Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/00AF2DDCCDC311EF882EB28C762E951A.roa
File:                     00AF2DDCCDC311EF882EB28C762E951A.roa (raw, json)
Hash identifier:          480TDe/VpyQ4QrLtg9SuZyQpzKhZJ/kTDq13c8tEbhQ=
Subject key identifier:   C9:E7:8D:13:E0:25:D4:E6:53:C8:75:D8:89:71:5F:32:E6:08:C6:39
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       013722
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/00AF2DDCCDC311EF882EB28C762E951A.roa
Signing time:             Wed 08 Jan 2025 13:18:09 +0000
ROA not before:           Wed 08 Jan 2025 13:18:05 +0000
ROA not after:            Tue 16 Dec 2025 13:18:05 +0000
asID:                     984
IP address blocks:        154.200.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 06 Apr 2025 00:06:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 79650 (0x13722)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF
        Validity
            Not Before: Jan  8 13:18:05 2025 GMT
            Not After : Dec 16 13:18:05 2025 GMT
        Subject: CN=677e7b10-adc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:21:76:95:18:d6:c6:d1:db:44:f5:9c:8c:03:
                    e3:b8:51:74:2c:80:dd:7b:ae:62:8c:0c:8f:2f:1c:
                    d1:e5:92:7a:d0:11:36:4b:a4:2a:b1:09:89:31:12:
                    39:4a:ae:3a:ed:01:f4:42:9f:93:90:d8:c1:e3:e4:
                    10:42:13:e9:88:d2:c0:86:e4:34:73:31:06:82:fb:
                    02:62:3c:63:c1:62:e7:5e:3d:2a:66:7e:64:9e:3e:
                    35:8c:00:29:f0:5c:5b:d9:4e:d2:63:0f:ce:8a:9a:
                    69:92:46:d1:d9:67:ee:87:4e:a9:9b:a3:94:86:3f:
                    9b:2a:c6:43:78:cc:3f:0d:ca:e3:16:a2:b0:e3:01:
                    9b:6d:04:1e:84:8a:72:af:e4:9c:0e:06:b7:87:10:
                    9f:82:ad:d8:a5:f2:48:47:ff:3a:e5:1c:8b:8c:96:
                    9e:21:28:90:4a:74:9f:f3:54:52:37:81:4b:3d:37:
                    44:c3:27:3e:30:2d:a2:ab:b5:39:d2:5f:fc:84:be:
                    41:4a:cf:96:68:95:e3:17:02:3f:48:19:47:14:a5:
                    59:fa:b3:8f:87:f7:fa:fe:6a:55:d3:0e:d8:cd:ac:
                    8f:08:c4:f8:11:0b:85:6c:39:3f:6d:14:c6:f8:3e:
                    f3:9d:99:01:1f:ea:44:17:6a:fc:47:eb:c2:49:1b:
                    69:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:E7:8D:13:E0:25:D4:E6:53:C8:75:D8:89:71:5F:32:E6:08:C6:39
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/00AF2DDCCDC311EF882EB28C762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.200.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:91:6d:01:48:3e:18:33:d3:52:51:ef:2d:cf:36:d6:32:e6:
         2b:74:00:46:e0:75:93:94:aa:c4:69:bb:3f:7f:1e:5e:af:e7:
         96:cf:2a:ac:68:66:8b:68:68:a2:ad:83:00:2d:56:14:13:6e:
         83:9f:3e:1a:9a:d8:64:b1:c9:d5:bc:fe:05:27:2e:52:53:e7:
         e1:1a:c8:97:ca:f1:7d:36:c1:36:60:c6:83:a0:77:4d:3d:94:
         1a:e0:43:7c:cf:36:76:7b:54:77:a3:81:48:f1:90:83:cf:04:
         55:2c:3e:76:e0:a2:39:1e:3d:33:42:ea:13:13:43:ae:22:8c:
         fd:32:a3:84:15:07:a3:87:17:f9:18:07:72:10:a4:34:47:5d:
         57:60:ef:d2:c3:7c:ba:63:85:d9:0a:5a:8a:6e:a8:9d:bc:e5:
         73:92:b7:66:2d:cc:6d:6b:13:21:6c:e2:fd:05:7d:28:d3:86:
         83:37:62:e1:e3:f3:b0:ee:dd:18:73:1c:db:10:dd:83:8a:79:
         d5:a6:98:2d:cc:f8:01:0a:ca:8e:7e:c8:c6:51:5b:9f:ef:7a:
         61:7d:43:f3:5b:9c:7b:a7:b4:dc:3a:71:9f:5b:83:9b:8f:3c:
         d3:69:96:4c:6c:33:a4:fe:66:17:10:fd:bd:67:02:64:f0:26:
         3b:c4:04:c8
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDATciMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwMTA4MTMxODA1WhcNMjUxMjE2MTMxODA1WjAYMRYw
FAYDVQQDEw02NzdlN2IxMC1hZGM4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAmyF2lRjWxtHbRPWcjAPjuFF0LIDde65ijAyPLxzR5ZJ60BE2S6QqsQmJ
MRI5Sq467QH0Qp+TkNjB4+QQQhPpiNLAhuQ0czEGgvsCYjxjwWLnXj0qZn5knj41
jAAp8Fxb2U7SYw/OipppkkbR2Wfuh06pm6OUhj+bKsZDeMw/DcrjFqKw4wGbbQQe
hIpyr+ScDga3hxCfgq3YpfJIR/865RyLjJaeISiQSnSf81RSN4FLPTdEwyc+MC2i
q7U50l/8hL5BSs+WaJXjFwI/SBlHFKVZ+rOPh/f6/mpV0w7YzayPCMT4EQuFbDk/
bRTG+D7znZkBH+pEF2r8R+vCSRtpaQIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFMnn
jRPgJdTmU8h12IlxXzLmCMY5MB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC8wMEFGMkREQ0NEQzMxMUVGODgyRUIyOEM3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmsjwMA0GCSqGSIb3DQEB
CwUAA4IBAQAokW0BSD4YM9NSUe8tzzbWMuYrdABG4HWTlKrEabs/fx5er+eWzyqs
aGaLaGiirYMALVYUE26Dnz4amthkscnVvP4FJy5SU+fhGsiXyvF9NsE2YMaDoHdN
PZQa4EN8zzZ2e1R3o4FI8ZCDzwRVLD524KI5Hj0zQuoTE0OuIoz9MqOEFQejhxf5
GAdyEKQ0R11XYO/Sw3y6Y4XZClqKbqidvOVzkrdmLcxtaxMhbOL9BX0o04aDN2Lh
4/Ow7t0YcxzbEN2DinnVppgtzPgBCsqOfsjGUVuf73phfUPzW5x7p7TcOnGfW4Ob
jzzTaZZMbDOk/mYXEP29ZwJk8CY7xATI
-----END CERTIFICATE-----