Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/CEF9763ECCEC11EFB7AA3BB1762E951A.roa
File:                     CEF9763ECCEC11EFB7AA3BB1762E951A.roa (raw, json)
Hash identifier:          Oli8UU13RkMTw27MqO/csvi7S6+d8eKxT8fZY/Vr3Rg=
Subject key identifier:   3B:BB:E1:32:D2:C9:BC:BC:44:00:27:BE:34:11:32:8C:49:29:11:5A
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       FC09
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/CEF9763ECCEC11EFB7AA3BB1762E951A.roa
Signing time:             Tue 07 Jan 2025 11:44:53 +0000
ROA not before:           Tue 07 Jan 2025 11:44:49 +0000
ROA not after:            Sat 13 Dec 2025 11:44:49 +0000
asID:                     984
IP address blocks:        156.236.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.mft
                          rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Fri 07 Feb 2025 00:26:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 64521 (0xfc09)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR
        Validity
            Not Before: Jan  7 11:44:49 2025 GMT
            Not After : Dec 13 11:44:49 2025 GMT
        Subject: CN=677d13b5-97a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:fa:22:4b:09:07:ae:53:4c:01:15:52:88:2b:
                    38:cb:db:f8:4b:13:0d:b3:61:fd:15:54:f8:b7:08:
                    9e:2b:08:b3:7f:d9:a6:0f:5c:2c:ff:08:57:41:ee:
                    ae:71:2e:c7:be:9c:fe:bb:c5:f6:4c:ac:c6:e5:3d:
                    a7:b9:f7:b7:75:b5:91:00:0c:fa:80:72:a7:db:94:
                    0b:55:33:3b:06:74:00:9e:8b:57:b9:2c:e6:0b:0e:
                    4e:67:72:dc:77:2a:a8:fd:77:0e:25:ff:1a:a6:27:
                    8e:09:24:08:94:58:44:04:66:42:6e:53:0f:3b:96:
                    ae:16:f6:83:f4:c1:b9:96:ca:06:6e:b6:5b:2c:b9:
                    c2:4a:9f:a7:4b:eb:8c:31:8f:f9:91:81:6e:df:65:
                    75:75:65:04:fd:3c:c2:06:5f:ba:7a:27:ad:23:88:
                    b4:37:cc:30:7e:2e:48:1b:ca:07:68:7e:64:e4:73:
                    e8:28:ca:10:e9:ef:85:b1:7a:02:30:65:83:77:97:
                    09:13:c7:1e:42:3a:c4:91:b7:5b:74:e0:59:8f:69:
                    34:bc:b2:3f:d2:8a:79:ac:f1:46:67:69:98:53:8e:
                    6e:81:fe:d4:d6:8e:dc:7d:85:01:1b:c9:e7:7e:88:
                    df:8b:86:98:a2:4c:0d:a2:3f:ab:d1:b3:15:dd:41:
                    3a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:BB:E1:32:D2:C9:BC:BC:44:00:27:BE:34:11:32:8C:49:29:11:5A
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/CEF9763ECCEC11EFB7AA3BB1762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.236.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:bf:e4:49:56:5d:3a:c1:fc:d1:90:63:64:36:c8:bb:40:69:
         82:0a:07:ac:52:85:06:81:fc:3c:cc:72:da:19:99:19:c0:01:
         79:a3:65:3b:f8:fe:c7:37:0f:0d:68:d7:dd:04:8d:4f:ee:0a:
         50:5e:8c:2c:76:2f:18:e2:23:76:4a:05:48:11:29:de:ba:ba:
         cb:1e:b0:af:f4:ce:aa:14:13:5f:c4:41:66:b8:73:34:83:a7:
         87:0a:6d:97:a8:b5:37:23:e8:bb:54:05:d3:a6:3f:5f:e3:66:
         cd:e3:f7:b5:74:f3:b9:a1:e0:07:36:87:0f:9a:6b:19:2e:0d:
         31:4e:bf:91:3a:6f:52:af:31:5e:29:51:1c:ed:ad:fc:6b:93:
         a7:2e:2a:4a:21:64:3c:8a:a6:94:71:3d:b4:ad:ab:95:61:0b:
         2a:57:3f:c5:f9:82:03:b7:dd:5b:23:50:42:90:23:59:81:93:
         d4:11:d5:b3:62:57:c0:af:7c:f4:1a:35:33:78:d7:c5:08:83:
         e6:f1:1c:d7:5a:39:ce:bd:49:46:4a:54:af:7b:c9:1b:4b:32:
         57:71:88:86:a9:e6:66:c1:b9:a1:f9:1e:e5:da:17:b6:64:58:
         f6:c2:37:0b:23:bd:3d:88:ee:1f:97:9a:c9:71:1c:e7:78:86:
         88:ed:97:bb
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIDAPwJMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjUwMTA3MTE0NDQ5WhcNMjUxMjEzMTE0NDQ5WjAYMRYw
FAYDVQQDEw02NzdkMTNiNS05N2E2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAwfoiSwkHrlNMARVSiCs4y9v4SxMNs2H9FVT4twieKwizf9mmD1ws/whX
Qe6ucS7Hvpz+u8X2TKzG5T2nufe3dbWRAAz6gHKn25QLVTM7BnQAnotXuSzmCw5O
Z3Lcdyqo/XcOJf8apieOCSQIlFhEBGZCblMPO5auFvaD9MG5lsoGbrZbLLnCSp+n
S+uMMY/5kYFu32V1dWUE/TzCBl+6eietI4i0N8wwfi5IG8oHaH5k5HPoKMoQ6e+F
sXoCMGWDd5cJE8ceQjrEkbdbdOBZj2k0vLI/0op5rPFGZ2mYU45ugf7U1o7cfYUB
G8nnfojfi4aYokwNoj+r0bMV3UE6EQIDAQABo4ICojCCAp4wHQYDVR0OBBYEFDu7
4TLSyby8RAAnvjQRMoxJKRFaMB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC9DRUY5NzYzRUNDRUMxMUVGQjdBQTNCQjE3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnOwaMA0GCSqGSIb3DQEBCwUA
A4IBAQB+v+RJVl06wfzRkGNkNsi7QGmCCgesUoUGgfw8zHLaGZkZwAF5o2U7+P7H
Nw8NaNfdBI1P7gpQXowsdi8Y4iN2SgVIESneurrLHrCv9M6qFBNfxEFmuHM0g6eH
Cm2XqLU3I+i7VAXTpj9f42bN4/e1dPO5oeAHNocPmmsZLg0xTr+ROm9SrzFeKVEc
7a38a5OnLipKIWQ8iqaUcT20rauVYQsqVz/F+YIDt91bI1BCkCNZgZPUEdWzYlfA
r3z0GjUzeNfFCIPm8RzXWjnOvUlGSlSve8kbSzJXcYiGqeZmwbmh+R7l2he2ZFj2
wjcLI709iO4fl5rJcRzneIaI7Ze7
-----END CERTIFICATE-----