Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/D31FBF3AC32711EF9F6E068A762E951A.roa
File:                     D31FBF3AC32711EF9F6E068A762E951A.roa (raw, json)
Hash identifier:          /FQvKjlky8oQ7hK7zPG/jmnWE/Y0j+I2XrLZjtDeZyM=
Subject key identifier:   96:CB:1C:FE:A4:62:4C:A7:00:DF:7C:9D:5E:9B:C5:CA:24:E8:F8:34
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       EA9F
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/D31FBF3AC32711EF9F6E068A762E951A.roa
Signing time:             Thu 26 Dec 2024 01:22:08 +0000
ROA not before:           Thu 26 Dec 2024 01:22:05 +0000
ROA not after:            Wed 10 Dec 2025 01:22:05 +0000
asID:                     984
IP address blocks:        156.243.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.mft
                          rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Fri 07 Feb 2025 00:26:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 60063 (0xea9f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR
        Validity
            Not Before: Dec 26 01:22:05 2024 GMT
            Not After : Dec 10 01:22:05 2025 GMT
        Subject: CN=676cafc0-0d6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:cd:58:95:14:21:36:3e:72:25:0c:d1:14:67:
                    6d:f1:67:fa:9d:83:2a:ff:92:26:d0:ef:b6:98:84:
                    37:23:86:b4:51:a6:c0:e9:7e:84:95:97:bf:04:82:
                    db:0e:46:89:b9:51:e0:31:74:e4:19:2c:71:c2:bc:
                    77:eb:79:b3:c1:51:c2:f9:fa:f8:88:8b:29:86:ec:
                    04:a1:1a:ed:c5:ec:6c:9a:e7:63:ba:40:63:1a:99:
                    1a:5d:ed:8d:f7:83:0f:1a:32:29:2d:ef:a5:d3:8e:
                    7a:a1:0c:2c:12:1e:2b:b1:1c:33:ed:b6:ce:b5:05:
                    80:ea:a8:53:52:cd:15:5e:a0:17:40:0b:f2:72:7e:
                    f6:e4:8f:f3:34:26:f1:90:03:6b:bb:cd:49:78:17:
                    f5:c5:c6:20:7d:48:69:66:b9:dc:e5:f8:bc:b7:7e:
                    f3:79:22:81:bd:ab:b2:2c:45:bf:ec:a1:0f:48:49:
                    8b:d2:1b:f2:35:ad:f2:a3:9d:1c:a3:c5:9f:d8:74:
                    7d:7b:68:5a:c4:ab:43:f1:d4:88:48:30:03:04:75:
                    93:4d:06:15:6d:4b:2a:7f:3b:60:91:b0:dd:5b:20:
                    38:c9:99:ec:00:4d:c4:f2:c5:39:8d:9b:e3:43:be:
                    de:bf:d5:09:0d:39:32:2f:bb:b7:86:a7:e7:14:61:
                    cc:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:CB:1C:FE:A4:62:4C:A7:00:DF:7C:9D:5E:9B:C5:CA:24:E8:F8:34
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/D31FBF3AC32711EF9F6E068A762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.243.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:d6:fb:b3:c4:bb:e9:8d:e3:bf:f2:4a:39:6c:75:f3:53:e3:
         35:5f:db:f9:7c:12:7b:45:64:8e:9b:bf:e4:f8:89:fa:a9:bb:
         07:0b:3f:44:f7:f1:6e:d0:e9:5f:f7:53:68:c1:ac:76:62:8d:
         66:26:0a:b2:1c:1d:1a:23:55:28:3f:77:d3:75:c2:8a:6b:8b:
         84:54:16:14:73:c3:0c:c9:28:80:0a:97:87:5c:6c:5b:e3:fa:
         c2:79:18:1d:bc:f5:5b:58:21:84:a8:c6:e4:f1:b7:6c:2d:97:
         64:52:03:67:d5:24:b9:53:82:e5:6f:8a:ec:50:be:b4:69:9a:
         a5:4b:d1:92:ff:b4:7f:04:60:07:36:8b:00:bf:83:40:96:5c:
         6b:bf:65:bb:30:a9:70:1c:d6:4e:19:b2:48:53:93:c6:b7:f6:
         d0:e9:8d:0b:e5:8d:ae:41:52:4e:95:be:ff:26:c5:a5:02:6b:
         62:de:4a:a7:93:8b:0c:5e:db:62:f7:5c:b2:a4:6f:61:0a:c1:
         1c:fd:1d:b7:9c:7a:a3:8b:2e:91:d1:ff:c4:8d:ae:86:8d:22:
         9d:eb:61:7c:3d:eb:19:73:a9:8c:9b:2d:25:a8:21:3b:c5:f6:
         37:8c:de:0b:6e:46:3b:71:03:ae:b0:c4:17:a9:4a:8b:9e:49:
         9b:81:29:e2
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIDAOqfMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjQxMjI2MDEyMjA1WhcNMjUxMjEwMDEyMjA1WjAYMRYw
FAYDVQQDEw02NzZjYWZjMC0wZDZmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAtc1YlRQhNj5yJQzRFGdt8Wf6nYMq/5Im0O+2mIQ3I4a0UabA6X6ElZe/
BILbDkaJuVHgMXTkGSxxwrx363mzwVHC+fr4iIsphuwEoRrtxexsmudjukBjGpka
Xe2N94MPGjIpLe+l0456oQwsEh4rsRwz7bbOtQWA6qhTUs0VXqAXQAvycn725I/z
NCbxkANru81JeBf1xcYgfUhpZrnc5fi8t37zeSKBvauyLEW/7KEPSEmL0hvyNa3y
o50co8Wf2HR9e2haxKtD8dSISDADBHWTTQYVbUsqfztgkbDdWyA4yZnsAE3E8sU5
jZvjQ77ev9UJDTkyL7u3hqfnFGHMRQIDAQABo4ICojCCAp4wHQYDVR0OBBYEFJbL
HP6kYkynAN98nV6bxcok6Pg0MB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC9EMzFGQkYzQUMzMjcxMUVGOUY2RTA2OEE3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnPOPMA0GCSqGSIb3DQEBCwUA
A4IBAQBb1vuzxLvpjeO/8ko5bHXzU+M1X9v5fBJ7RWSOm7/k+In6qbsHCz9E9/Fu
0Olf91Nowax2Yo1mJgqyHB0aI1UoP3fTdcKKa4uEVBYUc8MMySiACpeHXGxb4/rC
eRgdvPVbWCGEqMbk8bdsLZdkUgNn1SS5U4Llb4rsUL60aZqlS9GS/7R/BGAHNosA
v4NAllxrv2W7MKlwHNZOGbJIU5PGt/bQ6Y0L5Y2uQVJOlb7/JsWlAmti3kqnk4sM
Xtti91yypG9hCsEc/R23nHqjiy6R0f/Eja6GjSKd62F8PesZc6mMmy0lqCE7xfY3
jN4LbkY7cQOusMQXqUqLnkmbgSni
-----END CERTIFICATE-----