Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/F5DA2346CDB611EF8E4FD4BE762E951A.roa
File:                     F5DA2346CDB611EF8E4FD4BE762E951A.roa (raw, json)
Hash identifier:          SXhsF96lXkee69Bs/7dm1rgOcjt/O09T2/PWR7GT7lw=
Subject key identifier:   A7:9E:04:0B:22:CB:69:58:65:FF:0E:02:5A:96:C1:80:FD:41:60:21
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       0136BE
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/F5DA2346CDB611EF8E4FD4BE762E951A.roa
Signing time:             Wed 08 Jan 2025 11:51:57 +0000
ROA not before:           Wed 08 Jan 2025 11:51:53 +0000
ROA not after:            Tue 16 Dec 2025 11:51:53 +0000
asID:                     984
IP address blocks:        154.200.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 06 Apr 2025 00:06:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 79550 (0x136be)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF
        Validity
            Not Before: Jan  8 11:51:53 2025 GMT
            Not After : Dec 16 11:51:53 2025 GMT
        Subject: CN=677e66dc-e46b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:eb:c1:9f:86:3c:ce:d1:7f:fc:45:da:63:30:
                    fc:f2:63:32:78:65:3a:8c:5e:bc:31:d8:97:26:59:
                    1a:18:4c:0c:c2:ce:82:b3:9d:dc:ee:a7:60:be:52:
                    e7:f1:60:55:9f:67:67:7c:6e:ad:1e:ad:ee:9f:28:
                    9c:52:2e:99:0c:7e:a1:78:19:d4:6e:e6:a6:b1:8c:
                    74:35:0e:d4:90:6c:6e:44:ea:58:2a:5d:a4:fd:d2:
                    13:65:1c:93:76:8c:39:bf:7b:e1:97:be:46:9d:b8:
                    51:12:6e:1f:df:0b:6e:ed:f3:64:5d:f0:ce:cd:de:
                    3f:09:50:9b:ff:29:c1:67:5f:0d:f6:1d:d5:77:61:
                    60:26:26:3c:d9:27:c7:f4:37:14:94:b1:7f:69:1c:
                    8e:9a:a4:e1:41:c9:71:68:01:f4:70:87:28:bf:67:
                    c3:df:d4:32:37:29:66:e7:dd:3c:97:a6:b6:83:d6:
                    8b:9f:a7:7f:15:2e:10:f8:72:29:90:4e:4b:64:48:
                    20:fd:a6:55:ca:f0:1d:50:88:7f:82:da:1e:7a:d6:
                    d9:8e:e3:26:6c:ca:90:ce:84:b7:a4:81:21:91:75:
                    88:bc:cf:7f:62:90:29:0f:96:e2:50:b4:c8:0a:f4:
                    19:6a:bb:8e:76:2d:b6:44:9e:81:6e:d8:35:92:c3:
                    ff:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:9E:04:0B:22:CB:69:58:65:FF:0E:02:5A:96:C1:80:FD:41:60:21
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/F5DA2346CDB611EF8E4FD4BE762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.200.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:5b:5e:49:13:44:d1:13:50:4f:72:66:c7:cf:19:57:f8:b5:
         ce:94:f0:c1:96:47:0b:90:d4:3e:e0:5f:4d:eb:97:7a:36:2e:
         e4:bb:d6:4d:df:fc:b5:05:9d:9b:15:03:c0:f9:b6:f2:ba:0c:
         db:84:10:59:a0:f6:03:82:d2:b8:d7:09:19:94:75:f9:77:f5:
         3d:67:42:70:1a:c1:a7:3e:55:9b:da:e2:b9:91:a3:9e:44:e0:
         2c:b3:b4:75:e5:05:9e:1e:c8:eb:65:42:d1:b6:b4:90:d5:1c:
         26:db:b4:57:e3:4c:40:38:0a:df:c9:43:87:12:02:de:9c:dc:
         d5:e9:a7:fb:b1:4f:d9:25:6b:27:70:e6:ce:ae:43:fa:7b:e1:
         0c:ea:51:c0:d6:64:49:e9:15:66:a0:6f:dd:e5:72:e0:35:bf:
         99:08:d3:96:de:3f:6e:c9:08:49:7d:83:db:65:92:d4:d4:87:
         33:99:c4:62:1e:f0:47:de:be:4b:e9:f6:01:76:10:9c:72:58:
         f1:7d:31:42:43:7d:bb:69:04:0a:33:24:c8:3a:89:87:aa:38:
         39:56:cc:d5:e9:0e:33:b3:45:a4:51:a2:21:a8:db:b4:58:5f:
         ae:25:6a:19:d1:53:0b:c8:66:1f:57:d1:a4:61:6d:eb:1c:b5:
         7e:a0:2c:7b
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDATa+MA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwMTA4MTE1MTUzWhcNMjUxMjE2MTE1MTUzWjAYMRYw
FAYDVQQDEw02NzdlNjZkYy1lNDZiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAsOvBn4Y8ztF//EXaYzD88mMyeGU6jF68MdiXJlkaGEwMws6Cs53c7qdg
vlLn8WBVn2dnfG6tHq3unyicUi6ZDH6heBnUbuamsYx0NQ7UkGxuROpYKl2k/dIT
ZRyTdow5v3vhl75GnbhREm4f3wtu7fNkXfDOzd4/CVCb/ynBZ18N9h3Vd2FgJiY8
2SfH9DcUlLF/aRyOmqThQclxaAH0cIcov2fD39QyNylm5908l6a2g9aLn6d/FS4Q
+HIpkE5LZEgg/aZVyvAdUIh/gtoeetbZjuMmbMqQzoS3pIEhkXWIvM9/YpApD5bi
ULTICvQZaruOdi22RJ6Bbtg1ksP/IQIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFKee
BAsiy2lYZf8OAlqWwYD9QWAhMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC9GNURBMjM0NkNEQjYxMUVGOEU0RkQ0QkU3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmsinMA0GCSqGSIb3DQEB
CwUAA4IBAQB5W15JE0TRE1BPcmbHzxlX+LXOlPDBlkcLkNQ+4F9N65d6Ni7ku9ZN
3/y1BZ2bFQPA+bbyugzbhBBZoPYDgtK41wkZlHX5d/U9Z0JwGsGnPlWb2uK5kaOe
ROAss7R15QWeHsjrZULRtrSQ1Rwm27RX40xAOArfyUOHEgLenNzV6af7sU/ZJWsn
cObOrkP6e+EM6lHA1mRJ6RVmoG/d5XLgNb+ZCNOW3j9uyQhJfYPbZZLU1IczmcRi
HvBH3r5L6fYBdhCccljxfTFCQ327aQQKMyTIOomHqjg5VszV6Q4zs0WkUaIhqNu0
WF+uJWoZ0VMLyGYfV9GkYW3rHLV+oCx7
-----END CERTIFICATE-----