Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/584245DA27E111EF99D96AFC7CDC24C2.roa
File:                     584245DA27E111EF99D96AFC7CDC24C2.roa (raw, json)
Hash identifier:          zePvyuGpxw8jFQn8MPxo05c30Cr2Ol1jCx/AABIsB2M=
Subject key identifier:   24:39:4C:9D:66:41:D9:67:EC:FF:75:B7:99:32:AE:82:38:AB:B9:73
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       C1BC
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/584245DA27E111EF99D96AFC7CDC24C2.roa
Signing time:             Tue 11 Jun 2024 10:57:07 +0000
ROA not before:           Tue 11 Jun 2024 10:57:04 +0000
ROA not after:            Sat 03 May 2025 10:57:04 +0000
asID:                     63199
IP address blocks:        154.204.4.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 49596 (0xc1bc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: Jun 11 10:57:04 2024 GMT
            Not After : May  3 10:57:04 2025 GMT
        Subject: CN=66682d83-8c09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:bc:fe:e1:76:74:35:cb:07:5f:27:f1:56:99:
                    b6:b6:df:6a:5b:af:77:d2:a4:dc:03:81:f7:6f:ec:
                    79:e0:20:f1:70:c6:a3:eb:9a:b3:cd:79:38:c2:64:
                    4e:6e:bd:90:a9:80:aa:94:e3:1b:16:70:e3:dc:a2:
                    ca:ea:fa:56:e1:13:35:5d:25:9c:a9:ee:f7:c7:95:
                    da:4b:62:ff:a7:7b:d4:cd:34:98:f7:58:eb:24:ca:
                    6f:43:fb:16:94:b3:cb:cf:76:88:9c:7b:c7:72:ea:
                    4f:02:47:0e:c6:e5:a9:28:cc:bc:4b:3d:b8:56:3e:
                    94:b9:92:fc:d7:c9:c6:9a:ef:9c:7c:73:8b:16:18:
                    d7:ee:64:53:c3:44:0b:15:fa:b2:86:a6:5e:c0:a7:
                    98:12:38:37:a1:19:73:25:4f:20:1c:31:a7:fd:ae:
                    78:44:3a:ec:f7:0d:91:73:c1:ae:ec:9f:55:ae:5d:
                    01:22:fa:d8:06:f2:83:be:62:e7:1f:7e:b6:6f:92:
                    1a:c4:1c:a8:ca:92:10:f7:d9:3f:35:d0:ad:9f:54:
                    b9:68:ec:1e:af:cb:ae:25:eb:ce:b6:b7:fd:27:8f:
                    5a:06:02:76:29:82:cd:43:c8:2a:af:17:40:94:74:
                    79:04:94:f1:c3:9f:be:8e:39:b6:f2:8f:41:ec:e7:
                    a2:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:39:4C:9D:66:41:D9:67:EC:FF:75:B7:99:32:AE:82:38:AB:B9:73
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/584245DA27E111EF99D96AFC7CDC24C2.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.204.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:c7:75:87:13:3d:ff:76:3b:f7:06:de:ed:7d:90:ea:a5:ce:
         19:fb:18:c8:87:3d:6d:f2:26:71:19:0c:0d:36:6a:1e:52:20:
         24:a3:78:1f:3b:8c:73:d9:2b:d8:db:9d:7b:01:5f:aa:d5:d8:
         58:55:56:a0:ed:8b:36:1f:c1:a3:c3:e3:cf:14:44:ce:17:77:
         0a:09:28:0b:9b:4f:90:a5:38:d9:d9:ce:f7:92:bd:55:43:e2:
         b2:c7:af:51:c8:f6:39:b5:c4:8e:09:7a:aa:e2:37:8c:20:c0:
         5c:20:33:3d:b5:8c:bb:83:1b:3e:71:0c:86:ea:f1:ea:ef:08:
         08:09:b5:ff:b5:a9:8c:6c:1a:c1:30:5a:bf:86:a0:6b:f9:e2:
         87:e9:63:f3:b2:c7:3b:cd:f4:06:72:47:4b:82:1a:35:46:2a:
         b6:ba:71:dd:4e:bb:53:b7:ff:90:b1:fb:7d:57:3e:84:3e:b5:
         6c:a9:5d:c0:68:3c:a8:86:61:a3:3e:d1:3f:1c:b3:09:7c:04:
         13:ee:53:19:d9:37:2d:fe:bd:84:08:18:ff:5b:4b:90:66:c2:
         04:65:97:ed:70:29:65:7d:43:d9:49:88:2c:2b:37:99:6d:c6:
         ce:9e:82:6b:de:06:22:34:45:2f:d5:b1:e1:85:96:cf:73:6f:
         90:83:c7:d6
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDAMG8MA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjQwNjExMTA1NzA0WhcNMjUwNTAzMTA1NzA0WjAYMRYw
FAYDVQQDEw02NjY4MmQ4My04YzA5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA8bz+4XZ0NcsHXyfxVpm2tt9qW6930qTcA4H3b+x54CDxcMaj65qzzXk4
wmRObr2QqYCqlOMbFnDj3KLK6vpW4RM1XSWcqe73x5XaS2L/p3vUzTSY91jrJMpv
Q/sWlLPLz3aInHvHcupPAkcOxuWpKMy8Sz24Vj6UuZL818nGmu+cfHOLFhjX7mRT
w0QLFfqyhqZewKeYEjg3oRlzJU8gHDGn/a54RDrs9w2Rc8Gu7J9Vrl0BIvrYBvKD
vmLnH362b5IaxByoypIQ99k/NdCtn1S5aOwer8uuJevOtrf9J49aBgJ2KYLNQ8gq
rxdAlHR5BJTxw5++jjm28o9B7OeiTQIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFCQ5
TJ1mQdln7P91t5kyroI4q7lzMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC81ODQyNDVEQTI3RTExMUVGOTlEOTZBRkM3Q0RDMjRDMi5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBmswEMA0GCSqGSIb3DQEB
CwUAA4IBAQAfx3WHEz3/djv3Bt7tfZDqpc4Z+xjIhz1t8iZxGQwNNmoeUiAko3gf
O4xz2SvY2517AV+q1dhYVVag7Ys2H8Gjw+PPFETOF3cKCSgLm0+QpTjZ2c73kr1V
Q+Kyx69RyPY5tcSOCXqq4jeMIMBcIDM9tYy7gxs+cQyG6vHq7wgICbX/tamMbBrB
MFq/hqBr+eKH6WPzssc7zfQGckdLgho1Riq2unHdTrtTt/+Qsft9Vz6EPrVsqV3A
aDyohmGjPtE/HLMJfAQT7lMZ2Tct/r2ECBj/W0uQZsIEZZftcCllfUPZSYgsKzeZ
bcbOnoJr3gYiNEUv1bHhhZbPc2+Qg8fW
-----END CERTIFICATE-----