Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36114AA/86D6E57EBE8F11EE832F4491775412E6/8C387FCEBE9D11EEA544F8A8775412E6.roa
File:                     8C387FCEBE9D11EEA544F8A8775412E6.roa (raw, json)
Hash identifier:          7a2h0aandtk+7wd2GG30FexJRyIFmO2jPX2swBuFU4w=
Subject key identifier:   9B:73:64:56:5F:B0:9E:77:E3:C5:A3:99:D1:F7:EE:58:E9:1C:C2:33
Certificate issuer:       /CN=F36114AAAF/serialNumber=CD5232B63C6A832990C86707CB739BDC04DB9A59
Certificate serial:       16
Authority key identifier: CD:52:32:B6:3C:6A:83:29:90:C8:67:07:CB:73:9B:DC:04:DB:9A:59
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/zVIytjxqgymQyGcHy3Ob3ATbmlk.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36114AA/86D6E57EBE8F11EE832F4491775412E6/8C387FCEBE9D11EEA544F8A8775412E6.roa
Signing time:             Mon 29 Jan 2024 11:57:17 +0000
ROA not before:           Mon 29 Jan 2024 11:57:13 +0000
ROA not after:            Thu 29 Jan 2026 11:57:13 +0000
asID:                     21003
IP address blocks:        102.214.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36114AA/86D6E57EBE8F11EE832F4491775412E6/zVIytjxqgymQyGcHy3Ob3ATbmlk.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36114AA/86D6E57EBE8F11EE832F4491775412E6/zVIytjxqgymQyGcHy3Ob3ATbmlk.mft
                          rsync://rpki.afrinic.net/repository/afrinic/zVIytjxqgymQyGcHy3Ob3ATbmlk.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Wed 27 Nov 2024 00:05:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 22 (0x16)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36114AAAF/serialNumber=CD5232B63C6A832990C86707CB739BDC04DB9A59
        Validity
            Not Before: Jan 29 11:57:13 2024 GMT
            Not After : Jan 29 11:57:13 2026 GMT
        Subject: CN=65b7929d-f616
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:75:03:88:ae:f6:fe:f1:4c:6e:d9:98:d4:a7:
                    d8:5f:4a:16:8e:ea:4c:a8:88:3c:25:55:1c:63:02:
                    37:45:9f:ab:6c:8c:9a:01:4d:49:ff:b5:54:e1:6a:
                    97:cf:ac:42:4e:44:dc:de:ed:85:7d:78:20:c5:82:
                    19:05:9d:52:c7:1a:f4:5b:23:df:29:05:70:b6:0f:
                    d5:4f:8a:25:2f:ef:14:11:eb:69:3e:e1:a5:79:18:
                    c9:ab:fa:09:ac:87:32:cb:04:7d:c9:94:0c:2e:f3:
                    2f:2a:51:3c:32:ff:b4:93:08:b8:21:bb:e7:96:0d:
                    30:44:b5:48:1d:a9:9b:ed:ff:e9:52:97:8f:ea:72:
                    b4:d2:d3:54:c8:c2:7b:2a:6f:1a:03:66:42:ad:23:
                    26:88:5e:dc:de:11:25:bf:da:dd:61:21:ac:53:76:
                    78:b6:4c:8e:14:68:1f:61:d2:e3:e9:5e:cf:98:c3:
                    a3:1b:84:12:a4:15:e9:bd:c4:40:52:3f:7b:4b:84:
                    dd:47:2f:cb:18:71:fa:20:83:66:db:52:6c:b2:8b:
                    00:9c:ad:cb:20:02:e7:b5:6f:78:59:64:66:6b:ff:
                    17:95:bb:14:77:ea:e6:6b:f2:fd:02:b8:b5:6b:6f:
                    35:20:59:93:15:9a:ce:b7:a0:1b:7b:9e:4d:4d:8a:
                    ff:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:73:64:56:5F:B0:9E:77:E3:C5:A3:99:D1:F7:EE:58:E9:1C:C2:33
            X509v3 Authority Key Identifier:
                keyid:CD:52:32:B6:3C:6A:83:29:90:C8:67:07:CB:73:9B:DC:04:DB:9A:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36114AA/86D6E57EBE8F11EE832F4491775412E6/zVIytjxqgymQyGcHy3Ob3ATbmlk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/zVIytjxqgymQyGcHy3Ob3ATbmlk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36114AA/86D6E57EBE8F11EE832F4491775412E6/8C387FCEBE9D11EEA544F8A8775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.214.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:bc:8e:34:c7:5b:03:d4:73:d8:e3:29:75:47:d8:ac:eb:d7:
         b7:12:90:29:57:87:6c:0c:47:c8:69:73:d9:25:65:c5:7f:eb:
         48:3b:09:ea:62:c6:9c:5f:4e:d7:df:34:3b:7f:00:68:0a:dc:
         59:cc:7c:f0:f3:bd:c6:bb:7a:9a:03:b7:d9:22:96:27:cc:d8:
         83:87:2e:ec:55:e8:9b:6b:c2:b9:9f:7c:9d:b1:ae:84:e4:c0:
         f5:b3:16:fe:6b:b2:fe:7a:4f:ff:0b:10:d4:79:fd:dd:f8:d8:
         e6:62:ae:13:fb:29:6e:43:14:8b:0f:73:b2:a0:41:61:d8:15:
         eb:a9:e1:b1:43:f3:56:7e:84:8f:8c:da:06:fd:b5:4b:b5:c6:
         3e:01:68:21:23:92:84:94:01:44:4a:df:ce:21:fa:dc:c5:4b:
         00:89:a9:2b:09:6e:0c:af:45:01:1b:fb:f6:c2:cb:dc:ed:62:
         52:91:54:d2:7a:30:5f:82:b9:f0:b8:49:01:82:c5:65:e3:5c:
         af:f9:89:7e:60:7a:ec:9b:ce:9a:06:d3:65:e7:a4:f7:65:a7:
         21:e2:0b:8c:22:13:52:f8:cc:5a:9c:0c:e9:97:91:81:f1:73:
         14:f6:9b:ac:22:dc:99:95:18:20:ec:4f:d2:9c:25:8e:36:59:
         8c:58:80:6a
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBFjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzYx
MTRBQUFGMTEwLwYDVQQFEyhDRDUyMzJCNjNDNkE4MzI5OTBDODY3MDdDQjczOUJE
QzA0REI5QTU5MB4XDTI0MDEyOTExNTcxM1oXDTI2MDEyOTExNTcxM1owGDEWMBQG
A1UEAxMNNjViNzkyOWQtZjYxNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMN1A4iu9v7xTG7ZmNSn2F9KFo7qTKiIPCVVHGMCN0Wfq2yMmgFNSf+1VOFq
l8+sQk5E3N7thX14IMWCGQWdUsca9Fsj3ykFcLYP1U+KJS/vFBHraT7hpXkYyav6
CayHMssEfcmUDC7zLypRPDL/tJMIuCG755YNMES1SB2pm+3/6VKXj+pytNLTVMjC
eypvGgNmQq0jJohe3N4RJb/a3WEhrFN2eLZMjhRoH2HS4+lez5jDoxuEEqQV6b3E
QFI/e0uE3Ucvyxhx+iCDZttSbLKLAJytyyAC57VveFlkZmv/F5W7FHfq5mvy/QK4
tWtvNSBZkxWazregG3ueTU2K/+UCAwEAAaOCAqUwggKhMB0GA1UdDgQWBBSbc2RW
X7Ced+PFo5nR9+5Y6RzCMzAfBgNVHSMEGDAWgBTNUjK2PGqDKZDIZwfLc5vcBNua
WTAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2MTE0QUEvODZENkU1N0VCRThGMTFFRTgzMkY0NDkxNzc1NDEyRTYvelZJeXRq
eHFneW1ReUdjSHkzT2IzQVRibWxrLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvelZJeXRqeHFneW1ReUdjSHkzT2IzQVRibWxrLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2MTE0QUEvODZENkU1N0VCRThGMTFFRTgzMkY0NDkxNzc1
NDEyRTYvOEMzODdGQ0VCRTlEMTFFRUE1NDRGOEE4Nzc1NDEyRTYucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAGbWajANBgkqhkiG9w0BAQsF
AAOCAQEAKLyONMdbA9Rz2OMpdUfYrOvXtxKQKVeHbAxHyGlz2SVlxX/rSDsJ6mLG
nF9O1980O38AaArcWcx88PO9xrt6mgO32SKWJ8zYg4cu7FXom2vCuZ98nbGuhOTA
9bMW/muy/npP/wsQ1Hn93fjY5mKuE/spbkMUiw9zsqBBYdgV66nhsUPzVn6Ej4za
Bv21S7XGPgFoISOShJQBRErfziH63MVLAImpKwluDK9FARv79sLL3O1iUpFU0now
X4K58LhJAYLFZeNcr/mJfmB67JvOmgbTZeek92WnIeILjCITUvjMWpwM6ZeRgfFz
FPabrCLcmZUYIOxP0pwljjZZjFiAag==
-----END CERTIFICATE-----
Generated at Mon Nov 25 04:54:22 2024 by rpki-client on console-fra.rpki-client.org