Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3671347/253D17E4818D11F09A3553D5DAE4EC9C/A40FA8E0831611F099BCE1E6DAE4EC9C.roa
File:                     A40FA8E0831611F099BCE1E6DAE4EC9C.roa (raw, json)
Hash identifier:          IUydHjwonzzPSVQdQWsBCOTf4qdbBgAkGlNb6MeI1fQ=
Subject key identifier:   26:9D:FE:65:DA:D1:EC:D4:43:7B:67:DA:5F:6B:4F:83:04:FE:15:68
Certificate issuer:       /CN=F3671347AF/serialNumber=3128B1596F1DA0AA6CEDCFC99DEC8E1D628489E5
Certificate serial:       14
Authority key identifier: 31:28:B1:59:6F:1D:A0:AA:6C:ED:CF:C9:9D:EC:8E:1D:62:84:89:E5
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/MSixWW8doKps7c_JneyOHWKEieU.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3671347/253D17E4818D11F09A3553D5DAE4EC9C/A40FA8E0831611F099BCE1E6DAE4EC9C.roa
Signing time:             Wed 27 Aug 2025 07:22:52 +0000
ROA not before:           Wed 27 Aug 2025 07:22:47 +0000
ROA not after:            Thu 31 Aug 2045 07:22:47 +0000
asID:                     36983
IP address blocks:        41.222.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3671347/253D17E4818D11F09A3553D5DAE4EC9C/MSixWW8doKps7c_JneyOHWKEieU.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3671347/253D17E4818D11F09A3553D5DAE4EC9C/MSixWW8doKps7c_JneyOHWKEieU.mft
                          rsync://rpki.afrinic.net/repository/afrinic/MSixWW8doKps7c_JneyOHWKEieU.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Fri 19 Sep 2025 05:13:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 20 (0x14)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3671347AF, serialNumber=3128B1596F1DA0AA6CEDCFC99DEC8E1D628489E5
        Validity
            Not Before: Aug 27 07:22:47 2025 GMT
            Not After : Aug 31 07:22:47 2045 GMT
        Subject: CN=68aeb24c-3ebc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:3c:a3:30:d9:d1:0b:ab:d2:69:ce:d1:c1:ea:
                    b5:5f:ca:86:a9:41:6e:c3:95:90:a1:65:04:52:61:
                    17:41:7b:8a:5b:99:c3:e0:12:fb:91:f9:8e:d1:1e:
                    a1:b1:ee:93:fc:f2:3d:57:21:78:28:21:aa:aa:cf:
                    a0:0d:5f:e3:80:77:17:81:f0:83:d0:6f:35:e5:9c:
                    ee:60:73:7d:81:0d:45:2a:c9:6f:e1:a2:cf:7a:b9:
                    d5:36:7e:3a:93:d4:dd:e4:8e:59:2e:73:af:81:89:
                    79:40:96:25:f0:c8:95:1b:e2:7b:7d:f1:4c:df:29:
                    b3:1a:55:41:8f:7d:7e:42:f8:a8:71:ad:9f:77:6d:
                    24:83:70:95:fd:cb:5c:e7:13:ea:ab:62:96:44:a5:
                    2b:d9:1b:eb:99:ef:c7:d0:b8:3e:b6:25:b8:63:49:
                    1a:64:9a:ad:01:57:86:e5:16:18:18:07:02:f6:b4:
                    fb:6d:d2:98:c4:65:61:0b:db:2c:a6:f3:c9:cb:0e:
                    69:55:38:86:d4:41:15:fc:11:a0:ac:89:89:4d:72:
                    23:a8:4d:40:52:2a:7a:9b:b4:99:f8:8c:d4:14:36:
                    b3:72:04:ca:91:f1:65:ff:fb:52:2b:e5:0f:ce:78:
                    08:02:cb:34:ed:96:5a:75:8e:b5:9a:b1:e2:85:0b:
                    46:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:9D:FE:65:DA:D1:EC:D4:43:7B:67:DA:5F:6B:4F:83:04:FE:15:68
            X509v3 Authority Key Identifier:
                keyid:31:28:B1:59:6F:1D:A0:AA:6C:ED:CF:C9:9D:EC:8E:1D:62:84:89:E5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3671347/253D17E4818D11F09A3553D5DAE4EC9C/MSixWW8doKps7c_JneyOHWKEieU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/MSixWW8doKps7c_JneyOHWKEieU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3671347/253D17E4818D11F09A3553D5DAE4EC9C/A40FA8E0831611F099BCE1E6DAE4EC9C.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  41.222.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:15:ca:a0:45:25:ec:8d:d7:50:e3:31:a7:6e:ef:32:65:52:
         ec:a0:98:19:96:7e:3a:27:a2:b3:c2:a3:bc:af:b1:15:ed:48:
         ab:1f:b0:33:c5:0b:f3:7d:58:8f:4a:f1:a9:67:5d:09:c2:9e:
         ee:bf:df:08:91:c9:62:b7:2c:27:35:36:aa:93:6c:ab:b7:8a:
         db:73:01:ae:d2:8e:20:01:7b:da:d1:e3:44:ac:99:2d:73:ca:
         f9:ef:02:cd:46:95:dd:2a:dc:57:db:eb:0a:bb:70:c9:33:a8:
         3d:2c:2b:c9:d6:d9:3e:93:3d:68:1b:41:a7:11:96:a9:da:9f:
         5a:df:94:4d:cf:c8:66:db:3b:6a:b5:94:88:b6:6a:8d:25:f9:
         dd:91:83:ce:26:19:9f:73:ff:d0:5a:17:17:4e:7e:d8:54:fc:
         8c:e8:b5:1b:ad:b8:1c:1d:f3:a6:54:95:91:05:f8:e6:03:e0:
         73:9c:3b:23:f9:d1:06:87:ff:b6:55:6a:cc:e9:50:72:07:37:
         67:83:38:88:42:78:9e:91:38:f9:3f:ec:56:11:a7:b4:bc:c2:
         d9:60:ef:05:d3:2b:09:1f:f0:ce:b6:02:d3:5b:c2:d5:19:3c:
         11:3f:13:9d:0c:18:65:ff:0e:dc:8d:92:bd:e2:53:c0:c7:af:
         ae:e6:7c:14
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBFDANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzY3
MTM0N0FGMTEwLwYDVQQFEygzMTI4QjE1OTZGMURBMEFBNkNFRENGQzk5REVDOEUx
RDYyODQ4OUU1MB4XDTI1MDgyNzA3MjI0N1oXDTQ1MDgzMTA3MjI0N1owGDEWMBQG
A1UEAxMNNjhhZWIyNGMtM2ViYzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOk8ozDZ0Qur0mnO0cHqtV/KhqlBbsOVkKFlBFJhF0F7iluZw+AS+5H5jtEe
obHuk/zyPVcheCghqqrPoA1f44B3F4Hwg9BvNeWc7mBzfYENRSrJb+Giz3q51TZ+
OpPU3eSOWS5zr4GJeUCWJfDIlRvie33xTN8psxpVQY99fkL4qHGtn3dtJINwlf3L
XOcT6qtilkSlK9kb65nvx9C4PrYluGNJGmSarQFXhuUWGBgHAva0+23SmMRlYQvb
LKbzycsOaVU4htRBFfwRoKyJiU1yI6hNQFIqepu0mfiM1BQ2s3IEypHxZf/7Uivl
D854CALLNO2WWnWOtZqx4oULRvcCAwEAAaOCAqUwggKhMB0GA1UdDgQWBBQmnf5l
2tHs1EN7Z9pfa0+DBP4VaDAfBgNVHSMEGDAWgBQxKLFZbx2gqmztz8md7I4dYoSJ
5TAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2NzEzNDcvMjUzRDE3RTQ4MThEMTFGMDlBMzU1M0Q1REFFNEVDOUMvTVNpeFdX
OGRvS3BzN2NfSm5leU9IV0tFaWVVLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvTVNpeFdXOGRvS3BzN2NfSm5leU9IV0tFaWVVLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2NzEzNDcvMjUzRDE3RTQ4MThEMTFGMDlBMzU1M0Q1REFF
NEVDOUMvQTQwRkE4RTA4MzE2MTFGMDk5QkNFMUU2REFFNEVDOUMucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEACneaDANBgkqhkiG9w0BAQsF
AAOCAQEADBXKoEUl7I3XUOMxp27vMmVS7KCYGZZ+Oieis8KjvK+xFe1Iqx+wM8UL
831Yj0rxqWddCcKe7r/fCJHJYrcsJzU2qpNsq7eK23MBrtKOIAF72tHjRKyZLXPK
+e8CzUaV3SrcV9vrCrtwyTOoPSwrydbZPpM9aBtBpxGWqdqfWt+UTc/IZts7arWU
iLZqjSX53ZGDziYZn3P/0FoXF05+2FT8jOi1G624HB3zplSVkQX45gPgc5w7I/nR
Bof/tlVqzOlQcgc3Z4M4iEJ4npE4+T/sVhGntLzC2WDvBdMrCR/wzrYC01vC1Rk8
ET8TnQwYZf8O3I2SveJTwMevruZ8FA==
-----END CERTIFICATE-----