Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/E4EEDDA0A81D11F0AD6E44D0DAE4EC9C.roa
File:                     E4EEDDA0A81D11F0AD6E44D0DAE4EC9C.roa (raw, json)
Hash identifier:          1eFLEt0qR99pHoDUIUBJWPTEgP4IpxkDe9Lds/Gl98s=
Subject key identifier:   E3:65:05:8E:9A:E4:66:39:B0:2D:8F:80:64:83:82:A8:54:A7:7D:FF
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       01A36C
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/E4EEDDA0A81D11F0AD6E44D0DAE4EC9C.roa
Signing time:             Mon 13 Oct 2025 10:18:00 +0000
ROA not before:           Mon 13 Oct 2025 10:17:53 +0000
ROA not after:            Sat 31 Jan 2026 10:17:53 +0000
asID:                     63673
IP address blocks:        154.213.4.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Tue 21 Oct 2025 00:06:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 107372 (0x1a36c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF, serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: Oct 13 10:17:53 2025 GMT
            Not After : Jan 31 10:17:53 2026 GMT
        Subject: CN=68ecd1d8-4e11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:27:b0:a0:87:4a:40:79:19:ab:ad:30:b0:9c:
                    58:56:5b:a3:d4:32:68:14:d5:bb:a4:3c:8b:d8:01:
                    1d:44:7e:31:11:a9:d6:20:87:21:1e:3e:d1:ec:75:
                    90:a0:33:82:be:18:5b:fa:fd:41:f4:eb:81:0e:e0:
                    4f:1b:2c:cf:49:19:4b:5c:84:e1:36:c4:65:1d:c5:
                    c8:4d:ff:33:9b:92:f6:3f:18:09:b7:d8:55:0a:44:
                    e0:b1:2d:eb:b1:6b:9b:3d:c6:ad:ff:19:f8:5c:74:
                    67:a2:f2:57:6b:de:20:d1:96:55:22:7b:38:ca:db:
                    01:af:62:8a:5d:cc:fb:fd:66:c4:d5:c6:31:c5:c7:
                    78:24:de:38:1c:83:3f:95:2e:3f:ad:0e:85:c2:77:
                    dd:2e:60:eb:6f:72:a7:be:08:54:c6:14:7a:ff:08:
                    48:25:02:11:72:a1:cd:a4:81:7f:7f:df:a3:a5:b8:
                    e8:35:2d:f8:83:31:e3:e0:55:d8:61:eb:26:17:44:
                    76:ef:49:bd:86:93:07:75:a1:83:90:e1:bb:d3:99:
                    10:e2:1d:d6:ee:51:59:83:78:3e:af:17:56:dc:8f:
                    c7:e9:a8:d5:1f:6d:4d:72:e0:e3:74:de:fe:f7:49:
                    02:97:c7:e0:d3:ec:79:33:90:3c:c0:40:ee:cc:04:
                    46:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:65:05:8E:9A:E4:66:39:B0:2D:8F:80:64:83:82:A8:54:A7:7D:FF
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/E4EEDDA0A81D11F0AD6E44D0DAE4EC9C.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.213.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         68:a6:28:cf:1b:33:c8:63:b2:ba:03:c0:25:fe:35:ae:78:77:
         58:d2:84:da:9f:e3:7e:ad:68:76:9b:17:1d:61:59:26:ce:06:
         e7:1b:44:d3:d5:04:8e:26:79:6b:a4:86:b4:5a:af:44:d4:cc:
         03:2d:de:25:dd:b3:9d:3b:03:fe:3e:46:92:8e:18:ca:29:dd:
         f7:70:f9:b9:12:a5:36:17:7c:6f:55:95:f5:27:4b:23:84:8c:
         fd:d9:20:c5:86:92:34:27:0a:47:4f:a7:a2:45:88:68:e8:f6:
         7c:71:73:12:22:f9:a4:16:93:35:e9:f6:bc:66:6b:6e:0c:00:
         c4:d7:31:e1:71:12:21:62:99:ed:80:41:df:b0:ac:a8:4d:aa:
         44:47:b1:2b:29:db:de:ed:65:95:d6:cc:b9:d6:e0:36:02:70:
         8a:de:4f:54:80:78:99:49:b8:3e:20:c8:aa:7b:9c:8c:85:fa:
         34:23:43:be:8b:fa:01:82:83:fa:20:7c:8c:14:4e:83:12:11:
         3b:e9:b0:a9:05:03:51:81:ae:c7:49:fe:bf:2a:32:f8:c0:2d:
         db:73:f7:d0:9e:3c:99:0b:50:0f:06:cf:c3:69:ce:77:db:29:
         ff:7e:4d:04:63:c5:45:d8:a2:9d:ca:e8:eb:38:20:41:11:92:
         c5:32:51:af
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDAaNsMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUxMDEzMTAxNzUzWhcNMjYwMTMxMTAxNzUzWjAYMRYw
FAYDVQQDEw02OGVjZDFkOC00ZTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAySewoIdKQHkZq60wsJxYVluj1DJoFNW7pDyL2AEdRH4xEanWIIchHj7R
7HWQoDOCvhhb+v1B9OuBDuBPGyzPSRlLXIThNsRlHcXITf8zm5L2PxgJt9hVCkTg
sS3rsWubPcat/xn4XHRnovJXa94g0ZZVIns4ytsBr2KKXcz7/WbE1cYxxcd4JN44
HIM/lS4/rQ6FwnfdLmDrb3KnvghUxhR6/whIJQIRcqHNpIF/f9+jpbjoNS34gzHj
4FXYYesmF0R270m9hpMHdaGDkOG705kQ4h3W7lFZg3g+rxdW3I/H6ajVH21NcuDj
dN7+90kCl8fg0+x5M5A8wEDuzARGbwIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFONl
BY6a5GY5sC2PgGSDgqhUp33/MB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC9FNEVFRERBMEE4MUQxMUYwQUQ2RTQ0RDBEQUU0RUM5Qy5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBmtUEMA0GCSqGSIb3DQEB
CwUAA4IBAQBopijPGzPIY7K6A8Al/jWueHdY0oTan+N+rWh2mxcdYVkmzgbnG0TT
1QSOJnlrpIa0Wq9E1MwDLd4l3bOdOwP+PkaSjhjKKd33cPm5EqU2F3xvVZX1J0sj
hIz92SDFhpI0JwpHT6eiRYho6PZ8cXMSIvmkFpM16fa8ZmtuDADE1zHhcRIhYpnt
gEHfsKyoTapER7ErKdve7WWV1sy51uA2AnCK3k9UgHiZSbg+IMiqe5yMhfo0I0O+
i/oBgoP6IHyMFE6DEhE76bCpBQNRga7HSf6/KjL4wC3bc/fQnjyZC1APBs/Dac53
2yn/fk0EY8VF2KKdyujrOCBBEZLFMlGv
-----END CERTIFICATE-----