Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/A5CA2ED2CD1111EF94843398762E951A.roa
File:                     A5CA2ED2CD1111EF94843398762E951A.roa (raw, json)
Hash identifier:          vjxzj+zUA5uunfh3C5SM5unkN+ACIFnh8inmqaKluxg=
Subject key identifier:   3E:8D:0E:F4:E4:E7:EE:B8:49:65:00:3A:6C:96:DE:93:30:75:60:DF
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       FCF7
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/A5CA2ED2CD1111EF94843398762E951A.roa
Signing time:             Tue 07 Jan 2025 16:08:35 +0000
ROA not before:           Tue 07 Jan 2025 16:08:31 +0000
ROA not after:            Mon 13 Dec 2027 16:08:31 +0000
asID:                     17561
IP address blocks:        156.240.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.mft
                          rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Fri 07 Feb 2025 00:26:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 64759 (0xfcf7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR
        Validity
            Not Before: Jan  7 16:08:31 2025 GMT
            Not After : Dec 13 16:08:31 2027 GMT
        Subject: CN=677d5183-a1c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:b2:10:95:a2:47:5a:ba:4f:8a:96:2e:e6:51:
                    d9:55:73:cd:f4:04:2d:57:ca:8a:94:cd:90:ac:f0:
                    51:68:80:25:61:4f:f2:d7:0e:2f:bd:28:df:20:e7:
                    9f:1f:55:d9:c1:74:64:2a:72:1d:e0:b7:9b:ff:58:
                    dd:90:9b:f1:f6:31:7e:17:48:60:63:e5:ca:2c:d9:
                    46:19:fb:c5:45:53:78:62:91:ee:99:99:2b:2f:0c:
                    f6:59:71:cc:94:b4:bb:4b:14:18:20:d8:a7:71:b8:
                    8a:ee:2d:e3:03:2d:ce:aa:77:7a:e7:2b:49:3a:74:
                    b7:62:2f:a7:0f:78:a0:44:3e:16:1f:8c:59:15:32:
                    83:2e:57:f7:e0:4d:9e:2b:52:c3:e4:2c:c0:60:03:
                    5b:24:10:4f:36:64:48:0f:2e:9b:20:97:97:d4:b5:
                    3e:d5:52:ca:f8:54:49:4e:fa:00:08:24:a1:6e:b2:
                    c4:a7:93:d3:2a:1d:c1:34:b9:f3:bc:56:9a:77:02:
                    35:c0:3b:2f:b6:ea:48:d4:c8:28:d5:4b:26:62:d6:
                    d5:0e:d6:7e:44:42:3e:4d:39:c9:5c:ed:de:db:0a:
                    f2:b6:5c:34:fc:f5:ed:10:88:28:81:b2:4a:83:9f:
                    83:45:b6:34:84:eb:ee:5b:ee:90:e2:56:85:54:04:
                    6a:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:8D:0E:F4:E4:E7:EE:B8:49:65:00:3A:6C:96:DE:93:30:75:60:DF
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/A5CA2ED2CD1111EF94843398762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.240.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:81:67:39:d7:a6:74:69:d8:00:6b:e4:29:86:3f:2b:48:27:
         4d:fa:0d:d8:f3:ac:07:76:75:59:96:b1:f0:f1:52:64:c3:68:
         e6:f9:38:b2:70:50:5a:d9:f7:f0:57:31:12:4b:0c:b5:dd:15:
         80:fd:72:63:10:c9:72:40:6b:6f:08:93:40:05:73:df:cd:88:
         28:c2:fd:ca:5e:d7:27:9f:10:5a:cd:ed:1a:5f:a8:08:aa:96:
         d0:a5:2b:3c:94:0a:30:69:d4:ca:b4:0b:dc:d3:7a:a1:02:77:
         fa:d3:55:18:16:e3:9a:d1:9d:86:fb:96:79:8d:62:99:b2:d8:
         70:48:79:bf:f4:c3:4c:2d:90:b1:59:17:53:7f:c9:cb:34:cf:
         4d:c9:65:4a:b6:a8:60:e5:aa:d7:e8:d7:05:8b:61:bf:01:f9:
         58:3c:d7:1e:54:8a:2c:09:2d:f5:76:98:51:f3:b9:0b:3c:b3:
         dd:97:f4:f0:60:16:6a:73:a3:5c:7c:a5:5a:02:79:aa:c8:dd:
         98:f0:1c:42:d2:29:10:5d:8e:f5:f6:47:e9:81:c5:23:b1:a1:
         09:43:f1:85:51:56:99:1e:3b:46:d7:bb:df:ef:e0:ce:52:61:
         20:30:06:fc:b6:95:af:75:30:f4:92:e6:f5:d2:de:82:a7:4c:
         01:f6:cf:34
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIDAPz3MA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjUwMTA3MTYwODMxWhcNMjcxMjEzMTYwODMxWjAYMRYw
FAYDVQQDEw02NzdkNTE4My1hMWM5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAzLIQlaJHWrpPipYu5lHZVXPN9AQtV8qKlM2QrPBRaIAlYU/y1w4vvSjf
IOefH1XZwXRkKnId4Leb/1jdkJvx9jF+F0hgY+XKLNlGGfvFRVN4YpHumZkrLwz2
WXHMlLS7SxQYINincbiK7i3jAy3Oqnd65ytJOnS3Yi+nD3igRD4WH4xZFTKDLlf3
4E2eK1LD5CzAYANbJBBPNmRIDy6bIJeX1LU+1VLK+FRJTvoACCShbrLEp5PTKh3B
NLnzvFaadwI1wDsvtupI1Mgo1UsmYtbVDtZ+REI+TTnJXO3e2wrytlw0/PXtEIgo
gbJKg5+DRbY0hOvuW+6Q4laFVARqbQIDAQABo4ICojCCAp4wHQYDVR0OBBYEFD6N
DvTk5+64SWUAOmyW3pMwdWDfMB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC9BNUNBMkVEMkNEMTExMUVGOTQ4NDMzOTg3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnPA6MA0GCSqGSIb3DQEBCwUA
A4IBAQChgWc516Z0adgAa+Qphj8rSCdN+g3Y86wHdnVZlrHw8VJkw2jm+TiycFBa
2ffwVzESSwy13RWA/XJjEMlyQGtvCJNABXPfzYgowv3KXtcnnxBaze0aX6gIqpbQ
pSs8lAowadTKtAvc03qhAnf601UYFuOa0Z2G+5Z5jWKZsthwSHm/9MNMLZCxWRdT
f8nLNM9NyWVKtqhg5arX6NcFi2G/AflYPNceVIosCS31dphR87kLPLPdl/TwYBZq
c6NcfKVaAnmqyN2Y8BxC0ikQXY719kfpgcUjsaEJQ/GFUVaZHjtG17vf7+DOUmEg
MAb8tpWvdTD0kub10t6Cp0wB9s80
-----END CERTIFICATE-----