Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/FDDF9D7CC92011EFA6B70A8C762E951A.roa
File:                     FDDF9D7CC92011EFA6B70A8C762E951A.roa (raw, json)
Hash identifier:          42Fq9nrO678YFppCwTAftZFzpN7/GrPqOWcD9mNpu3k=
Subject key identifier:   5A:44:6C:A8:73:89:72:AB:22:E4:18:7A:F6:A5:8C:B1:24:BF:88:93
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       01332B
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/FDDF9D7CC92011EFA6B70A8C762E951A.roa
Signing time:             Thu 02 Jan 2025 15:48:21 +0000
ROA not before:           Thu 02 Jan 2025 15:48:17 +0000
ROA not after:            Sat 13 Dec 2025 15:48:17 +0000
asID:                     984
IP address blocks:        154.222.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Mon 07 Apr 2025 00:06:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 78635 (0x1332b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF
        Validity
            Not Before: Jan  2 15:48:17 2025 GMT
            Not After : Dec 13 15:48:17 2025 GMT
        Subject: CN=6776b545-9cc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:7f:aa:e6:46:2c:c0:7e:bb:7d:ad:e5:62:df:
                    ad:7a:de:9b:bd:dd:a2:e9:c9:bd:c5:fd:39:57:aa:
                    73:97:f9:22:37:7b:bb:a9:6f:35:9e:81:56:5f:5b:
                    a4:d1:c8:19:a4:88:f6:ba:6d:0a:86:ee:a3:6d:1b:
                    0b:38:37:8a:21:fb:90:f3:1f:c3:06:51:7f:73:f4:
                    24:da:db:9c:94:61:fc:72:fd:a1:c6:a8:a9:64:3d:
                    a8:57:7b:55:f9:34:7f:38:45:09:8a:0a:d9:77:a1:
                    e5:01:10:78:82:15:e9:20:0f:ec:a2:ff:d2:e7:ad:
                    b6:d4:2d:48:7f:fb:ed:a2:ed:ec:e9:fc:f5:fe:23:
                    dd:a8:9a:13:98:ce:ca:1d:d7:f4:4f:d3:4a:44:6e:
                    4c:49:07:ba:04:37:22:71:99:d2:ee:4a:c5:44:a8:
                    e5:48:fd:d1:92:94:34:e7:07:f0:f9:5c:ad:d7:23:
                    f5:0f:d8:61:e1:60:ee:51:8f:de:44:50:88:ea:47:
                    32:89:69:10:86:d6:30:bf:ea:30:47:0d:1c:3e:11:
                    70:8c:95:4f:e6:bf:71:f6:32:6b:29:66:99:4e:f0:
                    39:cd:1b:d1:9e:c8:76:77:eb:66:e1:65:01:d5:e7:
                    ce:e2:fa:f9:65:5c:a7:60:33:da:71:7b:56:e5:b2:
                    78:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:44:6C:A8:73:89:72:AB:22:E4:18:7A:F6:A5:8C:B1:24:BF:88:93
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/FDDF9D7CC92011EFA6B70A8C762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.222.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:ac:18:c7:3a:13:e4:3b:07:bb:72:96:f4:b4:3e:1e:2d:9a:
         94:53:2a:e2:e3:6f:17:ba:0d:a2:e0:ec:2e:aa:f4:e4:50:b9:
         ef:00:92:45:11:28:e5:d2:c4:7a:8d:00:be:fc:ab:9f:bb:ae:
         77:be:e3:c4:df:8c:98:ed:04:5e:6a:21:96:2a:7c:f3:03:51:
         b5:9e:17:c6:22:f6:4c:a2:e1:aa:16:f2:e5:d0:56:8f:5c:8d:
         85:82:62:f0:32:cb:1e:c2:8e:e0:27:cf:ca:87:c4:54:c3:98:
         5e:b2:33:32:69:d8:bc:01:ac:04:3b:59:28:bb:f1:ce:ed:8b:
         cf:00:ba:9d:3e:1f:71:3f:05:00:d4:0e:5a:32:8c:5d:30:64:
         8a:bc:7d:a8:a9:50:7a:60:ca:68:b0:43:f1:e6:ed:33:84:be:
         a2:d0:d9:cc:4a:6f:df:55:1a:a7:7f:f5:1f:14:8e:1b:80:ca:
         d5:65:38:0f:20:e6:2a:a0:34:f7:df:50:3b:a5:12:a0:cf:77:
         35:58:15:32:3f:63:4c:5a:a8:c1:7c:aa:05:d2:78:a1:f0:50:
         fe:67:ec:e3:78:83:4a:60:3e:0c:9b:65:1a:8d:55:83:10:f5:
         9b:67:75:07:ab:fd:ff:bc:5a:33:4a:13:39:62:e9:92:6e:14:
         3b:a2:d2:32
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDATMrMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwMTAyMTU0ODE3WhcNMjUxMjEzMTU0ODE3WjAYMRYw
FAYDVQQDEw02Nzc2YjU0NS05Y2MxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEApn+q5kYswH67fa3lYt+tet6bvd2i6cm9xf05V6pzl/kiN3u7qW81noFW
X1uk0cgZpIj2um0Khu6jbRsLODeKIfuQ8x/DBlF/c/Qk2tuclGH8cv2hxqipZD2o
V3tV+TR/OEUJigrZd6HlARB4ghXpIA/sov/S56221C1If/vtou3s6fz1/iPdqJoT
mM7KHdf0T9NKRG5MSQe6BDcicZnS7krFRKjlSP3RkpQ05wfw+Vyt1yP1D9hh4WDu
UY/eRFCI6kcyiWkQhtYwv+owRw0cPhFwjJVP5r9x9jJrKWaZTvA5zRvRnsh2d+tm
4WUB1efO4vr5ZVynYDPacXtW5bJ4TwIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFFpE
bKhziXKrIuQYevaljLEkv4iTMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC9GRERGOUQ3Q0M5MjAxMUVGQTZCNzBBOEM3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmt5aMA0GCSqGSIb3DQEB
CwUAA4IBAQCFrBjHOhPkOwe7cpb0tD4eLZqUUyri428Xug2i4OwuqvTkULnvAJJF
ESjl0sR6jQC+/Kufu653vuPE34yY7QReaiGWKnzzA1G1nhfGIvZMouGqFvLl0FaP
XI2FgmLwMssewo7gJ8/Kh8RUw5hesjMyadi8AawEO1kou/HO7YvPALqdPh9xPwUA
1A5aMoxdMGSKvH2oqVB6YMposEPx5u0zhL6i0NnMSm/fVRqnf/UfFI4bgMrVZTgP
IOYqoDT331A7pRKgz3c1WBUyP2NMWqjBfKoF0nih8FD+Z+zjeINKYD4Mm2UajVWD
EPWbZ3UHq/3/vFozShM5YumSbhQ7otIy
-----END CERTIFICATE-----