Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/FD00640650DC11F0AC9C1EC7DAE4EC9C.roa
File:                     FD00640650DC11F0AC9C1EC7DAE4EC9C.roa (raw, json)
Hash identifier:          jpctdv2S1AlCbTDzGvpcjetlM//JnM2ACGmQArqD7fM=
Subject key identifier:   BA:AE:DA:F6:EE:78:A6:9E:C8:91:BD:6C:A8:0B:24:9E:CC:5E:96:C8
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       018838
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/FD00640650DC11F0AC9C1EC7DAE4EC9C.roa
Signing time:             Tue 24 Jun 2025 09:24:12 +0000
ROA not before:           Tue 24 Jun 2025 09:24:07 +0000
ROA not after:            Sat 26 Jul 2025 09:24:07 +0000
asID:                     63139
IP address blocks:        154.194.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Wed 02 Jul 2025 11:30:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 100408 (0x18838)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF, serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: Jun 24 09:24:07 2025 GMT
            Not After : Jul 26 09:24:07 2025 GMT
        Subject: CN=685a6ebc-02cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c8:75:61:70:94:2c:b9:e5:26:2a:53:32:d9:
                    f1:a8:ef:b9:7a:75:08:de:9d:f7:c1:99:78:37:13:
                    a7:63:47:0d:5e:7b:28:10:f1:04:ea:f0:4f:61:b7:
                    aa:8d:f7:75:ed:8a:0d:f7:48:2f:d7:52:ba:19:5c:
                    7c:e1:59:c6:30:f9:16:0b:13:c3:3d:da:35:6e:ca:
                    a6:a9:ea:d2:cf:cd:9b:59:d3:32:a2:82:a4:8b:2c:
                    11:bb:03:3f:45:dc:80:0f:d0:33:89:d3:e2:1c:c9:
                    0e:f7:d0:62:8b:56:9f:59:34:87:f0:ed:75:df:4c:
                    c1:b3:d5:7a:bf:e7:ff:dd:c8:2b:f0:22:35:52:51:
                    eb:3d:43:ec:8d:eb:45:ce:de:b3:1d:07:b3:cc:8e:
                    87:a8:28:41:41:4c:a4:97:c2:27:2a:32:d4:20:d4:
                    61:c4:6f:f0:39:57:9e:7d:75:25:66:c6:09:8d:37:
                    92:df:ec:01:1d:eb:76:11:31:8a:28:a5:f2:7b:7b:
                    47:30:8b:17:4b:4f:96:69:07:d3:09:47:fa:c2:c9:
                    45:85:73:fb:0c:fb:fc:32:be:ab:f5:74:cd:9a:4e:
                    62:67:4b:f0:93:06:0c:05:6b:d4:9c:fe:20:50:c6:
                    1b:59:ac:78:4b:ab:8a:0b:6e:14:cf:73:49:7f:35:
                    60:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:AE:DA:F6:EE:78:A6:9E:C8:91:BD:6C:A8:0B:24:9E:CC:5E:96:C8
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/FD00640650DC11F0AC9C1EC7DAE4EC9C.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.194.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d3:d6:0b:d0:8a:9b:21:48:e5:80:1e:2f:e1:b3:38:50:c4:33:
         0e:8f:34:f3:db:70:94:40:64:f6:84:61:37:eb:4a:da:2a:b1:
         45:ad:57:ae:59:ad:6d:58:55:7e:1d:e0:90:d3:56:be:b6:60:
         de:3b:d9:11:3f:54:6a:73:5e:f2:87:57:3a:d7:34:c7:a7:03:
         dd:ef:fa:05:81:dc:90:66:1a:4d:bb:fe:96:c1:e2:9d:89:c8:
         a8:39:14:aa:54:57:70:7b:92:83:d7:ca:12:86:15:00:17:b7:
         1b:ff:72:77:db:a8:ef:e6:ae:eb:a5:79:92:92:f4:b1:af:b1:
         87:97:3e:20:5d:9f:0b:a8:42:47:e7:7f:a8:8d:d5:3c:ce:00:
         ed:cf:30:43:8d:9b:b8:f5:92:98:41:71:85:7d:e7:f0:51:05:
         55:ae:4e:92:cf:88:01:28:22:86:21:5f:c5:a8:aa:44:88:c8:
         e1:55:d7:88:71:50:de:70:c6:93:83:b4:42:27:18:a4:dd:9b:
         f1:48:b4:2c:dc:7c:8f:21:29:a4:47:3f:07:fe:f4:20:6f:6f:
         39:a1:67:3c:51:be:b9:a8:55:be:3f:a4:14:0c:42:5d:70:69:
         c9:ea:5b:b2:0b:24:c0:04:ce:c0:a8:7f:1f:42:cd:cc:25:33:
         9d:5d:3b:be
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDAYg4MA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwNjI0MDkyNDA3WhcNMjUwNzI2MDkyNDA3WjAYMRYw
FAYDVQQDEw02ODVhNmViYy0wMmNkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAuMh1YXCULLnlJipTMtnxqO+5enUI3p33wZl4NxOnY0cNXnsoEPEE6vBP
Ybeqjfd17YoN90gv11K6GVx84VnGMPkWCxPDPdo1bsqmqerSz82bWdMyooKkiywR
uwM/RdyAD9AzidPiHMkO99Bii1afWTSH8O1130zBs9V6v+f/3cgr8CI1UlHrPUPs
jetFzt6zHQezzI6HqChBQUykl8InKjLUINRhxG/wOVeefXUlZsYJjTeS3+wBHet2
ETGKKKXye3tHMIsXS0+WaQfTCUf6wslFhXP7DPv8Mr6r9XTNmk5iZ0vwkwYMBWvU
nP4gUMYbWax4S6uKC24Uz3NJfzVguwIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFLqu
2vbueKaeyJG9bKgLJJ7MXpbIMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC9GRDAwNjQwNjUwREMxMUYwQUM5QzFFQzdEQUU0RUM5Qy5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmsJEMA0GCSqGSIb3DQEB
CwUAA4IBAQDT1gvQipshSOWAHi/hszhQxDMOjzTz23CUQGT2hGE360raKrFFrVeu
Wa1tWFV+HeCQ01a+tmDeO9kRP1Rqc17yh1c61zTHpwPd7/oFgdyQZhpNu/6WweKd
icioORSqVFdwe5KD18oShhUAF7cb/3J326jv5q7rpXmSkvSxr7GHlz4gXZ8LqEJH
53+ojdU8zgDtzzBDjZu49ZKYQXGFfefwUQVVrk6Sz4gBKCKGIV/FqKpEiMjhVdeI
cVDecMaTg7RCJxik3ZvxSLQs3HyPISmkRz8H/vQgb285oWc8Ub65qFW+P6QUDEJd
cGnJ6luyCyTABM7AqH8fQs3MJTOdXTu+
-----END CERTIFICATE-----