Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3651254/A1B323EE033511E6A6751974F8AEA228/6DFD15BE3F8511F0974E7BE1DAE4EC9C.roa
File:                     6DFD15BE3F8511F0974E7BE1DAE4EC9C.roa (raw, json)
Hash identifier:          Ke1aAoCozf92JPxbLuUxqgw/4bqlIdHTVHCl35J75Kc=
Subject key identifier:   45:59:59:FC:0D:5B:B7:7F:19:3A:92:29:09:BB:BB:B9:4F:FE:A3:6E
Certificate issuer:       /CN=F3651254AF/serialNumber=E555DD940F3150185D591C2DAAE29F28EAEAF575
Certificate serial:       0D6F
Authority key identifier: E5:55:DD:94:0F:31:50:18:5D:59:1C:2D:AA:E2:9F:28:EA:EA:F5:75
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/5VXdlA8xUBhdWRwtquKfKOrq9XU.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3651254/A1B323EE033511E6A6751974F8AEA228/6DFD15BE3F8511F0974E7BE1DAE4EC9C.roa
Signing time:             Mon 02 Jun 2025 07:44:36 +0000
ROA not before:           Mon 02 Jun 2025 07:44:31 +0000
ROA not after:            Sat 02 Jun 2035 07:44:31 +0000
asID:                     37670
IP address blocks:        154.66.144.0/21 maxlen: 24
                          154.66.145.0/24 maxlen: 24
                          154.66.146.0/24 maxlen: 24
                          154.66.147.0/24 maxlen: 24
                          154.66.148.0/24 maxlen: 24
                          154.66.149.0/24 maxlen: 24
                          154.66.150.0/24 maxlen: 24
                          154.66.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3651254/A1B323EE033511E6A6751974F8AEA228/5VXdlA8xUBhdWRwtquKfKOrq9XU.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3651254/A1B323EE033511E6A6751974F8AEA228/5VXdlA8xUBhdWRwtquKfKOrq9XU.mft
                          rsync://rpki.afrinic.net/repository/afrinic/5VXdlA8xUBhdWRwtquKfKOrq9XU.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Wed 11 Jun 2025 00:06:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3439 (0xd6f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3651254AF, serialNumber=E555DD940F3150185D591C2DAAE29F28EAEAF575
        Validity
            Not Before: Jun  2 07:44:31 2025 GMT
            Not After : Jun  2 07:44:31 2035 GMT
        Subject: CN=683d5664-51d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:52:ef:6c:24:0b:f4:61:ab:b5:b3:df:96:51:
                    22:2c:ae:f5:d1:c6:91:b1:2a:63:8e:8e:87:14:53:
                    7e:43:b6:94:ef:3c:17:f0:6d:8e:d5:62:19:bc:4a:
                    ec:83:18:b8:3e:3b:56:43:f4:bf:3a:7c:2d:ec:f7:
                    31:a3:54:42:72:47:6c:2a:64:b5:f8:0a:10:84:92:
                    f4:a1:47:59:05:73:2f:20:2f:33:52:0f:ce:e1:eb:
                    6b:4a:d7:39:66:be:e8:d9:fa:d7:38:cd:54:d1:cc:
                    40:ba:42:06:c3:9f:4f:98:e1:47:e9:6d:52:31:ae:
                    d7:26:35:fb:94:44:e2:88:6c:be:32:93:2f:55:1d:
                    fb:b8:41:56:dc:03:25:38:6e:7f:a0:46:c2:16:e7:
                    6e:a4:7b:c5:ab:f2:2a:d7:61:07:c5:04:fb:d6:1c:
                    37:cc:1a:b1:95:1d:18:f2:83:67:ca:04:64:65:b6:
                    9c:35:41:6d:6b:eb:96:45:37:dd:09:61:1a:77:36:
                    3f:6c:dc:7a:38:7e:4e:02:3b:c3:c2:43:0c:40:4e:
                    fa:73:13:a0:15:b3:da:17:bc:f4:95:76:d6:9f:95:
                    80:59:b7:35:21:32:31:4a:ea:d2:24:33:78:d6:a0:
                    09:b5:68:31:bf:24:9f:0c:ca:02:5f:7d:76:81:08:
                    89:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:59:59:FC:0D:5B:B7:7F:19:3A:92:29:09:BB:BB:B9:4F:FE:A3:6E
            X509v3 Authority Key Identifier:
                keyid:E5:55:DD:94:0F:31:50:18:5D:59:1C:2D:AA:E2:9F:28:EA:EA:F5:75

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3651254/A1B323EE033511E6A6751974F8AEA228/5VXdlA8xUBhdWRwtquKfKOrq9XU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/5VXdlA8xUBhdWRwtquKfKOrq9XU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3651254/A1B323EE033511E6A6751974F8AEA228/6DFD15BE3F8511F0974E7BE1DAE4EC9C.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.66.144.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1b:46:6f:37:93:07:8c:64:01:96:be:92:c1:2e:6c:b8:77:c4:
         8d:09:b2:d1:f7:1d:dd:82:47:3a:ca:67:1a:db:16:9f:52:99:
         76:fb:a0:8e:71:09:12:7f:e9:25:bb:ec:5c:fd:8d:fa:0a:4a:
         39:ed:40:28:41:fe:79:d9:5e:19:aa:34:fb:78:79:6d:78:92:
         fe:f2:55:a4:4a:21:24:32:1d:32:c9:11:b5:d6:94:15:00:fa:
         9b:36:87:1a:d3:64:8e:e6:85:d0:b6:39:d3:24:01:e5:e9:12:
         86:6d:88:8f:cf:6f:37:b4:59:fe:d6:21:7f:b3:4b:92:d6:11:
         a5:b1:0c:12:37:82:86:1f:02:c7:da:18:f1:3d:e6:69:58:10:
         67:da:d2:ef:44:84:7d:f8:e6:7d:23:7f:dc:5c:43:e7:a8:a5:
         0e:88:21:dd:09:77:f6:81:5a:49:80:f5:d6:bd:ec:bb:8d:ef:
         0c:2a:da:cf:c0:4a:0b:60:e8:81:a7:16:31:e0:63:71:27:02:
         dd:5b:53:86:22:78:9b:b3:45:7e:c0:b7:20:ba:43:38:d7:94:
         35:91:5d:57:b0:76:bc:f5:8f:9a:94:60:c6:70:5b:10:e1:3e:
         c7:c2:1c:98:6e:ae:8d:b0:29:a5:3b:07:fe:d1:ee:13:68:f7:
         a2:a5:ca:e0
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICDW8wDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
NTEyNTRBRjExMC8GA1UEBRMoRTU1NUREOTQwRjMxNTAxODVENTkxQzJEQUFFMjlG
MjhFQUVBRjU3NTAeFw0yNTA2MDIwNzQ0MzFaFw0zNTA2MDIwNzQ0MzFaMBgxFjAU
BgNVBAMTDTY4M2Q1NjY0LTUxZDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC1Uu9sJAv0Yau1s9+WUSIsrvXRxpGxKmOOjocUU35DtpTvPBfwbY7VYhm8
SuyDGLg+O1ZD9L86fC3s9zGjVEJyR2wqZLX4ChCEkvShR1kFcy8gLzNSD87h62tK
1zlmvujZ+tc4zVTRzEC6QgbDn0+Y4UfpbVIxrtcmNfuUROKIbL4yky9VHfu4QVbc
AyU4bn+gRsIW526ke8Wr8irXYQfFBPvWHDfMGrGVHRjyg2fKBGRltpw1QW1r65ZF
N90JYRp3Nj9s3Ho4fk4CO8PCQwxATvpzE6AVs9oXvPSVdtaflYBZtzUhMjFK6tIk
M3jWoAm1aDG/JJ8MygJffXaBCIkPAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQURVlZ
/A1bt38ZOpIpCbu7uU/+o24wHwYDVR0jBBgwFoAU5VXdlA8xUBhdWRwtquKfKOrq
9XUwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjUxMjU0L0ExQjMyM0VFMDMzNTExRTZBNjc1MTk3NEY4QUVBMjI4LzVWWGRs
QTh4VUJoZFdSd3RxdUtmS09ycTlYVS5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljLzVWWGRsQTh4VUJoZFdSd3RxdUtmS09ycTlYVS5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjUxMjU0L0ExQjMyM0VFMDMzNTExRTZBNjc1MTk3NEY4
QUVBMjI4LzZERkQxNUJFM0Y4NTExRjA5NzRFN0JFMURBRTRFQzlDLnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAOaQpAwDQYJKoZIhvcNAQEL
BQADggEBABtGbzeTB4xkAZa+ksEubLh3xI0JstH3Hd2CRzrKZxrbFp9SmXb7oI5x
CRJ/6SW77Fz9jfoKSjntQChB/nnZXhmqNPt4eW14kv7yVaRKISQyHTLJEbXWlBUA
+ps2hxrTZI7mhdC2OdMkAeXpEoZtiI/Pbze0Wf7WIX+zS5LWEaWxDBI3goYfAsfa
GPE95mlYEGfa0u9EhH345n0jf9xcQ+eopQ6IId0Jd/aBWkmA9da97LuN7wwq2s/A
Sgtg6IGnFjHgY3EnAt1bU4YieJuzRX7AtyC6QzjXlDWRXVewdrz1j5qUYMZwWxDh
PsfCHJhuro2wKaU7B/7R7hNo96KlyuA=
-----END CERTIFICATE-----
Generated at Mon Jun 9 12:36:06 2025 by rpki-client