Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/D0391CB8C97A11EFBDA48051762E951A.roa
File:                     D0391CB8C97A11EFBDA48051762E951A.roa (raw, json)
Hash identifier:          XtGLXfMnntmSFvOE9oHu1f/TSZQtXrMdAgY3sqNMOqA=
Subject key identifier:   D5:77:C3:B2:F0:4E:70:F1:C6:49:B3:BA:7E:4A:CB:77:B7:54:43:6F
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       F513
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/D0391CB8C97A11EFBDA48051762E951A.roa
Signing time:             Fri 03 Jan 2025 02:31:19 +0000
ROA not before:           Fri 03 Jan 2025 02:31:15 +0000
ROA not after:            Mon 13 Dec 2027 02:31:15 +0000
asID:                     17561
IP address blocks:        156.227.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.mft
                          rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Fri 07 Feb 2025 00:26:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 62739 (0xf513)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR
        Validity
            Not Before: Jan  3 02:31:15 2025 GMT
            Not After : Dec 13 02:31:15 2027 GMT
        Subject: CN=67774bf7-c747
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:f0:05:51:6a:f6:35:36:7f:20:f0:ff:19:af:
                    7a:7b:79:c4:d8:0b:29:d6:c1:49:66:d1:33:4a:fc:
                    f3:58:5c:da:4f:fd:e9:d9:5d:67:67:59:1e:94:b8:
                    5b:b0:b9:b3:49:e2:20:44:71:7f:3d:52:49:29:a3:
                    ce:44:92:c9:97:a1:b9:68:69:4c:42:fa:4f:a1:5e:
                    24:c6:93:3d:d5:b2:46:07:93:c3:f0:38:47:10:e6:
                    7c:fa:7c:09:4c:4f:ff:48:91:16:0b:28:93:f2:2a:
                    33:00:82:91:1a:56:ed:4e:a8:6d:96:4b:e5:c2:19:
                    9c:6c:b8:c4:bc:fa:a5:ea:85:c1:5e:33:c9:8e:c7:
                    49:0d:26:c5:a3:3c:cc:89:af:83:b4:95:8c:94:2b:
                    b8:45:eb:58:69:1a:89:49:73:61:e6:8a:f6:a0:aa:
                    57:f1:60:17:22:4e:df:3b:36:28:a8:b9:c4:ed:cc:
                    e5:0f:c1:65:da:73:32:dc:2c:f7:f6:d9:bc:97:29:
                    4a:d9:60:f3:7e:78:b4:7c:c1:1d:5e:09:8f:ef:d0:
                    d9:02:b4:18:d1:0c:92:10:35:b9:79:15:b7:8d:be:
                    35:c4:7b:56:d6:e2:b8:72:81:42:37:d5:7a:62:5f:
                    5d:8d:32:18:6e:4d:7a:d8:6a:7f:0e:4a:1e:41:99:
                    98:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:77:C3:B2:F0:4E:70:F1:C6:49:B3:BA:7E:4A:CB:77:B7:54:43:6F
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/D0391CB8C97A11EFBDA48051762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.227.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:2c:f2:ea:be:50:b0:43:6d:af:74:87:63:90:de:69:ca:42:
         25:3b:6c:6d:4c:19:d7:c6:f9:13:c1:0e:be:e0:cc:34:6b:a8:
         99:2b:4a:55:80:d1:2d:47:3b:db:23:a0:70:55:67:12:22:9d:
         38:31:67:ab:2a:9e:73:73:2a:6e:2f:56:72:72:2c:41:1a:31:
         38:06:d1:60:22:12:d1:67:35:45:56:76:66:97:67:42:8f:7f:
         e8:43:72:43:d4:cd:49:2d:bf:e1:f3:6c:29:e0:72:d5:dd:3b:
         fd:7d:a5:44:a6:a3:f4:67:8c:d5:39:5b:82:c4:94:45:06:74:
         52:85:47:05:4b:42:55:84:5a:dd:b6:37:65:51:b3:e1:38:94:
         06:ba:f0:ed:6c:5e:80:2b:4b:7c:d5:50:ad:45:b4:4e:bb:c1:
         b9:c8:19:a5:ba:95:78:59:e4:1b:a8:ee:14:af:5d:09:c5:da:
         a1:9c:01:a8:8f:1c:a8:fe:8a:9f:41:ba:61:42:5e:b0:44:77:
         04:d1:8a:2d:63:f4:68:46:58:f1:63:6a:59:18:05:c9:11:34:
         35:bf:c9:c6:bf:b9:54:6c:04:5b:32:66:a8:c6:f7:79:58:c9:
         db:03:15:3c:50:8b:75:ea:32:a1:f3:d6:47:f7:7e:0f:37:2c:
         2c:9e:9d:71
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIDAPUTMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjUwMTAzMDIzMTE1WhcNMjcxMjEzMDIzMTE1WjAYMRYw
FAYDVQQDEw02Nzc3NGJmNy1jNzQ3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAq/AFUWr2NTZ/IPD/Ga96e3nE2Asp1sFJZtEzSvzzWFzaT/3p2V1nZ1ke
lLhbsLmzSeIgRHF/PVJJKaPORJLJl6G5aGlMQvpPoV4kxpM91bJGB5PD8DhHEOZ8
+nwJTE//SJEWCyiT8iozAIKRGlbtTqhtlkvlwhmcbLjEvPql6oXBXjPJjsdJDSbF
ozzMia+DtJWMlCu4RetYaRqJSXNh5or2oKpX8WAXIk7fOzYoqLnE7czlD8Fl2nMy
3Cz39tm8lylK2WDzfni0fMEdXgmP79DZArQY0QySEDW5eRW3jb41xHtW1uK4coFC
N9V6Yl9djTIYbk162Gp/DkoeQZmYwQIDAQABo4ICojCCAp4wHQYDVR0OBBYEFNV3
w7LwTnDxxkmzun5Ky3e3VENvMB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC9EMDM5MUNCOEM5N0ExMUVGQkRBNDgwNTE3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnON7MA0GCSqGSIb3DQEBCwUA
A4IBAQA2LPLqvlCwQ22vdIdjkN5pykIlO2xtTBnXxvkTwQ6+4Mw0a6iZK0pVgNEt
RzvbI6BwVWcSIp04MWerKp5zcypuL1ZycixBGjE4BtFgIhLRZzVFVnZml2dCj3/o
Q3JD1M1JLb/h82wp4HLV3Tv9faVEpqP0Z4zVOVuCxJRFBnRShUcFS0JVhFrdtjdl
UbPhOJQGuvDtbF6AK0t81VCtRbROu8G5yBmlupV4WeQbqO4Ur10JxdqhnAGojxyo
/oqfQbphQl6wRHcE0YotY/RoRljxY2pZGAXJETQ1v8nGv7lUbARbMmaoxvd5WMnb
AxU8UIt16jKh89ZH934PNywsnp1x
-----END CERTIFICATE-----