Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/A3FC5AD8946411F089926288DAE4EC9C.roa
File:                     A3FC5AD8946411F089926288DAE4EC9C.roa (raw, json)
Hash identifier:          TopjX8HsBkFec/57wLZ2DrTTQQLnbjYaC11fzbViniE=
Subject key identifier:   F6:72:E8:8F:65:30:25:CF:D8:29:99:3C:78:58:D2:50:87:15:2C:D9
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       019FFB
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/A3FC5AD8946411F089926288DAE4EC9C.roa
Signing time:             Thu 18 Sep 2025 07:54:02 +0000
ROA not before:           Thu 18 Sep 2025 07:53:56 +0000
ROA not after:            Fri 24 Oct 2025 07:53:56 +0000
asID:                     61414
IP address blocks:        154.217.248.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Tue 21 Oct 2025 00:06:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 106491 (0x19ffb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF, serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: Sep 18 07:53:56 2025 GMT
            Not After : Oct 24 07:53:56 2025 GMT
        Subject: CN=68cbba9a-6bd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:87:c0:06:02:38:17:bf:be:fc:dd:4e:33:2b:
                    ce:a2:dd:84:fa:2b:14:19:7d:a7:9b:54:f9:bf:92:
                    d0:ee:29:40:a7:dc:65:2e:bc:af:9c:a2:77:04:6f:
                    35:79:37:4d:c6:5a:1d:14:e7:0b:ff:83:f6:60:4c:
                    df:d4:0a:d6:23:89:ac:98:78:1e:ad:6a:dd:94:f1:
                    3e:05:7d:25:53:74:e9:d2:69:b6:c0:b3:0e:89:f1:
                    84:5f:6c:69:14:34:e1:4e:34:23:cb:af:9f:bc:20:
                    a2:de:7f:79:be:7e:93:9e:94:42:47:cc:f2:f4:90:
                    81:15:95:fe:15:28:f5:ce:94:7e:fd:e0:cb:11:d8:
                    6f:47:96:6b:d8:14:54:8f:ed:04:41:fd:2f:3d:cf:
                    6b:f2:ef:e2:3a:eb:36:2a:ac:a9:e8:b1:8a:59:42:
                    9c:c2:70:27:8a:14:fc:52:f4:03:73:3f:03:3f:ba:
                    a0:49:9e:6a:be:86:a7:a8:f8:6e:c5:2a:cc:f0:17:
                    55:31:21:74:dd:12:22:d3:13:78:59:e7:0a:11:59:
                    6e:3e:1a:b6:69:af:d8:71:34:fd:ec:e9:a8:82:b6:
                    34:24:44:4b:a7:00:ab:23:6c:2f:e0:31:f9:bf:ae:
                    d2:53:75:54:9a:49:89:32:b9:6f:9d:a7:88:56:21:
                    51:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:72:E8:8F:65:30:25:CF:D8:29:99:3C:78:58:D2:50:87:15:2C:D9
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/A3FC5AD8946411F089926288DAE4EC9C.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.217.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         54:96:5b:62:5b:fc:9d:bc:ef:6e:29:31:38:84:09:06:50:b4:
         29:84:21:c4:c2:ec:cb:ee:4a:f0:1f:fa:47:f5:82:d6:15:7d:
         11:dd:a6:77:2b:af:76:97:36:07:76:0e:50:a4:92:14:0e:22:
         42:12:9c:61:53:e7:83:48:95:3a:2f:db:ef:65:03:a4:35:85:
         3b:e1:62:89:04:6f:af:c9:35:26:65:fa:81:c7:d4:a6:a3:9f:
         9e:68:85:07:de:4b:f7:fe:b4:7c:c1:76:bf:1a:5c:75:90:79:
         5b:c6:e4:ad:91:de:24:87:a5:e3:f8:f7:6a:83:ae:84:40:9c:
         47:ed:d5:f9:75:f5:a6:8a:dc:65:67:fe:d4:c2:8a:f1:ce:e6:
         e8:c6:d4:6c:e2:96:8d:c2:f7:9d:eb:b3:c1:c8:64:8e:d9:b1:
         cb:79:29:21:ab:e4:42:76:d1:22:1d:13:58:fc:b6:9b:de:d8:
         97:61:5b:01:89:14:3c:da:6f:54:a0:93:32:43:4b:94:66:28:
         29:f5:0d:63:01:ea:d0:a4:04:90:19:fa:69:a6:d3:6b:b3:46:
         2e:d4:22:cb:63:c5:40:02:98:4a:b0:a9:60:40:c3:98:4f:ae:
         49:b9:b2:f9:8b:f4:3b:9c:cd:61:1e:39:89:f2:66:f7:a3:55:
         ce:f0:72:99
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDAZ/7MA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwOTE4MDc1MzU2WhcNMjUxMDI0MDc1MzU2WjAYMRYw
FAYDVQQDEw02OGNiYmE5YS02YmQ2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAo4fABgI4F7++/N1OMyvOot2E+isUGX2nm1T5v5LQ7ilAp9xlLryvnKJ3
BG81eTdNxlodFOcL/4P2YEzf1ArWI4msmHgerWrdlPE+BX0lU3Tp0mm2wLMOifGE
X2xpFDThTjQjy6+fvCCi3n95vn6TnpRCR8zy9JCBFZX+FSj1zpR+/eDLEdhvR5Zr
2BRUj+0EQf0vPc9r8u/iOus2Kqyp6LGKWUKcwnAnihT8UvQDcz8DP7qgSZ5qvoan
qPhuxSrM8BdVMSF03RIi0xN4WecKEVluPhq2aa/YcTT97OmogrY0JERLpwCrI2wv
4DH5v67SU3VUmkmJMrlvnaeIViFRCwIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFPZy
6I9lMCXP2CmZPHhY0lCHFSzZMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC9BM0ZDNUFEODk0NjQxMUYwODk5MjYyODhEQUU0RUM5Qy5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDmtn4MA0GCSqGSIb3DQEB
CwUAA4IBAQBUlltiW/ydvO9uKTE4hAkGULQphCHEwuzL7krwH/pH9YLWFX0R3aZ3
K692lzYHdg5QpJIUDiJCEpxhU+eDSJU6L9vvZQOkNYU74WKJBG+vyTUmZfqBx9Sm
o5+eaIUH3kv3/rR8wXa/Glx1kHlbxuStkd4kh6Xj+Pdqg66EQJxH7dX5dfWmitxl
Z/7UworxzuboxtRs4paNwved67PByGSO2bHLeSkhq+RCdtEiHRNY/Lab3tiXYVsB
iRQ82m9UoJMyQ0uUZigp9Q1jAerQpASQGfppptNrs0Yu1CLLY8VAAphKsKlgQMOY
T65JubL5i/Q7nM1hHjmJ8mb3o1XO8HKZ
-----END CERTIFICATE-----