Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F369591C/672357D4C24711ED959790A0F1222468/FEDC02C25C0711F0B890E9F0DAE4EC9C.roa
File:                     FEDC02C25C0711F0B890E9F0DAE4EC9C.roa (raw, json)
Hash identifier:          qe7/Ho3hjXx1p+1X+gIsJxiQFYRX/3+okpR+BwibaKg=
Subject key identifier:   5A:68:E8:ED:40:9A:87:86:00:E0:CE:D4:AD:FF:9F:FC:EE:C7:DC:CA
Certificate issuer:       /CN=F369591CRI/serialNumber=DCFEA3847722D2FEC7A039E99038F7538259D031
Certificate serial:       0386
Authority key identifier: DC:FE:A3:84:77:22:D2:FE:C7:A0:39:E9:90:38:F7:53:82:59:D0:31
Authority info access:    rsync://rpki.afrinic.net/repository/ripe/3P6jhHci0v7HoDnpkDj3U4JZ0DE.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F369591C/672357D4C24711ED959790A0F1222468/FEDC02C25C0711F0B890E9F0DAE4EC9C.roa
Signing time:             Tue 08 Jul 2025 14:29:46 +0000
ROA not before:           Tue 08 Jul 2025 14:29:41 +0000
ROA not after:            Tue 31 Dec 2030 14:29:41 +0000
asID:                     15964
IP address blocks:        195.24.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F369591C/672357D4C24711ED959790A0F1222468/3P6jhHci0v7HoDnpkDj3U4JZ0DE.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F369591C/672357D4C24711ED959790A0F1222468/3P6jhHci0v7HoDnpkDj3U4JZ0DE.mft
                          rsync://rpki.afrinic.net/repository/ripe/3P6jhHci0v7HoDnpkDj3U4JZ0DE.cer
                          rsync://rpki.afrinic.net/repository/ripe/f3rBgIl5g-Kek3wKGHgDwHJ1VUU.crl
                          rsync://rpki.afrinic.net/repository/ripe/f3rBgIl5g-Kek3wKGHgDwHJ1VUU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Tue 29 Jul 2025 00:45:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 902 (0x386)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F369591CRI, serialNumber=DCFEA3847722D2FEC7A039E99038F7538259D031
        Validity
            Not Before: Jul  8 14:29:41 2025 GMT
            Not After : Dec 31 14:29:41 2030 GMT
        Subject: CN=686d2b5a-7c8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:19:a3:bd:3f:3d:11:ae:23:bf:26:87:3a:79:
                    63:8a:e2:dd:1a:59:45:c3:96:50:83:5e:50:5c:a8:
                    50:49:7f:e8:09:65:74:38:c5:a0:8e:b8:63:53:f2:
                    a4:de:ef:d3:b7:51:ac:a3:72:93:ce:36:5a:65:fb:
                    4a:a5:0b:19:b2:e7:89:86:b1:76:8b:a8:16:e6:be:
                    4d:f1:af:9f:f3:54:00:05:df:c7:f8:41:e7:32:e7:
                    0b:3e:af:12:ba:e4:f5:b9:12:ca:13:0f:c1:2a:ea:
                    51:a5:88:3e:15:c1:c5:33:4b:a2:60:40:d2:5c:59:
                    0d:6d:b4:8f:e1:52:6d:57:09:dd:dd:0c:8e:7d:7c:
                    f7:9a:c7:3f:6b:8d:79:c7:5e:57:6c:76:8d:8e:e7:
                    2d:47:c8:0c:81:fb:01:09:14:f1:fb:6d:6d:f9:d5:
                    31:7c:4d:25:a8:0e:79:df:10:a8:85:90:86:37:36:
                    b6:19:35:a4:38:46:7e:f6:38:9a:59:a4:1a:91:7e:
                    d5:06:c0:11:6b:7d:e9:a5:35:95:93:5d:cd:c1:ab:
                    ba:31:f8:fd:eb:c7:a9:66:0e:02:af:34:f2:d4:83:
                    e2:1c:10:7b:3e:b1:0b:20:16:ff:d1:ac:e4:9c:e6:
                    60:93:81:3b:3e:cb:61:4f:f8:cd:e1:d1:5f:36:b3:
                    22:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:68:E8:ED:40:9A:87:86:00:E0:CE:D4:AD:FF:9F:FC:EE:C7:DC:CA
            X509v3 Authority Key Identifier:
                keyid:DC:FE:A3:84:77:22:D2:FE:C7:A0:39:E9:90:38:F7:53:82:59:D0:31

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F369591C/672357D4C24711ED959790A0F1222468/3P6jhHci0v7HoDnpkDj3U4JZ0DE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/ripe/3P6jhHci0v7HoDnpkDj3U4JZ0DE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F369591C/672357D4C24711ED959790A0F1222468/FEDC02C25C0711F0B890E9F0DAE4EC9C.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.24.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:cc:d1:ae:ad:23:02:65:62:81:5c:54:a9:02:52:55:a6:7d:
         ca:b2:fe:04:78:5f:b9:9e:b2:21:e9:31:74:46:b6:d7:7e:d1:
         77:3b:d7:9f:3e:dc:d8:a7:5a:ce:74:c9:8e:e7:57:56:87:2e:
         5b:09:d0:59:b1:52:8c:5b:9c:d3:a5:d0:64:39:8b:e8:61:c1:
         87:fd:05:ea:fe:ea:16:43:b1:ee:38:b6:bb:25:8a:d9:0b:ff:
         24:b9:77:0c:d7:2a:6c:44:9b:85:11:3f:63:49:c5:f9:d4:a7:
         eb:51:59:c9:d7:e6:f2:6a:3b:79:ac:76:c8:17:b7:9d:87:09:
         2e:db:08:91:49:6d:36:fb:77:22:25:40:b1:ff:4d:f7:cc:04:
         73:8d:21:fe:41:a7:bf:f2:08:3c:56:36:06:3e:56:dd:4f:3b:
         c2:a2:fd:b9:29:03:13:b4:dd:cb:ed:93:cf:96:9c:2c:2e:57:
         f2:9c:34:dd:f7:6f:81:96:3e:8e:ad:90:c4:40:03:f0:70:ca:
         b3:70:ac:0b:a4:79:b8:e7:15:78:e8:16:b6:04:3f:66:9c:91:
         a3:88:45:8e:16:73:a5:2a:d8:df:6e:40:a4:be:2d:93:84:1e:
         25:8e:19:b8:02:25:3b:b5:22:a9:63:ca:d9:03:58:26:89:a6:
         b7:f4:0a:ee
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICA4YwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
OTU5MUNSSTExMC8GA1UEBRMoRENGRUEzODQ3NzIyRDJGRUM3QTAzOUU5OTAzOEY3
NTM4MjU5RDAzMTAeFw0yNTA3MDgxNDI5NDFaFw0zMDEyMzExNDI5NDFaMBgxFjAU
BgNVBAMTDTY4NmQyYjVhLTdjOGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCnGaO9Pz0RriO/Joc6eWOK4t0aWUXDllCDXlBcqFBJf+gJZXQ4xaCOuGNT
8qTe79O3UayjcpPONlpl+0qlCxmy54mGsXaLqBbmvk3xr5/zVAAF38f4Qecy5ws+
rxK65PW5EsoTD8Eq6lGliD4VwcUzS6JgQNJcWQ1ttI/hUm1XCd3dDI59fPeaxz9r
jXnHXldsdo2O5y1HyAyB+wEJFPH7bW351TF8TSWoDnnfEKiFkIY3NrYZNaQ4Rn72
OJpZpBqRftUGwBFrfemlNZWTXc3Bq7ox+P3rx6lmDgKvNPLUg+IcEHs+sQsgFv/R
rOSc5mCTgTs+y2FP+M3h0V82syKXAgMBAAGjggKiMIICnjAdBgNVHQ4EFgQUWmjo
7UCah4YA4M7Urf+f/O7H3MowHwYDVR0jBBgwFoAU3P6jhHci0v7HoDnpkDj3U4JZ
0DEwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjk1OTFDLzY3MjM1N0Q0QzI0NzExRUQ5NTk3OTBBMEYxMjIyNDY4LzNQNmpo
SGNpMHY3SG9EbnBrRGozVTRKWjBERS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9yaXBl
LzNQNmpoSGNpMHY3SG9EbnBrRGozVTRKWjBERS5jZXIwTwYDVR0gAQH/BEUwQzBB
BggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5pYy5u
ZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEFBQcw
C4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9y
ZXBvc2l0b3J5L0YzNjk1OTFDLzY3MjM1N0Q0QzI0NzExRUQ5NTk3OTBBMEYxMjIy
NDY4L0ZFREMwMkMyNUMwNzExRjBCODkwRTlGMERBRTRFQzlDLnJvYTA1BggrBgEF
BQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54bWww
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDGM8wDQYJKoZIhvcNAQELBQAD
ggEBAHfM0a6tIwJlYoFcVKkCUlWmfcqy/gR4X7mesiHpMXRGttd+0Xc7158+3Nin
Ws50yY7nV1aHLlsJ0FmxUoxbnNOl0GQ5i+hhwYf9Ber+6hZDse44trslitkL/yS5
dwzXKmxEm4URP2NJxfnUp+tRWcnX5vJqO3msdsgXt52HCS7bCJFJbTb7dyIlQLH/
TffMBHONIf5Bp7/yCDxWNgY+Vt1PO8Ki/bkpAxO03cvtk8+WnCwuV/KcNN33b4GW
Po6tkMRAA/BwyrNwrAukebjnFXjoFrYEP2ackaOIRY4Wc6Uq2N9uQKS+LZOEHiWO
GbgCJTu1IqljytkDWCaJprf0Cu4=
-----END CERTIFICATE-----