Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/58D4CA3AE06A11EFB501268C762E951A.roa
File:                     58D4CA3AE06A11EFB501268C762E951A.roa (raw, json)
Hash identifier:          HADts+eu+nSrZuSXFepSv6C0OklZ9GANfPgykW05vEU=
Subject key identifier:   32:09:08:15:C7:91:81:7D:CD:EF:A0:65:20:56:A8:19:CB:A9:71:96
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       014E84
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/58D4CA3AE06A11EFB501268C762E951A.roa
Signing time:             Sat 01 Feb 2025 07:01:24 +0000
ROA not before:           Sat 01 Feb 2025 07:01:19 +0000
ROA not after:            Wed 03 Feb 2027 07:01:19 +0000
asID:                     40065
IP address blocks:        154.194.64.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 06 Apr 2025 00:06:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 85636 (0x14e84)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF
        Validity
            Not Before: Feb  1 07:01:19 2025 GMT
            Not After : Feb  3 07:01:19 2027 GMT
        Subject: CN=679dc6c3-4de9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:84:ea:3f:ac:55:b8:d0:6e:89:ba:93:00:42:
                    b1:01:2a:f5:e1:13:34:35:32:d1:bc:37:7b:21:e7:
                    47:4b:9e:98:16:b1:8f:0d:b9:0d:fe:55:20:4d:51:
                    23:60:f6:dc:72:a1:c7:2c:47:99:9b:b4:74:08:8a:
                    e6:ee:ed:09:dd:08:92:91:76:b5:dd:33:5c:74:db:
                    ef:fb:06:3c:f6:b5:32:38:63:93:12:cd:a2:42:5d:
                    e3:c1:02:e2:e9:a2:ae:5b:e7:5b:49:04:e5:0b:b5:
                    a0:11:88:54:2c:de:9b:ed:a6:41:ae:b5:c8:4b:31:
                    18:a0:96:a9:4e:bd:8a:d5:2c:f4:ab:cd:fe:76:77:
                    57:9a:ed:d4:ef:55:f0:b3:7a:5c:eb:0e:6e:65:ce:
                    e9:bb:4e:40:da:73:04:ca:df:96:83:ba:0a:55:5d:
                    ac:ff:dd:71:54:b3:ab:70:fd:25:92:6f:30:f4:0e:
                    7f:e8:7d:06:9c:63:26:e1:78:12:3f:80:4e:0f:a0:
                    61:f2:58:2c:41:1b:9b:79:d8:86:5f:af:be:0f:1b:
                    91:54:4c:59:88:01:9c:05:10:d6:5a:aa:68:c9:c0:
                    33:34:5b:b6:49:42:f0:e6:d2:24:e8:f1:dc:5f:57:
                    11:ff:a2:ec:cc:df:21:37:90:5f:2c:0c:cd:57:b5:
                    99:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:09:08:15:C7:91:81:7D:CD:EF:A0:65:20:56:A8:19:CB:A9:71:96
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/58D4CA3AE06A11EFB501268C762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.194.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d1:5c:73:08:bf:1b:a3:15:2b:18:4b:06:47:3a:ac:5e:83:e6:
         5b:19:08:e1:ba:60:45:93:37:b0:27:71:a7:8c:86:b2:50:91:
         eb:70:1b:cf:52:d3:a9:0c:02:59:c5:10:17:a0:f3:e6:32:26:
         f8:e4:51:61:08:ec:7f:81:eb:ea:5c:36:fd:e8:0f:fd:1b:4a:
         5d:b1:91:d3:2e:fe:5b:95:f0:df:d3:e5:24:5e:11:4d:a5:46:
         81:6a:44:42:9b:bc:bd:9f:45:79:cb:f9:87:42:e7:cf:b1:6a:
         23:fe:fb:9d:e7:00:98:4a:6d:aa:f8:0d:d8:b4:31:a9:cf:ee:
         a9:ef:cb:34:64:63:e0:92:c1:43:1d:1d:04:de:68:40:9e:b9:
         b8:16:19:19:c8:30:af:04:42:f3:7e:16:77:1a:62:6d:53:7c:
         f5:b6:91:38:4f:e6:20:38:c5:0a:80:99:d9:5a:01:38:e1:19:
         62:4b:ec:b2:f8:85:df:20:97:95:4e:0c:4c:77:3d:b9:d5:1b:
         f8:4f:7d:76:37:36:e6:1a:60:88:6d:be:ee:6e:f4:e2:ff:bc:
         3b:ab:93:1e:4f:85:bc:67:00:53:2c:85:38:c5:a1:59:4c:f8:
         5b:c6:e0:4c:0b:0e:c4:95:42:a4:9b:c5:f8:a8:59:6f:fa:2c:
         b2:b9:0b:dc
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDAU6EMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwMjAxMDcwMTE5WhcNMjcwMjAzMDcwMTE5WjAYMRYw
FAYDVQQDEw02NzlkYzZjMy00ZGU5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA8YTqP6xVuNBuibqTAEKxASr14RM0NTLRvDd7IedHS56YFrGPDbkN/lUg
TVEjYPbccqHHLEeZm7R0CIrm7u0J3QiSkXa13TNcdNvv+wY89rUyOGOTEs2iQl3j
wQLi6aKuW+dbSQTlC7WgEYhULN6b7aZBrrXISzEYoJapTr2K1Sz0q83+dndXmu3U
71Xws3pc6w5uZc7pu05A2nMEyt+Wg7oKVV2s/91xVLOrcP0lkm8w9A5/6H0GnGMm
4XgSP4BOD6Bh8lgsQRubediGX6++DxuRVExZiAGcBRDWWqpoycAzNFu2SULw5tIk
6PHcX1cR/6LszN8hN5BfLAzNV7WZGQIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFDIJ
CBXHkYF9ze+gZSBWqBnLqXGWMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC81OEQ0Q0EzQUUwNkExMUVGQjUwMTI2OEM3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBmsJAMA0GCSqGSIb3DQEB
CwUAA4IBAQDRXHMIvxujFSsYSwZHOqxeg+ZbGQjhumBFkzewJ3GnjIayUJHrcBvP
UtOpDAJZxRAXoPPmMib45FFhCOx/gevqXDb96A/9G0pdsZHTLv5blfDf0+UkXhFN
pUaBakRCm7y9n0V5y/mHQufPsWoj/vud5wCYSm2q+A3YtDGpz+6p78s0ZGPgksFD
HR0E3mhAnrm4FhkZyDCvBELzfhZ3GmJtU3z1tpE4T+YgOMUKgJnZWgE44RliS+yy
+IXfIJeVTgxMdz251Rv4T312NzbmGmCIbb7ubvTi/7w7q5MeT4W8ZwBTLIU4xaFZ
TPhbxuBMCw7ElUKkm8X4qFlv+iyyuQvc
-----END CERTIFICATE-----