Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/FFE08990FB2711EF80F91C55762E951A.roa
File:                     FFE08990FB2711EF80F91C55762E951A.roa (raw, json)
Hash identifier:          4hK8K+UyBIclxAJLzNrhZ3yA2nIb/OmBQFrUU0ze/+g=
Subject key identifier:   09:08:2F:03:D9:DE:A4:44:24:28:BA:07:D2:91:F8:60:B2:A3:F1:D8
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       0172B6
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/FFE08990FB2711EF80F91C55762E951A.roa
Signing time:             Fri 07 Mar 2025 07:44:29 +0000
ROA not before:           Fri 07 Mar 2025 07:44:24 +0000
ROA not after:            Mon 14 Apr 2025 07:44:24 +0000
asID:                     210542
IP address blocks:        154.91.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 06 Apr 2025 00:06:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 94902 (0x172b6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF
        Validity
            Not Before: Mar  7 07:44:24 2025 GMT
            Not After : Apr 14 07:44:24 2025 GMT
        Subject: CN=67caa3dd-1a0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:b8:e8:7a:60:c9:c7:b2:ed:2e:d3:37:b2:66:
                    d4:59:d8:3a:2b:25:4a:8c:d9:14:5c:e9:e9:d1:7d:
                    d5:d7:1a:d1:d9:07:a1:c9:e9:07:8c:61:72:97:28:
                    51:66:ba:78:da:37:74:ea:20:80:71:f4:38:c8:18:
                    34:a3:a4:83:a3:b8:f8:c4:be:56:db:c9:31:3d:08:
                    ce:91:d6:bd:d6:c0:87:f4:2d:00:43:53:98:00:20:
                    c1:f7:38:cd:de:ad:67:bd:ef:e4:94:6d:d6:34:bd:
                    4f:f7:26:df:ea:70:ee:13:c4:21:e5:d3:e5:bd:d1:
                    e3:c3:ad:41:62:5b:21:01:2b:29:24:3c:a0:93:3e:
                    b7:86:10:c4:a5:c3:09:89:d4:53:64:05:8f:4d:c1:
                    b9:d5:77:e1:b5:3a:de:8b:8b:69:54:3f:4c:08:8a:
                    59:e5:20:77:89:b0:d5:3e:c8:1c:55:e4:6c:57:8d:
                    3c:3c:d5:bc:f1:69:b2:38:40:c0:f3:57:c9:5d:26:
                    87:e6:f9:ba:ca:4c:ec:06:45:89:94:76:23:41:b7:
                    a9:5b:ad:03:c2:22:fb:3b:83:bf:63:30:cf:ef:37:
                    69:ff:72:74:fd:d0:46:01:82:b3:00:47:4d:05:0b:
                    cd:76:58:ce:05:f3:23:61:9f:7e:88:91:d9:fa:a5:
                    f7:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:08:2F:03:D9:DE:A4:44:24:28:BA:07:D2:91:F8:60:B2:A3:F1:D8
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/FFE08990FB2711EF80F91C55762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.91.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:62:c6:c4:c7:2f:a1:bb:41:0b:e0:2e:21:7e:2b:0e:61:c1:
         7a:da:e8:fc:41:e9:4c:ff:ab:65:ef:13:47:79:8e:ca:c4:50:
         9a:7b:53:ba:c2:71:39:7d:cc:0f:96:75:55:ad:9a:7e:14:48:
         e4:b2:ad:a1:54:2f:60:7a:77:62:83:d1:d1:df:19:a3:3d:ee:
         1e:98:c2:f6:2c:b9:09:d6:9a:7d:1a:1f:1a:b8:43:f5:06:48:
         ca:ac:dd:4b:ad:6b:9c:54:d9:2b:7a:de:b6:65:e8:12:4c:c0:
         65:34:03:45:6f:90:8d:a8:85:c6:fb:a0:fe:e2:fb:a4:c6:9e:
         31:36:50:c2:df:f5:2c:14:44:e0:a8:e3:0c:6e:b6:54:ab:0e:
         dc:79:47:2b:ae:c3:89:31:0f:9c:72:ab:f7:1a:3b:bb:79:6c:
         61:01:b6:f6:06:a0:f1:aa:a1:1c:23:61:3e:7e:87:ca:db:ef:
         f2:e9:8b:31:61:86:3e:bc:65:fb:d9:67:fb:f6:9f:d3:be:66:
         fb:16:90:a5:ab:33:20:36:7d:d8:85:fb:53:c5:e1:ce:66:d2:
         ec:5c:3a:ae:d4:07:ec:f8:a4:c9:2f:f6:26:d2:30:9b:e0:c3:
         9b:af:29:40:d0:59:fd:ed:78:a9:59:f1:34:a0:ef:b7:7b:42:
         75:26:ae:51
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDAXK2MA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwMzA3MDc0NDI0WhcNMjUwNDE0MDc0NDI0WjAYMRYw
FAYDVQQDEw02N2NhYTNkZC0xYTBkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA37joemDJx7LtLtM3smbUWdg6KyVKjNkUXOnp0X3V1xrR2QehyekHjGFy
lyhRZrp42jd06iCAcfQ4yBg0o6SDo7j4xL5W28kxPQjOkda91sCH9C0AQ1OYACDB
9zjN3q1nve/klG3WNL1P9ybf6nDuE8Qh5dPlvdHjw61BYlshASspJDygkz63hhDE
pcMJidRTZAWPTcG51XfhtTrei4tpVD9MCIpZ5SB3ibDVPsgcVeRsV408PNW88Wmy
OEDA81fJXSaH5vm6ykzsBkWJlHYjQbepW60DwiL7O4O/YzDP7zdp/3J0/dBGAYKz
AEdNBQvNdljOBfMjYZ9+iJHZ+qX3QQIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFAkI
LwPZ3qREJCi6B9KR+GCyo/HYMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC9GRkUwODk5MEZCMjcxMUVGODBGOTFDNTU3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmlvJMA0GCSqGSIb3DQEB
CwUAA4IBAQAvYsbExy+hu0EL4C4hfisOYcF62uj8QelM/6tl7xNHeY7KxFCae1O6
wnE5fcwPlnVVrZp+FEjksq2hVC9gendig9HR3xmjPe4emML2LLkJ1pp9Gh8auEP1
BkjKrN1LrWucVNkret62ZegSTMBlNANFb5CNqIXG+6D+4vukxp4xNlDC3/UsFETg
qOMMbrZUqw7ceUcrrsOJMQ+ccqv3Gju7eWxhAbb2BqDxqqEcI2E+fofK2+/y6Ysx
YYY+vGX72Wf79p/Tvmb7FpClqzMgNn3YhftTxeHOZtLsXDqu1Afs+KTJL/Ym0jCb
4MObrylA0Fn97XipWfE0oO+3e0J1Jq5R
-----END CERTIFICATE-----