Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/268D1FCCBEF011F0BF5D1D9BDAE4EC9C.roa
File:                     268D1FCCBEF011F0BF5D1D9BDAE4EC9C.roa (raw, json)
Hash identifier:          hx3iUatfgGu+3sKIeBplRZdc7566jymv4eZSaAFfSr4=
Subject key identifier:   8C:8E:1A:E0:C2:65:E4:15:46:38:1C:B0:3B:82:49:E7:30:16:2B:D0
Certificate issuer:       /CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
Certificate serial:       1C9E
Authority key identifier: 09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/268D1FCCBEF011F0BF5D1D9BDAE4EC9C.roa
Signing time:             Tue 11 Nov 2025 11:18:30 +0000
ROA not before:           Tue 11 Nov 2025 11:18:25 +0000
ROA not after:            Sat 06 Nov 2027 11:18:25 +0000
asID:                     834
IP address blocks:        154.16.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.mft
                          rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 16 Nov 2025 00:06:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7326 (0x1c9e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3682B65AF, serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
        Validity
            Not Before: Nov 11 11:18:25 2025 GMT
            Not After : Nov  6 11:18:25 2027 GMT
        Subject: CN=69131b86-1b52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:81:fa:c4:8a:1c:9c:cb:f4:a8:8d:a9:7f:b2:
                    c0:77:24:c8:fe:ba:5e:80:29:72:9b:3b:c1:92:e8:
                    f0:08:cb:09:1d:37:30:75:04:f9:38:cc:8f:ca:c6:
                    12:6d:3b:2b:ed:c6:e4:b6:e7:a6:51:a5:c1:43:1e:
                    d0:57:60:a3:0a:4b:85:c8:aa:26:bb:ee:2a:45:bb:
                    fd:ec:55:95:4a:84:5e:30:a8:b3:17:5c:27:07:40:
                    46:6a:46:ba:5c:ee:b8:98:d8:c8:32:7c:51:b0:17:
                    9b:1a:58:9b:54:31:47:d6:ec:60:29:75:73:e6:e9:
                    02:70:ba:eb:38:66:dc:a6:78:bd:c4:0a:c2:37:5c:
                    72:67:78:41:12:53:86:eb:d4:c9:6e:01:de:6b:51:
                    97:c5:75:8f:e3:7c:b2:26:ca:a3:b6:5d:35:b9:13:
                    69:bb:46:ca:06:ce:db:56:bb:66:d6:a4:ab:1b:d0:
                    13:77:c8:a9:32:1c:fc:6e:3d:4e:4d:c4:cd:88:22:
                    ae:fb:37:c7:93:86:b1:4c:e9:d8:60:de:55:0a:42:
                    7e:f4:d8:a9:55:bd:45:3a:aa:6d:ba:dc:f5:7c:f9:
                    c2:21:9c:91:9c:e5:40:37:39:80:a5:f7:d6:ff:e4:
                    64:35:31:cc:c0:0c:ad:e5:81:fa:a5:4a:43:ce:bd:
                    4f:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:8E:1A:E0:C2:65:E4:15:46:38:1C:B0:3B:82:49:E7:30:16:2B:D0
            X509v3 Authority Key Identifier:
                keyid:09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/268D1FCCBEF011F0BF5D1D9BDAE4EC9C.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.16.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:40:0f:ed:ce:f6:75:7c:2d:1d:ea:c9:d5:87:a9:03:40:4b:
         f2:a3:39:92:b1:9b:96:08:59:22:74:51:f4:5a:f2:0e:19:13:
         2d:2e:3b:da:68:50:69:74:33:41:2e:a8:17:43:84:0f:b8:4c:
         d4:81:2e:67:16:e2:0f:6a:1c:f4:a7:f6:23:63:fa:b7:1f:dc:
         f5:9f:58:7d:fb:5b:6a:34:d0:a3:e1:a0:c3:d3:b4:d5:1a:87:
         ab:f8:d9:17:54:86:74:e5:b0:2a:b0:c6:fa:81:85:69:fe:a3:
         1f:82:b4:9f:73:b6:f8:3f:37:90:f4:7a:1b:f7:5d:12:e6:bb:
         e9:50:07:f9:ef:81:a5:92:b8:2b:4d:74:2e:35:c1:f4:08:7c:
         60:c0:53:7d:1f:e0:88:d6:7a:ad:39:2e:e8:ed:5a:aa:fe:e3:
         c0:5f:c1:16:ed:7f:5e:fc:a1:97:c9:96:f7:1e:0e:89:27:d5:
         8c:69:84:7f:7d:ab:4d:77:32:5d:5b:a9:9f:0c:f6:fd:53:6b:
         e1:02:cd:f2:14:d4:db:a5:83:4c:ae:86:c8:7b:2a:ea:63:51:
         aa:24:e4:f0:27:15:99:3f:15:ea:85:40:0c:8c:61:49:99:27:
         61:65:b2:3b:95:92:fa:bc:d9:fe:ae:e5:9e:ea:fc:7e:00:f9:
         d1:f9:99:0c
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICHJ4wDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
ODJCNjVBRjExMC8GA1UEBRMoMDk0MEU2MzgyODMzMzZERTVDOEM1QTQwQTRDMjNC
MzRGM0Y5Q0E1MzAeFw0yNTExMTExMTE4MjVaFw0yNzExMDYxMTE4MjVaMBgxFjAU
BgNVBAMTDTY5MTMxYjg2LTFiNTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDOgfrEihycy/Sojal/ssB3JMj+ul6AKXKbO8GS6PAIywkdNzB1BPk4zI/K
xhJtOyvtxuS256ZRpcFDHtBXYKMKS4XIqia77ipFu/3sVZVKhF4wqLMXXCcHQEZq
Rrpc7riY2MgyfFGwF5saWJtUMUfW7GApdXPm6QJwuus4ZtymeL3ECsI3XHJneEES
U4br1MluAd5rUZfFdY/jfLImyqO2XTW5E2m7RsoGzttWu2bWpKsb0BN3yKkyHPxu
PU5NxM2IIq77N8eThrFM6dhg3lUKQn702KlVvUU6qm263PV8+cIhnJGc5UA3OYCl
99b/5GQ1MczADK3lgfqlSkPOvU/rAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQUjI4a
4MJl5BVGOBywO4JJ5zAWK9AwHwYDVR0jBBgwFoAUCUDmOCgzNt5cjFpApMI7NPP5
ylMwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4QUVBMjI4L0NVRG1P
Q2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL0NVRG1PQ2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4
QUVBMjI4LzI2OEQxRkNDQkVGMDExRjBCRjVEMUQ5QkRBRTRFQzlDLnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACaEM8wDQYJKoZIhvcNAQEL
BQADggEBAF9AD+3O9nV8LR3qydWHqQNAS/KjOZKxm5YIWSJ0UfRa8g4ZEy0uO9po
UGl0M0EuqBdDhA+4TNSBLmcW4g9qHPSn9iNj+rcf3PWfWH37W2o00KPhoMPTtNUa
h6v42RdUhnTlsCqwxvqBhWn+ox+CtJ9ztvg/N5D0ehv3XRLmu+lQB/nvgaWSuCtN
dC41wfQIfGDAU30f4IjWeq05LujtWqr+48BfwRbtf178oZfJlvceDokn1YxphH99
q013Ml1bqZ8M9v1Ta+ECzfIU1Nulg0yuhsh7KupjUaok5PAnFZk/FeqFQAyMYUmZ
J2FlsjuVkvq82f6u5Z7q/H4A+dH5mQw=
-----END CERTIFICATE-----