Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/A0D9A7B44E9311F0A370F4E8DAE4EC9C.roa
File:                     A0D9A7B44E9311F0A370F4E8DAE4EC9C.roa (raw, json)
Hash identifier:          FtXJKlKXULvfl2kxmdx/Zfj7QV7ni4ygrTeXkbcgn5A=
Subject key identifier:   C9:A0:85:40:EE:03:FE:9F:9F:F9:C8:DE:54:46:C6:46:DC:7B:77:0E
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       0187BC
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/A0D9A7B44E9311F0A370F4E8DAE4EC9C.roa
Signing time:             Sat 21 Jun 2025 11:34:01 +0000
ROA not before:           Sat 21 Jun 2025 11:33:57 +0000
ROA not after:            Sun 27 Jul 2025 11:33:57 +0000
asID:                     395793
IP address blocks:        154.83.104.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Thu 03 Jul 2025 11:30:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 100284 (0x187bc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF, serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: Jun 21 11:33:57 2025 GMT
            Not After : Jul 27 11:33:57 2025 GMT
        Subject: CN=685698a9-0a21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:b2:d3:0b:11:ed:a6:79:a8:59:a1:79:36:15:
                    8a:b1:eb:0e:1e:3a:6c:9f:6f:e4:97:24:e4:86:ba:
                    cb:9f:5b:a3:17:2d:25:bd:c3:e3:b2:1a:7e:96:d2:
                    a2:ab:d7:ec:44:a5:77:3b:c5:bb:6f:87:49:b1:ad:
                    96:08:33:db:07:a4:da:c4:43:db:f8:e8:a3:3e:05:
                    67:71:01:f0:13:36:95:84:d7:c5:bd:eb:db:19:64:
                    be:ba:a9:dd:9d:3d:99:15:b9:7d:0d:1e:56:c7:4d:
                    af:c9:32:71:2f:ee:14:c3:94:ad:7c:e7:a9:8d:ec:
                    f9:6a:d0:ac:55:aa:ec:5e:2c:75:e0:6e:50:76:d9:
                    eb:0b:b5:6f:0e:e9:67:e9:d6:27:ea:56:8c:f4:f3:
                    d1:7d:f1:ee:df:9d:83:72:ec:1d:a0:1d:91:6e:52:
                    1b:08:15:9f:2d:c4:89:3e:e0:51:c6:46:0f:52:a5:
                    67:ad:85:c2:b2:c8:2f:2b:66:97:a9:69:4d:ba:bb:
                    1b:30:bf:35:08:d1:aa:98:2b:d3:08:d5:ea:18:33:
                    b0:c3:48:5d:e7:b3:f6:48:3b:26:6d:f6:25:f4:ee:
                    3f:f9:b3:13:d2:ea:27:88:36:4e:42:1c:ab:59:2a:
                    83:e5:c1:d0:23:db:4a:1c:8b:00:d0:c1:8f:01:cd:
                    47:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:A0:85:40:EE:03:FE:9F:9F:F9:C8:DE:54:46:C6:46:DC:7B:77:0E
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/A0D9A7B44E9311F0A370F4E8DAE4EC9C.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.83.104.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2f:83:95:0a:a8:02:99:0f:a6:a5:9a:3c:a8:ee:a5:bf:31:3f:
         2e:17:04:e1:89:c1:2f:5a:20:fd:46:38:c4:3d:c0:9d:8e:4b:
         2c:6a:cc:57:00:c9:56:a2:3c:3e:bb:65:02:f6:92:ad:e8:57:
         27:93:65:58:38:3b:8a:df:c9:df:e4:dd:b9:fd:75:a4:fd:31:
         b2:4d:54:d0:02:09:13:31:30:39:65:89:ff:c9:e6:d5:1e:4e:
         a9:ad:b5:1b:47:5c:00:80:ea:41:5e:51:0a:75:3f:d8:3a:34:
         17:f0:e0:f9:69:a4:eb:20:12:b5:16:c9:97:ab:89:c7:f4:2a:
         dd:cc:3f:a8:62:02:09:e0:27:3a:2d:d5:05:81:81:84:0c:13:
         6c:f0:df:bc:b9:de:84:db:f1:fc:fd:8a:6a:61:4e:1a:65:d6:
         41:a4:96:a4:74:23:44:89:05:8e:8e:57:62:4e:af:87:ea:66:
         d8:12:65:a8:5e:51:bf:e0:fb:3f:37:fe:c0:32:66:64:c8:b8:
         8d:ce:ba:18:26:6f:f4:25:c7:a3:2b:0f:2a:7f:89:6e:a6:00:
         32:1f:2f:af:73:75:90:06:ea:3a:12:f3:f8:c7:aa:34:61:15:
         fa:1a:36:45:76:33:a5:0a:7a:ae:75:2d:3f:14:08:58:bd:36:
         17:d6:07:ac
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDAYe8MA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwNjIxMTEzMzU3WhcNMjUwNzI3MTEzMzU3WjAYMRYw
FAYDVQQDEw02ODU2OThhOS0wYTIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA2bLTCxHtpnmoWaF5NhWKsesOHjpsn2/klyTkhrrLn1ujFy0lvcPjshp+
ltKiq9fsRKV3O8W7b4dJsa2WCDPbB6TaxEPb+OijPgVncQHwEzaVhNfFvevbGWS+
uqndnT2ZFbl9DR5Wx02vyTJxL+4Uw5StfOepjez5atCsVarsXix14G5QdtnrC7Vv
Duln6dYn6laM9PPRffHu352DcuwdoB2RblIbCBWfLcSJPuBRxkYPUqVnrYXCssgv
K2aXqWlNursbML81CNGqmCvTCNXqGDOww0hd57P2SDsmbfYl9O4/+bMT0uoniDZO
QhyrWSqD5cHQI9tKHIsA0MGPAc1HVQIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFMmg
hUDuA/6fn/nI3lRGxkbce3cOMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC9BMEQ5QTdCNDRFOTMxMUYwQTM3MEY0RThEQUU0RUM5Qy5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDmlNoMA0GCSqGSIb3DQEB
CwUAA4IBAQAvg5UKqAKZD6almjyo7qW/MT8uFwThicEvWiD9RjjEPcCdjkssasxX
AMlWojw+u2UC9pKt6Fcnk2VYODuK38nf5N25/XWk/TGyTVTQAgkTMTA5ZYn/yebV
Hk6prbUbR1wAgOpBXlEKdT/YOjQX8OD5aaTrIBK1FsmXq4nH9CrdzD+oYgIJ4Cc6
LdUFgYGEDBNs8N+8ud6E2/H8/YpqYU4aZdZBpJakdCNEiQWOjldiTq+H6mbYEmWo
XlG/4Ps/N/7AMmZkyLiNzroYJm/0JcejKw8qf4lupgAyHy+vc3WQBuo6EvP4x6o0
YRX6GjZFdjOlCnqudS0/FAhYvTYX1ges
-----END CERTIFICATE-----
Generated at Tue Jul 1 17:57:30 2025 by rpki-client