Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/203F85B0C61711EFB78999B6762E951A.roa
File:                     203F85B0C61711EFB78999B6762E951A.roa (raw, json)
Hash identifier:          RxNZvSBZ1RQzGBxUo32EKAJMTXKVc1In6zp/JdQW3YQ=
Subject key identifier:   94:74:CD:F8:93:29:C0:C1:B4:53:0A:1E:1A:AB:AA:6F:AC:01:55:1F
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       012F1A
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/203F85B0C61711EFB78999B6762E951A.roa
Signing time:             Sun 29 Dec 2024 19:00:10 +0000
ROA not before:           Sun 29 Dec 2024 19:00:06 +0000
ROA not after:            Sun 12 Dec 2027 19:00:06 +0000
asID:                     17561
IP address blocks:        154.217.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 06 Apr 2025 00:06:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 77594 (0x12f1a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF
        Validity
            Not Before: Dec 29 19:00:06 2024 GMT
            Not After : Dec 12 19:00:06 2027 GMT
        Subject: CN=67719c3a-2274
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:7d:b7:eb:6a:84:3c:9e:9e:37:35:6f:62:3e:
                    ba:b8:b5:16:14:e2:9d:8f:14:dc:e8:ae:86:b4:56:
                    24:28:30:c8:13:20:6e:19:72:e2:12:6d:e6:5c:59:
                    30:ce:a3:9e:ef:f6:dc:a5:95:b4:c2:55:b1:e1:46:
                    d6:42:c8:73:ab:c7:1f:49:3f:81:da:e1:26:27:e3:
                    d8:4f:82:a6:e1:ec:e7:49:83:46:83:31:76:11:03:
                    f5:18:63:77:bd:39:a0:25:58:8d:bf:6b:c5:fb:de:
                    7d:26:05:a4:08:fa:a8:3d:1f:0f:f8:7b:f4:0b:8a:
                    26:8b:07:d3:dc:f5:e1:6d:62:e9:ac:dc:88:ce:a1:
                    b2:aa:70:9a:7e:be:24:82:4d:96:3f:54:a9:49:ea:
                    35:ca:4c:06:76:22:89:3c:a0:90:62:b1:3d:f5:dc:
                    b6:4a:77:09:01:c4:05:78:5a:6b:6e:bd:3f:74:e8:
                    31:94:67:6e:c8:3d:f7:f6:53:1f:18:55:4f:96:37:
                    54:3c:1e:0d:68:df:d6:85:25:9f:5e:e2:5c:7a:9d:
                    b1:a1:03:5f:d8:6e:b5:1d:65:7e:cf:f0:29:bc:74:
                    aa:37:f8:e6:ac:37:7d:2d:cc:9b:ce:d5:42:a9:85:
                    6c:44:c1:11:17:02:f4:4f:d9:d4:7c:b6:d7:7e:30:
                    80:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:74:CD:F8:93:29:C0:C1:B4:53:0A:1E:1A:AB:AA:6F:AC:01:55:1F
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/203F85B0C61711EFB78999B6762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.217.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:1f:ce:5a:d1:6b:de:5a:af:d8:f2:25:fb:1d:77:51:f1:b8:
         27:b8:b1:96:2e:3e:38:2e:ef:09:4e:72:c2:0f:ce:e1:bf:f9:
         d5:3e:f0:5a:62:83:5f:21:21:61:6a:c4:7f:c8:48:07:e0:99:
         76:9d:95:72:3f:f0:ec:ba:9f:01:a1:e6:1e:58:db:f8:7f:05:
         bf:86:b6:2d:cc:fb:7c:00:d3:7e:5b:90:49:bd:81:0f:e8:5e:
         27:8b:cf:c2:3a:dc:e4:06:27:6b:f3:94:04:08:07:c6:55:bb:
         5c:11:7f:dd:a2:e5:09:48:43:5e:82:82:59:1f:98:2b:77:f7:
         48:de:ec:a6:67:ad:9b:75:69:bc:16:90:3d:40:a6:ca:e5:e6:
         98:8e:48:a1:b1:80:73:2d:8b:23:6c:3e:d7:15:d5:06:84:7b:
         13:f3:72:9f:b4:b9:b2:70:de:08:a0:97:09:4d:ab:63:53:09:
         de:9d:87:47:e4:ee:2b:e5:2b:30:ce:b1:6c:82:2a:dc:9f:2c:
         4b:87:91:81:3f:ad:ae:62:ea:2a:b4:a2:7b:70:ee:eb:99:4d:
         d4:8e:6a:8d:eb:7e:72:89:10:ba:48:e3:f2:b0:43:99:fb:4e:
         1c:1a:a4:fd:b2:f2:08:a6:17:e7:f3:4d:c7:95:e7:a1:9a:fa:
         23:b4:40:26
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDAS8aMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjQxMjI5MTkwMDA2WhcNMjcxMjEyMTkwMDA2WjAYMRYw
FAYDVQQDEw02NzcxOWMzYS0yMjc0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAmn2362qEPJ6eNzVvYj66uLUWFOKdjxTc6K6GtFYkKDDIEyBuGXLiEm3m
XFkwzqOe7/bcpZW0wlWx4UbWQshzq8cfST+B2uEmJ+PYT4Km4eznSYNGgzF2EQP1
GGN3vTmgJViNv2vF+959JgWkCPqoPR8P+Hv0C4omiwfT3PXhbWLprNyIzqGyqnCa
fr4kgk2WP1SpSeo1ykwGdiKJPKCQYrE99dy2SncJAcQFeFprbr0/dOgxlGduyD33
9lMfGFVPljdUPB4NaN/WhSWfXuJcep2xoQNf2G61HWV+z/ApvHSqN/jmrDd9Lcyb
ztVCqYVsRMERFwL0T9nUfLbXfjCAIwIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFJR0
zfiTKcDBtFMKHhqrqm+sAVUfMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC8yMDNGODVCMEM2MTcxMUVGQjc4OTk5QjY3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmtlwMA0GCSqGSIb3DQEB
CwUAA4IBAQAaH85a0WveWq/Y8iX7HXdR8bgnuLGWLj44Lu8JTnLCD87hv/nVPvBa
YoNfISFhasR/yEgH4Jl2nZVyP/Dsup8BoeYeWNv4fwW/hrYtzPt8ANN+W5BJvYEP
6F4ni8/COtzkBidr85QECAfGVbtcEX/douUJSENegoJZH5grd/dI3uymZ62bdWm8
FpA9QKbK5eaYjkihsYBzLYsjbD7XFdUGhHsT83KftLmycN4IoJcJTatjUwnenYdH
5O4r5SswzrFsgircnyxLh5GBP62uYuoqtKJ7cO7rmU3UjmqN635yiRC6SOPysEOZ
+04cGqT9svIIphfn803HleehmvojtEAm
-----END CERTIFICATE-----