Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/440ADE50AD5C11EF9A38B9BD762E951A.roa
File:                     440ADE50AD5C11EF9A38B9BD762E951A.roa (raw, json)
Hash identifier:          UgCaxJat6b3W6xF8ISG5a4Ex5oiq4QtJ5pr/BnQOeNo=
Subject key identifier:   E1:54:CB:20:F6:91:66:D2:7A:A9:EC:65:04:60:FD:80:A2:4B:BA:A4
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       0114E9
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/440ADE50AD5C11EF9A38B9BD762E951A.roa
Signing time:             Thu 28 Nov 2024 07:42:06 +0000
ROA not before:           Thu 28 Nov 2024 07:42:02 +0000
ROA not after:            Tue 11 Feb 2025 07:42:02 +0000
asID:                     9009
IP address blocks:        154.85.126.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sat 28 Dec 2024 00:05:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 70889 (0x114e9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: Nov 28 07:42:02 2024 GMT
            Not After : Feb 11 07:42:02 2025 GMT
        Subject: CN=67481ece-b9a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d9:cb:36:a5:73:33:6e:43:fd:de:b8:db:6b:
                    8f:d2:9d:aa:dd:2d:2b:6e:c0:d9:40:fe:b5:26:c6:
                    0f:6b:37:e1:38:08:f0:25:0e:77:ad:ce:29:47:97:
                    c9:db:2a:97:a6:2d:e1:41:02:ab:ec:cd:cd:bc:ca:
                    ec:18:7c:6a:f5:45:72:33:8d:ba:49:be:48:3d:a4:
                    79:78:7c:e5:33:b7:d1:c4:06:6c:19:c1:64:98:41:
                    3e:76:94:a6:2f:54:a6:90:4f:a2:df:ba:8b:db:7c:
                    3f:43:a0:0c:34:e9:96:b7:60:c1:0c:12:d8:21:1b:
                    c2:f5:b1:d0:63:63:f7:57:4b:e9:1a:c4:06:7f:d5:
                    ef:c5:09:3c:a5:f5:bc:c8:2f:dc:85:53:b5:b4:aa:
                    cd:01:a8:29:3b:dc:0b:db:bd:35:49:9e:7e:ff:9f:
                    5e:48:48:b1:84:14:cc:a8:7a:e3:3a:24:31:cc:c8:
                    7b:7f:28:e3:4b:ee:a1:11:bc:b8:05:b2:c3:fd:7e:
                    58:49:8c:9b:8e:c4:fa:9c:c3:57:71:f4:ee:ce:be:
                    a2:2a:fa:5c:a5:75:c4:f3:89:3f:a3:11:50:84:2a:
                    c6:f1:b0:b1:5d:bc:75:43:61:c2:3e:5f:37:96:5a:
                    f9:5b:91:c2:12:30:09:5e:ee:22:4f:21:0d:b6:09:
                    9d:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:54:CB:20:F6:91:66:D2:7A:A9:EC:65:04:60:FD:80:A2:4B:BA:A4
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/440ADE50AD5C11EF9A38B9BD762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.85.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         88:ce:0a:b2:f4:7a:51:00:17:fb:58:fd:ba:0e:f1:4e:9b:1a:
         85:88:41:63:df:cc:4d:e0:4a:e0:60:62:e9:d6:e9:4e:5e:6a:
         42:56:cf:c7:7b:2e:2c:15:1c:52:de:42:85:1f:c1:ef:7d:5e:
         69:96:50:6a:be:da:d5:49:1a:84:73:26:af:96:cd:d2:ad:18:
         65:3f:93:42:e0:42:57:78:7b:73:bd:c8:ec:85:39:f4:9b:93:
         7a:eb:59:2f:45:b2:1e:67:f7:51:49:56:88:f9:87:48:67:fd:
         16:40:d6:18:39:e1:65:78:03:e1:a0:8a:40:93:b1:80:84:0c:
         34:46:79:37:f0:e1:4c:b6:0c:87:0c:95:02:3b:49:dc:93:62:
         55:ff:3e:2b:00:5a:12:0f:6f:4e:17:4a:cd:da:c7:12:fe:88:
         a5:be:58:4d:00:3a:08:e9:a1:09:4f:b5:19:3c:49:63:f9:ce:
         c1:dd:56:03:a1:b0:e1:30:2d:f8:a9:92:e0:56:98:4c:ba:1e:
         bf:f3:5e:8a:3d:95:83:f7:c8:26:96:37:27:57:04:c4:84:0c:
         10:20:b8:a6:61:96:63:dc:d8:f0:77:c1:8a:ed:b7:35:00:38:
         c4:43:79:e1:91:3a:67:ad:56:78:d2:9c:45:b6:12:47:28:88:
         5b:11:5a:15
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDARTpMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjQxMTI4MDc0MjAyWhcNMjUwMjExMDc0MjAyWjAYMRYw
FAYDVQQDEw02NzQ4MWVjZS1iOWE1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAstnLNqVzM25D/d6422uP0p2q3S0rbsDZQP61JsYPazfhOAjwJQ53rc4p
R5fJ2yqXpi3hQQKr7M3NvMrsGHxq9UVyM426Sb5IPaR5eHzlM7fRxAZsGcFkmEE+
dpSmL1SmkE+i37qL23w/Q6AMNOmWt2DBDBLYIRvC9bHQY2P3V0vpGsQGf9XvxQk8
pfW8yC/chVO1tKrNAagpO9wL2701SZ5+/59eSEixhBTMqHrjOiQxzMh7fyjjS+6h
Eby4BbLD/X5YSYybjsT6nMNXcfTuzr6iKvpcpXXE84k/oxFQhCrG8bCxXbx1Q2HC
Pl83llr5W5HCEjAJXu4iTyENtgmd4wIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFOFU
yyD2kWbSeqnsZQRg/YCiS7qkMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC80NDBBREU1MEFENUMxMUVGOUEzOEI5QkQ3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBmlV+MA0GCSqGSIb3DQEB
CwUAA4IBAQCIzgqy9HpRABf7WP26DvFOmxqFiEFj38xN4ErgYGLp1ulOXmpCVs/H
ey4sFRxS3kKFH8HvfV5pllBqvtrVSRqEcyavls3SrRhlP5NC4EJXeHtzvcjshTn0
m5N661kvRbIeZ/dRSVaI+YdIZ/0WQNYYOeFleAPhoIpAk7GAhAw0Rnk38OFMtgyH
DJUCO0nck2JV/z4rAFoSD29OF0rN2scS/oilvlhNADoI6aEJT7UZPElj+c7B3VYD
obDhMC34qZLgVphMuh6/816KPZWD98gmljcnVwTEhAwQILimYZZj3Njwd8GK7bc1
ADjEQ3nhkTpnrVZ40pxFthJHKIhbEVoV
-----END CERTIFICATE-----