Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/B7347422C36E11EFB8F58F5C762E951A.roa
File:                     B7347422C36E11EFB8F58F5C762E951A.roa (raw, json)
Hash identifier:          uISzZzXX7VzxH01neP4JMebv1MhSdyOQfoudeG3b3Ug=
Subject key identifier:   B2:F4:CC:F0:36:B7:71:E3:91:7C:5B:14:17:39:70:2E:61:8D:C5:66
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       012712
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/B7347422C36E11EFB8F58F5C762E951A.roa
Signing time:             Thu 26 Dec 2024 09:49:36 +0000
ROA not before:           Thu 26 Dec 2024 09:49:32 +0000
ROA not after:            Sun 12 Dec 2027 09:49:32 +0000
asID:                     17561
IP address blocks:        154.94.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 06 Apr 2025 00:06:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 75538 (0x12712)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF
        Validity
            Not Before: Dec 26 09:49:32 2024 GMT
            Not After : Dec 12 09:49:32 2027 GMT
        Subject: CN=676d26b0-3985
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:9d:6e:b0:f1:7d:f6:88:c4:94:29:33:b6:7b:
                    ec:67:c8:2f:aa:69:23:e9:8c:c0:98:e1:66:a9:67:
                    1f:46:50:a1:91:db:0b:6e:7b:80:38:c8:f6:6b:a5:
                    f9:4d:dd:02:49:30:c0:d1:a5:ed:8a:e0:ba:b2:b0:
                    0f:4a:e4:67:30:c4:3e:40:cf:b4:aa:cd:2d:d6:b9:
                    2b:8c:e8:f0:82:f1:ce:77:ee:42:88:1f:cf:af:cf:
                    90:0f:4d:5c:71:f4:0e:b9:c2:5c:5f:4f:60:0e:d8:
                    ca:0c:b5:3f:30:b7:0b:c5:81:3e:cd:75:9c:48:0c:
                    1b:27:02:24:87:d9:34:2c:02:cf:51:dc:dc:30:0a:
                    d8:18:c0:dd:f5:cc:78:8d:99:33:85:b9:26:60:4b:
                    ad:ea:4d:c6:aa:eb:cb:43:9d:93:74:34:ca:8f:10:
                    61:d9:c0:5d:3f:b3:fe:76:04:a0:11:ff:91:dc:fd:
                    af:ba:2d:ea:a2:cc:ed:3a:78:6f:c6:d4:a4:1d:bc:
                    0a:c3:0c:d6:76:c8:90:4d:9d:89:9a:31:6d:6d:dd:
                    53:cb:79:39:04:c9:21:d8:3b:04:22:d2:58:86:4c:
                    61:6e:29:fa:25:13:8d:63:30:1f:89:21:7a:43:2e:
                    19:b7:ce:9a:97:05:03:e6:49:86:e4:85:18:a4:2d:
                    11:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:F4:CC:F0:36:B7:71:E3:91:7C:5B:14:17:39:70:2E:61:8D:C5:66
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/B7347422C36E11EFB8F58F5C762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.94.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:36:7c:1d:2a:da:72:f8:10:5d:b9:be:01:ba:0f:a6:38:6e:
         65:4c:7b:40:a0:e7:5a:74:1e:1a:d4:13:74:ae:06:30:8a:1b:
         f8:98:46:b1:6f:c3:ef:1a:ae:ee:2d:d7:1d:a3:8b:05:b7:81:
         fb:87:94:5a:e4:ff:04:07:42:2c:63:34:ef:ce:a9:6e:9f:f6:
         d6:e2:39:95:e0:fb:4c:33:a3:a8:e8:ab:78:79:95:40:1d:f1:
         2d:ab:db:fa:a2:8f:81:5e:9a:b9:f6:52:d9:9b:30:75:ed:de:
         7e:f9:d2:79:cc:97:c9:59:bb:ae:10:b8:f9:09:9f:15:0b:ce:
         66:0d:00:62:96:8a:42:c3:bc:76:fd:cb:29:ce:40:f7:c0:a5:
         0d:ef:bf:83:38:c5:c8:83:fe:96:fb:7d:e9:4e:9a:09:29:ec:
         d0:06:a7:1b:ee:f3:86:e3:ff:5a:8e:d0:9a:45:0e:48:c4:1e:
         7b:f6:d0:bf:4b:37:34:9e:66:59:56:fe:dd:94:cf:49:c3:10:
         e5:0e:63:d7:48:6f:55:87:37:c9:a4:c7:d7:28:1b:9d:d9:09:
         eb:ff:31:07:74:7b:31:a4:e1:27:b6:38:9d:6e:c0:06:b8:2a:
         a5:42:07:32:6f:e9:a0:9a:ce:68:6b:ac:db:e2:84:22:2e:73:
         68:a2:ee:fe
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDAScSMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjQxMjI2MDk0OTMyWhcNMjcxMjEyMDk0OTMyWjAYMRYw
FAYDVQQDEw02NzZkMjZiMC0zOTg1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA251usPF99ojElCkztnvsZ8gvqmkj6YzAmOFmqWcfRlChkdsLbnuAOMj2
a6X5Td0CSTDA0aXtiuC6srAPSuRnMMQ+QM+0qs0t1rkrjOjwgvHOd+5CiB/Pr8+Q
D01ccfQOucJcX09gDtjKDLU/MLcLxYE+zXWcSAwbJwIkh9k0LALPUdzcMArYGMDd
9cx4jZkzhbkmYEut6k3GquvLQ52TdDTKjxBh2cBdP7P+dgSgEf+R3P2vui3qoszt
OnhvxtSkHbwKwwzWdsiQTZ2JmjFtbd1Ty3k5BMkh2DsEItJYhkxhbin6JRONYzAf
iSF6Qy4Zt86alwUD5kmG5IUYpC0R+QIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFLL0
zPA2t3HjkXxbFBc5cC5hjcVmMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC9CNzM0NzQyMkMzNkUxMUVGQjhGNThGNUM3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAml6gMA0GCSqGSIb3DQEB
CwUAA4IBAQAjNnwdKtpy+BBdub4Bug+mOG5lTHtAoOdadB4a1BN0rgYwihv4mEax
b8PvGq7uLdcdo4sFt4H7h5Ra5P8EB0IsYzTvzqlun/bW4jmV4PtMM6Oo6Kt4eZVA
HfEtq9v6oo+BXpq59lLZmzB17d5++dJ5zJfJWbuuELj5CZ8VC85mDQBilopCw7x2
/cspzkD3wKUN77+DOMXIg/6W+33pTpoJKezQBqcb7vOG4/9ajtCaRQ5IxB579tC/
Szc0nmZZVv7dlM9JwxDlDmPXSG9VhzfJpMfXKBud2Qnr/zEHdHsxpOEntjidbsAG
uCqlQgcyb+mgms5oa6zb4oQiLnNoou7+
-----END CERTIFICATE-----