Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/C448DBC2E74511EEB2D81FBC775412E6.roa
File:                     C448DBC2E74511EEB2D81FBC775412E6.roa (raw, json)
Hash identifier:          XFkJG59XGgWQftI9RDqFQtierJbNm1ojLmU5JV9fbxk=
Subject key identifier:   8D:1E:71:0F:A8:D7:22:96:61:45:83:1F:78:49:A5:C6:49:F3:0E:D8
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       A403
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/C448DBC2E74511EEB2D81FBC775412E6.roa
Signing time:             Thu 21 Mar 2024 05:42:13 +0000
ROA not before:           Thu 21 Mar 2024 05:42:09 +0000
ROA not after:            Tue 23 Apr 2024 05:42:09 +0000
asID:                     44559
IP address blocks:        154.220.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Tue 23 Apr 2024 00:04:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 41987 (0xa403)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: Mar 21 05:42:09 2024 GMT
            Not After : Apr 23 05:42:09 2024 GMT
        Subject: CN=65fbc8b5-51b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:6d:08:fa:f1:8f:96:e8:d6:cf:86:32:08:78:
                    04:fe:46:19:b2:54:a4:c9:69:a0:76:43:a6:ee:26:
                    15:b3:c7:78:6a:34:02:f6:d0:7c:d5:42:2c:0a:73:
                    ec:91:a6:ac:06:ca:39:67:da:14:1a:c4:72:fb:eb:
                    ec:bb:30:01:91:1f:8e:6a:3e:d7:f1:09:5e:0e:99:
                    16:0a:40:bf:74:ab:2f:8b:73:57:8c:15:83:24:a1:
                    1d:e7:35:90:a2:6c:12:e3:b8:bc:ef:f0:c6:f1:9a:
                    ea:99:8c:f4:e0:0c:8e:17:f9:06:42:c5:41:aa:2d:
                    3b:7e:4f:4f:cd:73:1a:a4:8a:31:2a:47:2b:95:c5:
                    9f:91:56:1a:5a:d1:e6:e1:8d:37:4e:bf:d5:ba:98:
                    d4:47:6c:91:c3:40:f0:82:84:d1:c5:00:bb:66:0d:
                    fc:fe:e4:72:a4:39:e8:12:06:6b:ea:50:9a:3b:de:
                    f1:b8:7d:a5:2a:9d:86:19:bb:ae:33:92:f6:f8:d0:
                    ef:0d:00:44:1e:63:68:30:bd:64:3f:93:02:d8:fb:
                    87:35:ac:91:d6:32:16:66:06:c0:97:f3:c8:fc:85:
                    e7:ea:a1:d7:5f:52:99:66:28:b5:00:80:28:df:c8:
                    51:0e:e1:b9:20:c3:cd:f2:02:73:3e:a0:f7:18:14:
                    ac:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:1E:71:0F:A8:D7:22:96:61:45:83:1F:78:49:A5:C6:49:F3:0E:D8
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/C448DBC2E74511EEB2D81FBC775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.220.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:8a:82:06:a7:7b:df:22:c6:1a:66:60:d2:2f:9b:30:21:72:
         88:fc:fa:05:f4:cf:20:87:32:33:ec:c5:f2:89:db:56:62:25:
         fa:4d:78:4e:a5:5d:17:f2:66:08:75:fe:75:fe:6f:b1:14:d6:
         3c:c2:91:16:c6:ec:dc:fe:c2:a7:1d:40:1a:3c:c8:fb:4f:cf:
         47:b3:03:d2:a8:6c:d4:0d:ac:3c:72:cc:e4:af:8f:49:f8:e2:
         2f:89:bd:ca:2e:f3:0c:76:1b:a7:91:70:c0:45:2a:9f:52:28:
         d5:46:b1:ff:53:d8:f2:63:f2:5d:84:70:a1:92:5b:bc:ee:cb:
         c5:ee:70:a0:11:85:e1:30:6e:60:50:7f:ed:54:54:a6:ec:3c:
         24:29:a0:3b:71:da:ab:11:71:da:85:5b:46:02:6d:bb:d7:00:
         82:d4:5d:3d:32:77:2d:81:18:5a:ba:35:ef:53:41:73:f4:e4:
         6f:6b:d3:5d:84:f9:fa:6b:74:f7:f7:79:b3:89:cf:c6:9c:a9:
         ef:43:cc:6d:f5:eb:99:77:a7:c7:98:dc:27:d4:a2:7b:05:e1:
         5b:46:8e:ba:40:b4:e7:87:6b:ff:81:5e:6c:4e:bc:77:fc:b3:
         24:be:17:94:40:51:5e:4c:da:c0:74:c2:0b:ca:ce:43:f2:2b:
         b4:7f:26:da
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDAKQDMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjQwMzIxMDU0MjA5WhcNMjQwNDIzMDU0MjA5WjAYMRYw
FAYDVQQDEw02NWZiYzhiNS01MWI5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAv20I+vGPlujWz4YyCHgE/kYZslSkyWmgdkOm7iYVs8d4ajQC9tB81UIs
CnPskaasBso5Z9oUGsRy++vsuzABkR+Oaj7X8QleDpkWCkC/dKsvi3NXjBWDJKEd
5zWQomwS47i87/DG8ZrqmYz04AyOF/kGQsVBqi07fk9PzXMapIoxKkcrlcWfkVYa
WtHm4Y03Tr/VupjUR2yRw0DwgoTRxQC7Zg38/uRypDnoEgZr6lCaO97xuH2lKp2G
GbuuM5L2+NDvDQBEHmNoML1kP5MC2PuHNayR1jIWZgbAl/PI/IXn6qHXX1KZZii1
AIAo38hRDuG5IMPN8gJzPqD3GBSs0QIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFI0e
cQ+o1yKWYUWDH3hJpcZJ8w7YMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC9DNDQ4REJDMkU3NDUxMUVFQjJEODFGQkM3NzU0MTJFNi5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmty3MA0GCSqGSIb3DQEB
CwUAA4IBAQBAioIGp3vfIsYaZmDSL5swIXKI/PoF9M8ghzIz7MXyidtWYiX6TXhO
pV0X8mYIdf51/m+xFNY8wpEWxuzc/sKnHUAaPMj7T89HswPSqGzUDaw8cszkr49J
+OIvib3KLvMMdhunkXDARSqfUijVRrH/U9jyY/JdhHChklu87svF7nCgEYXhMG5g
UH/tVFSm7DwkKaA7cdqrEXHahVtGAm271wCC1F09MnctgRhaujXvU0Fz9ORva9Nd
hPn6a3T393mzic/GnKnvQ8xt9euZd6fHmNwn1KJ7BeFbRo66QLTnh2v/gV5sTrx3
/LMkvheUQFFeTNrAdMILys5D8iu0fyba
-----END CERTIFICATE-----