Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/60078FE2237911F18B1B14A8DAE4EC9C.roa
File:                     60078FE2237911F18B1B14A8DAE4EC9C.roa (raw, json)
Hash identifier:          /ac01FCsLcKMQ+SCC8ypwEI1f3jyCK9KP+ulXpZDJ+k=
Subject key identifier:   6D:A8:F0:6A:77:E2:79:14:C4:F0:05:A8:77:A2:A7:C4:45:A9:30:3C
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       01BFD5
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/60078FE2237911F18B1B14A8DAE4EC9C.roa
Signing time:             Thu 19 Mar 2026 09:52:44 +0000
ROA not before:           Thu 19 Mar 2026 09:52:39 +0000
ROA not after:            Fri 24 Apr 2026 09:52:39 +0000
asID:                     139923
IP address blocks:        154.217.240.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Thu 26 Mar 2026 08:06:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 114645 (0x1bfd5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF, serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: Mar 19 09:52:39 2026 GMT
            Not After : Apr 24 09:52:39 2026 GMT
        Subject: CN=69bbc76c-efea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:25:9a:e6:2a:44:f4:f8:bf:bb:a9:5e:62:04:
                    93:c5:19:bc:c3:a4:f5:e5:ed:fd:d5:34:8d:1f:b5:
                    82:7d:44:93:fc:27:26:71:58:3f:5c:b6:bc:f6:64:
                    5d:0d:e1:7b:2e:ba:18:85:76:56:f2:f7:a9:93:2c:
                    5d:1b:2e:84:e2:cd:61:f8:f2:dd:51:8d:5c:4b:63:
                    30:66:43:21:88:ef:f0:5f:42:d4:bf:bf:c4:64:4d:
                    0b:94:cc:f6:6e:7c:00:68:63:d1:be:19:46:52:2f:
                    4c:99:58:70:ed:5d:50:32:4e:19:99:af:8b:a1:19:
                    32:cb:6b:b0:0b:b3:6a:6b:15:ae:75:33:11:cf:a1:
                    19:8c:c4:63:c1:29:9b:6d:1d:d5:68:60:f2:97:20:
                    6a:96:18:74:84:7a:5d:50:d2:06:16:b4:7b:a1:48:
                    a6:7b:31:c9:a7:3b:cc:21:57:ee:e3:57:74:bb:c4:
                    99:b2:4b:8f:56:8a:fa:c3:64:38:20:62:a4:17:98:
                    b7:11:58:c8:b4:e8:d9:df:fc:f1:11:b3:10:cd:3f:
                    d0:6b:73:e8:51:0d:c5:27:a3:0a:dd:60:a1:26:80:
                    51:44:1f:a0:36:2b:e2:5d:e7:4e:9d:48:48:fb:9c:
                    3e:e9:86:7c:7d:66:01:6c:df:69:70:d8:fb:c8:54:
                    ba:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:A8:F0:6A:77:E2:79:14:C4:F0:05:A8:77:A2:A7:C4:45:A9:30:3C
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/60078FE2237911F18B1B14A8DAE4EC9C.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.217.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         53:8d:ea:92:34:4a:d5:e7:60:67:09:60:b4:20:e2:0a:a1:64:
         52:3a:38:15:a2:34:4f:bb:ef:36:93:d7:2e:8b:db:57:9f:9d:
         16:85:6c:ce:4c:79:8a:3a:78:0f:00:99:b2:c0:f4:2e:f3:c7:
         16:19:7f:3f:45:e0:62:08:d0:e1:ec:89:7f:f0:b1:2d:b5:1e:
         b6:4e:15:d1:72:75:a8:70:68:81:47:6d:12:08:ca:04:de:37:
         ef:d6:76:bb:08:45:ff:d4:fa:39:e2:f9:08:86:fc:b1:cb:d2:
         87:d1:f9:a4:52:1b:40:df:f7:76:df:f5:a6:43:85:ec:62:40:
         72:cf:10:1a:7a:01:5f:80:b8:73:04:bf:89:ba:21:fb:81:10:
         0d:3f:fd:aa:e2:25:dd:52:cb:83:40:06:2d:87:df:25:7a:59:
         bc:05:63:38:d2:5b:07:db:51:8b:e3:ee:53:50:d9:9c:e3:8b:
         44:c6:2a:f8:c6:3f:6a:6b:dd:ba:20:e7:8a:77:43:c4:af:5a:
         5e:39:3b:2d:a3:5a:92:32:f0:86:19:13:c0:54:63:85:99:f9:
         c1:f2:7d:77:32:dd:be:c2:f6:77:b9:d1:23:ce:d1:34:03:98:
         25:91:bf:4e:7f:f0:c2:d5:68:aa:da:a1:29:3a:0b:d2:31:49:
         4a:f5:26:2a
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDAb/VMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjYwMzE5MDk1MjM5WhcNMjYwNDI0MDk1MjM5WjAYMRYw
FAYDVQQDEw02OWJiYzc2Yy1lZmVhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAtiWa5ipE9Pi/u6leYgSTxRm8w6T15e391TSNH7WCfUST/CcmcVg/XLa8
9mRdDeF7LroYhXZW8vepkyxdGy6E4s1h+PLdUY1cS2MwZkMhiO/wX0LUv7/EZE0L
lMz2bnwAaGPRvhlGUi9MmVhw7V1QMk4Zma+LoRkyy2uwC7NqaxWudTMRz6EZjMRj
wSmbbR3VaGDylyBqlhh0hHpdUNIGFrR7oUimezHJpzvMIVfu41d0u8SZskuPVor6
w2Q4IGKkF5i3EVjItOjZ3/zxEbMQzT/Qa3PoUQ3FJ6MK3WChJoBRRB+gNiviXedO
nUhI+5w+6YZ8fWYBbN9pcNj7yFS6BQIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFG2o
8Gp34nkUxPAFqHeip8RFqTA8MB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC82MDA3OEZFMjIzNzkxMUYxOEIxQjE0QThEQUU0RUM5Qy5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDmtnwMA0GCSqGSIb3DQEB
CwUAA4IBAQBTjeqSNErV52BnCWC0IOIKoWRSOjgVojRPu+82k9cui9tXn50WhWzO
THmKOngPAJmywPQu88cWGX8/ReBiCNDh7Il/8LEttR62ThXRcnWocGiBR20SCMoE
3jfv1na7CEX/1Po54vkIhvyxy9KH0fmkUhtA3/d23/WmQ4XsYkByzxAaegFfgLhz
BL+JuiH7gRANP/2q4iXdUsuDQAYth98lelm8BWM40lsH21GL4+5TUNmc44tExir4
xj9qa926IOeKd0PEr1peOTsto1qSMvCGGRPAVGOFmfnB8n13Mt2+wvZ3udEjztE0
A5glkb9Of/DC1Wiq2qEpOgvSMUlK9SYq
-----END CERTIFICATE-----