Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/BC073C1CF35411EF8AFBCC7A762E951A.roa
File:                     BC073C1CF35411EF8AFBCC7A762E951A.roa (raw, json)
Hash identifier:          O7dRZaY4H5xoHRK6zLnz7/kmEDi9todsmrI3Nd3esw8=
Subject key identifier:   5B:77:EC:D9:3C:89:F3:14:5D:A8:6A:51:33:C6:D2:6A:1B:90:13:0D
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       015DBA
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/BC073C1CF35411EF8AFBCC7A762E951A.roa
Signing time:             Tue 25 Feb 2025 08:44:33 +0000
ROA not before:           Tue 25 Feb 2025 08:44:29 +0000
ROA not after:            Mon 07 Apr 2025 08:44:29 +0000
asID:                     138915
IP address blocks:        154.223.74.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 06 Apr 2025 00:06:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 89530 (0x15dba)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF
        Validity
            Not Before: Feb 25 08:44:29 2025 GMT
            Not After : Apr  7 08:44:29 2025 GMT
        Subject: CN=67bd82f1-8e6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:62:34:c9:59:c8:b5:f5:a3:01:c8:e0:c1:4f:
                    28:cd:9f:65:a4:1a:c7:d4:59:68:f9:62:74:73:fc:
                    14:7e:52:4a:7e:ca:32:d5:74:9b:bd:ef:4c:69:53:
                    12:23:f8:0f:33:92:70:a4:5d:d9:cc:c2:33:ee:e3:
                    98:99:c3:c1:d4:3d:3f:10:46:5e:db:ef:55:73:25:
                    a3:7f:6d:1f:44:cc:84:49:01:df:80:43:3d:8d:b1:
                    74:74:f2:ff:09:65:c6:d8:2e:86:2b:f4:4e:78:2a:
                    80:d4:c4:b0:71:d0:0e:6d:45:04:4d:d3:06:1b:f4:
                    4d:5f:5a:38:ec:34:40:e3:65:5d:63:de:3f:20:93:
                    20:ac:bd:e0:6c:4e:08:d6:62:21:67:84:53:94:6b:
                    37:fe:ae:01:e1:30:8e:3f:97:6d:53:e9:78:91:bb:
                    9a:44:18:6a:9c:59:d3:d6:a8:25:66:92:59:a6:51:
                    8a:3b:0d:cf:41:33:e9:8a:95:4d:2b:42:6d:da:c3:
                    01:c9:9e:91:06:b0:1a:93:0c:f0:be:46:fc:14:41:
                    d1:44:c5:3c:b2:9a:0b:a7:56:44:19:75:80:68:ab:
                    61:da:d3:aa:4b:c7:3e:c9:32:b6:9b:bb:64:0d:e5:
                    6e:7e:dd:5b:d5:19:1c:77:93:78:f4:45:ad:43:c2:
                    1e:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:77:EC:D9:3C:89:F3:14:5D:A8:6A:51:33:C6:D2:6A:1B:90:13:0D
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/BC073C1CF35411EF8AFBCC7A762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.223.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a6:09:05:8e:3f:fc:45:c5:1e:1e:2f:a3:e3:85:f1:d9:33:ff:
         a8:44:6b:c2:41:16:b6:7f:d9:15:dc:6a:5f:6f:8b:a5:0c:20:
         d3:3b:f3:e1:67:52:fa:4b:ab:09:0c:3d:52:78:65:be:1e:b5:
         1d:73:de:17:56:65:a9:35:99:dd:b0:77:90:3c:a3:5b:d7:68:
         7f:f6:e7:0f:f3:94:59:2f:80:36:5d:70:48:d3:c1:29:5a:5f:
         a5:9b:69:42:51:bf:47:e2:24:97:12:5d:33:df:10:37:b7:d9:
         ee:8d:53:ec:03:a2:19:74:54:ea:e5:54:5a:b2:0f:bd:ee:0c:
         7c:cd:e2:c6:f3:7b:27:f1:1c:dd:2e:6a:58:d4:11:56:e7:a9:
         b9:46:fe:5f:28:c7:e8:2a:61:21:50:e7:3c:42:a0:9e:3b:8a:
         a2:81:76:54:a2:3a:b0:4f:19:9d:d4:ef:7e:73:d1:5b:f6:f4:
         68:16:ba:fa:58:af:8e:e2:85:13:4c:15:51:98:fe:c6:ae:4f:
         fc:ec:75:86:d2:52:3d:2a:cf:a9:91:40:14:96:c2:4e:87:8a:
         61:64:c7:21:9f:ae:92:dd:f4:b7:f0:b3:14:98:f1:40:28:d5:
         18:56:d5:80:18:a0:d6:0d:53:94:07:f4:a2:f2:96:ee:90:34:
         ae:6c:b6:37
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDAV26MA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwMjI1MDg0NDI5WhcNMjUwNDA3MDg0NDI5WjAYMRYw
FAYDVQQDEw02N2JkODJmMS04ZTZjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAuWI0yVnItfWjAcjgwU8ozZ9lpBrH1Flo+WJ0c/wUflJKfsoy1XSbve9M
aVMSI/gPM5JwpF3ZzMIz7uOYmcPB1D0/EEZe2+9VcyWjf20fRMyESQHfgEM9jbF0
dPL/CWXG2C6GK/ROeCqA1MSwcdAObUUETdMGG/RNX1o47DRA42VdY94/IJMgrL3g
bE4I1mIhZ4RTlGs3/q4B4TCOP5dtU+l4kbuaRBhqnFnT1qglZpJZplGKOw3PQTPp
ipVNK0Jt2sMByZ6RBrAakwzwvkb8FEHRRMU8spoLp1ZEGXWAaKth2tOqS8c+yTK2
m7tkDeVuft1b1Rkcd5N49EWtQ8IeWwIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFFt3
7Nk8ifMUXahqUTPG0mobkBMNMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC9CQzA3M0MxQ0YzNTQxMUVGOEFGQkNDN0E3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBmt9KMA0GCSqGSIb3DQEB
CwUAA4IBAQCmCQWOP/xFxR4eL6PjhfHZM/+oRGvCQRa2f9kV3Gpfb4ulDCDTO/Ph
Z1L6S6sJDD1SeGW+HrUdc94XVmWpNZndsHeQPKNb12h/9ucP85RZL4A2XXBI08Ep
Wl+lm2lCUb9H4iSXEl0z3xA3t9nujVPsA6IZdFTq5VRasg+97gx8zeLG83sn8Rzd
LmpY1BFW56m5Rv5fKMfoKmEhUOc8QqCeO4qigXZUojqwTxmd1O9+c9Fb9vRoFrr6
WK+O4oUTTBVRmP7Grk/87HWG0lI9Ks+pkUAUlsJOh4phZMchn66S3fS38LMUmPFA
KNUYVtWAGKDWDVOUB/Si8pbukDSubLY3
-----END CERTIFICATE-----