Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/90D5C124CCFF11EF996D92A5762E951A.roa
File:                     90D5C124CCFF11EF996D92A5762E951A.roa (raw, json)
Hash identifier:          jAELLwNyKuRx045cW76Do6++7V6iDOZKEKd7Et1xElk=
Subject key identifier:   66:CC:25:D5:78:9A:52:DF:CC:6C:1D:73:6D:26:1F:5B:DC:AF:1A:A2
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       FC65
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/90D5C124CCFF11EF996D92A5762E951A.roa
Signing time:             Tue 07 Jan 2025 13:59:09 +0000
ROA not before:           Tue 07 Jan 2025 13:59:05 +0000
ROA not after:            Sat 13 Dec 2025 13:59:05 +0000
asID:                     984
IP address blocks:        156.238.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.mft
                          rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Fri 07 Feb 2025 00:26:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 64613 (0xfc65)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR
        Validity
            Not Before: Jan  7 13:59:05 2025 GMT
            Not After : Dec 13 13:59:05 2025 GMT
        Subject: CN=677d332d-bfad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a1:40:74:41:0f:26:d7:36:d2:39:f9:c1:60:
                    5a:c7:9d:a9:76:af:a8:77:4c:de:3b:ea:c7:19:3d:
                    f1:d3:f4:d0:27:6e:62:76:3f:0d:42:69:6c:11:82:
                    03:15:81:68:cd:07:81:a1:39:ae:17:b2:e8:52:ec:
                    3e:37:87:a7:65:98:ef:ab:ed:f7:3b:92:76:41:e0:
                    f2:fe:78:9b:e2:aa:0d:13:88:f8:7c:8c:40:c5:b9:
                    d4:05:c2:ca:23:f1:1e:bf:4d:b4:60:f9:66:86:3e:
                    35:a5:98:42:ac:a5:ed:48:b3:9c:63:cf:92:1c:84:
                    2d:69:63:a1:f4:9c:e8:eb:ee:ec:3b:93:06:e1:a2:
                    a9:8c:50:5a:9f:07:5d:f6:44:25:6c:ec:7c:eb:85:
                    74:9f:be:47:92:bf:16:42:f2:45:03:24:32:9f:0e:
                    53:f0:54:0b:88:29:e4:d8:a5:3f:34:8b:b1:59:f5:
                    91:0c:35:ba:1e:e5:a8:2d:30:5e:5b:97:41:6e:7a:
                    d4:13:fb:db:3e:80:4d:d3:7f:de:46:67:25:3a:ea:
                    53:e3:7c:f5:5c:a1:53:64:38:25:ef:91:cd:be:bf:
                    ff:25:f4:e4:a8:90:64:b9:a0:91:ec:d1:ad:18:12:
                    c8:2b:26:9f:6a:fd:ca:af:84:89:38:ef:4c:06:d9:
                    f2:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:CC:25:D5:78:9A:52:DF:CC:6C:1D:73:6D:26:1F:5B:DC:AF:1A:A2
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/90D5C124CCFF11EF996D92A5762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.238.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:4d:2e:62:39:c5:c7:5d:2d:08:66:f9:cd:c3:e9:50:87:c1:
         15:f5:b8:97:73:3d:fc:67:61:5e:83:16:71:e6:9f:76:cf:d3:
         5a:61:11:dd:8b:9b:ef:1c:08:d5:26:3d:e9:13:62:c6:88:f6:
         d7:28:92:59:06:51:74:a9:3e:4b:03:22:d9:62:71:29:88:50:
         8c:c1:e5:a8:23:01:2e:23:ad:6f:a0:8e:a4:c5:00:52:ce:c6:
         9e:ef:44:95:bc:2c:eb:9d:7b:e1:0f:1a:8c:c6:ed:a1:f9:93:
         69:89:1d:e2:99:cc:46:a1:e0:ba:b2:1f:03:5c:1b:a5:b4:fd:
         9c:d9:71:c4:2c:6c:62:75:ec:9d:87:56:9c:67:e1:8d:bf:bd:
         9d:22:48:f7:9e:ad:28:d4:0b:60:d0:29:ea:75:fe:94:34:d1:
         c2:31:2b:e4:2e:d1:07:50:ea:5f:bd:72:90:04:57:94:ca:d3:
         e4:38:a4:67:b6:19:16:aa:95:b5:65:33:29:43:cb:38:3b:ee:
         47:21:6e:88:92:60:51:3e:fd:76:f2:ea:e0:8b:30:da:7f:20:
         5c:8b:3f:5e:ed:3c:b4:10:24:a2:ec:79:c4:47:c4:35:7d:fb:
         95:8d:29:8e:3b:dc:1c:7d:b2:40:55:3e:9e:9c:a2:99:60:84:
         30:4b:11:ea
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIDAPxlMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjUwMTA3MTM1OTA1WhcNMjUxMjEzMTM1OTA1WjAYMRYw
FAYDVQQDEw02NzdkMzMyZC1iZmFkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAsqFAdEEPJtc20jn5wWBax52pdq+od0zeO+rHGT3x0/TQJ25idj8NQmls
EYIDFYFozQeBoTmuF7LoUuw+N4enZZjvq+33O5J2QeDy/nib4qoNE4j4fIxAxbnU
BcLKI/Eev020YPlmhj41pZhCrKXtSLOcY8+SHIQtaWOh9Jzo6+7sO5MG4aKpjFBa
nwdd9kQlbOx864V0n75Hkr8WQvJFAyQynw5T8FQLiCnk2KU/NIuxWfWRDDW6HuWo
LTBeW5dBbnrUE/vbPoBN03/eRmclOupT43z1XKFTZDgl75HNvr//JfTkqJBkuaCR
7NGtGBLIKyafav3Kr4SJOO9MBtnyVwIDAQABo4ICojCCAp4wHQYDVR0OBBYEFGbM
JdV4mlLfzGwdc20mH1vcrxqiMB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC85MEQ1QzEyNENDRkYxMUVGOTk2RDkyQTU3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnO5rMA0GCSqGSIb3DQEBCwUA
A4IBAQAaTS5iOcXHXS0IZvnNw+lQh8EV9biXcz38Z2FegxZx5p92z9NaYRHdi5vv
HAjVJj3pE2LGiPbXKJJZBlF0qT5LAyLZYnEpiFCMweWoIwEuI61voI6kxQBSzsae
70SVvCzrnXvhDxqMxu2h+ZNpiR3imcxGoeC6sh8DXBultP2c2XHELGxideydh1ac
Z+GNv72dIkj3nq0o1Atg0Cnqdf6UNNHCMSvkLtEHUOpfvXKQBFeUytPkOKRnthkW
qpW1ZTMpQ8s4O+5HIW6IkmBRPv128urgizDafyBciz9e7Ty0ECSi7HnER8Q1ffuV
jSmOO9wcfbJAVT6enKKZYIQwSxHq
-----END CERTIFICATE-----