Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/9CCFE190CDD511EF8E35FB80762E951A.roa
File:                     9CCFE190CDD511EF8E35FB80762E951A.roa (raw, json)
Hash identifier:          BIIcWMiZ6xoT/j/msF8S93hlvPmWhqYbM1UhdC5qkVI=
Subject key identifier:   D0:9F:A9:2D:F8:E6:B6:F5:F8:3B:F9:4B:0C:C3:56:D3:3A:CF:E7:0B
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       013767
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/9CCFE190CDD511EF8E35FB80762E951A.roa
Signing time:             Wed 08 Jan 2025 15:31:21 +0000
ROA not before:           Wed 08 Jan 2025 15:31:18 +0000
ROA not after:            Sat 03 Jan 2026 15:31:18 +0000
asID:                     984
IP address blocks:        154.88.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 06 Apr 2025 00:06:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 79719 (0x13767)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF
        Validity
            Not Before: Jan  8 15:31:18 2025 GMT
            Not After : Jan  3 15:31:18 2026 GMT
        Subject: CN=677e9a49-06b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f9:18:0f:db:b8:f7:03:bf:bc:7a:c9:5d:e9:
                    8e:4b:6b:2f:fa:d5:bf:2e:46:e0:9b:93:38:0e:aa:
                    8a:3b:98:5d:20:a1:0a:c9:56:20:8e:30:c9:fd:3d:
                    5f:a0:1c:c7:5b:d5:d8:b8:e7:81:62:46:fe:1c:9e:
                    46:38:c5:cb:d4:d4:49:e9:d9:e6:61:8c:12:2b:cd:
                    c5:0a:e6:2a:c5:4e:a2:44:c9:b5:74:d8:ad:01:7f:
                    fe:5b:7c:ae:ff:a9:55:da:ef:9b:4c:d3:05:95:48:
                    7a:a1:0f:35:e2:82:75:1f:f9:c6:32:8c:7b:d7:de:
                    ad:a6:2d:cb:07:f5:6e:ae:73:10:ee:8d:b3:7e:a5:
                    66:6f:72:f0:f1:23:3d:1d:0c:18:6e:4e:b0:90:08:
                    a1:1d:1c:73:41:d3:44:8c:57:43:57:55:5d:1b:fe:
                    a4:16:73:b9:c7:40:fc:c8:3e:0e:07:08:5e:8d:7d:
                    a2:f7:ec:7e:27:57:28:48:74:87:8c:ec:ba:a6:da:
                    61:a6:9f:e9:88:c8:44:c0:49:6e:f1:76:6c:e4:c3:
                    1d:66:0d:47:9c:42:bf:6e:66:89:d0:1d:58:54:c6:
                    d5:2a:10:be:ff:e7:e1:e4:9e:70:86:da:be:1d:30:
                    62:1a:cc:6c:1d:d4:82:69:86:23:70:04:76:cf:02:
                    2f:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:9F:A9:2D:F8:E6:B6:F5:F8:3B:F9:4B:0C:C3:56:D3:3A:CF:E7:0B
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/9CCFE190CDD511EF8E35FB80762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.88.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:f1:03:cb:b9:33:08:66:29:d1:96:da:e9:3b:7a:a2:81:99:
         0b:d3:5b:50:d3:79:57:e6:97:27:46:3f:df:03:df:a3:42:82:
         40:fa:c1:ac:42:14:9b:40:a6:31:1c:fb:aa:a6:d4:95:20:29:
         2e:56:0b:a1:20:b2:ae:ec:77:05:18:09:0a:63:6c:29:06:93:
         d0:22:76:32:31:9e:68:4c:24:9b:ec:47:a0:0b:52:fa:e4:f5:
         6b:ba:58:71:b1:70:be:87:0f:57:d2:e3:1d:ca:4b:65:32:7e:
         0d:69:ef:75:a0:46:d4:12:63:74:7e:af:c3:46:41:dd:2b:8e:
         be:81:be:56:c7:17:ce:9c:80:a0:60:e2:a7:48:1a:e8:cd:21:
         0a:b1:18:df:07:c3:86:a7:e1:fb:c5:3c:8e:cc:f8:8f:fb:78:
         ab:bd:77:6e:f2:a8:7f:54:22:77:41:98:9b:0b:5d:cb:0c:c4:
         ac:99:3d:f1:b5:0f:9c:6a:3c:70:90:e2:a0:d2:6b:68:52:55:
         29:fe:7e:8f:af:30:08:16:ec:de:b8:9a:bb:f1:18:bf:89:79:
         f9:96:7e:db:8a:c7:14:d4:17:22:47:68:8b:58:c5:51:28:0a:
         3f:02:de:97:52:14:e5:78:02:11:c1:60:e3:4a:2f:25:f4:1a:
         fb:cc:20:df
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDATdnMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwMTA4MTUzMTE4WhcNMjYwMTAzMTUzMTE4WjAYMRYw
FAYDVQQDEw02NzdlOWE0OS0wNmI3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAnfkYD9u49wO/vHrJXemOS2sv+tW/Lkbgm5M4DqqKO5hdIKEKyVYgjjDJ
/T1foBzHW9XYuOeBYkb+HJ5GOMXL1NRJ6dnmYYwSK83FCuYqxU6iRMm1dNitAX/+
W3yu/6lV2u+bTNMFlUh6oQ814oJ1H/nGMox7196tpi3LB/VurnMQ7o2zfqVmb3Lw
8SM9HQwYbk6wkAihHRxzQdNEjFdDV1VdG/6kFnO5x0D8yD4OBwhejX2i9+x+J1co
SHSHjOy6ptphpp/piMhEwElu8XZs5MMdZg1HnEK/bmaJ0B1YVMbVKhC+/+fh5J5w
htq+HTBiGsxsHdSCaYYjcAR2zwIvwwIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFNCf
qS345rb1+Dv5SwzDVtM6z+cLMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC85Q0NGRTE5MENERDUxMUVGOEUzNUZCODA3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmlgjMA0GCSqGSIb3DQEB
CwUAA4IBAQCc8QPLuTMIZinRltrpO3qigZkL01tQ03lX5pcnRj/fA9+jQoJA+sGs
QhSbQKYxHPuqptSVICkuVguhILKu7HcFGAkKY2wpBpPQInYyMZ5oTCSb7EegC1L6
5PVrulhxsXC+hw9X0uMdyktlMn4Nae91oEbUEmN0fq/DRkHdK46+gb5WxxfOnICg
YOKnSBrozSEKsRjfB8OGp+H7xTyOzPiP+3irvXdu8qh/VCJ3QZibC13LDMSsmT3x
tQ+cajxwkOKg0mtoUlUp/n6PrzAIFuzeuJq78Ri/iXn5ln7biscU1BciR2iLWMVR
KAo/At6XUhTleAIRwWDjSi8l9Br7zCDf
-----END CERTIFICATE-----