Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/A8003CB013EC11F08A7CFEAA762E951A.roa
File:                     A8003CB013EC11F08A7CFEAA762E951A.roa (raw, json)
Hash identifier:          CNap/uzkXBtKVQToqpIXz1NsfMuAavWSdtACrgcJVts=
Subject key identifier:   70:02:65:F2:3D:89:4C:2C:9E:04:18:C1:19:6F:68:5A:D8:47:3B:E7
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       01783B
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/A8003CB013EC11F08A7CFEAA762E951A.roa
Signing time:             Mon 07 Apr 2025 20:12:40 +0000
ROA not before:           Mon 07 Apr 2025 20:12:36 +0000
ROA not after:            Fri 16 May 2025 20:12:36 +0000
asID:                     137899
IP address blocks:        154.222.16.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Wed 30 Apr 2025 00:06:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 96315 (0x1783b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF, serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: Apr  7 20:12:36 2025 GMT
            Not After : May 16 20:12:36 2025 GMT
        Subject: CN=67f431b8-8fb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:2a:9d:d3:e7:59:82:fa:97:d7:9c:fa:ef:91:
                    4e:84:a0:1f:19:19:68:84:de:08:c7:0d:82:8a:2b:
                    29:99:ab:d9:a9:b1:be:21:04:02:2e:d9:63:d7:b8:
                    39:bc:a7:61:f1:8f:bc:f6:27:b6:ec:d1:03:57:7d:
                    a1:dd:8d:86:12:ee:87:82:b4:85:63:66:ab:ea:37:
                    1d:7d:bd:af:f5:14:b7:19:76:63:2f:15:68:d9:b5:
                    4e:a5:57:ee:8a:e6:f1:60:6f:a6:c4:ea:04:09:5e:
                    f0:c7:b3:d7:ae:12:ff:83:32:cd:3a:6d:48:52:68:
                    c3:89:57:be:b5:ab:56:21:93:69:2a:8b:d6:3d:d7:
                    7c:0a:78:e0:d0:82:a5:a1:1d:7d:f8:73:46:e7:a0:
                    36:73:f0:9d:ab:d2:8f:3d:f1:95:2c:d1:bf:c4:d0:
                    0d:1e:40:de:da:51:37:4c:1c:2e:18:18:77:be:be:
                    75:be:c3:05:83:22:c4:b8:1b:00:e0:7f:a3:4b:ab:
                    4c:67:97:18:fa:13:4f:0b:6c:cf:f3:ac:5a:67:89:
                    ae:30:7b:6c:e9:8a:84:35:4d:80:a3:4b:02:7d:13:
                    05:73:d3:c5:6d:a7:24:c2:08:4e:af:a2:1c:0f:4a:
                    d3:8a:dc:de:f1:86:2b:9d:cd:80:c6:a1:f3:0b:f2:
                    55:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:02:65:F2:3D:89:4C:2C:9E:04:18:C1:19:6F:68:5A:D8:47:3B:E7
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/A8003CB013EC11F08A7CFEAA762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.222.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         bc:b4:2e:62:bb:95:04:a0:8c:4b:ff:19:db:74:93:06:58:4e:
         ac:e7:42:eb:55:76:42:f6:ed:3f:9f:73:ea:85:ac:47:31:31:
         ce:ef:8b:62:f7:77:50:11:ab:0a:c5:99:b6:bc:59:03:0f:b5:
         30:8c:2b:3e:5a:1f:b8:6c:7b:09:21:30:3e:f0:7b:cc:83:7e:
         44:88:67:82:d2:6f:b8:b8:a1:97:5d:82:19:1e:9f:23:bd:cb:
         9d:dc:5b:20:94:8a:98:06:03:4c:46:89:0a:73:77:2f:57:af:
         a5:95:1f:c3:5e:54:77:3d:ad:ae:fa:9a:d5:b3:33:43:14:99:
         44:3c:30:5a:23:6d:8a:bb:52:65:21:78:48:41:cf:d3:87:9b:
         8c:d7:1a:c7:9f:06:fd:a0:de:60:30:d7:ae:5f:ab:11:d6:74:
         98:06:53:10:cc:d8:2c:93:45:e3:8f:96:ce:7f:be:f9:ce:23:
         3b:97:70:58:5e:d8:dc:12:40:e0:f7:cb:e9:ef:85:fb:ab:eb:
         ae:c9:a3:7f:5d:6f:31:06:a7:cb:c4:1f:0d:af:64:02:ec:13:
         ff:8d:0f:95:5d:28:64:92:bc:f4:cc:12:1c:20:35:d0:37:0b:
         43:19:f0:d7:f1:87:fd:0d:f0:82:78:32:ac:93:76:62:50:30:
         a1:a1:94:3f
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDAXg7MA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwNDA3MjAxMjM2WhcNMjUwNTE2MjAxMjM2WjAYMRYw
FAYDVQQDEw02N2Y0MzFiOC04ZmI5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAviqd0+dZgvqX15z675FOhKAfGRlohN4Ixw2CiispmavZqbG+IQQCLtlj
17g5vKdh8Y+89ie27NEDV32h3Y2GEu6HgrSFY2ar6jcdfb2v9RS3GXZjLxVo2bVO
pVfuiubxYG+mxOoECV7wx7PXrhL/gzLNOm1IUmjDiVe+tatWIZNpKovWPdd8Cnjg
0IKloR19+HNG56A2c/Cdq9KPPfGVLNG/xNANHkDe2lE3TBwuGBh3vr51vsMFgyLE
uBsA4H+jS6tMZ5cY+hNPC2zP86xaZ4muMHts6YqENU2Ao0sCfRMFc9PFbackwghO
r6IcD0rTitze8YYrnc2AxqHzC/JVJwIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFHAC
ZfI9iUwsngQYwRlvaFrYRzvnMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC9BODAwM0NCMDEzRUMxMUYwOEE3Q0ZFQUE3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEmt4QMA0GCSqGSIb3DQEB
CwUAA4IBAQC8tC5iu5UEoIxL/xnbdJMGWE6s50LrVXZC9u0/n3PqhaxHMTHO74ti
93dQEasKxZm2vFkDD7UwjCs+Wh+4bHsJITA+8HvMg35EiGeC0m+4uKGXXYIZHp8j
vcud3FsglIqYBgNMRokKc3cvV6+llR/DXlR3Pa2u+prVszNDFJlEPDBaI22Ku1Jl
IXhIQc/Th5uM1xrHnwb9oN5gMNeuX6sR1nSYBlMQzNgsk0Xjj5bOf775ziM7l3BY
XtjcEkDg98vp74X7q+uuyaN/XW8xBqfLxB8Nr2QC7BP/jQ+VXShkkrz0zBIcIDXQ
NwtDGfDX8Yf9DfCCeDKsk3ZiUDChoZQ/
-----END CERTIFICATE-----