Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/3476B6F8C25B11EFA168E975762E951A.roa
File:                     3476B6F8C25B11EFA168E975762E951A.roa (raw, json)
Hash identifier:          EJkQai62BpxUncDFWTbmJOm6WulCp7xeddb0GG5e2MI=
Subject key identifier:   64:F1:57:42:31:46:0B:66:4B:DD:06:C4:B7:BF:1A:97:78:74:2D:6F
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       01236E
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/3476B6F8C25B11EFA168E975762E951A.roa
Signing time:             Wed 25 Dec 2024 00:57:25 +0000
ROA not before:           Wed 25 Dec 2024 00:00:21 +0000
ROA not after:            Wed 10 Dec 2025 00:00:21 +0000
asID:                     984
IP address blocks:        154.199.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Tue 08 Apr 2025 00:06:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 74606 (0x1236e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF
        Validity
            Not Before: Dec 25 00:00:21 2024 GMT
            Not After : Dec 10 00:00:21 2025 GMT
        Subject: CN=676b5875-5bef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:3b:e8:6f:ea:6f:20:cb:17:01:c1:6b:cc:cc:
                    49:47:41:6f:28:22:ca:a0:52:8c:33:0e:9b:ad:b4:
                    f0:79:23:a8:f6:c4:90:2c:47:61:39:84:a5:e4:36:
                    39:2c:81:71:57:51:d6:44:f0:af:5e:78:db:ba:90:
                    30:0e:9b:2f:90:97:90:e9:70:9b:e4:f6:47:da:ea:
                    37:0c:9d:90:7b:11:b2:41:08:b7:89:c9:cb:5a:d1:
                    76:fe:76:be:92:3e:6c:c9:95:79:2a:6c:ec:37:c3:
                    0b:fc:ec:ef:4f:18:e5:8c:23:c9:fb:72:58:61:33:
                    da:6f:d7:5c:88:54:5a:69:c5:53:6d:ae:02:c7:ed:
                    47:8e:2f:c9:c9:36:a0:ca:77:0a:3f:c7:8e:44:61:
                    2b:15:45:e8:6c:d5:7a:db:89:d3:c6:01:b8:e7:80:
                    bf:56:28:a2:22:c2:f8:31:2a:5b:33:e2:ab:85:90:
                    c0:b7:27:3f:f5:59:49:8d:ed:e7:a2:75:14:06:1d:
                    ab:ec:dd:0b:d0:98:86:36:be:32:e7:b7:7c:11:5a:
                    1e:9c:0b:78:db:9f:10:b0:6d:75:e1:da:a3:cb:39:
                    c8:0c:b8:28:ea:e1:04:76:54:ec:60:8e:1d:ec:15:
                    94:88:dd:70:2f:4b:67:4f:37:2c:c5:46:9f:5f:d4:
                    61:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:F1:57:42:31:46:0B:66:4B:DD:06:C4:B7:BF:1A:97:78:74:2D:6F
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/3476B6F8C25B11EFA168E975762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.199.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:20:4d:d2:6e:5f:6d:e1:20:57:9f:61:cb:cc:67:f0:1d:aa:
         0f:6c:06:03:dc:d9:71:33:a6:8d:d8:5d:b3:4b:89:6e:2a:b5:
         77:24:48:75:3b:0a:d6:4f:2c:3c:a1:f9:f8:59:9f:e6:09:c4:
         bd:64:61:ad:88:76:ea:4f:2d:bd:56:20:d7:09:f9:5d:ee:b1:
         49:4b:56:15:2f:8d:d2:4c:f7:31:ec:7e:0a:df:1c:6a:f3:d3:
         b0:cf:28:20:28:38:41:e7:a5:2a:62:09:fb:4c:90:66:58:0d:
         e6:7a:b1:5c:69:8c:b1:7f:9d:81:58:71:9b:37:63:0a:c5:e8:
         3a:d9:b0:b0:01:35:ae:f9:e4:53:c5:b8:7c:c1:ce:91:54:ce:
         95:68:23:7f:92:59:bb:86:9d:29:65:fc:53:8f:a4:ac:b8:bd:
         fd:5a:9c:ac:7e:a7:bf:d4:41:38:f1:45:12:f7:60:bb:79:77:
         b3:d0:a7:b2:09:a7:f7:79:eb:78:30:4a:b6:66:22:35:d9:3e:
         45:54:2a:ed:bc:09:e3:17:e7:ed:ec:bc:78:43:23:20:7b:18:
         8d:bd:ef:cd:5f:32:d2:ca:33:22:12:b3:96:1c:cd:0e:10:4b:
         93:2b:04:0a:2f:7a:f2:1d:a4:00:4e:58:98:23:39:9d:56:b4:
         a8:38:87:07
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDASNuMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjQxMjI1MDAwMDIxWhcNMjUxMjEwMDAwMDIxWjAYMRYw
FAYDVQQDEw02NzZiNTg3NS01YmVmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA7jvob+pvIMsXAcFrzMxJR0FvKCLKoFKMMw6brbTweSOo9sSQLEdhOYSl
5DY5LIFxV1HWRPCvXnjbupAwDpsvkJeQ6XCb5PZH2uo3DJ2QexGyQQi3icnLWtF2
/na+kj5syZV5KmzsN8ML/OzvTxjljCPJ+3JYYTPab9dciFRaacVTba4Cx+1Hji/J
yTagyncKP8eORGErFUXobNV624nTxgG454C/ViiiIsL4MSpbM+KrhZDAtyc/9VlJ
je3nonUUBh2r7N0L0JiGNr4y57d8EVoenAt4258QsG114dqjyznIDLgo6uEEdlTs
YI4d7BWUiN1wL0tnTzcsxUafX9RhWwIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFGTx
V0IxRgtmS90GxLe/Gpd4dC1vMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC8zNDc2QjZGOEMyNUIxMUVGQTE2OEU5NzU3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmsdEMA0GCSqGSIb3DQEB
CwUAA4IBAQBrIE3Sbl9t4SBXn2HLzGfwHaoPbAYD3NlxM6aN2F2zS4luKrV3JEh1
OwrWTyw8ofn4WZ/mCcS9ZGGtiHbqTy29ViDXCfld7rFJS1YVL43STPcx7H4K3xxq
89OwzyggKDhB56UqYgn7TJBmWA3merFcaYyxf52BWHGbN2MKxeg62bCwATWu+eRT
xbh8wc6RVM6VaCN/klm7hp0pZfxTj6SsuL39Wpysfqe/1EE48UUS92C7eXez0Key
Caf3eet4MEq2ZiI12T5FVCrtvAnjF+ft7Lx4QyMgexiNve/NXzLSyjMiErOWHM0O
EEuTKwQKL3ryHaQATliYIzmdVrSoOIcH
-----END CERTIFICATE-----