Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/31C3C7B286FA11EF94DDAFAB762E951A.roa
File:                     31C3C7B286FA11EF94DDAFAB762E951A.roa (raw, json)
Hash identifier:          4AOrWeCwgMXU/ZPWlXbNgBvuO+XjKp6HCKcWILrxfiI=
Subject key identifier:   88:9B:E5:C1:C9:7D:8B:41:23:3F:07:A6:8B:60:2B:D1:18:6E:1C:B7
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       FCC8
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/31C3C7B286FA11EF94DDAFAB762E951A.roa
Signing time:             Thu 10 Oct 2024 11:24:21 +0000
ROA not before:           Thu 10 Oct 2024 11:24:17 +0000
ROA not after:            Fri 20 Dec 2024 11:24:17 +0000
asID:                     142286
IP address blocks:        154.89.64.0/18 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 64712 (0xfcc8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: Oct 10 11:24:17 2024 GMT
            Not After : Dec 20 11:24:17 2024 GMT
        Subject: CN=6707b965-766f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ca:3e:c3:f8:f2:79:db:8d:8f:2e:50:b6:03:
                    0f:f9:3d:d1:56:1c:3d:d2:c5:76:42:db:c9:fe:11:
                    be:c4:45:f6:8b:5a:d4:76:fd:dd:31:ca:ba:dc:5d:
                    a2:df:1e:1e:8f:71:55:74:e4:c3:9f:21:65:35:e8:
                    b1:34:18:59:87:9e:52:10:8c:b5:68:8d:7d:5f:cb:
                    9c:c4:ce:3d:66:83:2c:42:e2:d7:93:3e:27:b9:1e:
                    ac:9d:fd:6a:f6:7f:cd:06:9e:17:c1:34:70:9f:f6:
                    3c:5a:10:97:40:ae:ab:f1:92:1b:ff:b5:26:88:0f:
                    b2:53:df:ea:11:e9:15:4c:8d:25:86:9f:e4:3a:83:
                    0e:04:58:8e:b3:11:36:72:6f:11:06:90:31:8b:cb:
                    3a:39:2f:62:65:95:68:66:86:96:36:84:55:9d:dd:
                    b6:6c:ab:18:d0:9f:e4:c0:33:dc:3a:8f:a9:ea:a5:
                    c0:b0:ed:4b:33:a2:e0:f8:03:48:5f:38:0f:0b:ce:
                    8a:dd:bf:ab:fa:34:11:46:44:47:8b:9f:76:0d:67:
                    bf:02:dd:7d:9e:58:59:d6:d9:e5:57:b4:8e:06:32:
                    f8:8a:e2:33:6d:81:ee:95:9e:38:3e:d6:dc:08:2d:
                    5d:e4:cd:b2:62:b6:71:1b:22:e3:a9:eb:19:20:66:
                    c0:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:9B:E5:C1:C9:7D:8B:41:23:3F:07:A6:8B:60:2B:D1:18:6E:1C:B7
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/31C3C7B286FA11EF94DDAFAB762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.89.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         6d:35:bd:63:9c:b3:ee:42:07:00:8d:ce:b8:3c:6f:ec:f5:fa:
         68:b9:bc:50:9d:b6:7d:e5:24:4e:f2:03:90:7c:93:2d:dd:f3:
         cd:20:cb:0f:a6:37:94:31:4d:f1:a8:37:5e:23:bd:99:14:14:
         d2:f1:63:02:ed:ad:2d:28:fa:ee:53:1d:86:61:8d:bd:5c:30:
         f3:57:b1:63:32:61:73:d9:58:c4:79:db:db:0a:25:9f:07:9a:
         00:10:98:1d:2c:80:70:b8:35:81:3a:4c:13:e8:5e:f1:26:15:
         ac:39:f5:99:24:04:60:c2:7b:74:44:5f:f5:c6:41:4b:72:bb:
         5f:c6:6e:cb:9e:64:e4:8b:09:22:11:d3:43:f9:b1:46:5b:1e:
         90:4c:a8:f8:93:73:1b:43:94:45:ec:72:97:85:5c:84:39:01:
         9c:80:9c:b0:0a:41:55:ca:d5:7b:19:62:0d:a2:ea:32:ee:c6:
         85:a9:d0:7c:91:93:cf:13:3b:e4:b3:da:e1:70:b0:7d:7d:3e:
         79:a2:59:cb:1c:2a:7b:72:f0:65:81:6e:6f:b5:15:0e:3a:3b:
         0b:15:7c:f4:86:60:97:c2:01:bb:bf:61:94:41:1d:77:6b:59:
         ad:0e:fe:c2:d8:16:13:2a:c0:f6:bb:b9:fb:a3:70:de:83:96:
         eb:03:ba:db
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDAPzIMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjQxMDEwMTEyNDE3WhcNMjQxMjIwMTEyNDE3WjAYMRYw
FAYDVQQDEw02NzA3Yjk2NS03NjZmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAvco+w/jyeduNjy5QtgMP+T3RVhw90sV2QtvJ/hG+xEX2i1rUdv3dMcq6
3F2i3x4ej3FVdOTDnyFlNeixNBhZh55SEIy1aI19X8ucxM49ZoMsQuLXkz4nuR6s
nf1q9n/NBp4XwTRwn/Y8WhCXQK6r8ZIb/7UmiA+yU9/qEekVTI0lhp/kOoMOBFiO
sxE2cm8RBpAxi8s6OS9iZZVoZoaWNoRVnd22bKsY0J/kwDPcOo+p6qXAsO1LM6Lg
+ANIXzgPC86K3b+r+jQRRkRHi592DWe/At19nlhZ1tnlV7SOBjL4iuIzbYHulZ44
PtbcCC1d5M2yYrZxGyLjqesZIGbArQIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFIib
5cHJfYtBIz8HpotgK9EYbhy3MB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC8zMUMzQzdCMjg2RkExMUVGOTREREFGQUI3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGmllAMA0GCSqGSIb3DQEB
CwUAA4IBAQBtNb1jnLPuQgcAjc64PG/s9fpoubxQnbZ95SRO8gOQfJMt3fPNIMsP
pjeUMU3xqDdeI72ZFBTS8WMC7a0tKPruUx2GYY29XDDzV7FjMmFz2VjEedvbCiWf
B5oAEJgdLIBwuDWBOkwT6F7xJhWsOfWZJARgwnt0RF/1xkFLcrtfxm7LnmTkiwki
EdND+bFGWx6QTKj4k3MbQ5RF7HKXhVyEOQGcgJywCkFVytV7GWINouoy7saFqdB8
kZPPEzvks9rhcLB9fT55olnLHCp7cvBlgW5vtRUOOjsLFXz0hmCXwgG7v2GUQR13
a1mtDv7C2BYTKsD2u7n7o3Deg5brA7rb
-----END CERTIFICATE-----