Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/AFFA29A2A33111EF9A70574A762E951A.roa
File:                     AFFA29A2A33111EF9A70574A762E951A.roa (raw, json)
Hash identifier:          LUxOW9uRdo6+g1Tt1tr862/yuz9pkZvOnQPRHCDYi8s=
Subject key identifier:   C4:D7:88:CE:96:2E:23:D8:47:78:27:3B:05:50:1F:7E:0B:1B:EA:E5
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       010D78
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/AFFA29A2A33111EF9A70574A762E951A.roa
Signing time:             Fri 15 Nov 2024 09:12:07 +0000
ROA not before:           Fri 15 Nov 2024 09:12:04 +0000
ROA not after:            Sun 12 Jul 2026 09:12:04 +0000
asID:                     55967
IP address blocks:        154.85.56.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Mon 25 Nov 2024 00:05:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 68984 (0x10d78)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: Nov 15 09:12:04 2024 GMT
            Not After : Jul 12 09:12:04 2026 GMT
        Subject: CN=67371067-4427
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:0e:2e:2d:f7:02:79:c7:f2:4a:7a:28:97:0a:
                    ee:ce:18:c4:98:7e:17:08:2b:b5:87:a8:5c:97:21:
                    2e:3d:db:9f:1b:bb:59:8b:59:2d:e0:63:3c:66:c8:
                    ab:0e:12:a9:e0:f0:fe:7a:8d:75:4a:8f:31:d9:02:
                    05:81:c1:b1:79:6c:a9:54:eb:1c:0b:65:d0:d5:5b:
                    05:99:c6:4b:04:bd:69:98:b5:d4:27:0c:7f:19:26:
                    06:fb:e5:08:fa:ea:b5:1a:12:d9:36:78:a6:fb:5f:
                    69:34:47:06:58:9a:c1:88:12:0b:3c:3d:b5:d5:8e:
                    e0:64:1d:c6:49:a1:57:3b:2b:ef:11:08:99:a7:97:
                    97:92:98:77:2c:6a:16:45:ba:d9:70:b1:86:3f:d9:
                    5e:61:bf:60:2c:3c:e2:e5:62:27:77:e7:fa:99:8a:
                    40:57:f4:7e:dc:ba:1f:87:34:e8:a6:e5:6e:71:4a:
                    0f:55:25:f2:98:31:5b:96:e7:fa:2e:f5:88:56:e0:
                    cd:50:95:ca:c9:6e:c1:03:9c:24:1c:35:7a:89:69:
                    1a:27:c7:97:9e:86:0f:2c:62:b5:80:dc:65:a1:8a:
                    ee:65:1d:49:1e:ec:ac:12:a1:04:bb:68:f5:3d:0e:
                    0a:5e:16:49:48:79:ee:57:31:e9:b4:6e:f1:73:4b:
                    11:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:D7:88:CE:96:2E:23:D8:47:78:27:3B:05:50:1F:7E:0B:1B:EA:E5
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/AFFA29A2A33111EF9A70574A762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.85.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         36:c4:d4:d2:db:92:9d:08:1b:03:81:d7:05:b8:a7:8d:ef:64:
         26:a4:78:65:aa:80:3c:91:9a:76:a0:7a:31:15:48:88:fe:48:
         3a:65:23:8f:54:7c:cf:1f:c7:20:04:d2:0e:c4:66:a5:2c:69:
         48:1a:b5:a9:38:b9:28:e8:e1:0e:b2:a2:9b:97:db:ee:48:14:
         e2:7b:18:b2:3a:ee:53:73:c7:62:cc:a4:de:ce:a6:25:fa:df:
         32:6c:a5:fb:d2:8a:bc:c5:6a:3f:0a:43:e4:0a:b1:a7:7b:c0:
         47:7c:42:69:fa:4f:f3:27:36:03:09:74:1c:b1:a8:c4:33:49:
         f9:e7:67:a5:68:ce:63:4f:b0:7c:97:58:c0:1c:72:f5:df:f7:
         4d:09:4e:aa:5f:e2:d9:52:5b:a4:0b:00:19:3b:d7:c7:52:f4:
         dd:55:33:c6:b5:db:a5:51:e2:41:47:ff:10:83:00:41:20:bf:
         d5:55:36:36:e1:bb:0f:8a:b7:b6:42:71:c4:17:81:73:4f:34:
         94:cc:13:8e:02:74:d5:81:84:7e:84:1e:a5:13:bb:1e:42:76:
         3d:65:9d:76:b5:c7:94:36:2f:33:4f:21:f7:d1:b4:92:26:b7:
         33:b3:09:52:fc:51:25:69:ce:11:83:1b:c1:13:f4:ca:64:64:
         83:ab:3a:77
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDAQ14MA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjQxMTE1MDkxMjA0WhcNMjYwNzEyMDkxMjA0WjAYMRYw
FAYDVQQDEw02NzM3MTA2Ny00NDI3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAtA4uLfcCecfySnoolwruzhjEmH4XCCu1h6hclyEuPdufG7tZi1kt4GM8
ZsirDhKp4PD+eo11So8x2QIFgcGxeWypVOscC2XQ1VsFmcZLBL1pmLXUJwx/GSYG
++UI+uq1GhLZNnim+19pNEcGWJrBiBILPD211Y7gZB3GSaFXOyvvEQiZp5eXkph3
LGoWRbrZcLGGP9leYb9gLDzi5WInd+f6mYpAV/R+3LofhzTopuVucUoPVSXymDFb
luf6LvWIVuDNUJXKyW7BA5wkHDV6iWkaJ8eXnoYPLGK1gNxloYruZR1JHuysEqEE
u2j1PQ4KXhZJSHnuVzHptG7xc0sRlwIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFMTX
iM6WLiPYR3gnOwVQH34LG+rlMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC9BRkZBMjlBMkEzMzExMUVGOUE3MDU3NEE3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDmlU4MA0GCSqGSIb3DQEB
CwUAA4IBAQA2xNTS25KdCBsDgdcFuKeN72QmpHhlqoA8kZp2oHoxFUiI/kg6ZSOP
VHzPH8cgBNIOxGalLGlIGrWpOLko6OEOsqKbl9vuSBTiexiyOu5Tc8dizKTezqYl
+t8ybKX70oq8xWo/CkPkCrGne8BHfEJp+k/zJzYDCXQcsajEM0n552elaM5jT7B8
l1jAHHL13/dNCU6qX+LZUlukCwAZO9fHUvTdVTPGtdulUeJBR/8QgwBBIL/VVTY2
4bsPire2QnHEF4FzTzSUzBOOAnTVgYR+hB6lE7seQnY9ZZ12tceUNi8zTyH30bSS
JrczswlS/FElac4RgxvBE/TKZGSDqzp3
-----END CERTIFICATE-----