Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/C66F3896B10411EEB5AF7667775412E6.roa
File:                     C66F3896B10411EEB5AF7667775412E6.roa (raw, json)
Hash identifier:          JN7o0Rxu3pV/CY0sCVMxgNcCsxPAtJJekXcJGVvgaqQ=
Subject key identifier:   D0:4D:76:F5:DB:60:39:B4:9D:8B:58:B6:63:FE:14:5F:C2:E5:6B:7D
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       74B1
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/C66F3896B10411EEB5AF7667775412E6.roa
Signing time:             Fri 12 Jan 2024 04:40:56 +0000
ROA not before:           Fri 12 Jan 2024 04:40:53 +0000
ROA not after:            Fri 13 Dec 2024 04:40:53 +0000
asID:                     140227
IP address blocks:        154.205.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 05 May 2024 00:04:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 29873 (0x74b1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: Jan 12 04:40:53 2024 GMT
            Not After : Dec 13 04:40:53 2024 GMT
        Subject: CN=65a0c2d8-c0c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:22:73:06:30:b8:d8:70:21:ea:a3:6b:f0:7e:
                    16:2d:33:87:15:80:f7:4d:cc:1f:51:f5:b2:1b:d3:
                    55:a5:d7:78:4d:50:f8:fa:f1:2c:55:db:ca:22:f9:
                    b3:9d:2d:08:6f:cd:b0:8c:ad:42:5b:b7:2c:ed:e0:
                    65:b2:e5:50:2d:8d:08:d5:e9:c1:dc:4d:3f:af:26:
                    ff:fb:e1:81:45:f8:df:79:57:16:0a:08:63:f3:a0:
                    04:e1:6d:bd:47:5e:a9:ed:a3:63:03:8b:9a:0c:48:
                    0a:f5:fa:ac:04:3e:d9:9e:7d:0f:89:14:bd:76:63:
                    0b:7e:18:cb:ce:4e:c7:f6:f9:58:eb:bf:44:b0:e6:
                    12:4f:c5:a6:b3:11:ba:ab:54:da:34:a4:a1:8c:9a:
                    3a:27:af:7f:81:be:43:a8:ec:28:e8:ca:99:71:d3:
                    b3:65:ed:bc:e3:89:39:d0:93:83:d4:e6:84:21:bb:
                    d8:cf:bd:2f:9a:fa:79:11:65:24:ad:80:c1:7e:ef:
                    82:0b:5a:36:b6:87:ea:40:31:88:b7:43:cb:0a:f8:
                    3a:ff:c9:eb:5c:64:93:4c:5c:42:51:fc:86:d0:bb:
                    ff:84:8a:8f:69:ad:5a:1e:d4:de:c0:6a:c5:64:c0:
                    f7:db:73:f6:99:6c:8f:b8:16:75:55:92:87:fc:8b:
                    51:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:4D:76:F5:DB:60:39:B4:9D:8B:58:B6:63:FE:14:5F:C2:E5:6B:7D
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/C66F3896B10411EEB5AF7667775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.205.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:bb:7c:e8:34:ac:5e:6e:90:6e:4e:1d:dd:ea:ef:58:a7:e1:
         25:11:20:4f:42:b2:c0:c2:f6:1d:46:2e:32:c9:79:50:e3:c7:
         dd:18:94:51:5e:c8:4a:1d:2f:f9:4e:61:98:53:7e:df:b1:31:
         a2:bc:84:b8:d6:92:61:fd:63:c0:44:d0:be:de:de:e0:f3:dd:
         1e:e3:49:4b:0b:60:8d:1e:bc:d5:a0:6d:85:f1:fb:59:f5:3a:
         fb:9a:1d:f1:72:ce:70:c8:9d:88:82:85:47:c9:aa:d6:cd:12:
         0c:bd:e8:85:63:4e:25:ac:f6:b2:65:5e:b0:80:d7:c9:ac:d5:
         c3:2b:52:e6:01:ed:bb:73:46:39:c3:c0:c0:e3:b6:ae:76:0d:
         ec:5c:e7:f0:b6:65:43:e5:ba:61:bb:0f:e6:66:d9:40:34:e3:
         e7:d7:a8:ec:6c:79:ea:58:ca:f0:12:11:b2:6c:64:07:65:8f:
         d4:5a:23:78:45:ad:dd:88:07:19:02:84:6f:b5:be:66:f5:2f:
         27:a6:c5:77:6f:aa:75:ff:24:28:f9:db:b3:6f:5a:7c:27:7f:
         a4:1a:26:5a:5b:67:aa:73:2e:13:22:33:6e:d1:4c:7e:f7:0a:
         95:33:b3:3d:d8:76:3b:20:88:72:c9:72:da:59:4f:77:56:ae:
         18:cd:d4:b6
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICdLEwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
OEYyRDBBRjExMC8GA1UEBRMoMjVENjNFMDhFQUJFN0NGQTY3ODVENEMxRDZEMzQx
MTZERTE1QjNEQzAeFw0yNDAxMTIwNDQwNTNaFw0yNDEyMTMwNDQwNTNaMBgxFjAU
BgNVBAMTDTY1YTBjMmQ4LWMwYzYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDFInMGMLjYcCHqo2vwfhYtM4cVgPdNzB9R9bIb01Wl13hNUPj68SxV28oi
+bOdLQhvzbCMrUJbtyzt4GWy5VAtjQjV6cHcTT+vJv/74YFF+N95VxYKCGPzoATh
bb1HXqnto2MDi5oMSAr1+qwEPtmefQ+JFL12Ywt+GMvOTsf2+Vjrv0Sw5hJPxaaz
EbqrVNo0pKGMmjonr3+BvkOo7Cjoyplx07Nl7bzjiTnQk4PU5oQhu9jPvS+a+nkR
ZSStgMF+74ILWja2h+pAMYi3Q8sK+Dr/yetcZJNMXEJR/IbQu/+Eio9prVoe1N7A
asVkwPfbc/aZbI+4FnVVkof8i1FrAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQU0E12
9dtgObSdi1i2Y/4UX8Lla30wHwYDVR0jBBgwFoAUJdY+COq+fPpnhdTB1tNBFt4V
s9wwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjhGMkQwLzdGNEE5OEVBNkUwNTExRTg5QzBENkU0QkY4QUVBMjI4L0pkWS1D
T3EtZlBwbmhkVEIxdE5CRnQ0VnM5dy5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL0pkWS1DT3EtZlBwbmhkVEIxdE5CRnQ0VnM5dy5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjhGMkQwLzdGNEE5OEVBNkUwNTExRTg5QzBENkU0QkY4
QUVBMjI4L0M2NkYzODk2QjEwNDExRUVCNUFGNzY2Nzc3NTQxMkU2LnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACazckwDQYJKoZIhvcNAQEL
BQADggEBAL67fOg0rF5ukG5OHd3q71in4SURIE9CssDC9h1GLjLJeVDjx90YlFFe
yEodL/lOYZhTft+xMaK8hLjWkmH9Y8BE0L7e3uDz3R7jSUsLYI0evNWgbYXx+1n1
OvuaHfFyznDInYiChUfJqtbNEgy96IVjTiWs9rJlXrCA18ms1cMrUuYB7btzRjnD
wMDjtq52Dexc5/C2ZUPlumG7D+Zm2UA04+fXqOxseepYyvASEbJsZAdlj9RaI3hF
rd2IBxkChG+1vmb1LyemxXdvqnX/JCj527NvWnwnf6QaJlpbZ6pzLhMiM27RTH73
CpUzsz3YdjsgiHLJctpZT3dWrhjN1LY=
-----END CERTIFICATE-----