Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/8A3584A64CF911F08126327FDAE4EC9C.roa
File:                     8A3584A64CF911F08126327FDAE4EC9C.roa (raw, json)
Hash identifier:          coyPjGkRqxn2JC2Ial5VH2mQkbSwM+p+U1CuHy304wA=
Subject key identifier:   6F:17:46:3A:51:FD:19:BC:40:85:32:B5:D9:E5:19:58:FF:3B:08:9E
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       015D2E
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/8A3584A64CF911F08126327FDAE4EC9C.roa
Signing time:             Thu 19 Jun 2025 10:38:30 +0000
ROA not before:           Thu 19 Jun 2025 10:38:25 +0000
ROA not after:            Sat 26 Jul 2025 10:38:25 +0000
asID:                     395793
IP address blocks:        156.228.62.0/24 maxlen: 24
                          156.228.210.0/24 maxlen: 24
                          156.228.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.mft
                          rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Wed 02 Jul 2025 00:26:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 89390 (0x15d2e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR, serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
        Validity
            Not Before: Jun 19 10:38:25 2025 GMT
            Not After : Jul 26 10:38:25 2025 GMT
        Subject: CN=6853e8a6-91c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:02:17:1e:b3:91:ff:f0:a0:30:69:e6:1d:36:
                    31:e3:79:f6:7b:2b:64:4e:fb:ed:7e:65:cb:19:73:
                    6d:a2:e3:79:98:5f:66:ea:28:74:ba:21:b3:8b:ea:
                    fe:fd:c8:da:f1:76:44:b5:6b:b8:ca:f8:f6:4a:7e:
                    27:23:79:d7:cb:1f:d7:cd:5f:94:0a:94:a2:7f:67:
                    de:56:ef:77:3b:14:29:bc:ec:ac:5b:28:8f:eb:c3:
                    61:a9:a4:3e:3e:65:a3:cf:f2:bc:e8:33:53:8a:eb:
                    2f:cd:56:ed:36:26:6d:f4:f7:6c:9a:e9:88:9f:99:
                    aa:07:59:e6:d5:3d:c1:2f:ed:f1:c4:51:a4:8a:26:
                    45:60:03:b6:0e:97:f9:6c:2e:69:84:78:3e:e0:5b:
                    b7:79:4d:8d:35:d9:50:d4:cc:6e:74:bd:d8:3b:15:
                    03:f7:a4:58:e3:9f:41:83:ad:cc:9d:dc:b3:db:8c:
                    e9:f3:a7:93:2c:34:f0:1a:5c:8b:af:f9:7f:2b:5c:
                    e6:49:42:48:c9:c1:0d:30:b1:13:50:d7:a4:65:18:
                    24:44:ef:be:c9:56:d5:89:31:d6:b8:36:94:9d:7d:
                    ab:ba:7a:f3:52:ff:28:b4:cb:18:db:16:f5:57:50:
                    5b:1e:67:46:f9:60:53:93:4b:2a:ea:a3:7b:a1:f2:
                    a3:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:17:46:3A:51:FD:19:BC:40:85:32:B5:D9:E5:19:58:FF:3B:08:9E
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/8A3584A64CF911F08126327FDAE4EC9C.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.228.62.0/24
                  156.228.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         64:35:73:01:79:57:d6:88:58:26:b1:30:2b:87:57:b6:7f:5d:
         d7:23:51:70:9c:9a:4a:3a:97:81:cc:f0:2c:08:42:1d:cc:6b:
         c9:9f:42:69:ea:5e:0a:f4:27:79:a7:66:68:7a:5d:2e:89:a5:
         d6:63:82:ce:f7:bb:7b:cd:bb:26:00:4f:4d:7c:75:70:e9:57:
         c5:22:11:a9:99:8e:49:06:ce:d4:19:11:ab:af:be:32:9d:67:
         4e:de:b4:6e:f2:5c:df:a0:b1:21:42:23:30:c6:8f:d1:64:4a:
         ce:18:e0:51:25:e5:ad:ed:8b:42:1f:83:b9:91:be:2c:ed:b3:
         ad:57:b4:32:c3:7d:b6:44:4e:ff:60:62:ab:82:4e:bc:b9:7e:
         39:0a:88:9a:30:82:84:aa:c7:02:63:30:ec:2c:ac:06:c8:e9:
         ea:3c:17:81:da:23:ab:26:9f:2c:1e:46:1b:f8:c3:eb:ae:b0:
         e2:1b:98:d8:3e:36:84:bd:c5:82:49:13:90:22:b1:32:dc:89:
         fc:6a:9a:cc:0b:ea:9f:84:85:2e:e5:10:37:e0:c6:02:d8:af:
         df:98:00:87:eb:6f:01:22:8c:17:53:95:01:18:56:fc:f4:95:
         fe:99:fb:a0:50:80:cc:c1:b9:71:a4:e4:58:ea:77:d4:c3:fd:
         59:ee:ef:61
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgIDAV0uMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjUwNjE5MTAzODI1WhcNMjUwNzI2MTAzODI1WjAYMRYw
FAYDVQQDEw02ODUzZThhNi05MWM2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA7QIXHrOR//CgMGnmHTYx43n2eytkTvvtfmXLGXNtouN5mF9m6ih0uiGz
i+r+/cja8XZEtWu4yvj2Sn4nI3nXyx/XzV+UCpSif2feVu93OxQpvOysWyiP68Nh
qaQ+PmWjz/K86DNTiusvzVbtNiZt9PdsmumIn5mqB1nm1T3BL+3xxFGkiiZFYAO2
Dpf5bC5phHg+4Fu3eU2NNdlQ1MxudL3YOxUD96RY459Bg63Mndyz24zp86eTLDTw
GlyLr/l/K1zmSUJIycENMLETUNekZRgkRO++yVbViTHWuDaUnX2runrzUv8otMsY
2xb1V1BbHmdG+WBTk0sq6qN7ofKjtQIDAQABo4ICqDCCAqQwHQYDVR0OBBYEFG8X
RjpR/Rm8QIUytdnlGVj/OwieMB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC84QTM1ODRBNjRDRjkxMUYwODEyNjMyN0ZEQUU0RUM5Qy5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAnOQ+AwQBnOTSMA0GCSqGSIb3
DQEBCwUAA4IBAQBkNXMBeVfWiFgmsTArh1e2f13XI1FwnJpKOpeBzPAsCEIdzGvJ
n0Jp6l4K9Cd5p2Zoel0uiaXWY4LO97t7zbsmAE9NfHVw6VfFIhGpmY5JBs7UGRGr
r74ynWdO3rRu8lzfoLEhQiMwxo/RZErOGOBRJeWt7YtCH4O5kb4s7bOtV7Qyw322
RE7/YGKrgk68uX45CoiaMIKEqscCYzDsLKwGyOnqPBeB2iOrJp8sHkYb+MPrrrDi
G5jYPjaEvcWCSROQIrEy3In8aprMC+qfhIUu5RA34MYC2K/fmACH628BIowXU5UB
GFb89JX+mfugUIDMwblxpORY6nfUw/1Z7u9h
-----END CERTIFICATE-----
Generated at Tue Jul 1 00:44:47 2025 by rpki-client