Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/2CBCA836CDBF11EFBF840E74762E951A.roa
File:                     2CBCA836CDBF11EFBF840E74762E951A.roa (raw, json)
Hash identifier:          bUODX2KZGlvfQpFSb+2q4OKbBvDGkq8tT/O0DP4OJmY=
Subject key identifier:   BB:FB:17:0B:88:83:5A:BF:04:27:29:76:46:80:71:5A:1F:19:A8:D9
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       013702
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/2CBCA836CDBF11EFBF840E74762E951A.roa
Signing time:             Wed 08 Jan 2025 12:50:44 +0000
ROA not before:           Wed 08 Jan 2025 12:50:41 +0000
ROA not after:            Tue 16 Dec 2025 12:50:41 +0000
asID:                     984
IP address blocks:        154.200.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 06 Apr 2025 00:06:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 79618 (0x13702)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF
        Validity
            Not Before: Jan  8 12:50:41 2025 GMT
            Not After : Dec 16 12:50:41 2025 GMT
        Subject: CN=677e74a4-729f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:dc:cb:29:1e:be:ab:15:c7:c7:f2:21:fc:6a:
                    c1:d2:67:21:9a:98:e5:9c:fb:a0:20:9a:24:aa:7d:
                    88:7f:fd:60:8a:94:68:34:09:1a:43:b5:69:3e:46:
                    d1:5a:53:b6:98:51:85:3f:a7:81:41:f5:47:da:01:
                    0e:1d:14:48:65:3a:70:e6:94:08:ff:b8:61:4a:e8:
                    c2:17:6a:2e:d7:30:c0:e6:c9:f3:2c:c1:14:05:67:
                    73:80:a3:8b:44:e6:9e:fe:d9:3b:f6:3b:a9:8b:db:
                    d9:ad:c5:83:e6:a4:c3:4d:12:f7:29:63:ac:39:73:
                    f4:df:4d:0c:7c:1b:a0:b6:11:6c:23:e4:1b:6f:74:
                    46:74:81:eb:4c:e5:6c:75:28:ec:73:96:1d:09:a2:
                    e7:20:42:bb:cf:00:a5:3c:b7:47:43:d9:80:5e:f9:
                    c0:64:d2:6c:83:1e:39:45:db:d0:96:c8:66:11:dd:
                    c0:69:20:f0:89:37:24:f1:3a:c0:c9:99:6e:6c:d8:
                    15:da:c1:20:39:56:af:39:4c:5c:0d:fd:df:94:c3:
                    6f:24:b5:13:06:c3:7f:18:30:e5:51:f6:cf:bc:06:
                    d1:7e:3c:6f:67:c2:b3:e4:cf:71:1d:b0:de:d7:ce:
                    4e:46:46:05:04:ae:29:67:06:d0:7c:16:39:f2:b8:
                    ad:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:FB:17:0B:88:83:5A:BF:04:27:29:76:46:80:71:5A:1F:19:A8:D9
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/2CBCA836CDBF11EFBF840E74762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.200.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:26:7d:69:d7:39:2b:ef:de:58:f7:3b:78:66:3d:36:5c:29:
         31:7b:6c:74:df:bd:a7:8b:4f:9d:15:f7:33:10:75:86:40:4a:
         29:52:2b:2b:c1:45:f3:d7:e7:0c:b6:d3:0f:a1:a6:a3:11:cc:
         eb:4a:f2:40:5d:20:68:39:02:b2:b3:34:2d:76:98:53:78:2b:
         3b:0b:49:0b:47:fb:50:85:2c:d0:22:56:c5:dc:84:e1:5d:4d:
         31:e3:ab:92:68:44:31:9c:f2:41:29:7a:9e:0a:7c:4c:3c:92:
         89:76:bf:8a:46:9b:34:1b:69:0c:93:61:2b:08:0d:c0:9a:ee:
         a3:40:be:7f:8c:ba:52:a4:5b:a0:fe:3d:d8:27:a5:00:79:60:
         18:76:f4:42:52:19:ca:5b:3d:a8:aa:24:ef:2a:69:a4:67:77:
         2b:fb:8a:63:68:62:5a:dc:d6:50:0a:1b:fd:8e:6b:5c:2d:96:
         ae:d0:97:13:0a:8c:c4:dd:4f:8a:95:0d:9e:43:09:b4:5f:5f:
         f6:90:04:88:4b:b9:7b:de:ac:95:c1:23:1d:17:7a:1e:ae:16:
         b8:92:94:2e:91:d3:c3:bf:ce:04:40:70:db:b1:20:04:cb:f7:
         99:7c:dd:4f:49:41:7c:ee:67:a7:61:99:a6:d2:15:f0:63:97:
         16:24:70:c7
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDATcCMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwMTA4MTI1MDQxWhcNMjUxMjE2MTI1MDQxWjAYMRYw
FAYDVQQDEw02NzdlNzRhNC03MjlmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA3NzLKR6+qxXHx/Ih/GrB0mchmpjlnPugIJokqn2If/1gipRoNAkaQ7Vp
PkbRWlO2mFGFP6eBQfVH2gEOHRRIZTpw5pQI/7hhSujCF2ou1zDA5snzLMEUBWdz
gKOLROae/tk79jupi9vZrcWD5qTDTRL3KWOsOXP0300MfBugthFsI+Qbb3RGdIHr
TOVsdSjsc5YdCaLnIEK7zwClPLdHQ9mAXvnAZNJsgx45RdvQlshmEd3AaSDwiTck
8TrAyZlubNgV2sEgOVavOUxcDf3flMNvJLUTBsN/GDDlUfbPvAbRfjxvZ8Kz5M9x
HbDe185ORkYFBK4pZwbQfBY58ritYwIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFLv7
FwuIg1q/BCcpdkaAcVofGajZMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC8yQ0JDQTgzNkNEQkYxMUVGQkY4NDBFNzQ3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmsjfMA0GCSqGSIb3DQEB
CwUAA4IBAQCPJn1p1zkr795Y9zt4Zj02XCkxe2x0372ni0+dFfczEHWGQEopUisr
wUXz1+cMttMPoaajEczrSvJAXSBoOQKyszQtdphTeCs7C0kLR/tQhSzQIlbF3ITh
XU0x46uSaEQxnPJBKXqeCnxMPJKJdr+KRps0G2kMk2ErCA3Amu6jQL5/jLpSpFug
/j3YJ6UAeWAYdvRCUhnKWz2oqiTvKmmkZ3cr+4pjaGJa3NZQChv9jmtcLZau0JcT
CozE3U+KlQ2eQwm0X1/2kASIS7l73qyVwSMdF3oerha4kpQukdPDv84EQHDbsSAE
y/eZfN1PSUF87menYZmm0hXwY5cWJHDH
-----END CERTIFICATE-----