Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/C4B9876AD2DF11EFB441D46A762E951A.roa
File:                     C4B9876AD2DF11EFB441D46A762E951A.roa (raw, json)
Hash identifier:          nTanE0LDQvN0vg2uqQ5iCSlmvBO018CyQfGBdrIIX54=
Subject key identifier:   B4:2C:CA:B3:33:CD:0E:6E:01:2B:08:FB:AD:67:64:A7:0F:1A:ED:3C
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       01072D
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/C4B9876AD2DF11EFB441D46A762E951A.roa
Signing time:             Wed 15 Jan 2025 01:26:39 +0000
ROA not before:           Wed 15 Jan 2025 01:26:35 +0000
ROA not after:            Sat 13 Dec 2025 01:26:35 +0000
asID:                     984
IP address blocks:        156.247.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.mft
                          rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Fri 07 Feb 2025 00:26:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 67373 (0x1072d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR
        Validity
            Not Before: Jan 15 01:26:35 2025 GMT
            Not After : Dec 13 01:26:35 2025 GMT
        Subject: CN=67870ecf-6dde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:7f:7f:3e:2d:3f:f9:ec:d5:c2:f1:71:d7:6f:
                    6f:c5:59:a4:06:8d:61:0b:f2:8e:b7:f3:fb:c8:0a:
                    b0:17:06:cb:14:32:0c:6f:b8:84:7f:61:70:0e:be:
                    6f:a3:ea:e9:20:aa:04:58:ca:2a:8e:6e:dd:98:40:
                    df:62:40:d4:80:5d:63:be:f8:36:f1:65:80:83:d4:
                    fe:80:3c:ba:5d:99:d5:0b:58:d7:ba:ac:17:99:ef:
                    65:2f:c8:d1:ca:b8:ba:bf:25:0b:8e:c1:a9:c0:ed:
                    44:5e:56:3d:20:27:17:d2:ad:16:52:cb:8b:34:89:
                    ce:76:6a:f7:ee:ab:18:cf:bf:4b:6f:c9:e3:b9:0f:
                    10:c4:88:fe:2f:83:93:47:c3:11:c5:b3:0a:7a:c4:
                    56:ac:68:dc:75:9d:50:3e:d8:18:8e:b3:0f:a9:61:
                    f3:e8:51:36:27:c3:5e:98:09:34:a6:12:46:a4:aa:
                    63:70:bc:4a:39:c1:f3:6f:4b:ef:dd:a7:ab:25:32:
                    88:26:73:d1:99:44:b1:40:1e:79:26:99:da:1f:c2:
                    e9:e1:db:ef:4d:db:3d:13:4c:8f:87:5b:e4:6f:ca:
                    cc:62:a3:6b:ff:b9:a3:c7:39:7e:6e:f8:51:39:a7:
                    b1:15:20:3f:61:45:bb:67:17:9c:e5:47:d0:67:a4:
                    ba:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:2C:CA:B3:33:CD:0E:6E:01:2B:08:FB:AD:67:64:A7:0F:1A:ED:3C
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/C4B9876AD2DF11EFB441D46A762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.247.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:b0:50:d7:88:3a:6e:d1:14:4a:11:d5:12:38:8a:20:14:75:
         0f:91:33:d8:f2:17:2a:91:d2:80:78:d1:b9:7e:73:a6:d3:ee:
         b1:f1:ab:ef:bb:85:9a:18:8c:2f:44:98:e6:76:cc:b5:63:b2:
         c2:08:0b:d7:3c:05:f9:cd:b8:bf:36:eb:f6:6f:10:73:71:71:
         45:ca:83:2c:b6:12:a0:a4:28:45:9e:4e:2c:e7:eb:5d:d1:d1:
         17:f4:b3:20:9a:ca:16:7c:58:02:2d:48:a8:3e:a9:dc:c0:3a:
         69:08:40:c8:67:bd:e1:ee:59:f2:d8:e3:51:09:2f:aa:ed:63:
         02:9e:05:62:88:c4:9a:25:59:a0:e6:a3:d6:ce:77:4a:b3:a3:
         16:6a:49:ca:e9:48:72:b9:3e:cb:15:6c:08:51:e6:dd:50:02:
         fa:08:e4:67:b6:42:77:c2:91:8a:80:74:e0:a9:6d:00:3a:15:
         20:36:db:f2:4b:c6:df:19:ad:40:02:d4:3b:dd:bc:79:35:ed:
         1a:48:a9:7a:cb:1e:c3:74:8e:90:76:64:13:b1:6b:af:40:9c:
         4e:e5:19:5b:64:68:3f:0c:ce:89:fd:51:3a:34:6e:b8:12:d0:
         b5:7c:08:4a:00:c2:17:9e:53:82:91:d5:89:b8:da:75:72:39:
         fe:60:d1:0f
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIDAQctMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjUwMTE1MDEyNjM1WhcNMjUxMjEzMDEyNjM1WjAYMRYw
FAYDVQQDEw02Nzg3MGVjZi02ZGRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA1X9/Pi0/+ezVwvFx129vxVmkBo1hC/KOt/P7yAqwFwbLFDIMb7iEf2Fw
Dr5vo+rpIKoEWMoqjm7dmEDfYkDUgF1jvvg28WWAg9T+gDy6XZnVC1jXuqwXme9l
L8jRyri6vyULjsGpwO1EXlY9ICcX0q0WUsuLNInOdmr37qsYz79Lb8njuQ8QxIj+
L4OTR8MRxbMKesRWrGjcdZ1QPtgYjrMPqWHz6FE2J8NemAk0phJGpKpjcLxKOcHz
b0vv3aerJTKIJnPRmUSxQB55JpnaH8Lp4dvvTds9E0yPh1vkb8rMYqNr/7mjxzl+
bvhROaexFSA/YUW7Zxec5UfQZ6S6aQIDAQABo4ICojCCAp4wHQYDVR0OBBYEFLQs
yrMzzQ5uASsI+61nZKcPGu08MB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC9DNEI5ODc2QUQyREYxMUVGQjQ0MUQ0NkE3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnPdsMA0GCSqGSIb3DQEBCwUA
A4IBAQAAsFDXiDpu0RRKEdUSOIogFHUPkTPY8hcqkdKAeNG5fnOm0+6x8avvu4Wa
GIwvRJjmdsy1Y7LCCAvXPAX5zbi/Nuv2bxBzcXFFyoMsthKgpChFnk4s5+td0dEX
9LMgmsoWfFgCLUioPqncwDppCEDIZ73h7lny2ONRCS+q7WMCngViiMSaJVmg5qPW
zndKs6MWaknK6UhyuT7LFWwIUebdUAL6CORntkJ3wpGKgHTgqW0AOhUgNtvyS8bf
Ga1AAtQ73bx5Ne0aSKl6yx7DdI6QdmQTsWuvQJxO5RlbZGg/DM6J/VE6NG64EtC1
fAhKAMIXnlOCkdWJuNp1cjn+YNEP
-----END CERTIFICATE-----