Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F369591C/672357D4C24711ED959790A0F1222468/A3FEFCB0577A11F0A98CD3C1DAE4EC9C.roa
File:                     A3FEFCB0577A11F0A98CD3C1DAE4EC9C.roa (raw, json)
Hash identifier:          qgOiHPxC/Z9pgaIJ8OipsoRNTQGJykYjhiWofc3it3c=
Subject key identifier:   FC:CD:64:9C:7E:C4:8E:85:64:E7:83:FD:73:EB:A0:34:4D:89:0B:A2
Certificate issuer:       /CN=F369591CRI/serialNumber=DCFEA3847722D2FEC7A039E99038F7538259D031
Certificate serial:       037C
Authority key identifier: DC:FE:A3:84:77:22:D2:FE:C7:A0:39:E9:90:38:F7:53:82:59:D0:31
Authority info access:    rsync://rpki.afrinic.net/repository/ripe/3P6jhHci0v7HoDnpkDj3U4JZ0DE.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F369591C/672357D4C24711ED959790A0F1222468/A3FEFCB0577A11F0A98CD3C1DAE4EC9C.roa
Signing time:             Wed 02 Jul 2025 19:27:50 +0000
ROA not before:           Wed 02 Jul 2025 19:27:46 +0000
ROA not after:            Tue 31 Dec 2030 19:27:46 +0000
asID:                     15964
IP address blocks:        195.24.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F369591C/672357D4C24711ED959790A0F1222468/3P6jhHci0v7HoDnpkDj3U4JZ0DE.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F369591C/672357D4C24711ED959790A0F1222468/3P6jhHci0v7HoDnpkDj3U4JZ0DE.mft
                          rsync://rpki.afrinic.net/repository/ripe/3P6jhHci0v7HoDnpkDj3U4JZ0DE.cer
                          rsync://rpki.afrinic.net/repository/ripe/f3rBgIl5g-Kek3wKGHgDwHJ1VUU.crl
                          rsync://rpki.afrinic.net/repository/ripe/f3rBgIl5g-Kek3wKGHgDwHJ1VUU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 06 Jul 2025 00:45:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 892 (0x37c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F369591CRI, serialNumber=DCFEA3847722D2FEC7A039E99038F7538259D031
        Validity
            Not Before: Jul  2 19:27:46 2025 GMT
            Not After : Dec 31 19:27:46 2030 GMT
        Subject: CN=68658836-8259
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:13:17:b8:89:42:7f:d2:f6:ff:7a:ab:6d:c1:
                    e1:66:de:f1:38:5c:de:04:f9:e4:01:53:52:77:cf:
                    64:12:b9:bf:4b:84:95:5d:aa:66:f6:0a:b0:0f:9c:
                    f2:94:45:cb:ec:d4:9a:2d:d7:5e:bb:53:62:78:11:
                    ab:d1:7c:2d:1f:83:9c:9d:2b:4c:aa:b3:99:97:5b:
                    b8:8f:f6:36:1d:15:bf:d3:7d:00:f3:ec:45:cd:84:
                    ff:7b:14:dd:7d:88:cd:be:48:ae:b3:e9:8b:a8:a6:
                    2d:cd:9d:98:8a:04:25:4c:4c:2b:ea:02:06:29:ba:
                    fa:d3:78:94:9c:8f:e5:51:7d:f9:95:ae:2a:22:b4:
                    e8:ec:e5:24:0f:44:8e:47:9a:89:ca:a5:ae:7c:c3:
                    84:1f:b0:e4:c8:8e:6f:4e:de:29:d2:27:2c:5f:d6:
                    04:c0:17:63:dc:09:a5:f7:73:21:5c:f0:03:a4:85:
                    4b:64:16:78:86:b5:58:49:b4:20:68:05:8f:4d:37:
                    c0:9d:ba:cb:10:20:8f:38:90:76:24:81:58:c3:df:
                    f2:d5:63:c1:31:0d:7e:61:ac:97:93:21:8e:a1:4c:
                    c8:7e:e8:bb:55:24:2d:d0:ae:1a:39:c1:01:95:16:
                    5f:eb:8b:74:9d:86:88:ab:cf:2e:41:bf:64:0a:91:
                    8a:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:CD:64:9C:7E:C4:8E:85:64:E7:83:FD:73:EB:A0:34:4D:89:0B:A2
            X509v3 Authority Key Identifier:
                keyid:DC:FE:A3:84:77:22:D2:FE:C7:A0:39:E9:90:38:F7:53:82:59:D0:31

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F369591C/672357D4C24711ED959790A0F1222468/3P6jhHci0v7HoDnpkDj3U4JZ0DE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/ripe/3P6jhHci0v7HoDnpkDj3U4JZ0DE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F369591C/672357D4C24711ED959790A0F1222468/A3FEFCB0577A11F0A98CD3C1DAE4EC9C.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.24.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:68:c4:c6:b9:0e:d5:7e:ed:1a:e3:e8:cb:a3:77:e5:ba:ba:
         6f:22:dd:bd:3c:27:93:4c:68:6b:6c:99:50:8d:11:f1:fb:79:
         f3:ee:af:86:24:fe:93:77:e3:7e:74:c8:fb:22:6d:8b:15:38:
         87:b2:42:f7:56:62:e9:f5:e9:e3:32:68:d0:f5:bd:12:27:33:
         f9:5a:fd:7b:9b:cb:a3:48:8e:98:52:0f:d7:43:8d:e9:4c:0c:
         59:5d:6c:a5:e3:b9:c1:e0:20:41:3f:d8:4c:13:24:0e:5d:2e:
         fa:96:c9:89:66:59:e0:8e:d8:72:4d:69:af:43:59:b5:d3:39:
         4c:fc:3b:9e:9f:de:23:44:60:ba:15:78:9e:96:b6:88:5f:81:
         61:2b:9c:7a:36:7d:54:7f:db:7c:cc:b2:80:55:6b:a6:25:5e:
         5b:98:b4:bd:0a:fb:87:bd:2a:50:ff:32:3e:d7:87:10:e7:e6:
         3f:c1:e3:67:c3:ef:7f:a6:73:95:e9:0f:9f:60:d0:fa:34:be:
         20:9a:9f:93:ca:9d:c0:0d:dc:9d:75:89:ca:65:9b:df:0a:b7:
         4b:4d:e7:43:5b:49:53:6e:57:82:4e:87:dc:ad:5c:da:2d:0c:
         b8:ad:85:d0:97:bb:41:ef:06:07:23:be:1e:03:04:b0:17:d1:
         2b:1f:1a:3c
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICA3wwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
OTU5MUNSSTExMC8GA1UEBRMoRENGRUEzODQ3NzIyRDJGRUM3QTAzOUU5OTAzOEY3
NTM4MjU5RDAzMTAeFw0yNTA3MDIxOTI3NDZaFw0zMDEyMzExOTI3NDZaMBgxFjAU
BgNVBAMTDTY4NjU4ODM2LTgyNTkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDbExe4iUJ/0vb/eqttweFm3vE4XN4E+eQBU1J3z2QSub9LhJVdqmb2CrAP
nPKURcvs1Jot1167U2J4EavRfC0fg5ydK0yqs5mXW7iP9jYdFb/TfQDz7EXNhP97
FN19iM2+SK6z6Yuopi3NnZiKBCVMTCvqAgYpuvrTeJScj+VRffmVrioitOjs5SQP
RI5HmonKpa58w4QfsOTIjm9O3inSJyxf1gTAF2PcCaX3cyFc8AOkhUtkFniGtVhJ
tCBoBY9NN8CdussQII84kHYkgVjD3/LVY8ExDX5hrJeTIY6hTMh+6LtVJC3Qrho5
wQGVFl/ri3Sdhoirzy5Bv2QKkYpJAgMBAAGjggKiMIICnjAdBgNVHQ4EFgQU/M1k
nH7EjoVk54P9c+ugNE2JC6IwHwYDVR0jBBgwFoAU3P6jhHci0v7HoDnpkDj3U4JZ
0DEwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjk1OTFDLzY3MjM1N0Q0QzI0NzExRUQ5NTk3OTBBMEYxMjIyNDY4LzNQNmpo
SGNpMHY3SG9EbnBrRGozVTRKWjBERS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9yaXBl
LzNQNmpoSGNpMHY3SG9EbnBrRGozVTRKWjBERS5jZXIwTwYDVR0gAQH/BEUwQzBB
BggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5pYy5u
ZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEFBQcw
C4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9y
ZXBvc2l0b3J5L0YzNjk1OTFDLzY3MjM1N0Q0QzI0NzExRUQ5NTk3OTBBMEYxMjIy
NDY4L0EzRkVGQ0IwNTc3QTExRjBBOThDRDNDMURBRTRFQzlDLnJvYTA1BggrBgEF
BQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54bWww
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDGM0wDQYJKoZIhvcNAQELBQAD
ggEBAChoxMa5DtV+7Rrj6Mujd+W6um8i3b08J5NMaGtsmVCNEfH7efPur4Yk/pN3
4350yPsibYsVOIeyQvdWYun16eMyaND1vRInM/la/Xuby6NIjphSD9dDjelMDFld
bKXjucHgIEE/2EwTJA5dLvqWyYlmWeCO2HJNaa9DWbXTOUz8O56f3iNEYLoVeJ6W
tohfgWErnHo2fVR/23zMsoBVa6YlXluYtL0K+4e9KlD/Mj7XhxDn5j/B42fD73+m
c5XpD59g0Po0viCan5PKncAN3J11icplm98Kt0tN50NbSVNuV4JOh9ytXNotDLit
hdCXu0HvBgcjvh4DBLAX0SsfGjw=
-----END CERTIFICATE-----