Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/384379E85CCE11F089A4EE7FDAE4EC9C.roa
File:                     384379E85CCE11F089A4EE7FDAE4EC9C.roa (raw, json)
Hash identifier:          5f77BcWNakaDI1bU9WQxgm2j1SupQ4SdEzmVtXx8tYI=
Subject key identifier:   42:85:68:B0:78:0B:A0:56:D4:8B:C4:C9:04:DF:BF:2F:39:3D:F0:7B
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       018CDE
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/384379E85CCE11F089A4EE7FDAE4EC9C.roa
Signing time:             Wed 09 Jul 2025 14:08:43 +0000
ROA not before:           Wed 09 Jul 2025 14:08:38 +0000
ROA not after:            Mon 11 Aug 2025 14:08:38 +0000
asID:                     214143
IP address blocks:        154.197.60.0/23 maxlen: 24
                          154.197.86.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Wed 23 Jul 2025 00:06:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 101598 (0x18cde)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF, serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: Jul  9 14:08:38 2025 GMT
            Not After : Aug 11 14:08:38 2025 GMT
        Subject: CN=686e77eb-b5e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:83:c5:95:1f:6a:d3:68:73:37:39:a8:52:92:
                    99:7b:bc:72:d5:a7:e4:a6:4b:3d:34:92:9e:05:b5:
                    89:ff:da:75:cc:19:74:2d:8c:a5:74:ad:c9:db:ce:
                    e8:53:a6:41:20:cd:8b:97:05:fe:9c:15:5e:5b:d6:
                    67:54:27:9c:52:24:a9:8f:54:ed:51:55:2b:cd:84:
                    9e:92:d6:7f:7f:93:95:0a:0e:21:27:12:5a:20:db:
                    38:9a:c7:44:29:b6:83:4a:9a:ee:ef:34:53:96:2c:
                    da:e6:47:f5:5f:d7:1c:3a:a8:ad:68:06:bd:b4:45:
                    c3:f3:a5:6e:c8:d3:e8:71:3b:dd:7d:c9:1c:64:d3:
                    7f:83:29:38:a2:39:a5:16:18:94:40:76:5f:3a:0f:
                    d4:7d:2b:d2:cf:ea:1c:0b:0b:f2:ab:a5:c1:96:5a:
                    bf:9e:4d:1e:9a:00:13:66:eb:4f:22:a2:eb:65:bb:
                    4f:63:88:60:1a:f0:15:53:96:1e:25:75:b3:05:24:
                    25:38:85:9d:fb:b7:26:05:4f:b5:42:1f:d0:52:6b:
                    4c:17:29:49:7e:29:70:50:85:47:ff:6a:86:4e:3d:
                    99:ee:86:a9:0e:2d:4d:9f:23:34:23:44:29:5c:f6:
                    e0:24:ba:87:74:db:ff:25:67:3f:89:2e:50:22:11:
                    ec:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:85:68:B0:78:0B:A0:56:D4:8B:C4:C9:04:DF:BF:2F:39:3D:F0:7B
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/384379E85CCE11F089A4EE7FDAE4EC9C.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.197.60.0/23
                  154.197.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d3:f1:eb:ef:c9:0b:54:76:2f:62:b3:44:30:c1:23:8a:12:e1:
         cd:f5:8a:e9:7c:67:ad:e9:02:21:71:89:44:0a:c3:35:b1:77:
         76:3e:eb:b5:52:1b:9f:bf:a3:8b:d6:4a:be:2d:c5:f0:84:ee:
         b7:7b:57:e6:34:9a:29:a3:26:a2:79:07:42:d7:6d:ec:f3:54:
         86:db:4c:0b:45:df:2c:75:d7:8a:d4:76:fd:4d:fb:c5:db:24:
         8e:c9:62:29:75:92:12:ba:af:2c:64:36:f7:78:c0:62:34:4e:
         09:a5:3c:6b:89:a0:a2:e3:48:5b:22:cf:7e:e2:1f:bf:a5:93:
         f5:2c:4d:03:63:fa:93:58:f3:ec:2d:de:3b:ed:e5:4b:77:71:
         24:20:c3:11:bc:86:1d:71:95:a6:46:a6:78:f2:07:10:7a:92:
         a5:85:f5:6a:4a:3c:64:1a:9f:b7:80:70:a3:58:4e:17:2f:3e:
         72:fa:e8:dd:d4:ad:af:99:5c:f3:a2:78:cd:96:b9:76:30:8a:
         31:82:9c:cd:de:c7:8d:75:0a:c4:d2:85:2e:69:fa:d6:a1:54:
         d3:15:bd:7a:66:ba:9d:a0:7e:15:50:da:ea:6a:a4:ae:63:e2:
         83:25:b9:52:ca:cc:59:03:db:44:68:8c:2d:88:80:af:a3:2e:
         21:e7:0f:29
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgIDAYzeMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwNzA5MTQwODM4WhcNMjUwODExMTQwODM4WjAYMRYw
FAYDVQQDEw02ODZlNzdlYi1iNWU1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAooPFlR9q02hzNzmoUpKZe7xy1afkpks9NJKeBbWJ/9p1zBl0LYyldK3J
287oU6ZBIM2LlwX+nBVeW9ZnVCecUiSpj1TtUVUrzYSektZ/f5OVCg4hJxJaINs4
msdEKbaDSpru7zRTliza5kf1X9ccOqitaAa9tEXD86VuyNPocTvdfckcZNN/gyk4
ojmlFhiUQHZfOg/UfSvSz+ocCwvyq6XBllq/nk0emgATZutPIqLrZbtPY4hgGvAV
U5YeJXWzBSQlOIWd+7cmBU+1Qh/QUmtMFylJfilwUIVH/2qGTj2Z7oapDi1NnyM0
I0QpXPbgJLqHdNv/JWc/iS5QIhHsDQIDAQABo4ICqzCCAqcwHQYDVR0OBBYEFEKF
aLB4C6BW1IvEyQTfvy85PfB7MB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC8zODQzNzlFODVDQ0UxMUYwODlBNEVFN0ZEQUU0RUM5Qy5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBmsU8AwQBmsVWMA0GCSqG
SIb3DQEBCwUAA4IBAQDT8evvyQtUdi9is0QwwSOKEuHN9YrpfGet6QIhcYlECsM1
sXd2Puu1Uhufv6OL1kq+LcXwhO63e1fmNJopoyaieQdC123s81SG20wLRd8sddeK
1Hb9TfvF2ySOyWIpdZISuq8sZDb3eMBiNE4JpTxriaCi40hbIs9+4h+/pZP1LE0D
Y/qTWPPsLd477eVLd3EkIMMRvIYdcZWmRqZ48gcQepKlhfVqSjxkGp+3gHCjWE4X
Lz5y+ujd1K2vmVzzonjNlrl2MIoxgpzN3seNdQrE0oUuafrWoVTTFb16ZrqdoH4V
UNrqaqSuY+KDJblSysxZA9tEaIwtiICvoy4h5w8p
-----END CERTIFICATE-----
Generated at Mon Jul 21 02:38:28 2025 by rpki-client