Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3663CEE/1FBC442083BE11EA8A65B730F8AEA228/24B727805CBA11F0A0DBD87DDAE4EC9C.roa
File:                     24B727805CBA11F0A0DBD87DDAE4EC9C.roa (raw, json)
Hash identifier:          URhpC1wmpxyjiKTCACXMGSDga5+OKiFUmrZJhnhMHo0=
Subject key identifier:   9D:C1:6B:A0:F6:81:1D:23:12:51:A0:57:3E:C7:75:3D:09:A4:29:F9
Certificate issuer:       /CN=F3663CEEAF/serialNumber=CB88587527B383916CC0B1D8866653C33431E45D
Certificate serial:       07AF
Authority key identifier: CB:88:58:75:27:B3:83:91:6C:C0:B1:D8:86:66:53:C3:34:31:E4:5D
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/y4hYdSezg5FswLHYhmZTwzQx5F0.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3663CEE/1FBC442083BE11EA8A65B730F8AEA228/24B727805CBA11F0A0DBD87DDAE4EC9C.roa
Signing time:             Wed 09 Jul 2025 11:45:00 +0000
ROA not before:           Wed 09 Jul 2025 11:44:55 +0000
ROA not after:            Sun 06 Nov 2033 11:44:55 +0000
asID:                     327693
IP address blocks:        41.198.128.0/18 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3663CEE/1FBC442083BE11EA8A65B730F8AEA228/y4hYdSezg5FswLHYhmZTwzQx5F0.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3663CEE/1FBC442083BE11EA8A65B730F8AEA228/y4hYdSezg5FswLHYhmZTwzQx5F0.mft
                          rsync://rpki.afrinic.net/repository/afrinic/y4hYdSezg5FswLHYhmZTwzQx5F0.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Tue 29 Jul 2025 00:06:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1967 (0x7af)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3663CEEAF, serialNumber=CB88587527B383916CC0B1D8866653C33431E45D
        Validity
            Not Before: Jul  9 11:44:55 2025 GMT
            Not After : Nov  6 11:44:55 2033 GMT
        Subject: CN=686e563c-82b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:dd:0e:09:73:8f:35:99:d6:cc:f5:85:e5:35:
                    2a:c3:d3:5e:d6:48:2c:22:f9:19:0b:d5:28:03:95:
                    22:37:00:98:e7:0d:5e:ea:0e:9b:7c:b8:80:7b:21:
                    e6:0f:41:e4:2f:10:b8:53:98:42:de:c9:7c:cd:9e:
                    e7:ae:35:04:e6:dc:5e:6f:4c:ab:8a:a4:ef:f8:ff:
                    b9:93:bc:80:f5:cc:18:f2:bd:da:07:00:6f:3a:73:
                    42:c0:1a:b0:24:0f:28:49:a1:78:f0:24:20:53:95:
                    a7:23:4c:18:50:b3:d1:35:f1:d3:26:cd:97:93:72:
                    14:a5:c8:3c:f8:42:45:02:07:70:9a:06:23:69:b7:
                    33:48:05:90:1b:b1:b9:9a:26:37:44:ec:3a:53:5c:
                    bb:63:85:f5:f8:6b:f5:b7:6c:da:b7:cf:e2:45:d4:
                    ed:32:0b:2a:29:75:d7:a7:44:99:8c:29:9a:b6:91:
                    a2:ef:b6:51:5c:18:27:0c:ea:a3:d9:d9:6d:64:d3:
                    01:53:b5:ec:69:b2:03:7f:87:8e:df:aa:7d:42:a3:
                    c7:b2:b2:17:73:4c:83:74:f0:e7:83:5e:32:53:90:
                    4f:14:90:1c:91:35:08:00:e0:dc:55:a1:1c:cb:73:
                    3e:5b:46:ce:51:1b:75:40:11:46:96:a7:e8:4e:8d:
                    f2:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:C1:6B:A0:F6:81:1D:23:12:51:A0:57:3E:C7:75:3D:09:A4:29:F9
            X509v3 Authority Key Identifier:
                keyid:CB:88:58:75:27:B3:83:91:6C:C0:B1:D8:86:66:53:C3:34:31:E4:5D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3663CEE/1FBC442083BE11EA8A65B730F8AEA228/y4hYdSezg5FswLHYhmZTwzQx5F0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/y4hYdSezg5FswLHYhmZTwzQx5F0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3663CEE/1FBC442083BE11EA8A65B730F8AEA228/24B727805CBA11F0A0DBD87DDAE4EC9C.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  41.198.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         78:42:95:9f:cb:8b:93:35:c5:88:3b:62:de:8f:8c:53:d8:59:
         ec:9b:86:e9:14:65:42:18:e8:e6:7c:be:63:56:cd:0f:37:65:
         a6:b3:7c:a6:b3:50:a7:ca:1e:61:12:cb:d4:4c:4d:98:cc:8f:
         33:b7:02:ca:c6:5f:6f:24:35:b4:55:e4:17:54:20:2f:e8:62:
         75:fa:b6:34:a4:40:ec:6c:62:51:56:29:3b:5b:64:c6:ba:a8:
         c8:5d:bc:8f:f7:19:34:a5:e3:47:20:dd:88:a6:3b:10:68:20:
         54:a6:c2:96:ed:57:28:96:f5:be:76:02:85:a3:0f:8d:94:34:
         e2:70:b7:24:fd:da:fd:d1:71:c4:de:35:83:a1:bb:96:17:a9:
         18:24:ef:dc:ba:8f:97:81:4a:31:50:e4:ca:d0:c9:05:f5:54:
         d2:52:c4:77:28:dc:a6:7c:df:c7:95:52:bb:55:df:02:1a:fc:
         f4:bc:f3:5c:d7:82:4d:29:5e:eb:9b:02:ca:39:96:ce:aa:4c:
         7b:c7:fe:cb:be:ab:ef:8c:9a:91:6f:7e:1d:2c:55:67:34:24:
         32:5f:8e:11:34:c6:9f:ae:25:44:f8:55:51:fd:68:88:89:03:
         2e:76:7b:f3:ff:84:00:a3:37:8a:66:84:90:01:67:7b:38:88:
         8a:b1:f8:27
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICB68wDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
NjNDRUVBRjExMC8GA1UEBRMoQ0I4ODU4NzUyN0IzODM5MTZDQzBCMUQ4ODY2NjUz
QzMzNDMxRTQ1RDAeFw0yNTA3MDkxMTQ0NTVaFw0zMzExMDYxMTQ0NTVaMBgxFjAU
BgNVBAMTDTY4NmU1NjNjLTgyYjUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDA3Q4Jc481mdbM9YXlNSrD017WSCwi+RkL1SgDlSI3AJjnDV7qDpt8uIB7
IeYPQeQvELhTmELeyXzNnueuNQTm3F5vTKuKpO/4/7mTvID1zBjyvdoHAG86c0LA
GrAkDyhJoXjwJCBTlacjTBhQs9E18dMmzZeTchSlyDz4QkUCB3CaBiNptzNIBZAb
sbmaJjdE7DpTXLtjhfX4a/W3bNq3z+JF1O0yCyopddenRJmMKZq2kaLvtlFcGCcM
6qPZ2W1k0wFTtexpsgN/h47fqn1Co8eyshdzTIN08OeDXjJTkE8UkByRNQgA4NxV
oRzLcz5bRs5RG3VAEUaWp+hOjfIlAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQUncFr
oPaBHSMSUaBXPsd1PQmkKfkwHwYDVR0jBBgwFoAUy4hYdSezg5FswLHYhmZTwzQx
5F0wDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjYzQ0VFLzFGQkM0NDIwODNCRTExRUE4QTY1QjczMEY4QUVBMjI4L3k0aFlk
U2V6ZzVGc3dMSFlobVpUd3pReDVGMC5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL3k0aFlkU2V6ZzVGc3dMSFlobVpUd3pReDVGMC5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjYzQ0VFLzFGQkM0NDIwODNCRTExRUE4QTY1QjczMEY4
QUVBMjI4LzI0QjcyNzgwNUNCQTExRjBBMERCRDg3RERBRTRFQzlDLnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAYpxoAwDQYJKoZIhvcNAQEL
BQADggEBAHhClZ/Li5M1xYg7Yt6PjFPYWeybhukUZUIY6OZ8vmNWzQ83ZaazfKaz
UKfKHmESy9RMTZjMjzO3AsrGX28kNbRV5BdUIC/oYnX6tjSkQOxsYlFWKTtbZMa6
qMhdvI/3GTSl40cg3YimOxBoIFSmwpbtVyiW9b52AoWjD42UNOJwtyT92v3RccTe
NYOhu5YXqRgk79y6j5eBSjFQ5MrQyQX1VNJSxHco3KZ838eVUrtV3wIa/PS881zX
gk0pXuubAso5ls6qTHvH/su+q++MmpFvfh0sVWc0JDJfjhE0xp+uJUT4VVH9aIiJ
Ay52e/P/hACjN4pmhJABZ3s4iIqx+Cc=
-----END CERTIFICATE-----