Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/BE7C6AE6352D11F1B05C10A6CE1D38B0.roa
File:                     BE7C6AE6352D11F1B05C10A6CE1D38B0.roa (raw, json)
Hash identifier:          oiIGp1RdJYPY6YlUvMvEV+LWt01CaPzLDey4kByHgCQ=
Subject key identifier:   A2:BA:B8:11:06:B1:96:CF:67:E3:2D:2E:96:F3:C2:54:36:8A:F5:85
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       01C47B
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/BE7C6AE6352D11F1B05C10A6CE1D38B0.roa
Signing time:             Fri 10 Apr 2026 22:36:42 +0000
ROA not before:           Fri 10 Apr 2026 22:36:35 +0000
ROA not after:            Sun 10 May 2026 22:36:35 +0000
asID:                     139646
IP address blocks:        154.86.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Mon 20 Apr 2026 00:08:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 115835 (0x1c47b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF, serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: Apr 10 22:36:35 2026 GMT
            Not After : May 10 22:36:35 2026 GMT
        Subject: CN=69d97b79-8443
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:47:b7:d8:96:c9:70:a8:70:9b:de:c3:9a:eb:
                    93:5e:86:46:91:ba:b0:ac:f0:6d:b3:58:fd:f4:db:
                    7a:00:9a:0f:ab:56:6d:09:69:f6:04:f2:9e:fd:df:
                    7b:eb:d7:fd:4e:ac:5f:a0:55:e3:f3:dc:d6:b2:29:
                    38:c6:a5:f5:70:2d:7a:f3:6d:5c:c0:10:73:3d:a8:
                    96:01:5e:f4:70:8c:aa:e1:fe:b7:b6:cb:c8:f0:f8:
                    e0:9e:b1:e1:53:ff:e4:ab:87:d0:1c:39:d0:32:8c:
                    05:6c:5d:34:a2:6e:97:09:2a:84:bc:c4:8b:a4:20:
                    93:26:f7:98:fd:14:0a:90:42:31:56:0a:b0:d8:f9:
                    02:17:08:26:9e:1e:13:20:23:00:43:d8:f0:72:6d:
                    9f:a5:a9:bf:f5:9f:69:cd:16:e2:70:aa:4f:24:f1:
                    df:d6:e5:05:4c:10:67:9e:4c:e9:da:92:d9:12:61:
                    cd:a7:b4:a5:c3:d8:9b:40:e5:4f:e7:6e:63:f3:b1:
                    59:fa:11:16:08:56:f1:88:cc:8b:56:93:fd:80:24:
                    96:55:b0:df:54:43:46:b9:cb:03:05:19:77:e9:bc:
                    1a:c7:31:6f:d9:7b:2b:61:64:bd:8d:aa:10:b9:a7:
                    f5:e4:ab:b5:74:23:8f:f1:f9:23:b9:16:fb:34:cb:
                    a8:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:BA:B8:11:06:B1:96:CF:67:E3:2D:2E:96:F3:C2:54:36:8A:F5:85
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/BE7C6AE6352D11F1B05C10A6CE1D38B0.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.86.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:95:6b:82:93:ab:45:ff:3f:a5:ed:92:d0:e0:91:c5:89:e2:
         bc:0c:d9:62:cc:06:8b:d9:e4:86:61:f5:5c:02:fe:d9:9c:5c:
         42:7f:6c:e5:8b:69:0f:9f:4d:82:2f:36:c9:d4:b8:be:ca:f5:
         9e:60:66:d7:89:b3:b7:3e:19:f3:84:fc:31:52:a6:70:1d:0a:
         1f:a3:f3:f8:c1:00:12:a5:d6:b4:c9:44:f9:05:f7:34:28:77:
         45:15:31:38:d3:ae:6c:a3:59:74:f2:2a:e0:25:8c:ef:75:c9:
         4b:91:18:57:d8:23:b5:ad:af:36:03:de:ac:a5:e5:77:3c:32:
         b8:5c:41:e2:e1:f2:68:a0:53:de:ee:e5:a4:c8:55:2e:c5:bf:
         fd:51:1a:f1:8a:31:0e:27:f6:99:c3:05:3a:75:8d:f2:0d:fc:
         9e:1c:3a:f8:70:86:a2:30:61:3b:36:0a:dc:a6:34:0a:a9:90:
         77:0a:a1:43:de:46:0d:15:ff:d9:cb:04:6c:c9:19:e0:a9:86:
         77:a3:f9:44:5a:55:27:82:66:f8:bc:b7:94:d3:17:b8:ad:17:
         13:2b:59:91:39:56:89:3f:a8:f4:cd:d9:25:10:80:6d:8f:ec:
         cd:6d:46:23:55:32:b4:be:40:30:b6:73:32:76:60:83:a0:b7:
         71:f3:39:cd
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDAcR7MA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjYwNDEwMjIzNjM1WhcNMjYwNTEwMjIzNjM1WjAYMRYw
FAYDVQQDEw02OWQ5N2I3OS04NDQzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA4Ue32JbJcKhwm97DmuuTXoZGkbqwrPBts1j99Nt6AJoPq1ZtCWn2BPKe
/d9769f9TqxfoFXj89zWsik4xqX1cC16821cwBBzPaiWAV70cIyq4f63tsvI8Pjg
nrHhU//kq4fQHDnQMowFbF00om6XCSqEvMSLpCCTJveY/RQKkEIxVgqw2PkCFwgm
nh4TICMAQ9jwcm2fpam/9Z9pzRbicKpPJPHf1uUFTBBnnkzp2pLZEmHNp7Slw9ib
QOVP525j87FZ+hEWCFbxiMyLVpP9gCSWVbDfVENGucsDBRl36bwaxzFv2XsrYWS9
jaoQuaf15Ku1dCOP8fkjuRb7NMuofwIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFKK6
uBEGsZbPZ+MtLpbzwlQ2ivWFMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC9CRTdDNkFFNjM1MkQxMUYxQjA1QzEwQTZDRTFEMzhCMC5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmlYAMA0GCSqGSIb3DQEB
CwUAA4IBAQAmlWuCk6tF/z+l7ZLQ4JHFieK8DNlizAaL2eSGYfVcAv7ZnFxCf2zl
i2kPn02CLzbJ1Li+yvWeYGbXibO3PhnzhPwxUqZwHQofo/P4wQASpda0yUT5Bfc0
KHdFFTE4065so1l08irgJYzvdclLkRhX2CO1ra82A96speV3PDK4XEHi4fJooFPe
7uWkyFUuxb/9URrxijEOJ/aZwwU6dY3yDfyeHDr4cIaiMGE7NgrcpjQKqZB3CqFD
3kYNFf/ZywRsyRngqYZ3o/lEWlUngmb4vLeU0xe4rRcTK1mROVaJP6j0zdklEIBt
j+zNbUYjVTK0vkAwtnMydmCDoLdx8znN
-----END CERTIFICATE-----