Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/E33F39F2CCDE11EF8C806F5A762E951A.roa
File:                     E33F39F2CCDE11EF8C806F5A762E951A.roa (raw, json)
Hash identifier:          JST1cFCLk5W8xB4r6Xm94K+xo91Je/iK/UEUqh7kGPk=
Subject key identifier:   E4:21:20:70:63:0F:F0:3A:C2:F4:CE:A6:83:C5:F3:1A:1B:F2:3F:AD
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       FB8F
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/E33F39F2CCDE11EF8C806F5A762E951A.roa
Signing time:             Tue 07 Jan 2025 10:05:14 +0000
ROA not before:           Tue 07 Jan 2025 10:05:10 +0000
ROA not after:            Sat 13 Dec 2025 10:05:10 +0000
asID:                     984
IP address blocks:        156.233.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.mft
                          rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Fri 07 Feb 2025 00:26:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 64399 (0xfb8f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR
        Validity
            Not Before: Jan  7 10:05:10 2025 GMT
            Not After : Dec 13 10:05:10 2025 GMT
        Subject: CN=677cfc5a-b087
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:9d:26:ee:3e:2f:10:1b:ea:90:39:c6:6d:49:
                    c9:63:b3:84:7c:f7:e4:87:d2:44:93:5d:ff:8d:ac:
                    20:72:f3:8d:88:63:b1:93:89:f1:d2:1b:36:a3:81:
                    52:6d:cc:a9:45:f0:98:a5:79:ee:b6:7b:3b:9b:61:
                    74:5c:cc:06:8e:9f:f0:88:9c:ec:67:7a:98:f4:bc:
                    f1:ba:80:c5:77:e2:9d:75:d2:4a:20:6c:73:4d:61:
                    78:31:4a:65:a2:9b:86:c3:82:d0:9a:4a:c5:3c:48:
                    bf:af:42:0f:98:ed:ea:c2:74:22:cb:15:a8:00:d2:
                    c6:03:9b:df:2d:61:06:6b:ec:88:f0:bd:1b:77:0e:
                    e0:46:dc:a6:8b:bb:00:a0:9a:d2:0d:11:25:66:78:
                    48:4e:53:68:a2:fc:24:40:00:a3:fe:04:6a:63:ec:
                    fc:5f:c6:7c:5b:95:6f:91:70:ec:fd:a4:b9:28:b6:
                    e6:09:e1:db:5c:51:72:f8:f4:38:e3:10:39:f8:46:
                    95:8e:b9:e4:f0:33:b9:ab:18:f4:84:ba:36:66:46:
                    79:c7:aa:62:0c:12:ac:c0:68:50:77:01:8c:43:e7:
                    f7:ad:8a:bb:de:8e:21:dd:7f:ce:d7:84:f5:ce:be:
                    23:ad:ba:86:db:20:d8:35:96:bb:81:30:5a:2c:97:
                    99:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:21:20:70:63:0F:F0:3A:C2:F4:CE:A6:83:C5:F3:1A:1B:F2:3F:AD
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/E33F39F2CCDE11EF8C806F5A762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.233.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:e9:8a:97:3f:1e:51:70:43:93:42:2d:bf:f9:20:88:93:69:
         68:74:cb:00:ed:5b:c1:ee:11:59:06:56:b4:93:6e:a5:9d:62:
         9b:40:a5:f8:4c:1e:46:2e:39:80:fa:e0:dd:9c:fa:23:c5:3e:
         ba:da:25:40:70:74:ad:6e:32:33:ee:85:e3:83:26:c6:dc:8e:
         80:b2:a8:1d:69:0f:61:d0:cb:83:10:1e:e7:bf:78:71:eb:52:
         cd:53:1a:59:89:74:d6:a3:b8:e7:fe:cd:02:88:8f:a0:38:33:
         65:73:1f:08:ef:a4:63:b4:dd:49:03:52:5c:61:d8:83:f8:df:
         bc:57:e2:18:cb:5e:ec:69:f4:ae:bb:02:6d:72:83:43:60:40:
         94:e4:be:41:8f:27:71:a1:34:15:76:e1:3a:b9:b0:45:f7:9f:
         45:76:1f:54:29:24:5d:7a:ca:92:6c:23:ab:1c:4d:1d:ef:d4:
         15:44:90:a4:5f:6a:e7:7d:26:51:33:e8:67:01:ea:0d:15:b7:
         07:c2:28:61:ff:b8:3c:c2:f9:56:5b:8b:5c:7b:87:f7:26:d0:
         dc:9f:83:10:08:f2:3d:f9:71:12:5c:6c:87:3b:1f:9e:f9:e1:
         e0:ce:dd:69:08:e3:0a:1b:e6:15:05:52:a9:77:cf:86:df:a4:
         95:1c:c0:41
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIDAPuPMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjUwMTA3MTAwNTEwWhcNMjUxMjEzMTAwNTEwWjAYMRYw
FAYDVQQDEw02NzdjZmM1YS1iMDg3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA2Z0m7j4vEBvqkDnGbUnJY7OEfPfkh9JEk13/jawgcvONiGOxk4nx0hs2
o4FSbcypRfCYpXnutns7m2F0XMwGjp/wiJzsZ3qY9LzxuoDFd+KdddJKIGxzTWF4
MUplopuGw4LQmkrFPEi/r0IPmO3qwnQiyxWoANLGA5vfLWEGa+yI8L0bdw7gRtym
i7sAoJrSDRElZnhITlNoovwkQACj/gRqY+z8X8Z8W5VvkXDs/aS5KLbmCeHbXFFy
+PQ44xA5+EaVjrnk8DO5qxj0hLo2ZkZ5x6piDBKswGhQdwGMQ+f3rYq73o4h3X/O
14T1zr4jrbqG2yDYNZa7gTBaLJeZYwIDAQABo4ICojCCAp4wHQYDVR0OBBYEFOQh
IHBjD/A6wvTOpoPF8xob8j+tMB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC9FMzNGMzlGMkNDREUxMUVGOEM4MDZGNUE3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnOnbMA0GCSqGSIb3DQEBCwUA
A4IBAQA16YqXPx5RcEOTQi2/+SCIk2lodMsA7VvB7hFZBla0k26lnWKbQKX4TB5G
LjmA+uDdnPojxT662iVAcHStbjIz7oXjgybG3I6AsqgdaQ9h0MuDEB7nv3hx61LN
UxpZiXTWo7jn/s0CiI+gODNlcx8I76RjtN1JA1JcYdiD+N+8V+IYy17safSuuwJt
coNDYECU5L5BjydxoTQVduE6ubBF959Fdh9UKSRdesqSbCOrHE0d79QVRJCkX2rn
fSZRM+hnAeoNFbcHwihh/7g8wvlWW4tce4f3JtDcn4MQCPI9+XESXGyHOx+e+eHg
zt1pCOMKG+YVBVKpd8+G36SVHMBB
-----END CERTIFICATE-----