Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/CE3DB1E4664611F0BE065687DAE4EC9C.roa
File:                     CE3DB1E4664611F0BE065687DAE4EC9C.roa (raw, json)
Hash identifier:          3eY/pJSqOQfHOOskL68RxCkX76bIL3mgXjefg5HfqSU=
Subject key identifier:   C6:D2:85:74:4E:83:37:CA:8E:FF:21:0A:BA:9C:56:3D:93:F5:2C:D3
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       018E85
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/CE3DB1E4664611F0BE065687DAE4EC9C.roa
Signing time:             Mon 21 Jul 2025 15:24:35 +0000
ROA not before:           Mon 21 Jul 2025 15:24:30 +0000
ROA not after:            Tue 26 Aug 2025 15:24:30 +0000
asID:                     150698
IP address blocks:        154.197.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Fri 08 Aug 2025 00:06:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 102021 (0x18e85)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF, serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: Jul 21 15:24:30 2025 GMT
            Not After : Aug 26 15:24:30 2025 GMT
        Subject: CN=687e5bb2-1b44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:8f:58:67:80:09:92:1d:91:d8:12:52:58:66:
                    79:11:2c:60:31:00:46:f1:5c:f6:9b:8f:16:6e:54:
                    22:04:dc:d6:3f:7f:e8:80:a2:1f:e6:b4:cc:8a:85:
                    15:ea:f5:2a:cc:44:79:7c:b6:8a:91:e7:00:31:3b:
                    93:db:5f:68:af:da:a4:18:ba:9e:49:33:7d:ce:db:
                    c0:b3:0e:03:61:46:f5:e1:5a:49:69:62:20:25:1d:
                    c7:2e:9d:17:c3:32:1d:d5:e1:0f:d4:fe:5d:f5:4d:
                    32:b3:24:63:92:3a:8b:c0:bb:a1:ab:38:10:98:39:
                    2e:29:37:17:46:e8:49:6f:0e:28:77:bf:18:6c:20:
                    e9:49:49:69:e3:1c:58:52:a7:18:c0:4b:ac:2a:f3:
                    09:d9:f7:bf:84:bb:bf:3b:fb:6e:bf:b3:0b:dc:1b:
                    39:b6:b5:6d:05:96:84:e3:5f:28:4c:f8:d4:9a:64:
                    c0:ef:cc:23:ce:cf:fd:be:6d:54:de:27:7d:31:13:
                    2e:38:3d:31:3f:6b:15:2c:10:50:e6:68:b8:8b:e2:
                    99:56:08:e2:c0:6e:a4:d7:7d:31:41:c3:d0:54:0a:
                    54:ac:d8:5d:5d:be:4f:96:1a:69:71:83:51:d2:8a:
                    f5:b7:87:e0:99:62:59:97:49:7e:a8:7e:54:cc:a2:
                    76:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:D2:85:74:4E:83:37:CA:8E:FF:21:0A:BA:9C:56:3D:93:F5:2C:D3
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/CE3DB1E4664611F0BE065687DAE4EC9C.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.197.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:78:ba:f5:3c:31:7e:f8:c2:41:26:e5:4b:90:b9:ec:75:b8:
         0e:3e:27:6c:d2:95:dc:ce:e8:34:64:19:39:43:64:0a:7a:4b:
         ad:fd:87:ac:0b:3c:00:b6:dc:ee:a0:2c:54:83:c2:23:19:f4:
         50:77:85:ca:60:5a:04:9f:d7:85:3b:da:7d:ea:02:4f:3d:0c:
         73:39:cf:88:8e:a3:6a:2d:32:53:68:25:71:7e:50:7a:b6:b2:
         56:5c:82:0e:57:e2:40:01:98:0d:e8:3e:be:39:81:92:90:c1:
         88:a7:a3:db:10:b6:92:22:e5:f2:6c:de:c1:ab:38:b7:52:7d:
         61:aa:ad:4c:be:46:3a:ca:5c:f4:19:89:b0:ea:fe:f3:64:2a:
         a7:bd:dd:66:19:a7:9c:18:96:6c:53:40:ea:36:82:c3:ad:e3:
         b1:24:04:6b:cd:b6:b5:18:8c:06:e2:7f:bb:8e:98:69:76:21:
         3f:fd:4d:01:6a:19:0d:56:f9:5a:d3:c4:8a:c0:1a:86:8d:47:
         8f:8f:72:b9:ca:75:76:62:50:a2:83:4a:13:24:d2:8d:f9:40:
         dd:46:fa:7f:90:eb:04:12:60:2a:64:cf:51:a6:a2:37:e9:51:
         78:91:38:73:62:30:f5:bf:e8:66:77:ea:b4:25:d9:9f:22:31:
         30:34:64:fe
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDAY6FMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwNzIxMTUyNDMwWhcNMjUwODI2MTUyNDMwWjAYMRYw
FAYDVQQDEw02ODdlNWJiMi0xYjQ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAvI9YZ4AJkh2R2BJSWGZ5ESxgMQBG8Vz2m48WblQiBNzWP3/ogKIf5rTM
ioUV6vUqzER5fLaKkecAMTuT219or9qkGLqeSTN9ztvAsw4DYUb14VpJaWIgJR3H
Lp0XwzId1eEP1P5d9U0ysyRjkjqLwLuhqzgQmDkuKTcXRuhJbw4od78YbCDpSUlp
4xxYUqcYwEusKvMJ2fe/hLu/O/tuv7ML3Bs5trVtBZaE418oTPjUmmTA78wjzs/9
vm1U3id9MRMuOD0xP2sVLBBQ5mi4i+KZVgjiwG6k130xQcPQVApUrNhdXb5Plhpp
cYNR0or1t4fgmWJZl0l+qH5UzKJ2VwIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFMbS
hXROgzfKjv8hCrqcVj2T9SzTMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC9DRTNEQjFFNDY2NDYxMUYwQkUwNjU2ODdEQUU0RUM5Qy5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmsV3MA0GCSqGSIb3DQEB
CwUAA4IBAQB4eLr1PDF++MJBJuVLkLnsdbgOPids0pXczug0ZBk5Q2QKekut/Yes
CzwAttzuoCxUg8IjGfRQd4XKYFoEn9eFO9p96gJPPQxzOc+IjqNqLTJTaCVxflB6
trJWXIIOV+JAAZgN6D6+OYGSkMGIp6PbELaSIuXybN7Bqzi3Un1hqq1MvkY6ylz0
GYmw6v7zZCqnvd1mGaecGJZsU0DqNoLDreOxJARrzba1GIwG4n+7jphpdiE//U0B
ahkNVvla08SKwBqGjUePj3K5ynV2YlCig0oTJNKN+UDdRvp/kOsEEmAqZM9RpqI3
6VF4kThzYjD1v+hmd+q0JdmfIjEwNGT+
-----END CERTIFICATE-----
Generated at Wed Aug 6 11:14:06 2025 by rpki-client