Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/953F06C0CD6911EFB4DF1F52762E951A.roa
File:                     953F06C0CD6911EFB4DF1F52762E951A.roa (raw, json)
Hash identifier:          DoltDT//DhLI8rcaNBw+VMfpZs83piPMNvlEAldDlcI=
Subject key identifier:   03:54:D5:A9:36:6B:A4:89:42:65:AE:17:43:34:19:4D:8D:6E:3A:CA
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       FF5B
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/953F06C0CD6911EFB4DF1F52762E951A.roa
Signing time:             Wed 08 Jan 2025 02:38:03 +0000
ROA not before:           Wed 08 Jan 2025 02:38:00 +0000
ROA not after:            Sat 13 Dec 2025 02:38:00 +0000
asID:                     984
IP address blocks:        156.247.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.mft
                          rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Fri 07 Feb 2025 00:26:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 65371 (0xff5b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR
        Validity
            Not Before: Jan  8 02:38:00 2025 GMT
            Not After : Dec 13 02:38:00 2025 GMT
        Subject: CN=677de50b-c434
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ea:02:9a:c3:0e:4e:2d:44:3b:53:f1:a0:be:
                    18:1e:cb:30:8c:60:13:58:2a:12:24:5d:70:f5:65:
                    b7:08:71:7b:be:4b:3d:ec:25:3e:65:2e:6f:65:de:
                    a4:cc:6c:d0:db:67:df:5f:02:0c:04:59:c1:90:93:
                    a8:de:57:12:ca:c7:02:6c:49:3c:93:ca:8a:65:4d:
                    86:f2:cd:30:a3:3f:cc:33:04:24:25:f6:95:fe:52:
                    31:f2:8d:46:a8:c2:18:44:1d:c9:c4:6a:5f:92:da:
                    6b:51:c5:ab:3d:ec:f2:79:44:26:30:2f:29:8d:56:
                    13:f0:25:7c:f7:37:5c:66:e7:6b:2e:4c:ac:3c:69:
                    cf:21:1b:04:93:c7:bc:20:35:31:ec:f6:62:53:56:
                    ce:cb:01:5c:84:59:d7:fe:be:b0:ee:db:82:3e:0a:
                    a3:78:76:75:6f:0d:72:3e:e9:ab:fe:81:a0:e2:be:
                    6b:5f:36:40:67:82:2f:da:67:02:a7:ed:9e:7b:33:
                    bc:32:99:56:8f:6c:ad:63:ba:6c:b0:57:da:23:cf:
                    21:4b:ee:43:db:cb:a9:24:47:59:de:75:5d:92:0b:
                    a1:82:f9:fa:c1:6f:14:d1:26:07:c4:41:1f:06:e8:
                    9d:9d:65:f4:c7:10:d8:34:2c:63:6c:3f:55:7e:bc:
                    4c:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:54:D5:A9:36:6B:A4:89:42:65:AE:17:43:34:19:4D:8D:6E:3A:CA
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/953F06C0CD6911EFB4DF1F52762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.247.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:da:d7:8d:85:17:52:4f:6b:ee:ab:55:a1:00:da:32:20:a8:
         f9:91:11:23:ba:76:50:35:51:ed:f4:17:b5:fe:c9:6e:15:44:
         5a:58:37:cd:c4:8a:db:2e:e1:4d:a9:7a:92:15:5e:e3:f7:9a:
         6c:62:8b:36:f3:6f:a9:6f:38:af:01:fb:b4:19:7a:a4:14:89:
         70:84:71:75:dc:ef:77:e0:19:a7:d1:a9:2c:92:76:06:6a:c1:
         01:b6:40:d3:55:d1:a2:09:c6:e0:ff:3b:54:1f:0c:02:09:0f:
         9a:92:6e:26:f3:81:cf:5a:4f:b7:aa:d5:34:c4:9e:21:82:36:
         0d:fd:c6:b0:31:de:e7:87:c6:b7:be:b0:19:d5:79:6c:6f:17:
         e5:2b:bb:9c:bc:47:5d:c2:06:4a:b5:e4:4c:de:cb:ec:ed:bd:
         d5:8f:16:58:b8:49:7e:db:3e:2f:5b:51:31:b8:52:45:75:6f:
         db:37:02:27:1f:00:7b:3f:a7:94:97:25:e2:74:ab:fa:a3:35:
         41:6f:c7:50:6d:86:a6:69:2b:07:e1:d5:2e:4b:a9:9f:da:ec:
         18:8e:1b:cf:59:4b:96:02:f7:a1:e4:4f:56:01:b7:1f:56:24:
         7c:6b:6a:31:4b:3b:19:e0:23:b1:ef:95:6f:27:43:c6:51:fc:
         13:50:13:f0
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIDAP9bMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjUwMTA4MDIzODAwWhcNMjUxMjEzMDIzODAwWjAYMRYw
FAYDVQQDEw02NzdkZTUwYi1jNDM0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAq+oCmsMOTi1EO1PxoL4YHsswjGATWCoSJF1w9WW3CHF7vks97CU+ZS5v
Zd6kzGzQ22ffXwIMBFnBkJOo3lcSyscCbEk8k8qKZU2G8s0woz/MMwQkJfaV/lIx
8o1GqMIYRB3JxGpfktprUcWrPezyeUQmMC8pjVYT8CV89zdcZudrLkysPGnPIRsE
k8e8IDUx7PZiU1bOywFchFnX/r6w7tuCPgqjeHZ1bw1yPumr/oGg4r5rXzZAZ4Iv
2mcCp+2eezO8MplWj2ytY7pssFfaI88hS+5D28upJEdZ3nVdkguhgvn6wW8U0SYH
xEEfBuidnWX0xxDYNCxjbD9VfrxMYQIDAQABo4ICojCCAp4wHQYDVR0OBBYEFANU
1ak2a6SJQmWuF0M0GU2NbjrKMB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC85NTNGMDZDMENENjkxMUVGQjRERjFGNTI3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnPd5MA0GCSqGSIb3DQEBCwUA
A4IBAQA72teNhRdST2vuq1WhANoyIKj5kREjunZQNVHt9Be1/sluFURaWDfNxIrb
LuFNqXqSFV7j95psYos282+pbzivAfu0GXqkFIlwhHF13O934Bmn0aksknYGasEB
tkDTVdGiCcbg/ztUHwwCCQ+akm4m84HPWk+3qtU0xJ4hgjYN/cawMd7nh8a3vrAZ
1XlsbxflK7ucvEddwgZKteRM3svs7b3VjxZYuEl+2z4vW1ExuFJFdW/bNwInHwB7
P6eUlyXidKv6ozVBb8dQbYamaSsH4dUuS6mf2uwYjhvPWUuWAveh5E9WAbcfViR8
a2oxSzsZ4COx75VvJ0PGUfwTUBPw
-----END CERTIFICATE-----