Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/19595BC60E1611F0BDECFD52762E951A.roa
File:                     19595BC60E1611F0BDECFD52762E951A.roa (raw, json)
Hash identifier:          4seQfFp0rR1kxGoOYD0K7mwA2k8VvLFdaS4TXybcaXE=
Subject key identifier:   18:67:D0:38:4B:34:8B:30:89:4A:70:40:4F:90:BB:28:B5:16:3C:46
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       017716
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/19595BC60E1611F0BDECFD52762E951A.roa
Signing time:             Mon 31 Mar 2025 09:54:13 +0000
ROA not before:           Mon 31 Mar 2025 09:54:09 +0000
ROA not after:            Thu 10 Apr 2025 09:54:09 +0000
asID:                     45669
IP address blocks:        154.198.64.0/19 maxlen: 24
                          154.198.96.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 06 Apr 2025 00:06:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 96022 (0x17716)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF
        Validity
            Not Before: Mar 31 09:54:09 2025 GMT
            Not After : Apr 10 09:54:09 2025 GMT
        Subject: CN=67ea6644-0152
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:62:44:c1:4b:73:aa:a7:be:6a:96:6d:00:9a:
                    17:d1:bc:e0:71:20:b8:f7:a4:2b:2d:f5:92:16:d5:
                    8b:c6:d0:b8:ce:57:2f:3b:8b:52:fe:7e:cd:35:35:
                    09:c9:e3:83:d8:ee:d1:f9:ba:db:19:33:76:b9:1d:
                    c5:21:06:24:ef:df:61:b8:53:cb:c1:b7:28:54:b2:
                    df:85:e9:43:88:0a:54:da:cb:eb:49:09:8d:c3:69:
                    30:71:d6:9c:1b:cf:65:9e:bb:62:c8:4e:2a:72:70:
                    ab:6e:c3:84:16:b0:70:20:b4:7a:4f:04:e0:88:bc:
                    65:51:7e:f1:59:c6:69:f6:ed:e1:0b:94:c4:49:9d:
                    de:25:53:3b:70:e4:56:17:dc:ba:ff:84:d8:9f:09:
                    22:4e:48:76:79:57:cd:a1:0d:da:e3:b1:7c:2f:eb:
                    cb:09:98:48:3d:32:06:42:94:48:81:34:72:5d:29:
                    2e:cb:ad:80:7b:fc:5b:50:25:58:dd:7d:c9:00:15:
                    b0:67:ac:56:7f:1c:f6:5e:d0:92:06:66:13:6d:f4:
                    2c:47:ed:04:92:b7:fe:78:45:4c:30:bb:28:c7:01:
                    be:45:f2:99:f8:f8:df:4f:d0:63:35:88:c4:78:b6:
                    c3:84:b6:d0:d1:76:de:8e:c2:5f:80:0a:e5:67:11:
                    8f:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:67:D0:38:4B:34:8B:30:89:4A:70:40:4F:90:BB:28:B5:16:3C:46
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/19595BC60E1611F0BDECFD52762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.198.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         9c:36:8c:f5:80:3f:13:86:f5:f1:9a:c5:ed:66:64:45:01:66:
         11:08:91:80:ff:59:eb:ab:99:51:3a:57:9a:6a:76:5f:ef:d4:
         bc:5e:f1:fb:3a:98:07:60:10:c7:3f:25:10:c6:08:d6:23:00:
         d2:bd:4f:ea:70:24:f2:e6:8c:f8:d5:9d:98:c3:f1:97:4d:69:
         be:05:0b:48:66:d1:08:44:b8:32:52:3b:2b:aa:62:88:e1:d6:
         29:fe:59:27:c6:04:44:54:25:11:52:5b:58:57:4b:19:51:b3:
         03:1a:16:27:32:5e:95:c9:67:cb:59:0c:a3:e5:6e:c7:5c:ea:
         0b:43:96:ee:50:d8:93:58:49:8b:32:ce:98:69:76:ce:5c:7b:
         7a:03:d8:13:58:83:4c:be:9e:9a:86:de:aa:dc:6e:89:d3:5d:
         5e:13:b6:32:99:a3:3c:d6:b0:f7:9b:0e:ee:fe:14:8a:94:59:
         02:3a:80:19:d0:aa:ce:12:3e:82:a9:22:06:3d:35:e6:9a:4a:
         7a:f7:2a:e7:cc:1e:c4:e3:27:5e:8c:d2:0c:31:92:95:19:ee:
         5a:42:25:60:73:26:fc:64:ec:42:44:e4:dc:c6:15:eb:44:7d:
         b7:ac:19:c2:33:2d:47:8c:b6:0a:3e:e6:da:92:7a:42:b0:cd:
         21:70:81:fe
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDAXcWMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwMzMxMDk1NDA5WhcNMjUwNDEwMDk1NDA5WjAYMRYw
FAYDVQQDEw02N2VhNjY0NC0wMTUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAzWJEwUtzqqe+apZtAJoX0bzgcSC496QrLfWSFtWLxtC4zlcvO4tS/n7N
NTUJyeOD2O7R+brbGTN2uR3FIQYk799huFPLwbcoVLLfhelDiApU2svrSQmNw2kw
cdacG89lnrtiyE4qcnCrbsOEFrBwILR6TwTgiLxlUX7xWcZp9u3hC5TESZ3eJVM7
cORWF9y6/4TYnwkiTkh2eVfNoQ3a47F8L+vLCZhIPTIGQpRIgTRyXSkuy62Ae/xb
UCVY3X3JABWwZ6xWfxz2XtCSBmYTbfQsR+0Ekrf+eEVMMLsoxwG+RfKZ+PjfT9Bj
NYjEeLbDhLbQ0XbejsJfgArlZxGPjwIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFBhn
0DhLNIswiUpwQE+Quyi1FjxGMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC8xOTU5NUJDNjBFMTYxMUYwQkRFQ0ZENTI3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGmsZAMA0GCSqGSIb3DQEB
CwUAA4IBAQCcNoz1gD8ThvXxmsXtZmRFAWYRCJGA/1nrq5lROleaanZf79S8XvH7
OpgHYBDHPyUQxgjWIwDSvU/qcCTy5oz41Z2Yw/GXTWm+BQtIZtEIRLgyUjsrqmKI
4dYp/lknxgREVCURUltYV0sZUbMDGhYnMl6VyWfLWQyj5W7HXOoLQ5buUNiTWEmL
Ms6YaXbOXHt6A9gTWINMvp6aht6q3G6J011eE7YymaM81rD3mw7u/hSKlFkCOoAZ
0KrOEj6CqSIGPTXmmkp69yrnzB7E4ydejNIMMZKVGe5aQiVgcyb8ZOxCROTcxhXr
RH23rBnCMy1HjLYKPubaknpCsM0hcIH+
-----END CERTIFICATE-----