Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/CC67395A354811F0ADF7B47BDAE4EC9C.roa
File:                     CC67395A354811F0ADF7B47BDAE4EC9C.roa (raw, json)
Hash identifier:          HOI0HURirRjuJ8gPpcIMFrzvLB0iarkHh8wLb7Nv9ME=
Subject key identifier:   0D:D9:35:11:B7:BD:E3:77:1E:C5:3A:75:CC:DA:C4:39:BE:3B:7C:9E
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       018170
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/CC67395A354811F0ADF7B47BDAE4EC9C.roa
Signing time:             Tue 20 May 2025 07:05:23 +0000
ROA not before:           Tue 20 May 2025 07:05:19 +0000
ROA not after:            Sat 28 Jun 2025 07:05:19 +0000
asID:                     57043
IP address blocks:        154.86.116.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sat 07 Jun 2025 00:06:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 98672 (0x18170)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF, serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: May 20 07:05:19 2025 GMT
            Not After : Jun 28 07:05:19 2025 GMT
        Subject: CN=682c29b3-8086
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:6f:93:8b:49:1b:51:19:7b:c5:d1:b2:72:e7:
                    46:26:7e:a3:30:f5:22:a0:74:30:1a:25:83:f1:5f:
                    5b:1d:a5:d5:fb:c4:33:e3:99:bb:60:2b:12:32:26:
                    48:30:0b:a1:f3:17:f1:f6:49:c7:2b:6f:4e:85:14:
                    a3:aa:c5:4f:e3:af:7d:b9:5e:94:9b:a8:bf:b7:4a:
                    19:78:d4:ab:5e:b1:0f:9b:8c:b8:00:6a:03:b2:03:
                    68:4c:56:17:1d:2d:37:c1:b3:88:39:22:be:77:d1:
                    2f:0c:f1:03:a8:5c:4c:86:ff:00:51:e2:ab:45:ea:
                    b6:eb:64:67:75:ca:5f:4a:8c:95:49:fb:d6:70:99:
                    f2:38:ce:ed:75:83:6f:11:ea:22:61:a4:7e:8b:eb:
                    f6:e9:51:ec:bc:a4:42:b0:02:bb:ca:b6:fb:7d:92:
                    6b:23:d3:94:ab:20:26:f5:21:b1:f9:91:be:82:d4:
                    fa:10:ca:72:cd:da:59:0f:e2:e8:ca:fe:67:53:3e:
                    d5:a4:43:9b:34:37:98:52:21:06:19:4b:fb:6b:35:
                    3f:04:fa:1a:9f:c1:e8:5b:96:c9:68:70:bb:07:69:
                    7a:a8:33:e5:26:d6:59:36:9e:cc:2f:3a:03:5c:b6:
                    6e:8c:73:59:57:1d:2f:53:ab:54:5e:e9:a5:fa:32:
                    ed:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:D9:35:11:B7:BD:E3:77:1E:C5:3A:75:CC:DA:C4:39:BE:3B:7C:9E
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/CC67395A354811F0ADF7B47BDAE4EC9C.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.86.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3a:26:c8:58:77:72:d9:55:3f:a8:4d:35:c9:4d:8e:29:2a:bb:
         06:22:f3:ce:18:91:87:cc:0c:a7:11:74:8c:b5:c7:4b:78:83:
         1f:7f:7c:7d:f1:19:5f:39:ef:4b:7a:f7:f4:9a:00:91:94:10:
         96:34:30:17:d3:8f:99:59:78:2d:b8:8e:e7:03:a8:8d:d4:01:
         11:8c:a9:ef:8b:d7:c0:8a:77:1f:aa:82:11:77:12:a5:ce:32:
         57:c3:1d:a8:2d:2d:75:9f:d6:55:52:ac:a6:6d:58:93:00:f7:
         24:85:c5:c3:ac:50:df:34:3a:96:f8:35:97:7a:85:9c:c8:a1:
         de:91:8a:d7:44:dc:6e:4c:94:d4:f7:5b:02:2e:87:54:6d:1c:
         b8:2f:80:52:19:3f:43:80:41:de:48:f5:4a:98:2d:d0:aa:c3:
         71:98:95:9f:69:9b:d0:cd:38:3f:06:a4:c0:c3:91:be:2b:b0:
         e1:12:b9:b3:b3:cb:a0:b7:49:1e:5e:c3:01:93:ed:10:a9:64:
         7a:9a:f7:13:4f:f3:c6:33:b5:67:aa:fe:9b:6d:75:48:ec:f6:
         c5:6b:77:61:04:c7:52:28:b0:e3:8c:b8:f6:0e:51:64:4f:90:
         47:1a:35:40:61:be:fd:00:26:a6:10:a4:56:15:9f:fd:93:d5:
         d9:9a:2b:93
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDAYFwMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwNTIwMDcwNTE5WhcNMjUwNjI4MDcwNTE5WjAYMRYw
FAYDVQQDEw02ODJjMjliMy04MDg2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA3G+Ti0kbURl7xdGycudGJn6jMPUioHQwGiWD8V9bHaXV+8Qz45m7YCsS
MiZIMAuh8xfx9knHK29OhRSjqsVP4699uV6Um6i/t0oZeNSrXrEPm4y4AGoDsgNo
TFYXHS03wbOIOSK+d9EvDPEDqFxMhv8AUeKrReq262RndcpfSoyVSfvWcJnyOM7t
dYNvEeoiYaR+i+v26VHsvKRCsAK7yrb7fZJrI9OUqyAm9SGx+ZG+gtT6EMpyzdpZ
D+Loyv5nUz7VpEObNDeYUiEGGUv7azU/BPoan8HoW5bJaHC7B2l6qDPlJtZZNp7M
LzoDXLZujHNZVx0vU6tUXuml+jLt3QIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFA3Z
NRG3veN3HsU6dczaxDm+O3yeMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC9DQzY3Mzk1QTM1NDgxMUYwQURGN0I0N0JEQUU0RUM5Qy5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBmlZ0MA0GCSqGSIb3DQEB
CwUAA4IBAQA6JshYd3LZVT+oTTXJTY4pKrsGIvPOGJGHzAynEXSMtcdLeIMff3x9
8RlfOe9Levf0mgCRlBCWNDAX04+ZWXgtuI7nA6iN1AERjKnvi9fAincfqoIRdxKl
zjJXwx2oLS11n9ZVUqymbViTAPckhcXDrFDfNDqW+DWXeoWcyKHekYrXRNxuTJTU
91sCLodUbRy4L4BSGT9DgEHeSPVKmC3QqsNxmJWfaZvQzTg/BqTAw5G+K7DhErmz
s8ugt0keXsMBk+0QqWR6mvcTT/PGM7Vnqv6bbXVI7PbFa3dhBMdSKLDjjLj2DlFk
T5BHGjVAYb79ACamEKRWFZ/9k9XZmiuT
-----END CERTIFICATE-----