Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/48DFFEE6C50911EFB4C4128E762E951A.roa
File:                     48DFFEE6C50911EFB4C4128E762E951A.roa (raw, json)
Hash identifier:          2X7cXGJtD3HRZNScTn7tUYpUgt5nHjubtmJBJqFLPHQ=
Subject key identifier:   B1:22:E5:A5:A5:D5:CB:8D:B4:51:42:44:32:D2:CD:FA:DD:CD:51:D9
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       F1A1
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/48DFFEE6C50911EFB4C4128E762E951A.roa
Signing time:             Sat 28 Dec 2024 10:48:34 +0000
ROA not before:           Sat 28 Dec 2024 10:48:30 +0000
ROA not after:            Thu 01 Jan 2026 10:48:30 +0000
asID:                     209242
IP address blocks:        156.252.2.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.mft
                          rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Fri 07 Feb 2025 00:26:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 61857 (0xf1a1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR
        Validity
            Not Before: Dec 28 10:48:30 2024 GMT
            Not After : Jan  1 10:48:30 2026 GMT
        Subject: CN=676fd782-d033
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:fa:de:6f:85:57:d2:ab:03:35:99:60:01:3f:
                    11:12:71:65:3b:63:31:62:dc:93:a7:e4:af:12:11:
                    0c:85:f3:fa:f2:e9:5f:69:36:fe:54:a4:73:86:3b:
                    12:92:e3:5e:5a:31:bc:43:7d:e4:60:11:be:43:99:
                    7b:6a:a8:b1:68:76:63:a1:e2:c0:be:44:23:c5:ad:
                    33:4f:a2:66:f1:1f:97:4a:c5:ad:12:92:2e:5c:74:
                    06:da:fe:43:1b:07:c8:f0:2a:a7:01:5d:0d:ee:0b:
                    1e:48:64:4d:a6:37:16:ec:24:e6:74:e0:8a:b9:41:
                    42:99:00:f2:d4:db:ff:75:9f:fe:8c:09:59:68:12:
                    9e:0a:bf:77:b8:cc:3d:4e:4b:58:4a:26:ae:68:5b:
                    77:77:67:b0:d6:e2:86:b5:0a:94:79:3c:62:f9:fe:
                    2a:c8:b9:85:68:85:c9:f7:c4:3a:84:bf:3e:35:5f:
                    60:fd:0f:f2:1e:71:5b:e3:54:51:af:8c:86:9c:21:
                    33:3b:00:c1:63:44:29:21:71:a2:76:52:7c:8e:a1:
                    56:17:51:c8:cd:e9:aa:88:a3:6c:29:53:81:c7:d2:
                    bb:b9:f7:98:d5:45:6d:00:27:e8:9c:05:e2:8b:df:
                    9d:e7:60:cf:41:24:68:0b:f4:1f:a5:6b:95:c2:a3:
                    ee:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:22:E5:A5:A5:D5:CB:8D:B4:51:42:44:32:D2:CD:FA:DD:CD:51:D9
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/48DFFEE6C50911EFB4C4128E762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.252.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         31:29:b3:fb:6a:fb:89:f1:d6:8a:96:e3:24:33:2e:66:80:76:
         c8:db:00:8e:37:f9:17:78:eb:fe:74:c1:33:60:59:a0:93:58:
         58:1e:85:be:31:9b:6d:b4:65:26:a8:60:01:bd:3e:8d:5b:f9:
         7e:24:40:59:cb:83:b9:3f:49:f4:23:db:a3:43:34:29:d1:83:
         7a:0f:00:fb:e7:da:94:da:a8:65:30:fc:cd:9e:01:21:21:9e:
         b5:8f:50:01:66:c7:66:a4:4a:55:3d:1e:6e:61:2a:33:9f:b9:
         87:87:57:12:38:14:a1:9c:bc:a2:f4:2a:43:ce:30:d5:8d:b6:
         c8:b4:f0:91:d2:c5:e3:d9:63:2f:f5:21:73:85:9d:c9:9d:1b:
         fc:f6:92:4c:6a:4e:70:4f:00:c0:ca:e5:38:d6:9d:40:7e:94:
         d9:9b:f5:78:69:46:91:9c:c1:e0:93:44:e7:c2:9f:10:66:f4:
         0a:18:06:b1:be:23:a7:e0:65:ec:72:36:4b:db:2a:7a:7a:af:
         98:69:53:d4:71:4d:89:29:2b:77:d7:b6:2a:7a:40:13:34:ac:
         0f:a0:16:b8:ea:01:35:4a:c5:61:ab:46:72:f2:08:73:6e:b3:
         9d:cd:d5:ae:36:80:67:8a:14:b0:c8:5b:a6:f1:5a:8b:94:75:
         52:69:42:dc
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIDAPGhMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjQxMjI4MTA0ODMwWhcNMjYwMTAxMTA0ODMwWjAYMRYw
FAYDVQQDEw02NzZmZDc4Mi1kMDMzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAxvreb4VX0qsDNZlgAT8REnFlO2MxYtyTp+SvEhEMhfP68ulfaTb+VKRz
hjsSkuNeWjG8Q33kYBG+Q5l7aqixaHZjoeLAvkQjxa0zT6Jm8R+XSsWtEpIuXHQG
2v5DGwfI8CqnAV0N7gseSGRNpjcW7CTmdOCKuUFCmQDy1Nv/dZ/+jAlZaBKeCr93
uMw9TktYSiauaFt3d2ew1uKGtQqUeTxi+f4qyLmFaIXJ98Q6hL8+NV9g/Q/yHnFb
41RRr4yGnCEzOwDBY0QpIXGidlJ8jqFWF1HIzemqiKNsKVOBx9K7ufeY1UVtACfo
nAXii9+d52DPQSRoC/QfpWuVwqPuTQIDAQABo4ICojCCAp4wHQYDVR0OBBYEFLEi
5aWl1cuNtFFCRDLSzfrdzVHZMB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC80OERGRkVFNkM1MDkxMUVGQjRDNDEyOEU3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBnPwCMA0GCSqGSIb3DQEBCwUA
A4IBAQAxKbP7avuJ8daKluMkMy5mgHbI2wCON/kXeOv+dMEzYFmgk1hYHoW+MZtt
tGUmqGABvT6NW/l+JEBZy4O5P0n0I9ujQzQp0YN6DwD759qU2qhlMPzNngEhIZ61
j1ABZsdmpEpVPR5uYSozn7mHh1cSOBShnLyi9CpDzjDVjbbItPCR0sXj2WMv9SFz
hZ3JnRv89pJMak5wTwDAyuU41p1AfpTZm/V4aUaRnMHgk0Tnwp8QZvQKGAaxviOn
4GXscjZL2yp6eq+YaVPUcU2JKSt317YqekATNKwPoBa46gE1SsVhq0Zy8ghzbrOd
zdWuNoBnihSwyFum8VqLlHVSaULc
-----END CERTIFICATE-----