Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/C50C3F96C54C11EFA0884FB4762E951A.roa
File:                     C50C3F96C54C11EFA0884FB4762E951A.roa (raw, json)
Hash identifier:          monyLwahaXjDD55PCUz4rnDkLjib2Wlxhl87eBZ4y48=
Subject key identifier:   15:4A:BB:32:0E:99:26:6F:49:E8:21:38:33:03:83:E1:CF:93:FB:D0
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       012CE9
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/C50C3F96C54C11EFA0884FB4762E951A.roa
Signing time:             Sat 28 Dec 2024 18:51:39 +0000
ROA not before:           Sat 28 Dec 2024 18:51:35 +0000
ROA not after:            Sun 12 Dec 2027 18:51:35 +0000
asID:                     17561
IP address blocks:        154.209.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Mon 07 Apr 2025 00:06:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 77033 (0x12ce9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF
        Validity
            Not Before: Dec 28 18:51:35 2024 GMT
            Not After : Dec 12 18:51:35 2027 GMT
        Subject: CN=677048ba-d215
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:da:ea:f2:13:be:bb:27:47:68:c0:c1:53:b2:
                    46:83:b6:63:a7:88:1c:de:84:9c:7a:f4:bf:d7:ed:
                    ff:fe:b9:39:7c:2f:35:8f:d0:b2:1e:ac:76:21:60:
                    2e:4c:4d:9d:f1:39:43:33:bb:62:f2:d0:3a:5c:44:
                    16:3b:9e:a0:72:30:5e:1e:18:bb:3d:a7:d8:f9:1b:
                    59:db:41:ab:53:c9:84:ce:86:c8:e6:54:f1:db:e0:
                    f8:be:a0:60:d3:88:ad:05:2f:ee:42:0f:f1:04:9c:
                    18:00:fe:5b:43:8a:a7:9b:98:ec:44:fe:18:fa:17:
                    cd:96:36:99:70:87:5a:26:b6:a3:62:50:0d:8f:20:
                    ec:76:8f:7b:b1:73:6a:7d:1b:95:75:13:f5:f2:31:
                    af:ce:24:ec:aa:21:cf:fe:03:5b:78:ca:31:6f:db:
                    6b:6b:58:3f:a2:97:0d:79:ad:a9:e9:90:c1:a4:c0:
                    37:60:de:4e:8e:eb:f6:5c:63:ed:ea:bd:0b:7b:01:
                    db:e7:c4:0d:96:98:fb:53:a0:6a:ef:51:cd:c8:7b:
                    d2:fa:43:49:61:f7:2d:c3:65:83:46:f3:68:71:a6:
                    54:16:58:e3:36:d1:4d:8d:22:0f:88:27:17:44:d2:
                    7a:6b:dd:79:40:82:e4:82:9f:5c:45:c8:97:cc:17:
                    af:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:4A:BB:32:0E:99:26:6F:49:E8:21:38:33:03:83:E1:CF:93:FB:D0
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/C50C3F96C54C11EFA0884FB4762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.209.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:2b:49:77:16:23:2f:08:d2:78:8f:ad:95:be:bd:60:4a:8b:
         59:b2:ef:f7:49:ed:c3:d2:26:f3:8c:6d:c9:33:2c:5e:14:bb:
         54:4a:8f:6c:bf:98:26:7d:5b:8e:18:0e:c6:f8:00:79:6d:39:
         99:9d:65:46:40:19:a5:3c:29:e4:75:51:c9:18:c7:b6:3c:7a:
         4f:7e:9f:51:a6:ee:9d:94:e2:c1:18:33:24:c0:82:3d:b7:75:
         60:8c:94:77:76:cb:da:3b:2c:c2:8f:94:1e:50:20:20:36:6f:
         dd:f0:b9:0f:34:89:a1:9d:d0:da:f9:6f:12:34:56:8f:b1:cb:
         ae:0f:8b:d3:4d:a8:51:cf:a3:c5:b9:2c:6c:93:f5:9d:23:68:
         8b:f2:fe:47:ad:46:f9:67:dd:2f:1e:8b:9f:75:83:a6:ab:f8:
         6a:5b:a2:32:b6:93:bb:90:0f:cb:3d:b5:f2:6f:c0:a4:a9:b5:
         e3:b9:9b:ec:c2:dd:fe:19:1e:ec:6a:8c:df:6b:95:c6:19:e5:
         4b:5c:e5:7a:02:b9:76:7d:11:13:e9:4b:2c:cf:c4:65:b2:e7:
         ec:62:71:90:28:54:67:44:93:9f:05:1f:a6:fc:6d:77:85:cb:
         1f:57:15:e1:2c:1f:37:00:51:6f:b4:72:d1:3b:a2:35:94:44:
         f9:08:17:b6
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDASzpMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjQxMjI4MTg1MTM1WhcNMjcxMjEyMTg1MTM1WjAYMRYw
FAYDVQQDEw02NzcwNDhiYS1kMjE1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA7trq8hO+uydHaMDBU7JGg7Zjp4gc3oScevS/1+3//rk5fC81j9CyHqx2
IWAuTE2d8TlDM7ti8tA6XEQWO56gcjBeHhi7PafY+RtZ20GrU8mEzobI5lTx2+D4
vqBg04itBS/uQg/xBJwYAP5bQ4qnm5jsRP4Y+hfNljaZcIdaJrajYlANjyDsdo97
sXNqfRuVdRP18jGvziTsqiHP/gNbeMoxb9tra1g/opcNea2p6ZDBpMA3YN5Ojuv2
XGPt6r0LewHb58QNlpj7U6Bq71HNyHvS+kNJYfctw2WDRvNocaZUFljjNtFNjSIP
iCcXRNJ6a915QILkgp9cRciXzBevzQIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFBVK
uzIOmSZvSeghODMDg+HPk/vQMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC9DNTBDM0Y5NkM1NEMxMUVGQTA4ODRGQjQ3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmtFZMA0GCSqGSIb3DQEB
CwUAA4IBAQA2K0l3FiMvCNJ4j62Vvr1gSotZsu/3Se3D0ibzjG3JMyxeFLtUSo9s
v5gmfVuOGA7G+AB5bTmZnWVGQBmlPCnkdVHJGMe2PHpPfp9Rpu6dlOLBGDMkwII9
t3VgjJR3dsvaOyzCj5QeUCAgNm/d8LkPNImhndDa+W8SNFaPscuuD4vTTahRz6PF
uSxsk/WdI2iL8v5HrUb5Z90vHoufdYOmq/hqW6IytpO7kA/LPbXyb8CkqbXjuZvs
wt3+GR7saozfa5XGGeVLXOV6Arl2fRET6Ussz8RlsufsYnGQKFRnRJOfBR+m/G13
hcsfVxXhLB83AFFvtHLRO6I1lET5CBe2
-----END CERTIFICATE-----