Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3671347/253D17E4818D11F09A3553D5DAE4EC9C/876C9056823811F0AD50BEB6DAE4EC9C.roa
File:                     876C9056823811F0AD50BEB6DAE4EC9C.roa (raw, json)
Hash identifier:          FmjhNEZbCZYUjiXuK/jj96puYqt9Q9f9SSixXv/v/IY=
Subject key identifier:   E9:8D:E6:FD:0E:68:C8:BE:15:31:7B:11:5C:73:9F:29:0C:2E:B5:1A
Certificate issuer:       /CN=F3671347AF/serialNumber=3128B1596F1DA0AA6CEDCFC99DEC8E1D628489E5
Certificate serial:       0E
Authority key identifier: 31:28:B1:59:6F:1D:A0:AA:6C:ED:CF:C9:9D:EC:8E:1D:62:84:89:E5
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/MSixWW8doKps7c_JneyOHWKEieU.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3671347/253D17E4818D11F09A3553D5DAE4EC9C/876C9056823811F0AD50BEB6DAE4EC9C.roa
Signing time:             Tue 26 Aug 2025 04:52:55 +0000
ROA not before:           Tue 26 Aug 2025 04:52:51 +0000
ROA not after:            Thu 31 Aug 2045 04:52:51 +0000
asID:                     36983
IP address blocks:        41.222.104.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3671347/253D17E4818D11F09A3553D5DAE4EC9C/MSixWW8doKps7c_JneyOHWKEieU.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3671347/253D17E4818D11F09A3553D5DAE4EC9C/MSixWW8doKps7c_JneyOHWKEieU.mft
                          rsync://rpki.afrinic.net/repository/afrinic/MSixWW8doKps7c_JneyOHWKEieU.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Fri 19 Sep 2025 05:13:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14 (0xe)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3671347AF, serialNumber=3128B1596F1DA0AA6CEDCFC99DEC8E1D628489E5
        Validity
            Not Before: Aug 26 04:52:51 2025 GMT
            Not After : Aug 31 04:52:51 2045 GMT
        Subject: CN=68ad3da7-2f59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:01:34:0f:2f:5e:e4:8d:c5:e9:88:0e:0b:5b:
                    03:d5:cd:8a:fa:80:2d:c3:b5:02:ad:9b:42:be:d0:
                    16:1c:6a:bb:57:32:c7:12:af:24:1c:9e:50:a6:59:
                    b0:00:5d:af:09:71:e4:6a:bc:43:4c:ad:10:3e:92:
                    0f:a2:35:47:83:f8:6b:1d:70:9c:e6:67:2e:d3:c0:
                    5b:cf:88:6d:72:fd:ea:32:e3:82:90:03:ce:74:03:
                    5b:4e:a6:8e:d1:ba:1d:e4:7b:f1:ea:32:1d:e6:3d:
                    17:0d:c6:9b:28:6e:0d:21:99:b1:96:51:f2:7a:e3:
                    cc:c0:62:ff:c8:3b:b5:e3:08:63:88:b9:f1:3b:85:
                    15:38:79:22:c3:78:1f:98:10:98:32:22:ed:ab:87:
                    25:86:b3:4e:51:b4:33:1b:59:3e:16:d8:9e:f3:95:
                    6f:05:05:79:23:24:9d:13:07:c5:c1:a8:d8:70:49:
                    a2:78:bf:7b:c8:09:6f:02:68:e4:38:bd:bb:1f:63:
                    90:87:85:d8:e2:65:80:6a:29:10:d6:0d:a2:5c:43:
                    f5:f1:d9:15:f4:f9:13:6d:a3:03:c2:56:cb:58:70:
                    63:5d:23:3e:cb:36:70:b5:1a:7d:4e:3d:4a:43:91:
                    fe:ba:29:ee:f8:e6:63:d0:e4:f4:7a:67:bf:6a:98:
                    da:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:8D:E6:FD:0E:68:C8:BE:15:31:7B:11:5C:73:9F:29:0C:2E:B5:1A
            X509v3 Authority Key Identifier:
                keyid:31:28:B1:59:6F:1D:A0:AA:6C:ED:CF:C9:9D:EC:8E:1D:62:84:89:E5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3671347/253D17E4818D11F09A3553D5DAE4EC9C/MSixWW8doKps7c_JneyOHWKEieU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/MSixWW8doKps7c_JneyOHWKEieU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3671347/253D17E4818D11F09A3553D5DAE4EC9C/876C9056823811F0AD50BEB6DAE4EC9C.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  41.222.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5c:b3:b8:c3:3f:af:9f:44:a8:b7:e2:d1:18:b3:d9:07:99:d8:
         43:d1:9b:3d:0c:e6:34:6b:70:32:20:5c:6d:63:4b:2d:d1:8e:
         61:c5:aa:4f:7f:74:46:d4:17:47:8d:98:07:0f:54:e5:dd:bb:
         d2:b0:be:b4:3b:2a:5c:e4:38:4b:51:46:d2:a8:fc:29:96:cd:
         aa:9d:f6:08:59:ff:4f:73:24:ab:13:42:5f:80:67:7a:e7:85:
         8c:51:5f:fe:f4:bb:89:c3:30:38:84:e8:a3:ee:eb:0f:48:6b:
         f6:61:40:0b:dc:7b:e8:e5:c0:e9:c8:af:44:d3:34:20:74:9e:
         e1:32:11:d8:25:7f:ed:3e:d8:06:95:7a:31:1c:2c:7e:72:22:
         02:0d:14:6b:b1:e8:e7:17:a6:b8:5b:9e:66:19:f6:a7:dd:9f:
         e0:69:12:29:77:37:5f:67:77:29:99:51:34:54:2b:9b:37:14:
         51:02:8d:1a:8b:40:71:9d:a2:cb:81:9d:2d:46:87:90:b9:a7:
         82:0d:00:ef:b0:91:9b:15:0b:31:c4:67:e6:99:6f:ae:a1:cc:
         7b:3f:be:81:77:6f:f9:c9:ec:57:9f:b9:7f:e7:bb:4e:33:9f:
         58:e3:3d:68:1b:85:20:13:27:65:77:a4:6c:f7:c8:0c:c1:62:
         bc:b0:c9:87
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBDjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzY3
MTM0N0FGMTEwLwYDVQQFEygzMTI4QjE1OTZGMURBMEFBNkNFRENGQzk5REVDOEUx
RDYyODQ4OUU1MB4XDTI1MDgyNjA0NTI1MVoXDTQ1MDgzMTA0NTI1MVowGDEWMBQG
A1UEAxMNNjhhZDNkYTctMmY1OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANQBNA8vXuSNxemIDgtbA9XNivqALcO1Aq2bQr7QFhxqu1cyxxKvJByeUKZZ
sABdrwlx5Gq8Q0ytED6SD6I1R4P4ax1wnOZnLtPAW8+IbXL96jLjgpADznQDW06m
jtG6HeR78eoyHeY9Fw3GmyhuDSGZsZZR8nrjzMBi/8g7teMIY4i58TuFFTh5IsN4
H5gQmDIi7auHJYazTlG0MxtZPhbYnvOVbwUFeSMknRMHxcGo2HBJoni/e8gJbwJo
5Di9ux9jkIeF2OJlgGopENYNolxD9fHZFfT5E22jA8JWy1hwY10jPss2cLUafU49
SkOR/rop7vjmY9Dk9Hpnv2qY2l0CAwEAAaOCAqUwggKhMB0GA1UdDgQWBBTpjeb9
DmjIvhUxexFcc58pDC61GjAfBgNVHSMEGDAWgBQxKLFZbx2gqmztz8md7I4dYoSJ
5TAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2NzEzNDcvMjUzRDE3RTQ4MThEMTFGMDlBMzU1M0Q1REFFNEVDOUMvTVNpeFdX
OGRvS3BzN2NfSm5leU9IV0tFaWVVLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvTVNpeFdXOGRvS3BzN2NfSm5leU9IV0tFaWVVLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2NzEzNDcvMjUzRDE3RTQ4MThEMTFGMDlBMzU1M0Q1REFF
NEVDOUMvODc2QzkwNTY4MjM4MTFGMEFENTBCRUI2REFFNEVDOUMucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAineaDANBgkqhkiG9w0BAQsF
AAOCAQEAXLO4wz+vn0Sot+LRGLPZB5nYQ9GbPQzmNGtwMiBcbWNLLdGOYcWqT390
RtQXR42YBw9U5d270rC+tDsqXOQ4S1FG0qj8KZbNqp32CFn/T3MkqxNCX4BneueF
jFFf/vS7icMwOIToo+7rD0hr9mFAC9x76OXA6civRNM0IHSe4TIR2CV/7T7YBpV6
MRwsfnIiAg0Ua7Ho5xemuFueZhn2p92f4GkSKXc3X2d3KZlRNFQrmzcUUQKNGotA
cZ2iy4GdLUaHkLmngg0A77CRmxULMcRn5plvrqHMez++gXdv+cnsV5+5f+e7TjOf
WOM9aBuFIBMnZXekbPfIDMFivLDJhw==
-----END CERTIFICATE-----