Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/A28D991E57FB11F095835A95DAE4EC9C.roa
File:                     A28D991E57FB11F095835A95DAE4EC9C.roa (raw, json)
Hash identifier:          D1er8mscL2AE2Vr8urEZZ5vHIOVmZNgAbxNS64Y/3+Y=
Subject key identifier:   21:B7:A1:CB:4B:B5:CD:E1:F6:8E:C2:EB:21:27:58:1C:54:BB:A7:97
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       0189FF
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/A28D991E57FB11F095835A95DAE4EC9C.roa
Signing time:             Thu 03 Jul 2025 10:51:13 +0000
ROA not before:           Thu 03 Jul 2025 10:51:08 +0000
ROA not after:            Thu 17 Jul 2025 10:51:08 +0000
asID:                     141883
IP address blocks:        154.204.0.0/24 maxlen: 24
                          154.208.12.0/22 maxlen: 24
                          154.208.16.0/20 maxlen: 24
                          154.212.128.0/24 maxlen: 24
                          154.214.32.0/19 maxlen: 24
                          154.215.0.0/24 maxlen: 24
                          154.216.128.0/18 maxlen: 24
                          154.218.0.0/24 maxlen: 24
                          154.221.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 06 Jul 2025 00:06:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 100863 (0x189ff)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF, serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: Jul  3 10:51:08 2025 GMT
            Not After : Jul 17 10:51:08 2025 GMT
        Subject: CN=686660a1-b9b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:39:d9:fb:f8:9e:3c:ec:46:d7:ba:b8:f1:1a:
                    ec:31:9c:85:02:98:04:99:a4:c2:eb:97:5d:00:fa:
                    79:2f:f8:32:70:b9:09:fb:25:fa:fc:12:1e:48:2e:
                    01:98:d9:fe:03:7f:7b:5e:87:f0:c4:93:9f:14:48:
                    2f:92:63:77:d2:60:2d:81:d9:a1:1b:b6:27:0f:00:
                    0c:1e:e8:78:98:31:1a:71:f6:53:d4:e1:db:21:da:
                    11:b0:ba:9d:66:c7:5c:1a:d9:29:a0:e2:af:b9:42:
                    bc:a5:0f:2e:83:8c:f3:65:1f:26:4b:3f:50:11:71:
                    a7:1c:31:89:16:0f:ba:37:f0:c6:81:1f:0e:0c:a2:
                    cb:3a:11:10:6d:33:ab:4f:4c:0e:ec:ec:2a:9e:27:
                    95:05:5a:94:c2:e7:7f:cf:2a:15:19:1f:d1:d6:43:
                    4e:b5:cf:9a:bc:6b:d4:07:77:7c:90:cf:a3:c2:50:
                    d0:ef:be:9b:51:c1:c3:92:5c:c0:e3:4d:c4:02:39:
                    94:33:94:72:89:b0:03:b2:3c:97:50:a0:66:ce:db:
                    54:c6:6c:64:1c:18:40:0b:62:90:57:d2:d7:16:21:
                    4d:4b:2e:2f:d2:0a:da:ef:f2:7a:ee:0a:c8:b7:0f:
                    7d:10:37:cd:ea:1f:d8:a4:e7:c6:9b:4e:b1:43:4d:
                    b1:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:B7:A1:CB:4B:B5:CD:E1:F6:8E:C2:EB:21:27:58:1C:54:BB:A7:97
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/A28D991E57FB11F095835A95DAE4EC9C.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.204.0.0/24
                  154.208.12.0-154.208.31.255
                  154.212.128.0/24
                  154.214.32.0/19
                  154.215.0.0/24
                  154.216.128.0/18
                  154.218.0.0/24
                  154.221.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:20:ce:c2:56:61:df:55:93:15:63:cb:7d:b9:2b:24:1f:25:
         47:55:ad:30:64:f9:96:93:96:36:36:9a:20:9a:db:05:01:61:
         d5:21:14:1d:79:04:45:b3:55:82:87:3d:23:cb:d9:ad:ba:e0:
         78:a9:1c:34:f3:8c:2f:6d:b1:12:bc:26:3c:59:f1:fa:33:2a:
         21:ae:e4:8b:5d:f3:20:11:2d:8d:3c:9b:75:e2:aa:23:57:c9:
         60:a8:13:d8:20:0b:3d:ec:5d:52:e3:9f:10:06:bd:e6:42:5f:
         8b:ae:28:fe:e7:55:49:f0:e4:2b:03:e2:5a:54:c7:4d:4c:cf:
         d8:a1:2d:5f:22:80:18:d6:42:46:9c:b7:d3:82:22:dc:2a:ed:
         cc:8a:f6:4c:c3:60:e0:41:29:94:04:45:d5:9d:08:de:ee:bc:
         dd:3f:07:cf:1a:49:5e:99:78:e9:4e:80:77:b7:f9:3c:2a:82:
         62:3a:ce:c9:49:d6:64:76:5b:75:4f:94:74:22:40:45:e3:10:
         54:bd:1b:f0:ad:70:3e:95:4f:2c:9c:32:66:3f:33:8a:42:f6:
         32:15:f6:50:f0:56:d7:15:b1:da:d2:88:4c:86:3c:d7:84:1e:
         2a:6e:18:4e:dc:6c:e2:36:36:99:83:5d:e3:9a:25:1c:fc:84:
         33:1e:f3:23
-----BEGIN CERTIFICATE-----
MIIFtjCCBJ6gAwIBAgIDAYn/MA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwNzAzMTA1MTA4WhcNMjUwNzE3MTA1MTA4WjAYMRYw
FAYDVQQDEw02ODY2NjBhMS1iOWI1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA9DnZ+/iePOxG17q48RrsMZyFApgEmaTC65ddAPp5L/gycLkJ+yX6/BIe
SC4BmNn+A397XofwxJOfFEgvkmN30mAtgdmhG7YnDwAMHuh4mDEacfZT1OHbIdoR
sLqdZsdcGtkpoOKvuUK8pQ8ug4zzZR8mSz9QEXGnHDGJFg+6N/DGgR8ODKLLOhEQ
bTOrT0wO7OwqnieVBVqUwud/zyoVGR/R1kNOtc+avGvUB3d8kM+jwlDQ776bUcHD
klzA403EAjmUM5RyibADsjyXUKBmzttUxmxkHBhAC2KQV9LXFiFNSy4v0gra7/J6
7grItw99EDfN6h/YpOfGm06xQ02xWQIDAQABo4IC1zCCAtMwHQYDVR0OBBYEFCG3
octLtc3h9o7C6yEnWBxUu6eXMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC9BMjhEOTkxRTU3RkIxMUYwOTU4MzVBOTVEQUU0RUM5Qy5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAmswAMAwDBAKa0AwDBAWa
0AADBACa1IADBAWa1iADBACa1wADBAaa2IADBACa2gADBACa3QAwDQYJKoZIhvcN
AQELBQADggEBAAIgzsJWYd9VkxVjy325KyQfJUdVrTBk+ZaTljY2miCa2wUBYdUh
FB15BEWzVYKHPSPL2a264HipHDTzjC9tsRK8JjxZ8fozKiGu5Itd8yARLY08m3Xi
qiNXyWCoE9ggCz3sXVLjnxAGveZCX4uuKP7nVUnw5CsD4lpUx01Mz9ihLV8igBjW
Qkact9OCItwq7cyK9kzDYOBBKZQERdWdCN7uvN0/B88aSV6ZeOlOgHe3+TwqgmI6
zslJ1mR2W3VPlHQiQEXjEFS9G/CtcD6VTyycMmY/M4pC9jIV9lDwVtcVsdrSiEyG
PNeEHipuGE7cbOI2NpmDXeOaJRz8hDMe8yM=
-----END CERTIFICATE-----
Generated at Fri Jul 4 06:13:55 2025 by rpki-client