Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F369591C/672357D4C24711ED959790A0F1222468/A8DB4ACE60DD11F0914539B9DAE4EC9C.roa
File:                     A8DB4ACE60DD11F0914539B9DAE4EC9C.roa (raw, json)
Hash identifier:          Si/TX7Gk5wKi7Q8cmheHqqKR3iXrshzEj+Q8MY2UZ+M=
Subject key identifier:   61:23:17:31:EE:D5:33:1F:6E:97:19:F0:3C:DE:83:03:CF:95:A4:86
Certificate issuer:       /CN=F369591CRI/serialNumber=DCFEA3847722D2FEC7A039E99038F7538259D031
Certificate serial:       0392
Authority key identifier: DC:FE:A3:84:77:22:D2:FE:C7:A0:39:E9:90:38:F7:53:82:59:D0:31
Authority info access:    rsync://rpki.afrinic.net/repository/ripe/3P6jhHci0v7HoDnpkDj3U4JZ0DE.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F369591C/672357D4C24711ED959790A0F1222468/A8DB4ACE60DD11F0914539B9DAE4EC9C.roa
Signing time:             Mon 14 Jul 2025 18:09:19 +0000
ROA not before:           Mon 14 Jul 2025 18:09:14 +0000
ROA not after:            Tue 31 Dec 2030 18:09:14 +0000
asID:                     15964
IP address blocks:        195.24.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F369591C/672357D4C24711ED959790A0F1222468/3P6jhHci0v7HoDnpkDj3U4JZ0DE.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F369591C/672357D4C24711ED959790A0F1222468/3P6jhHci0v7HoDnpkDj3U4JZ0DE.mft
                          rsync://rpki.afrinic.net/repository/ripe/3P6jhHci0v7HoDnpkDj3U4JZ0DE.cer
                          rsync://rpki.afrinic.net/repository/ripe/f3rBgIl5g-Kek3wKGHgDwHJ1VUU.crl
                          rsync://rpki.afrinic.net/repository/ripe/f3rBgIl5g-Kek3wKGHgDwHJ1VUU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Tue 29 Jul 2025 00:45:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 914 (0x392)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F369591CRI, serialNumber=DCFEA3847722D2FEC7A039E99038F7538259D031
        Validity
            Not Before: Jul 14 18:09:14 2025 GMT
            Not After : Dec 31 18:09:14 2030 GMT
        Subject: CN=687547cf-3460
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:05:f4:d1:c3:1a:78:1a:a5:3a:1a:91:f2:b5:
                    f6:a9:9f:fe:08:ff:4c:33:ee:90:65:eb:7f:17:c4:
                    a4:41:0d:b1:49:5c:2e:37:a6:0a:d4:c7:eb:90:ff:
                    7a:52:bc:38:ba:bd:55:33:49:db:bc:06:89:0a:06:
                    f1:ec:76:4f:fa:60:1b:2f:de:f3:37:6c:89:25:ac:
                    1f:a0:a6:01:4c:71:de:30:51:a3:77:dc:05:79:c4:
                    7a:ec:54:e5:23:5e:7b:c7:28:5b:68:c8:b5:cf:8b:
                    67:e7:d1:be:97:97:91:c2:c0:6a:73:39:9d:0a:0f:
                    32:15:21:d9:5d:f5:51:8b:61:d6:1c:bf:ed:a7:86:
                    96:b7:34:c9:17:5e:29:7c:8b:d8:bc:40:2f:f8:aa:
                    83:42:2d:4d:fa:95:c7:da:6a:b1:04:9a:8b:be:69:
                    c3:65:9d:45:5c:23:4f:b1:66:ad:43:a7:56:04:3a:
                    a0:f2:b0:6f:fe:8e:b8:91:78:9c:0e:79:e6:0f:40:
                    33:51:e5:56:54:5f:7f:05:c5:71:6d:9a:0b:68:dc:
                    d6:9e:9a:45:c0:e5:5a:76:1a:fa:31:c6:71:57:5f:
                    32:9e:c4:3c:2c:66:af:30:ed:b5:3d:42:8b:da:86:
                    27:67:30:af:08:04:52:5a:3e:07:9a:59:0a:ab:b5:
                    2d:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:23:17:31:EE:D5:33:1F:6E:97:19:F0:3C:DE:83:03:CF:95:A4:86
            X509v3 Authority Key Identifier:
                keyid:DC:FE:A3:84:77:22:D2:FE:C7:A0:39:E9:90:38:F7:53:82:59:D0:31

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F369591C/672357D4C24711ED959790A0F1222468/3P6jhHci0v7HoDnpkDj3U4JZ0DE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/ripe/3P6jhHci0v7HoDnpkDj3U4JZ0DE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F369591C/672357D4C24711ED959790A0F1222468/A8DB4ACE60DD11F0914539B9DAE4EC9C.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.24.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:e8:2b:d9:f0:b9:73:08:8b:20:22:14:89:10:6c:0f:6f:01:
         a1:a4:bc:b4:1c:26:4b:d9:d7:44:98:ed:32:09:7d:6e:ce:12:
         51:2b:90:6e:50:e1:11:65:b1:aa:1f:1d:43:a3:b9:f3:87:63:
         4f:a1:84:00:c6:01:42:34:82:5d:78:34:16:0b:2a:4b:99:26:
         10:9f:ce:af:f3:56:1b:47:de:04:c3:69:ae:91:e2:97:4e:a4:
         d7:07:d5:26:27:48:11:2b:e4:9c:8f:a5:15:94:2d:97:ec:5e:
         da:76:34:af:4b:4e:84:bb:c1:f3:74:66:f0:19:0e:b6:fb:74:
         63:4e:c9:d1:d3:78:eb:70:a7:0b:74:06:61:64:bc:97:ad:b7:
         6c:1e:70:4b:ea:6c:23:5c:ab:99:f3:6a:8b:86:10:6a:99:14:
         2a:97:63:e9:d8:2c:97:6d:e1:7a:42:b8:82:b5:55:a4:0d:31:
         40:1d:f8:82:1b:47:87:d5:47:0a:00:e6:3d:c1:68:1f:e4:90:
         1a:0f:8c:ef:b1:78:15:00:ea:3e:2e:95:02:f6:05:68:78:31:
         13:f2:b3:57:07:db:a9:27:7a:c5:3e:d2:61:2a:88:b7:f1:94:
         0d:79:3a:c1:2b:61:10:37:87:09:f7:a1:03:2f:2e:71:5b:0f:
         e8:01:f7:0e
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICA5IwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
OTU5MUNSSTExMC8GA1UEBRMoRENGRUEzODQ3NzIyRDJGRUM3QTAzOUU5OTAzOEY3
NTM4MjU5RDAzMTAeFw0yNTA3MTQxODA5MTRaFw0zMDEyMzExODA5MTRaMBgxFjAU
BgNVBAMTDTY4NzU0N2NmLTM0NjAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCxBfTRwxp4GqU6GpHytfapn/4I/0wz7pBl638XxKRBDbFJXC43pgrUx+uQ
/3pSvDi6vVUzSdu8BokKBvHsdk/6YBsv3vM3bIklrB+gpgFMcd4wUaN33AV5xHrs
VOUjXnvHKFtoyLXPi2fn0b6Xl5HCwGpzOZ0KDzIVIdld9VGLYdYcv+2nhpa3NMkX
Xil8i9i8QC/4qoNCLU36lcfaarEEmou+acNlnUVcI0+xZq1Dp1YEOqDysG/+jriR
eJwOeeYPQDNR5VZUX38FxXFtmgto3NaemkXA5Vp2GvoxxnFXXzKexDwsZq8w7bU9
QovahidnMK8IBFJaPgeaWQqrtS1HAgMBAAGjggKiMIICnjAdBgNVHQ4EFgQUYSMX
Me7VMx9ulxnwPN6DA8+VpIYwHwYDVR0jBBgwFoAU3P6jhHci0v7HoDnpkDj3U4JZ
0DEwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjk1OTFDLzY3MjM1N0Q0QzI0NzExRUQ5NTk3OTBBMEYxMjIyNDY4LzNQNmpo
SGNpMHY3SG9EbnBrRGozVTRKWjBERS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9yaXBl
LzNQNmpoSGNpMHY3SG9EbnBrRGozVTRKWjBERS5jZXIwTwYDVR0gAQH/BEUwQzBB
BggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5pYy5u
ZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEFBQcw
C4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9y
ZXBvc2l0b3J5L0YzNjk1OTFDLzY3MjM1N0Q0QzI0NzExRUQ5NTk3OTBBMEYxMjIy
NDY4L0E4REI0QUNFNjBERDExRjA5MTQ1MzlCOURBRTRFQzlDLnJvYTA1BggrBgEF
BQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54bWww
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDGN0wDQYJKoZIhvcNAQELBQAD
ggEBAFboK9nwuXMIiyAiFIkQbA9vAaGkvLQcJkvZ10SY7TIJfW7OElErkG5Q4RFl
saofHUOjufOHY0+hhADGAUI0gl14NBYLKkuZJhCfzq/zVhtH3gTDaa6R4pdOpNcH
1SYnSBEr5JyPpRWULZfsXtp2NK9LToS7wfN0ZvAZDrb7dGNOydHTeOtwpwt0BmFk
vJett2wecEvqbCNcq5nzaouGEGqZFCqXY+nYLJdt4XpCuIK1VaQNMUAd+IIbR4fV
RwoA5j3BaB/kkBoPjO+xeBUA6j4ulQL2BWh4MRPys1cH26knesU+0mEqiLfxlA15
OsErYRA3hwn3oQMvLnFbD+gB9w4=
-----END CERTIFICATE-----