Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/95B5F6BCC27F11EF9C109970762E951A.roa
File:                     95B5F6BCC27F11EF9C109970762E951A.roa (raw, json)
Hash identifier:          Cm8Oad4mvITg5xIccm9MHaOeTOKvUKjjlS62BCmKfoA=
Subject key identifier:   A8:81:90:9D:76:CE:3E:1C:83:A4:49:7B:A5:31:D9:3C:B0:70:73:B7
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       E8D7
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/95B5F6BCC27F11EF9C109970762E951A.roa
Signing time:             Wed 25 Dec 2024 05:17:50 +0000
ROA not before:           Wed 25 Dec 2024 05:17:46 +0000
ROA not after:            Wed 10 Dec 2025 05:17:46 +0000
asID:                     984
IP address blocks:        156.227.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.mft
                          rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Fri 07 Feb 2025 00:26:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 59607 (0xe8d7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR
        Validity
            Not Before: Dec 25 05:17:46 2024 GMT
            Not After : Dec 10 05:17:46 2025 GMT
        Subject: CN=676b957e-0dc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ce:25:94:1b:96:b0:c7:ea:00:80:9d:1f:ba:
                    7f:00:c5:0a:4a:3f:37:e3:fb:68:ad:7b:a4:98:4d:
                    08:72:ea:98:cd:15:ed:c7:24:2b:d5:60:44:16:25:
                    b6:d6:d5:64:0e:af:c3:45:27:4b:59:ff:78:77:61:
                    b7:15:be:2e:a2:a7:e0:b8:81:d7:84:d3:e3:92:77:
                    43:b0:20:69:da:a2:9c:2b:60:3a:60:e5:99:87:78:
                    4d:47:a7:e8:e8:d2:81:b6:9a:d4:f7:e3:0e:d4:79:
                    ee:8b:e5:58:8b:77:3a:5a:69:92:ca:92:49:51:af:
                    5c:cf:de:8b:3b:51:9d:13:c1:22:b3:5f:b7:fb:79:
                    b8:18:d0:e9:41:28:3f:f4:16:d4:50:72:b1:ae:04:
                    c4:1e:01:88:b8:24:d3:98:b9:68:82:b5:0e:fe:e1:
                    bc:ff:f0:15:b9:70:1f:a1:d3:c6:54:15:04:b0:a5:
                    77:e8:a6:f1:c9:a7:72:5f:54:86:e5:9b:9c:18:a1:
                    f1:54:df:ef:d8:f7:69:fc:f2:1f:09:32:7e:43:3b:
                    56:3d:c4:8e:d6:18:8f:b0:9f:26:f6:47:a0:8c:f0:
                    c3:f6:8a:3a:ef:21:f7:fd:80:26:64:ee:82:92:bb:
                    56:dc:4d:7a:b4:c7:f2:32:a9:82:7e:c0:fd:b5:f9:
                    4f:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:81:90:9D:76:CE:3E:1C:83:A4:49:7B:A5:31:D9:3C:B0:70:73:B7
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/95B5F6BCC27F11EF9C109970762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.227.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:a5:23:d6:50:55:4c:e8:64:a2:b8:cd:51:eb:04:f0:5c:da:
         cf:47:a4:7b:93:28:1a:a1:86:c6:59:6c:da:62:ee:fe:8f:91:
         e8:dc:ae:f2:e3:04:84:dc:e5:2d:84:ea:a7:be:7e:d2:53:e0:
         a2:b9:59:85:4e:f5:be:18:eb:2f:a0:96:21:12:47:e0:50:a6:
         e2:c0:9e:ef:6a:c6:47:18:5a:07:ac:29:7c:ff:26:9b:f0:41:
         11:58:ed:d4:68:e9:3d:03:80:54:33:6c:89:c0:7d:be:9f:32:
         d1:00:24:cb:ba:a6:d7:20:09:4d:8f:4b:b7:7d:3f:75:9d:7f:
         91:e4:b9:e5:40:83:c3:63:c3:03:80:de:b9:62:81:93:70:23:
         d7:0d:78:0b:b0:a7:1e:83:4a:51:62:b0:bf:39:b4:71:48:4d:
         47:e3:3f:71:f4:00:b0:6c:be:4d:4f:01:63:4b:a9:33:79:d6:
         20:48:b0:9b:bc:d3:5e:14:9a:fc:22:b7:fd:1b:d8:81:f2:3a:
         54:73:f5:14:24:c9:23:2b:bf:17:36:ab:dd:34:c7:bf:09:d5:
         7f:fd:05:4b:30:d6:17:af:57:19:15:c0:27:f0:88:66:2b:e1:
         a7:fa:97:f5:21:3e:7d:63:4c:76:ca:b9:f2:83:10:74:fe:96:
         80:aa:80:fc
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIDAOjXMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjQxMjI1MDUxNzQ2WhcNMjUxMjEwMDUxNzQ2WjAYMRYw
FAYDVQQDEw02NzZiOTU3ZS0wZGMzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAlc4llBuWsMfqAICdH7p/AMUKSj834/torXukmE0IcuqYzRXtxyQr1WBE
FiW21tVkDq/DRSdLWf94d2G3Fb4uoqfguIHXhNPjkndDsCBp2qKcK2A6YOWZh3hN
R6fo6NKBtprU9+MO1Hnui+VYi3c6WmmSypJJUa9cz96LO1GdE8Eis1+3+3m4GNDp
QSg/9BbUUHKxrgTEHgGIuCTTmLlogrUO/uG8//AVuXAfodPGVBUEsKV36Kbxyady
X1SG5ZucGKHxVN/v2Pdp/PIfCTJ+QztWPcSO1hiPsJ8m9kegjPDD9oo67yH3/YAm
ZO6CkrtW3E16tMfyMqmCfsD9tflPFQIDAQABo4ICojCCAp4wHQYDVR0OBBYEFKiB
kJ12zj4cg6RJe6Ux2TywcHO3MB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC85NUI1RjZCQ0MyN0YxMUVGOUMxMDk5NzA3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnOO9MA0GCSqGSIb3DQEBCwUA
A4IBAQAppSPWUFVM6GSiuM1R6wTwXNrPR6R7kygaoYbGWWzaYu7+j5Ho3K7y4wSE
3OUthOqnvn7SU+CiuVmFTvW+GOsvoJYhEkfgUKbiwJ7vasZHGFoHrCl8/yab8EER
WO3UaOk9A4BUM2yJwH2+nzLRACTLuqbXIAlNj0u3fT91nX+R5LnlQIPDY8MDgN65
YoGTcCPXDXgLsKceg0pRYrC/ObRxSE1H4z9x9ACwbL5NTwFjS6kzedYgSLCbvNNe
FJr8Irf9G9iB8jpUc/UUJMkjK78XNqvdNMe/CdV//QVLMNYXr1cZFcAn8IhmK+Gn
+pf1IT59Y0x2yrnygxB0/paAqoD8
-----END CERTIFICATE-----