Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/DD9DAFF8A73E11EF9A5F29B3762E951A.roa
File:                     DD9DAFF8A73E11EF9A5F29B3762E951A.roa (raw, json)
Hash identifier:          bNpw3S0sX62dKuy8d9r5xTF7+FXfuYqoNWm6POBLcEc=
Subject key identifier:   32:49:B7:DE:ED:EA:10:C9:73:64:8B:C3:62:EA:02:2E:62:F7:A8:3B
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       010FB1
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/DD9DAFF8A73E11EF9A5F29B3762E951A.roa
Signing time:             Wed 20 Nov 2024 12:56:32 +0000
ROA not before:           Wed 20 Nov 2024 12:56:28 +0000
ROA not after:            Sat 30 Nov 2024 12:56:28 +0000
asID:                     136778
IP address blocks:        154.212.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 69553 (0x10fb1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: Nov 20 12:56:28 2024 GMT
            Not After : Nov 30 12:56:28 2024 GMT
        Subject: CN=673ddc80-5f34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:38:96:ed:a3:50:20:51:05:28:58:06:7f:4a:
                    1b:c8:58:b7:cc:83:02:b3:db:f7:54:c7:4c:c6:b9:
                    e4:66:12:2f:d2:a9:b8:65:ab:9f:50:7b:1b:b7:8e:
                    a5:1b:82:e5:48:b4:65:b7:ab:0d:5d:06:99:31:ae:
                    c3:9c:18:ce:17:a1:a9:37:7d:30:e0:ce:46:a7:e2:
                    db:22:12:d5:ef:4b:39:52:67:bf:7a:87:f1:cd:bc:
                    6b:0c:05:3e:c7:fd:e7:21:bd:8e:a6:5b:af:47:f8:
                    f7:90:80:2f:29:6e:16:b4:ec:c2:62:0b:ad:fc:11:
                    2f:51:13:15:0f:9b:d5:8b:0e:52:33:de:cc:db:37:
                    93:34:ee:c3:b8:a0:9e:4a:23:a6:d4:6f:c8:9a:b7:
                    71:01:9b:fd:fa:9c:ef:12:fc:18:fc:ad:74:f9:2c:
                    08:3f:d3:c7:13:73:1b:d5:2a:6c:8a:12:41:fa:d6:
                    9c:8f:c9:5a:7c:55:72:75:c5:e3:9a:dc:d8:6f:94:
                    25:dd:3a:5a:b8:5f:ab:e5:28:b7:2a:c0:1c:20:cd:
                    70:b4:b5:c5:77:85:d1:22:6a:20:64:4a:86:77:12:
                    ff:36:32:30:36:f8:40:db:79:e1:15:de:72:94:53:
                    83:ca:18:da:6c:f0:85:8b:ef:5d:28:fd:5f:54:64:
                    d0:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:49:B7:DE:ED:EA:10:C9:73:64:8B:C3:62:EA:02:2E:62:F7:A8:3B
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/DD9DAFF8A73E11EF9A5F29B3762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.212.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:78:39:fb:1c:1e:07:96:ca:30:22:a1:c8:ee:65:4d:e7:9e:
         ef:8e:14:7f:94:27:61:b3:fc:ec:15:15:b5:9c:b1:05:52:51:
         14:1e:8f:5e:4f:d6:30:b0:e5:38:d6:b5:2d:ea:80:ac:14:ae:
         6b:2e:55:98:67:52:c9:e9:f2:01:77:79:7f:4d:8f:80:7c:ef:
         50:e0:1e:d9:95:3a:96:5c:e6:a1:9b:42:4c:8f:46:58:b1:c4:
         00:96:46:8e:b9:fd:18:49:83:3a:b2:12:64:4b:38:e3:c5:23:
         a7:ad:51:89:c7:5f:c2:bc:76:5b:d1:2d:80:85:57:fd:6b:43:
         56:43:b8:60:4e:bd:2c:02:bc:6d:f1:c2:95:7d:a1:34:d1:21:
         92:ad:18:63:50:52:08:94:f4:45:d2:25:e1:23:ce:5e:15:5f:
         86:62:5f:00:e4:de:43:b7:30:59:94:c7:80:de:b6:13:af:ac:
         ad:12:1f:b4:75:ce:92:54:f6:d6:54:e9:0b:22:6c:4c:fc:95:
         39:e7:1f:c9:29:b6:d7:66:cd:ee:e8:33:8d:b0:97:d8:08:5e:
         a8:6d:45:da:54:b7:69:ab:df:d5:dd:c8:d0:ac:d6:87:cd:a3:
         65:f5:49:02:6e:16:78:8b:5b:a1:58:01:c4:29:df:94:09:03:
         20:e5:d7:35
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDAQ+xMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjQxMTIwMTI1NjI4WhcNMjQxMTMwMTI1NjI4WjAYMRYw
FAYDVQQDEw02NzNkZGM4MC01ZjM0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA4ziW7aNQIFEFKFgGf0obyFi3zIMCs9v3VMdMxrnkZhIv0qm4ZaufUHsb
t46lG4LlSLRlt6sNXQaZMa7DnBjOF6GpN30w4M5Gp+LbIhLV70s5Ume/eofxzbxr
DAU+x/3nIb2OpluvR/j3kIAvKW4WtOzCYgut/BEvURMVD5vViw5SM97M2zeTNO7D
uKCeSiOm1G/ImrdxAZv9+pzvEvwY/K10+SwIP9PHE3Mb1SpsihJB+tacj8lafFVy
dcXjmtzYb5Ql3TpauF+r5Si3KsAcIM1wtLXFd4XRImogZEqGdxL/NjIwNvhA23nh
Fd5ylFODyhjabPCFi+9dKP1fVGTQKQIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFDJJ
t97t6hDJc2SLw2LqAi5i96g7MB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC9ERDlEQUZGOEE3M0UxMUVGOUE1RjI5QjM3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmtSSMA0GCSqGSIb3DQEB
CwUAA4IBAQANeDn7HB4HlsowIqHI7mVN557vjhR/lCdhs/zsFRW1nLEFUlEUHo9e
T9YwsOU41rUt6oCsFK5rLlWYZ1LJ6fIBd3l/TY+AfO9Q4B7ZlTqWXOahm0JMj0ZY
scQAlkaOuf0YSYM6shJkSzjjxSOnrVGJx1/CvHZb0S2AhVf9a0NWQ7hgTr0sArxt
8cKVfaE00SGSrRhjUFIIlPRF0iXhI85eFV+GYl8A5N5DtzBZlMeA3rYTr6ytEh+0
dc6SVPbWVOkLImxM/JU55x/JKbbXZs3u6DONsJfYCF6obUXaVLdpq9/V3cjQrNaH
zaNl9UkCbhZ4i1uhWAHEKd+UCQMg5dc1
-----END CERTIFICATE-----