Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/71FF2782C98411EF8490CB96762E951A.roa
File:                     71FF2782C98411EF8490CB96762E951A.roa (raw, json)
Hash identifier:          lDaaaxXTJ60uKWim4n3SuwvpuWFJ0klFCBH1vVzlt0o=
Subject key identifier:   B0:D4:85:C9:A3:85:78:05:E4:C9:E3:6D:D1:D3:7D:E6:45:6E:46:0E
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       F56F
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/71FF2782C98411EF8490CB96762E951A.roa
Signing time:             Fri 03 Jan 2025 03:40:16 +0000
ROA not before:           Fri 03 Jan 2025 03:40:12 +0000
ROA not after:            Mon 13 Dec 2027 03:40:12 +0000
asID:                     17561
IP address blocks:        156.232.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.mft
                          rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Fri 07 Feb 2025 00:26:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 62831 (0xf56f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR
        Validity
            Not Before: Jan  3 03:40:12 2025 GMT
            Not After : Dec 13 03:40:12 2027 GMT
        Subject: CN=67775c20-a551
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:8c:8b:bb:d5:e6:35:c8:0d:32:86:eb:b2:0c:
                    58:80:60:e0:5d:e7:1f:77:54:ce:cf:b4:64:60:0d:
                    15:5c:0c:06:34:66:84:3c:1b:92:3b:b0:10:45:0a:
                    6d:1f:2d:c0:f4:96:9b:a8:b7:05:6b:28:dc:b3:e4:
                    37:3f:44:2d:d4:d1:67:9d:37:c1:71:e7:a6:70:d0:
                    c9:28:52:a9:df:73:fb:09:a4:32:38:6a:a5:78:c9:
                    d9:18:b8:2a:7c:26:21:a9:9c:ac:22:70:94:38:9d:
                    6b:f8:0d:e0:5b:c8:7d:f0:99:80:c4:0a:13:f6:d2:
                    25:9a:28:d5:a8:c3:cd:0a:af:d2:af:26:f2:a2:e5:
                    73:4d:1b:c7:8e:9d:eb:16:c0:1e:a1:5a:46:e5:d0:
                    df:0e:ab:16:6d:dd:9e:c5:4c:47:ca:39:41:4b:50:
                    9b:bf:8d:da:6c:35:6d:01:e2:68:3d:b0:2d:7b:1a:
                    2b:b3:9b:33:7f:c4:3d:a7:04:f6:80:20:c8:30:de:
                    6d:3b:b0:41:2a:7b:a1:05:26:de:08:f3:6d:dc:fd:
                    1f:93:9c:9b:0c:d6:96:69:04:93:e9:a1:72:c6:2b:
                    bb:84:a8:f9:32:43:0e:b8:2b:6e:ba:87:44:c2:27:
                    fe:31:57:59:da:75:b4:dc:a4:30:bf:54:bd:dd:68:
                    33:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:D4:85:C9:A3:85:78:05:E4:C9:E3:6D:D1:D3:7D:E6:45:6E:46:0E
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/71FF2782C98411EF8490CB96762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.232.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:d9:0d:bb:9d:ae:ec:01:2b:9a:09:c7:42:36:98:4a:29:51:
         ba:d4:49:d9:5c:e7:b3:57:76:3e:b9:d2:1c:19:59:55:2a:58:
         2a:cd:e7:0d:fe:3a:70:69:ff:61:dd:1c:15:e5:0a:0a:63:b2:
         bb:e1:72:53:5c:f5:53:b3:7d:aa:07:31:48:72:4c:d9:7c:eb:
         04:1f:cc:23:b5:f2:88:74:da:5f:4e:21:93:24:f3:60:d4:95:
         c0:5d:09:40:05:85:94:db:ab:c6:19:46:c2:33:25:a7:c5:e2:
         56:f9:5e:1b:e4:42:ed:39:1d:6b:be:19:4a:2f:5c:4d:00:49:
         c7:62:4c:e1:61:c2:c6:60:1b:64:1e:a9:1f:af:77:d4:f8:ef:
         c1:ab:33:2e:69:89:b1:f9:bc:db:5e:c7:aa:be:3e:8e:0f:55:
         cc:8f:9f:e5:a3:45:9d:fa:ff:07:d4:71:4a:43:c3:84:31:99:
         4e:be:d6:ba:17:24:1a:fe:dc:fc:9b:ab:83:d1:66:d7:ac:a3:
         32:55:da:9e:52:45:dd:ad:46:71:11:83:6c:ec:bc:77:3e:54:
         0c:41:6b:29:f2:d9:18:da:3f:f6:92:ad:48:54:b9:03:a5:3d:
         71:b0:fc:ee:48:bd:7e:b1:17:e3:ab:dd:b1:32:11:5a:8d:e6:
         d2:90:43:43
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIDAPVvMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjUwMTAzMDM0MDEyWhcNMjcxMjEzMDM0MDEyWjAYMRYw
FAYDVQQDEw02Nzc3NWMyMC1hNTUxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAwIyLu9XmNcgNMobrsgxYgGDgXecfd1TOz7RkYA0VXAwGNGaEPBuSO7AQ
RQptHy3A9JabqLcFayjcs+Q3P0Qt1NFnnTfBceemcNDJKFKp33P7CaQyOGqleMnZ
GLgqfCYhqZysInCUOJ1r+A3gW8h98JmAxAoT9tIlmijVqMPNCq/SrybyouVzTRvH
jp3rFsAeoVpG5dDfDqsWbd2exUxHyjlBS1Cbv43abDVtAeJoPbAtexors5szf8Q9
pwT2gCDIMN5tO7BBKnuhBSbeCPNt3P0fk5ybDNaWaQST6aFyxiu7hKj5MkMOuCtu
uodEwif+MVdZ2nW03KQwv1S93WgzJwIDAQABo4ICojCCAp4wHQYDVR0OBBYEFLDU
hcmjhXgF5MnjbdHTfeZFbkYOMB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC83MUZGMjc4MkM5ODQxMUVGODQ5MENCOTY3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnOhDMA0GCSqGSIb3DQEBCwUA
A4IBAQA52Q27na7sASuaCcdCNphKKVG61EnZXOezV3Y+udIcGVlVKlgqzecN/jpw
af9h3RwV5QoKY7K74XJTXPVTs32qBzFIckzZfOsEH8wjtfKIdNpfTiGTJPNg1JXA
XQlABYWU26vGGUbCMyWnxeJW+V4b5ELtOR1rvhlKL1xNAEnHYkzhYcLGYBtkHqkf
r3fU+O/BqzMuaYmx+bzbXseqvj6OD1XMj5/lo0Wd+v8H1HFKQ8OEMZlOvta6FyQa
/tz8m6uD0WbXrKMyVdqeUkXdrUZxEYNs7Lx3PlQMQWsp8tkY2j/2kq1IVLkDpT1x
sPzuSL1+sRfjq92xMhFajebSkEND
-----END CERTIFICATE-----