Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/AEB61BC8590B11F19D92BFEACE1D38B0.roa
File:                     AEB61BC8590B11F19D92BFEACE1D38B0.roa (raw, json)
Hash identifier:          viBuObidB0qcIxXt+yfL5+S9Bo8F46qiY/Z71JIkZTk=
Subject key identifier:   3F:87:1D:E6:2D:23:01:29:50:D4:94:3F:4D:4F:0B:EB:D6:BA:7F:28
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       01CFCF
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/AEB61BC8590B11F19D92BFEACE1D38B0.roa
Signing time:             Tue 26 May 2026 14:03:34 +0000
ROA not before:           Tue 26 May 2026 14:03:29 +0000
ROA not after:            Wed 07 Oct 2026 14:03:29 +0000
asID:                     134789
IP address blocks:        154.196.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Mon 08 Jun 2026 12:13:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 118735 (0x1cfcf)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF, serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: May 26 14:03:29 2026 GMT
            Not After : Oct  7 14:03:29 2026 GMT
        Subject: CN=6a15a836-63d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:c3:10:80:8d:ec:0d:4c:e1:d6:a7:45:f4:ff:
                    de:52:6a:07:70:80:65:53:1f:69:24:51:94:61:a9:
                    1e:70:d5:5c:aa:0d:ad:c2:40:5a:5a:eb:d1:04:54:
                    00:b0:0f:9f:2e:26:73:4d:35:f7:aa:c6:46:9f:74:
                    a9:22:a5:b6:94:91:07:11:a5:6a:b4:77:18:2b:b5:
                    53:29:74:d3:25:64:99:27:2d:3c:a8:76:56:c7:3b:
                    5b:42:2a:a3:6b:cb:d4:43:3d:a5:90:ee:61:9f:52:
                    1c:8b:ec:b7:a0:99:56:58:ef:c9:93:23:76:e7:c9:
                    80:20:5c:e6:0d:f3:c1:f5:95:2f:e1:d4:dc:7f:b2:
                    ec:8a:02:87:36:90:b5:c8:ca:be:f0:2c:cb:2d:75:
                    b0:34:2b:db:90:33:80:1c:86:e6:00:bd:3b:6b:7d:
                    63:06:71:7f:b5:e4:12:b3:4a:a2:e1:09:c9:d7:0d:
                    d6:a5:4a:3b:48:89:34:49:4f:a8:cb:d2:46:3d:fd:
                    13:af:06:25:22:f7:49:ae:98:4f:63:5a:60:2c:3f:
                    36:fa:67:d4:9a:3a:58:b7:41:45:af:a7:5c:d7:ed:
                    04:13:e3:9b:48:77:22:14:40:f4:82:0e:fe:ce:96:
                    89:17:a5:a2:52:34:9f:c4:9e:2c:41:2c:c5:da:89:
                    b1:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:87:1D:E6:2D:23:01:29:50:D4:94:3F:4D:4F:0B:EB:D6:BA:7F:28
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/AEB61BC8590B11F19D92BFEACE1D38B0.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.196.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:92:c2:2f:d3:cf:9f:00:77:ac:f9:17:3b:aa:de:dd:a7:1c:
         58:f2:4c:b7:6d:a0:bb:31:11:8c:cc:3d:45:b0:b9:f5:f4:4f:
         a9:ca:77:c3:fe:18:70:e1:b9:af:b0:1c:12:53:ce:8f:fb:22:
         9b:52:fd:aa:0f:69:e5:70:41:aa:c4:b5:a1:6a:46:db:b1:3e:
         64:64:b1:30:98:e1:82:db:21:97:9b:ff:ef:52:bd:a0:27:a4:
         a5:ae:83:3f:e5:6c:b3:31:8b:58:3c:87:7c:47:83:8d:a8:66:
         b8:5e:78:f3:6b:0f:54:4f:bf:2b:ed:68:8b:ef:02:1c:7e:2c:
         cb:df:ab:35:ca:17:30:af:98:ae:d7:1a:b5:cb:0d:7f:b2:96:
         da:fd:74:83:a4:c7:96:b9:a8:b8:56:a3:04:55:d8:e3:d0:1f:
         bd:60:c3:70:90:45:e2:43:0e:16:e8:eb:b9:08:50:b3:ed:23:
         ae:95:92:fe:fb:cb:de:88:0b:04:2c:71:c8:a1:2a:0c:ae:2e:
         71:cb:6e:09:6c:ed:85:5d:20:66:05:ec:ce:6d:31:3c:cf:64:
         41:3a:be:48:5f:a9:ab:ea:ad:67:e2:83:1d:04:0d:27:5a:7d:
         ee:3f:36:12:35:f5:ec:7b:eb:70:76:70:d6:b0:ca:d0:7f:64:
         d4:9c:46:07
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDAc/PMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjYwNTI2MTQwMzI5WhcNMjYxMDA3MTQwMzI5WjAYMRYw
FAYDVQQDEw02YTE1YTgzNi02M2Q3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAvMMQgI3sDUzh1qdF9P/eUmoHcIBlUx9pJFGUYakecNVcqg2twkBaWuvR
BFQAsA+fLiZzTTX3qsZGn3SpIqW2lJEHEaVqtHcYK7VTKXTTJWSZJy08qHZWxztb
Qiqja8vUQz2lkO5hn1Ici+y3oJlWWO/JkyN258mAIFzmDfPB9ZUv4dTcf7LsigKH
NpC1yMq+8CzLLXWwNCvbkDOAHIbmAL07a31jBnF/teQSs0qi4QnJ1w3WpUo7SIk0
SU+oy9JGPf0TrwYlIvdJrphPY1pgLD82+mfUmjpYt0FFr6dc1+0EE+ObSHciFED0
gg7+zpaJF6WiUjSfxJ4sQSzF2omx0wIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFD+H
HeYtIwEpUNSUP01PC+vWun8oMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC9BRUI2MUJDODU5MEIxMUYxOUQ5MkJGRUFDRTFEMzhCMC5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmsSKMA0GCSqGSIb3DQEB
CwUAA4IBAQAsksIv08+fAHes+Rc7qt7dpxxY8ky3baC7MRGMzD1FsLn19E+pynfD
/hhw4bmvsBwSU86P+yKbUv2qD2nlcEGqxLWhakbbsT5kZLEwmOGC2yGXm//vUr2g
J6SlroM/5WyzMYtYPId8R4ONqGa4Xnjzaw9UT78r7WiL7wIcfizL36s1yhcwr5iu
1xq1yw1/spba/XSDpMeWuai4VqMEVdjj0B+9YMNwkEXiQw4W6Ou5CFCz7SOulZL+
+8veiAsELHHIoSoMri5xy24JbO2FXSBmBezObTE8z2RBOr5IX6mr6q1n4oMdBA0n
Wn3uPzYSNfXse+twdnDWsMrQf2TUnEYH
-----END CERTIFICATE-----