Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/EE116DFEC92411EFB075D9A4762E951A.roa
File:                     EE116DFEC92411EFB075D9A4762E951A.roa (raw, json)
Hash identifier:          1WtdW5gLnQpT+NNkH2fbHz0zlt3c/r7ZtShutVP+Hs0=
Subject key identifier:   68:3A:64:CB:52:CC:BC:0B:85:FA:8F:49:87:2D:7A:1F:CB:3C:73:DD
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       01334B
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/EE116DFEC92411EFB075D9A4762E951A.roa
Signing time:             Thu 02 Jan 2025 16:16:32 +0000
ROA not before:           Thu 02 Jan 2025 16:16:29 +0000
ROA not after:            Sat 13 Dec 2025 16:16:29 +0000
asID:                     984
IP address blocks:        154.222.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 06 Apr 2025 00:06:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 78667 (0x1334b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF
        Validity
            Not Before: Jan  2 16:16:29 2025 GMT
            Not After : Dec 13 16:16:29 2025 GMT
        Subject: CN=6776bbe0-672f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:6b:7c:5e:74:99:e4:96:74:6a:16:7f:89:b8:
                    fb:0c:a2:5e:68:f3:41:68:0a:75:c7:4d:87:13:df:
                    5b:e9:49:e1:e9:3b:d0:33:af:3e:28:3e:d0:8d:f6:
                    7b:87:3a:b3:41:d0:a8:e5:68:94:c5:3e:c2:17:dd:
                    e4:15:39:78:a6:0f:ff:3f:db:5d:a8:8d:e4:1f:8f:
                    1b:3e:5c:88:5e:e3:2e:51:d2:ba:f2:b7:3f:22:25:
                    ad:b6:73:16:b3:07:4b:09:00:e7:98:71:c0:bc:99:
                    3d:97:7d:35:8c:79:48:3a:d0:ee:09:4e:9d:ee:12:
                    27:02:53:c0:4c:e3:2d:79:d2:db:a8:b2:bb:38:6f:
                    de:43:7c:d0:b8:72:48:4e:f1:fa:6f:1f:e7:28:4d:
                    98:21:db:07:0a:44:71:61:42:9c:c2:60:67:05:c5:
                    b4:db:4c:03:cd:0e:c7:a7:72:cb:82:64:9b:af:0f:
                    74:a0:df:08:43:30:18:6e:ee:e4:8e:08:64:81:3b:
                    38:c9:cb:bc:36:09:58:cc:5d:6c:cd:6c:2c:b5:26:
                    0a:37:55:49:83:ca:fc:e0:ee:02:50:4c:63:60:0c:
                    fb:87:11:cd:a5:f3:9a:b4:3e:81:3c:62:62:7f:d0:
                    6e:fb:6a:0a:01:7e:f7:d3:28:7b:d4:9a:c0:f9:cf:
                    ad:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:3A:64:CB:52:CC:BC:0B:85:FA:8F:49:87:2D:7A:1F:CB:3C:73:DD
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/EE116DFEC92411EFB075D9A4762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.222.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:16:5b:09:c4:77:53:52:ad:9c:a7:3d:35:72:18:e4:49:8f:
         24:a9:56:11:91:6f:2c:f5:a1:86:f8:d9:0c:ef:21:59:90:f8:
         a9:c5:91:3d:a6:58:5c:3e:9a:7b:40:26:74:71:7e:9e:18:30:
         04:f3:5d:02:fa:38:88:9e:4c:fc:97:5e:05:8d:1c:0b:98:6d:
         6a:68:c4:23:b7:b9:2d:9b:96:58:d9:39:a5:b7:9d:1d:ec:fb:
         c6:25:aa:31:c1:92:2e:33:a3:4d:de:e6:a3:6d:d3:0c:c1:f8:
         22:9d:18:c5:36:8d:d2:bc:cf:1f:db:fe:d6:d7:13:ba:bc:1d:
         7d:78:17:2a:50:e8:4b:72:01:dd:60:c4:af:b7:73:a9:ed:f4:
         b6:df:f3:37:63:2e:a1:c6:95:8b:89:3c:3b:7d:c7:5e:8d:e8:
         57:f7:b9:2f:a6:3d:44:7b:54:71:f3:17:a3:70:a4:45:db:6e:
         80:ff:56:e5:4a:4d:08:c6:db:11:e1:3f:73:3f:66:c1:79:62:
         5f:00:28:ad:05:f0:04:50:c9:dd:82:dd:9f:ea:0e:4c:1f:2c:
         e6:2e:88:f1:f8:9a:f4:29:5e:2f:c5:90:1d:eb:a3:1e:19:74:
         5e:61:b7:f1:34:e2:a2:f2:b4:3e:18:94:57:f1:95:8d:98:3e:
         fd:8f:bc:a3
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDATNLMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwMTAyMTYxNjI5WhcNMjUxMjEzMTYxNjI5WjAYMRYw
FAYDVQQDEw02Nzc2YmJlMC02NzJmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA0Wt8XnSZ5JZ0ahZ/ibj7DKJeaPNBaAp1x02HE99b6Unh6TvQM68+KD7Q
jfZ7hzqzQdCo5WiUxT7CF93kFTl4pg//P9tdqI3kH48bPlyIXuMuUdK68rc/IiWt
tnMWswdLCQDnmHHAvJk9l301jHlIOtDuCU6d7hInAlPATOMtedLbqLK7OG/eQ3zQ
uHJITvH6bx/nKE2YIdsHCkRxYUKcwmBnBcW020wDzQ7Hp3LLgmSbrw90oN8IQzAY
bu7kjghkgTs4ycu8NglYzF1szWwstSYKN1VJg8r84O4CUExjYAz7hxHNpfOatD6B
PGJif9Bu+2oKAX730yh71JrA+c+t8wIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFGg6
ZMtSzLwLhfqPSYcteh/LPHPdMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC9FRTExNkRGRUM5MjQxMUVGQjA3NUQ5QTQ3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmt5tMA0GCSqGSIb3DQEB
CwUAA4IBAQADFlsJxHdTUq2cpz01chjkSY8kqVYRkW8s9aGG+NkM7yFZkPipxZE9
plhcPpp7QCZ0cX6eGDAE810C+jiInkz8l14FjRwLmG1qaMQjt7ktm5ZY2Tmlt50d
7PvGJaoxwZIuM6NN3uajbdMMwfginRjFNo3SvM8f2/7W1xO6vB19eBcqUOhLcgHd
YMSvt3Op7fS23/M3Yy6hxpWLiTw7fcdejehX97kvpj1Ee1Rx8xejcKRF226A/1bl
Sk0IxtsR4T9zP2bBeWJfACitBfAEUMndgt2f6g5MHyzmLojx+Jr0KV4vxZAd66Me
GXReYbfxNOKi8rQ+GJRX8ZWNmD79j7yj
-----END CERTIFICATE-----