Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/D0475FEC2FDE11F0A70DB2BCDAE4EC9C.roa
File:                     D0475FEC2FDE11F0A70DB2BCDAE4EC9C.roa (raw, json)
Hash identifier:          XDpmhoCmjG+pQ/qXsX2585ZumiWzXhAXmqsx9Bb7T4w=
Subject key identifier:   08:70:67:F2:C7:5E:92:A4:79:28:0A:2E:CC:5B:83:3C:66:09:B2:91
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       018054
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/D0475FEC2FDE11F0A70DB2BCDAE4EC9C.roa
Signing time:             Tue 13 May 2025 09:44:07 +0000
ROA not before:           Tue 13 May 2025 09:44:03 +0000
ROA not after:            Tue 20 May 2025 09:44:03 +0000
asID:                     399077
IP address blocks:        154.91.64.0/18 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sat 17 May 2025 09:29:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 98388 (0x18054)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF, serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: May 13 09:44:03 2025 GMT
            Not After : May 20 09:44:03 2025 GMT
        Subject: CN=68231467-e3db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:38:b3:65:49:c8:78:1a:d0:17:30:42:9f:d0:
                    48:a6:7b:d0:8b:2f:67:f9:97:87:41:77:0c:42:b0:
                    37:02:d0:43:29:fc:db:82:36:9a:a3:ba:23:4f:36:
                    02:de:5b:a1:41:c0:88:28:54:b8:39:fb:a1:b9:2e:
                    22:92:67:51:7c:1e:b0:e3:b4:b6:13:bf:28:9c:25:
                    bb:74:a7:e4:a1:6b:c0:db:c7:07:cc:2e:b2:d1:85:
                    7f:9e:81:40:fa:2b:7d:ed:e2:f7:f4:96:2e:e2:af:
                    f7:be:c2:17:01:cf:0c:77:1c:10:3b:89:2a:98:b2:
                    06:e5:3f:86:bf:d6:56:f3:82:4e:00:5f:0c:01:1b:
                    23:a6:63:fe:dc:37:82:93:0f:3f:19:b6:8c:44:85:
                    47:a2:80:c0:ca:6f:bd:20:73:2a:b0:b3:7e:93:0b:
                    1f:c1:84:fb:a0:7a:e8:46:15:8f:25:a0:fd:e3:97:
                    19:24:ae:c8:a9:8c:d3:40:c5:f3:49:c6:1b:0b:ac:
                    0e:fc:3a:09:4e:df:85:42:25:e8:21:e9:0d:9a:fd:
                    74:9d:f5:c8:4f:8d:4f:7a:81:bc:b1:bc:d1:b8:0c:
                    f5:36:5c:1d:8e:d1:98:d0:82:6f:31:09:56:2a:62:
                    2c:4e:46:a1:cb:51:31:66:85:00:ad:b3:72:15:0e:
                    15:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:70:67:F2:C7:5E:92:A4:79:28:0A:2E:CC:5B:83:3C:66:09:B2:91
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/D0475FEC2FDE11F0A70DB2BCDAE4EC9C.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.91.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         44:ae:f5:c4:03:5d:89:e1:4c:86:b9:fa:37:98:f6:2f:be:03:
         1a:92:52:d0:76:9a:61:ca:f7:94:97:6d:30:be:f3:59:b5:7c:
         9d:bc:1c:d4:c6:07:64:24:f8:a9:71:c0:ab:bd:bd:dd:6e:c9:
         56:3d:87:a8:ba:4e:f2:3b:7e:a2:95:cd:eb:1c:93:be:ab:dd:
         4b:ae:51:11:80:65:90:20:08:c8:c2:e2:90:41:fa:6a:81:27:
         42:9c:2a:a1:10:69:9c:e3:be:77:5e:99:96:b8:16:f4:82:f2:
         ca:d2:61:24:e9:9d:6d:b6:cf:98:2f:40:cf:24:f7:32:e1:f2:
         f7:5e:c2:ec:dc:93:3f:f0:57:d1:f8:33:12:2f:e0:65:40:73:
         ac:79:eb:53:38:2a:04:b4:46:ac:fa:a9:08:7f:07:5b:7d:24:
         d1:72:fe:42:94:88:38:1a:ee:81:d2:30:29:b1:39:02:d1:7d:
         6b:b8:c2:30:3c:51:75:f8:34:8a:54:5e:41:aa:28:52:bb:52:
         47:62:67:9d:36:ef:c0:60:34:ba:5e:bf:96:e1:f3:c5:79:3c:
         d0:34:d8:48:b4:36:72:8b:68:09:79:ad:0d:c1:96:7d:96:3f:
         8d:a0:c8:7e:1f:cc:d1:e6:b0:53:a3:6e:ee:3b:0d:f8:7c:88:
         2a:69:81:fb
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDAYBUMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwNTEzMDk0NDAzWhcNMjUwNTIwMDk0NDAzWjAYMRYw
FAYDVQQDEw02ODIzMTQ2Ny1lM2RiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEApDizZUnIeBrQFzBCn9BIpnvQiy9n+ZeHQXcMQrA3AtBDKfzbgjaao7oj
TzYC3luhQcCIKFS4OfuhuS4ikmdRfB6w47S2E78onCW7dKfkoWvA28cHzC6y0YV/
noFA+it97eL39JYu4q/3vsIXAc8MdxwQO4kqmLIG5T+Gv9ZW84JOAF8MARsjpmP+
3DeCkw8/GbaMRIVHooDAym+9IHMqsLN+kwsfwYT7oHroRhWPJaD945cZJK7IqYzT
QMXzScYbC6wO/DoJTt+FQiXoIekNmv10nfXIT41PeoG8sbzRuAz1NlwdjtGY0IJv
MQlWKmIsTkahy1ExZoUArbNyFQ4VUwIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFAhw
Z/LHXpKkeSgKLsxbgzxmCbKRMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC9EMDQ3NUZFQzJGREUxMUYwQTcwREIyQkNEQUU0RUM5Qy5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGmltAMA0GCSqGSIb3DQEB
CwUAA4IBAQBErvXEA12J4UyGufo3mPYvvgMaklLQdpphyveUl20wvvNZtXydvBzU
xgdkJPipccCrvb3dbslWPYeouk7yO36ilc3rHJO+q91LrlERgGWQIAjIwuKQQfpq
gSdCnCqhEGmc4753XpmWuBb0gvLK0mEk6Z1tts+YL0DPJPcy4fL3XsLs3JM/8FfR
+DMSL+BlQHOseetTOCoEtEas+qkIfwdbfSTRcv5ClIg4Gu6B0jApsTkC0X1ruMIw
PFF1+DSKVF5BqihSu1JHYmedNu/AYDS6Xr+W4fPFeTzQNNhItDZyi2gJea0NwZZ9
lj+NoMh+H8zR5rBTo27uOw34fIgqaYH7
-----END CERTIFICATE-----