Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/291D51A2CD4311EF959CD950762E951A.roa
File:                     291D51A2CD4311EF959CD950762E951A.roa (raw, json)
Hash identifier:          BxKBtjmVdE0QH2niaEpzWG0O2S5ISk8Ehq62gAyiH3I=
Subject key identifier:   E4:D2:DF:1F:6A:D1:B3:9C:3D:A4:DA:C7:15:40:A8:C5:F0:CB:3D:D6
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       FE81
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/291D51A2CD4311EF959CD950762E951A.roa
Signing time:             Tue 07 Jan 2025 22:03:01 +0000
ROA not before:           Tue 07 Jan 2025 22:02:57 +0000
ROA not after:            Sat 13 Dec 2025 22:02:57 +0000
asID:                     984
IP address blocks:        156.243.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.mft
                          rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Fri 07 Feb 2025 00:26:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 65153 (0xfe81)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR
        Validity
            Not Before: Jan  7 22:02:57 2025 GMT
            Not After : Dec 13 22:02:57 2025 GMT
        Subject: CN=677da495-7ca5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:ea:31:e1:93:95:df:ce:db:cc:08:a9:dd:c0:
                    95:22:a1:dc:32:65:86:0e:cf:60:46:ce:3b:12:47:
                    7c:24:7e:1c:1f:1e:15:8b:c9:2a:55:d9:73:00:eb:
                    01:7a:33:b9:63:ec:db:e7:35:eb:45:f8:e9:ba:ea:
                    e4:46:12:8b:98:33:9e:9f:8c:65:42:b7:5b:42:80:
                    0b:ec:c6:c0:b9:69:50:84:c8:d6:3c:f5:da:24:77:
                    a9:47:c7:47:86:b4:c8:85:a7:a5:9c:89:2f:c2:e2:
                    46:62:c2:24:46:07:bf:95:44:3e:b6:9f:93:5f:66:
                    b7:25:2d:ef:95:b4:7c:75:d6:31:f1:35:b2:5a:2a:
                    d5:cb:ac:82:03:27:e7:02:76:48:a0:9e:3f:95:60:
                    30:dd:f1:2e:54:9a:25:f4:1f:fe:9f:03:96:bd:89:
                    c0:82:6c:b7:25:c3:f3:23:08:53:33:78:44:b4:a7:
                    2b:d9:dd:26:51:60:9f:ba:98:8a:d2:66:55:06:7a:
                    b2:64:4d:c3:55:81:5b:6b:43:84:2c:42:21:7c:1e:
                    5c:48:ac:c9:08:b5:a8:5f:70:be:d7:5f:cf:28:5d:
                    3d:51:18:9b:9d:6d:6b:f0:2b:94:75:e3:9e:4c:38:
                    da:25:f1:7e:ec:34:8e:a0:0e:70:5d:e2:78:01:eb:
                    73:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:D2:DF:1F:6A:D1:B3:9C:3D:A4:DA:C7:15:40:A8:C5:F0:CB:3D:D6
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/291D51A2CD4311EF959CD950762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.243.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:77:64:b0:72:c1:0b:8b:2a:01:fb:fb:42:53:c5:96:22:67:
         d0:ae:25:d2:fb:30:a6:2f:3f:cd:52:52:91:f7:67:ba:e1:73:
         95:93:f1:5f:22:c4:bd:45:e4:21:85:88:9c:3d:ec:cb:62:a6:
         ac:1b:dd:7a:e1:5a:7f:b5:e9:f3:b3:d3:bb:61:aa:84:e6:5e:
         e5:6d:c7:a7:ba:4b:56:87:f4:c0:9c:f8:2f:30:9d:63:99:db:
         0f:21:e7:6c:b4:73:41:bb:b2:c7:eb:46:1b:f6:53:6a:dc:a4:
         4a:d9:d3:50:10:dd:84:3e:e7:c2:dc:43:43:87:f9:ce:76:0b:
         da:de:6e:88:0a:73:7b:d1:be:71:20:be:6e:c1:70:0c:85:a2:
         29:99:78:37:1e:6e:57:21:59:49:c9:38:8c:18:b8:e2:d2:1c:
         4f:d8:12:d7:ef:d2:1b:a1:50:48:83:8a:11:37:67:19:f8:5c:
         32:21:c5:2a:81:83:97:3e:0b:73:af:a5:d6:45:12:54:76:f2:
         c2:d9:a9:7a:6e:0c:69:ff:1c:2b:db:18:22:88:8f:4f:65:56:
         b7:ac:4b:f0:d3:45:c6:61:ab:ab:37:e8:15:1e:52:45:2b:02:
         f0:e2:39:26:85:d4:8a:ce:1f:07:76:fd:e0:4d:e6:ea:cf:1b:
         4e:a0:ee:04
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIDAP6BMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjUwMTA3MjIwMjU3WhcNMjUxMjEzMjIwMjU3WjAYMRYw
FAYDVQQDEw02NzdkYTQ5NS03Y2E1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA0Oox4ZOV387bzAip3cCVIqHcMmWGDs9gRs47Ekd8JH4cHx4Vi8kqVdlz
AOsBejO5Y+zb5zXrRfjpuurkRhKLmDOen4xlQrdbQoAL7MbAuWlQhMjWPPXaJHep
R8dHhrTIhaelnIkvwuJGYsIkRge/lUQ+tp+TX2a3JS3vlbR8ddYx8TWyWirVy6yC
AyfnAnZIoJ4/lWAw3fEuVJol9B/+nwOWvYnAgmy3JcPzIwhTM3hEtKcr2d0mUWCf
upiK0mZVBnqyZE3DVYFba0OELEIhfB5cSKzJCLWoX3C+11/PKF09URibnW1r8CuU
deOeTDjaJfF+7DSOoA5wXeJ4AetzBQIDAQABo4ICojCCAp4wHQYDVR0OBBYEFOTS
3x9q0bOcPaTaxxVAqMXwyz3WMB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC8yOTFENTFBMkNENDMxMUVGOTU5Q0Q5NTA3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnPNrMA0GCSqGSIb3DQEBCwUA
A4IBAQCEd2SwcsELiyoB+/tCU8WWImfQriXS+zCmLz/NUlKR92e64XOVk/FfIsS9
ReQhhYicPezLYqasG9164Vp/tenzs9O7YaqE5l7lbcenuktWh/TAnPgvMJ1jmdsP
IedstHNBu7LH60Yb9lNq3KRK2dNQEN2EPufC3ENDh/nOdgva3m6ICnN70b5xIL5u
wXAMhaIpmXg3Hm5XIVlJyTiMGLji0hxP2BLX79IboVBIg4oRN2cZ+FwyIcUqgYOX
Pgtzr6XWRRJUdvLC2al6bgxp/xwr2xgiiI9PZVa3rEvw00XGYaurN+gVHlJFKwLw
4jkmhdSKzh8Hdv3gTebqzxtOoO4E
-----END CERTIFICATE-----