e8:d5:6d:e5:a5:9e:0e:4f:51:72:68:c7:17:87:9c:08:
         1c:17:44:a6:72:0c:84:87:04:2c:b3:8f:97:8c:4d:96:a1:3c:
         06:5a:c8:60:1b:5b:9b:d6:20:2f:2e:3a:da:50:85:65:b4:ad:
         c9:63:f0:6e
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIDAP3TMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjUwMTA3MTkyNTE5WhcNMjUxMjEzMTkyNTE5WjAYMRYw
FAYDVQQDEw02NzdkN2ZhMi0xMmNiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAsun2y2xnnhW8kvSdY8vcYWS2eXF9ioDci5oDTc5iyTkNMfR5L4hDNBh9
qaB9+T+6C6is9WoLlSKC7iGPh924qCPppnuw+8feZXj6yequOXrgFAHu/r3JyRPo
Y9T8dOevN3eB6Yjs+SXZMzjGQa7i5z5LRyrqc8XxDcwyOtgg4zBqgSeesPWmOuSc
xSGCuRXRvfF8Y13ixfpjCIl4SE7gPZVru1K1Huz4InT4X+yf09th5yKVs1mrfo9e
/G7+aetNGibshW24B6+BkI7kJ9KT8yh/g0ZgYGdsUX7B975Gz48yEvIgNciZle44
+dxihlT5Y0taJWj209goJ+D7OvdKXQIDAQABo4ICojCCAp4wHQYDVR0OBBYEFHJN
eD9Dv34lb7e/DLrbTS6e6KDEMB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC8yMzkxRDFGNkNEMkQxMUVGOEJBMjc4NDY3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnPH3MA0GCSqGSIb3DQEBCwUA
A4IBAQCd4MsoPflqbseMzE6hopokFxClntKNCJdOpvwc2LXJQBPKz0VAaicwX5O0
XPDqr2LBg3JjkxmeEO5v/6oSA3VwzkxXtSHc5OD6fWKbvV1oSkSpK2BZPFUAGZhg
oLet2yK8/tvFkyjslJtFLxfiF0zSvsqz3THvGkJff+h15hoOJHiqe1JoNDy2au7a
dFhbk3fXSoQpPreaLXFy8o+zKJL4+BSeT0xho7vnBLdiY1pqPXQzzXI2Bk4mC7AL
zMUKfYxjTL4LIM0IT+jVbeWlng5PUXJoxxeHnAgcF0SmcgyEhwQss4+XjE2WoTwG
WshgG1ub1iAvLjraUIVltK3JY/Bu
-----END CERTIFICATE-----