Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/EB48E18A151211F0BFD6A1246EB8BCC6.roa
File:                     EB48E18A151211F0BFD6A1246EB8BCC6.roa (raw, json)
Hash identifier:          fb0SZezMvzLKtvDUp6wMSyueU1ow8vvlzDtRGEfHf5U=
Subject key identifier:   AF:F7:64:6E:E1:C3:F3:44:E7:4A:B0:58:65:05:E0:C5:E3:F7:BA:E4
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       017868
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/EB48E18A151211F0BFD6A1246EB8BCC6.roa
Signing time:             Wed 09 Apr 2025 07:19:05 +0000
ROA not before:           Wed 09 Apr 2025 07:19:01 +0000
ROA not after:            Sun 04 Jan 2026 07:19:01 +0000
asID:                     58460
IP address blocks:        154.197.40.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Wed 30 Apr 2025 00:06:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 96360 (0x17868)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF, serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: Apr  9 07:19:01 2025 GMT
            Not After : Jan  4 07:19:01 2026 GMT
        Subject: CN=67f61f69-31cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:7c:93:65:06:a8:04:4b:ce:dc:25:60:90:9d:
                    f9:b1:b3:ce:f2:27:b5:14:49:61:9e:4d:b6:ad:dd:
                    91:99:e5:8b:3f:3c:22:fc:4e:a3:cb:61:37:16:6b:
                    fd:06:50:4b:9f:5c:1b:e2:62:33:09:f9:f4:80:88:
                    cb:df:15:61:57:1b:34:57:4d:6d:19:ee:88:0d:a5:
                    2b:1b:67:dc:5a:d5:b2:02:c9:bb:09:9f:32:51:5f:
                    88:b8:66:6d:b3:17:84:95:b7:c9:82:33:a8:4a:d0:
                    3e:99:55:d4:e0:33:c7:95:26:03:f6:c1:64:83:04:
                    d4:eb:34:81:68:2d:13:25:ad:b7:67:b9:32:37:46:
                    4f:b5:01:e2:65:94:76:e1:90:69:b1:76:a7:51:e8:
                    4a:9c:00:18:07:79:f0:e5:80:b7:06:e5:5d:f9:f4:
                    aa:c9:df:e1:8a:4b:4f:fe:f8:e6:ac:79:f1:73:38:
                    a7:d4:1f:8c:94:62:8a:38:06:b7:ee:fb:2e:a4:31:
                    7b:67:1d:24:c3:c6:9b:42:f5:27:1c:52:00:aa:8c:
                    67:6c:3d:d5:ee:19:e7:f5:00:57:28:9d:19:4b:ab:
                    bc:16:70:7b:54:bf:fc:c5:41:f7:f0:ac:94:a2:11:
                    45:cc:77:0d:52:5e:cd:dc:24:bc:9e:8b:d5:f8:f4:
                    67:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:F7:64:6E:E1:C3:F3:44:E7:4A:B0:58:65:05:E0:C5:E3:F7:BA:E4
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/EB48E18A151211F0BFD6A1246EB8BCC6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.197.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d6:ed:16:0b:10:f8:dc:24:11:26:af:e2:1d:ed:10:47:e9:31:
         3f:a6:7d:4f:0e:9a:d3:f9:13:f7:4e:a2:78:de:76:67:df:6b:
         32:ed:c8:1c:cc:9a:dc:52:3c:a6:47:4f:9d:0d:73:6a:8d:93:
         9f:18:7b:fd:1e:0b:80:f0:bf:64:b2:3e:77:c4:f2:09:3f:32:
         fe:f8:d7:20:28:3f:80:a9:8a:28:a7:e9:06:fa:aa:44:1a:67:
         d7:b6:c3:41:1a:21:cc:29:74:2d:78:fb:ba:f1:86:6c:a9:aa:
         90:c6:b4:1e:d2:26:f8:93:d2:67:58:11:a6:9c:5a:a3:ff:24:
         25:2a:62:ed:2b:a3:b1:e2:07:72:e2:36:59:89:f9:fe:b5:e1:
         07:d5:04:e9:89:c3:64:21:fd:98:1a:12:00:17:d2:e7:07:44:
         ff:69:aa:6e:03:47:f2:2c:8e:f5:b2:64:85:43:ce:69:76:79:
         13:72:5f:6b:59:a2:d2:1e:e4:ce:5b:72:b0:44:fc:4b:92:00:
         15:96:80:3c:d4:01:1d:87:5a:66:33:bc:d5:ae:64:06:f1:01:
         68:54:b1:74:dd:a4:87:30:08:c9:ef:ab:7d:fa:d4:bc:6f:64:
         13:e7:6d:27:be:63:72:d4:05:2b:99:00:25:16:d4:70:5d:4b:
         c4:0b:c1:3d
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDAXhoMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwNDA5MDcxOTAxWhcNMjYwMTA0MDcxOTAxWjAYMRYw
FAYDVQQDEw02N2Y2MWY2OS0zMWNmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAr3yTZQaoBEvO3CVgkJ35sbPO8ie1FElhnk22rd2RmeWLPzwi/E6jy2E3
Fmv9BlBLn1wb4mIzCfn0gIjL3xVhVxs0V01tGe6IDaUrG2fcWtWyAsm7CZ8yUV+I
uGZtsxeElbfJgjOoStA+mVXU4DPHlSYD9sFkgwTU6zSBaC0TJa23Z7kyN0ZPtQHi
ZZR24ZBpsXanUehKnAAYB3nw5YC3BuVd+fSqyd/hiktP/vjmrHnxczin1B+MlGKK
OAa37vsupDF7Zx0kw8abQvUnHFIAqoxnbD3V7hnn9QBXKJ0ZS6u8FnB7VL/8xUH3
8KyUohFFzHcNUl7N3CS8novV+PRnAQIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFK/3
ZG7hw/NE50qwWGUF4MXj97rkMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC9FQjQ4RTE4QTE1MTIxMUYwQkZENkExMjQ2RUI4QkNDNi5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCmsUoMA0GCSqGSIb3DQEB
CwUAA4IBAQDW7RYLEPjcJBEmr+Id7RBH6TE/pn1PDprT+RP3TqJ43nZn32sy7cgc
zJrcUjymR0+dDXNqjZOfGHv9HguA8L9ksj53xPIJPzL++NcgKD+AqYoop+kG+qpE
GmfXtsNBGiHMKXQtePu68YZsqaqQxrQe0ib4k9JnWBGmnFqj/yQlKmLtK6Ox4gdy
4jZZifn+teEH1QTpicNkIf2YGhIAF9LnB0T/aapuA0fyLI71smSFQ85pdnkTcl9r
WaLSHuTOW3KwRPxLkgAVloA81AEdh1pmM7zVrmQG8QFoVLF03aSHMAjJ76t9+tS8
b2QT520nvmNy1AUrmQAlFtRwXUvEC8E9
-----END CERTIFICATE-----
Generated at Mon Apr 28 22:57:58 2025 by rpki-client on console.sobornost.net