Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/D7DC81D6CCFD11EFA9250A9B762E951A.roa
File:                     D7DC81D6CCFD11EFA9250A9B762E951A.roa (raw, json)
Hash identifier:          uvLYMTWvAMDjFTD9KYhTLCZlFKCXjUmPExZFdSiz+pk=
Subject key identifier:   20:B4:70:28:8F:32:36:8A:CD:BD:DA:AE:C8:DA:4E:0A:C3:79:CD:01
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       FC57
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/D7DC81D6CCFD11EFA9250A9B762E951A.roa
Signing time:             Tue 07 Jan 2025 13:46:49 +0000
ROA not before:           Tue 07 Jan 2025 13:46:46 +0000
ROA not after:            Sat 13 Dec 2025 13:46:46 +0000
asID:                     984
IP address blocks:        156.238.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.mft
                          rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Fri 07 Feb 2025 00:26:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 64599 (0xfc57)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR
        Validity
            Not Before: Jan  7 13:46:46 2025 GMT
            Not After : Dec 13 13:46:46 2025 GMT
        Subject: CN=677d3049-4207
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:39:44:e8:92:2b:f0:89:54:25:35:13:d9:fd:
                    ce:38:e4:ee:7f:70:95:89:6a:51:88:bf:bb:45:d5:
                    b0:65:b4:ec:ce:51:40:49:42:e1:47:84:66:20:62:
                    76:d0:3b:54:7a:4a:b2:a1:d3:17:ac:eb:81:26:7e:
                    ed:6f:3f:8a:64:d6:38:a0:98:cd:03:1c:d2:c9:53:
                    e7:22:a7:c8:88:c1:4c:3b:2f:30:1c:8c:0d:69:81:
                    88:25:00:24:2b:21:1c:f1:53:6e:de:24:c1:91:2f:
                    f9:46:77:5b:0f:71:3d:71:7e:6a:30:8b:42:13:af:
                    d7:2f:bb:88:c5:ab:e0:c5:d2:1e:76:3f:4e:c0:d9:
                    db:28:df:16:6d:e5:f4:7b:b9:41:5e:98:d6:3c:b1:
                    14:b8:90:75:f8:6d:04:86:14:80:13:97:e4:e3:e4:
                    42:d7:54:1a:7d:78:e1:a0:38:16:69:00:19:4d:98:
                    60:1e:c3:6c:57:17:2f:79:82:e7:d2:55:c3:8a:8e:
                    b2:5c:05:3f:45:79:c9:1d:ae:30:c4:4f:3e:ff:90:
                    24:d9:17:9f:4a:db:9c:31:98:63:f6:69:d3:cb:fd:
                    5b:59:65:3f:a2:50:59:ae:35:1d:9f:8e:f8:af:4a:
                    3e:f9:c4:98:0b:fe:09:bc:60:ab:e2:96:79:b7:95:
                    d9:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:B4:70:28:8F:32:36:8A:CD:BD:DA:AE:C8:DA:4E:0A:C3:79:CD:01
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/D7DC81D6CCFD11EFA9250A9B762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.238.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:3c:ae:e5:0a:57:36:7a:fc:dd:ee:d9:c4:c1:ca:e8:16:b4:
         1d:08:cf:c7:8e:d0:73:60:2b:d3:62:ae:be:45:e0:66:fd:e0:
         e0:42:72:8e:ba:25:50:bd:23:54:02:e4:f2:f2:1d:ac:f3:75:
         22:f8:3b:04:c8:d0:8b:a3:44:4c:e0:56:32:47:2e:4b:20:45:
         cd:7d:bb:12:74:46:12:22:1b:5b:11:15:95:5a:0d:7e:e6:ff:
         d3:f9:9b:01:57:2d:3f:23:a0:9e:3e:b9:86:5f:8e:11:86:fc:
         1b:f8:87:51:e4:c2:bd:6f:f8:70:57:80:17:43:35:3c:a8:33:
         9c:cf:d8:92:1b:d6:54:ae:f2:5c:fa:5a:85:d8:10:6e:df:67:
         f0:c6:2a:56:1e:a6:b7:d4:49:eb:e1:bb:3b:ac:93:ed:de:96:
         bd:48:56:16:e0:91:81:d0:17:96:02:d4:f8:93:af:ec:cc:9c:
         f2:b0:84:91:d0:92:d5:b5:bf:fe:57:9d:58:f3:5b:20:df:0e:
         ca:14:4c:2d:76:a3:d5:5e:fd:32:97:ae:23:86:fb:1e:f6:23:
         85:4a:dc:60:c1:57:b9:9c:f0:4e:4e:f8:97:9c:3b:ed:e5:3a:
         5f:75:22:48:88:a7:07:a7:a2:78:84:5d:32:e1:4c:14:d5:78:
         6c:77:8e:48
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIDAPxXMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjUwMTA3MTM0NjQ2WhcNMjUxMjEzMTM0NjQ2WjAYMRYw
FAYDVQQDEw02NzdkMzA0OS00MjA3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAqjlE6JIr8IlUJTUT2f3OOOTuf3CViWpRiL+7RdWwZbTszlFASULhR4Rm
IGJ20DtUekqyodMXrOuBJn7tbz+KZNY4oJjNAxzSyVPnIqfIiMFMOy8wHIwNaYGI
JQAkKyEc8VNu3iTBkS/5RndbD3E9cX5qMItCE6/XL7uIxavgxdIedj9OwNnbKN8W
beX0e7lBXpjWPLEUuJB1+G0EhhSAE5fk4+RC11QafXjhoDgWaQAZTZhgHsNsVxcv
eYLn0lXDio6yXAU/RXnJHa4wxE8+/5Ak2RefStucMZhj9mnTy/1bWWU/olBZrjUd
n474r0o++cSYC/4JvGCr4pZ5t5XZHwIDAQABo4ICojCCAp4wHQYDVR0OBBYEFCC0
cCiPMjaKzb3arsjaTgrDec0BMB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC9EN0RDODFENkNDRkQxMUVGQTkyNTBBOUI3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnO5gMA0GCSqGSIb3DQEBCwUA
A4IBAQBhPK7lClc2evzd7tnEwcroFrQdCM/HjtBzYCvTYq6+ReBm/eDgQnKOuiVQ
vSNUAuTy8h2s83Ui+DsEyNCLo0RM4FYyRy5LIEXNfbsSdEYSIhtbERWVWg1+5v/T
+ZsBVy0/I6CePrmGX44Rhvwb+IdR5MK9b/hwV4AXQzU8qDOcz9iSG9ZUrvJc+lqF
2BBu32fwxipWHqa31Enr4bs7rJPt3pa9SFYW4JGB0BeWAtT4k6/szJzysISR0JLV
tb/+V51Y81sg3w7KFEwtdqPVXv0yl64jhvse9iOFStxgwVe5nPBOTviXnDvt5Tpf
dSJIiKcHp6J4hF0y4UwU1Xhsd45I
-----END CERTIFICATE-----