Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3613F08/BF472C78690511EEB09925884AD9E6FC/AC0A32D0690611EEB3384E8B4AD9E6FC.roa
File:                     AC0A32D0690611EEB3384E8B4AD9E6FC.roa (raw, json)
Hash identifier:          kErDXNR3ZNhWVzlb8Vo/Il2bfhwKojLKehJI3WdRMNI=
Subject key identifier:   A0:80:39:3C:86:E8:08:BA:D4:2F:6F:BD:2D:08:87:5F:6C:5F:42:27
Certificate issuer:       /CN=F3613F08AF/serialNumber=33E846614E15442C68005A5E3FCE5CB756E04A7F
Certificate serial:       02
Authority key identifier: 33:E8:46:61:4E:15:44:2C:68:00:5A:5E:3F:CE:5C:B7:56:E0:4A:7F
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/M-hGYU4VRCxoAFpeP85ct1bgSn8.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3613F08/BF472C78690511EEB09925884AD9E6FC/AC0A32D0690611EEB3384E8B4AD9E6FC.roa
Signing time:             Thu 12 Oct 2023 13:53:07 +0000
ROA not before:           Thu 12 Oct 2023 13:53:04 +0000
ROA not after:            Sat 31 Dec 2033 13:53:04 +0000
asID:                     328917
IP address blocks:        102.211.124.0/22 maxlen: 24
                          102.219.76.0/22 maxlen: 24
                          2c0f:5240::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3613F08/BF472C78690511EEB09925884AD9E6FC/M-hGYU4VRCxoAFpeP85ct1bgSn8.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3613F08/BF472C78690511EEB09925884AD9E6FC/M-hGYU4VRCxoAFpeP85ct1bgSn8.mft
                          rsync://rpki.afrinic.net/repository/afrinic/M-hGYU4VRCxoAFpeP85ct1bgSn8.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Wed 27 Nov 2024 00:05:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3613F08AF/serialNumber=33E846614E15442C68005A5E3FCE5CB756E04A7F
        Validity
            Not Before: Oct 12 13:53:04 2023 GMT
            Not After : Dec 31 13:53:04 2033 GMT
        Subject: CN=6527fa43-16ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:11:c7:74:1e:f9:fe:c0:c7:a7:99:6a:77:c7:
                    68:8d:6d:c8:7c:85:f6:57:e8:2d:d2:99:34:8e:d1:
                    f0:19:4a:b8:92:78:72:97:9b:0d:75:5c:22:0c:a0:
                    60:b1:f7:61:43:5e:9c:ec:5d:c7:0b:d1:0b:56:f5:
                    2b:24:98:0e:d1:be:b5:9f:d6:26:f9:d9:bf:3e:7e:
                    c4:57:99:21:ae:c5:50:cf:13:36:51:4a:16:2f:66:
                    c4:2d:14:c2:44:40:c0:49:78:31:15:ee:be:39:bc:
                    1f:af:1c:83:3e:eb:80:24:ae:ec:57:aa:e7:fc:70:
                    dc:a9:17:bf:98:89:d7:5d:4a:84:5a:52:df:74:99:
                    cb:9f:2d:ae:22:99:9f:da:4d:09:7a:82:66:1c:9c:
                    f9:bb:63:59:ab:bf:61:1c:6c:d7:bb:47:c5:f0:cb:
                    db:18:8d:a8:61:55:30:10:47:78:54:3a:52:de:4f:
                    0a:74:f4:30:71:a5:96:23:05:98:f8:b4:6d:31:f6:
                    e2:65:8a:e4:07:d1:35:b2:e6:3d:bc:3a:66:92:d4:
                    12:a3:ab:41:a5:35:2c:cb:3e:97:c7:62:9b:0e:d4:
                    d5:bd:74:8b:58:86:ff:13:dc:00:99:8f:19:fe:b2:
                    dd:69:ba:3b:36:43:91:d2:3e:81:d8:ed:9b:9f:b6:
                    2f:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:80:39:3C:86:E8:08:BA:D4:2F:6F:BD:2D:08:87:5F:6C:5F:42:27
            X509v3 Authority Key Identifier:
                keyid:33:E8:46:61:4E:15:44:2C:68:00:5A:5E:3F:CE:5C:B7:56:E0:4A:7F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3613F08/BF472C78690511EEB09925884AD9E6FC/M-hGYU4VRCxoAFpeP85ct1bgSn8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/M-hGYU4VRCxoAFpeP85ct1bgSn8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3613F08/BF472C78690511EEB09925884AD9E6FC/AC0A32D0690611EEB3384E8B4AD9E6FC.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.211.124.0/22
                  102.219.76.0/22
                IPv6:
                  2c0f:5240::/32

    Signature Algorithm: sha256WithRSAEncryption
         55:21:0b:9a:92:a9:f2:6d:8e:d1:e6:21:36:30:da:ed:66:52:
         63:61:d0:9b:0a:bd:1b:dd:43:a7:9d:2a:8c:3b:8b:23:9c:54:
         86:36:70:6b:1f:57:f8:22:42:ba:c1:bd:11:b2:1e:26:fe:58:
         ae:34:be:6e:d8:eb:f1:5c:4a:e1:12:36:d9:7d:5e:4a:db:61:
         00:39:29:d9:a1:dc:62:25:22:31:80:aa:7d:0a:34:bc:f2:ae:
         c8:66:d2:cb:c3:40:0c:05:cd:69:cc:a1:04:28:84:a6:bf:5f:
         8e:5a:47:e2:27:b3:a0:b6:fe:49:15:75:f7:06:2c:01:f9:a6:
         b1:05:e4:93:5c:f3:57:6d:f8:83:cc:23:cd:da:bb:c6:0e:fc:
         e8:25:a3:76:82:c9:c1:d3:6b:ee:aa:81:c1:ef:42:2a:c5:bf:
         6a:bd:3f:ca:80:77:66:2a:d7:52:90:40:fd:d9:58:99:d8:83:
         2a:46:b7:82:a3:dd:94:7a:6a:62:99:fe:2c:74:75:1d:30:fd:
         ef:d9:1d:c0:1b:22:39:de:4a:60:c3:03:a0:4b:e1:d0:6b:4d:
         95:c9:c5:3f:5b:14:ae:93:7a:f0:86:58:3e:6d:ea:71:6e:6c:
         76:72:f8:08:d2:19:62:8c:7f:32:85:9e:e0:b7:ce:7d:c0:b0:
         04:f9:55:5b
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzYx
M0YwOEFGMTEwLwYDVQQFEygzM0U4NDY2MTRFMTU0NDJDNjgwMDVBNUUzRkNFNUNC
NzU2RTA0QTdGMB4XDTIzMTAxMjEzNTMwNFoXDTMzMTIzMTEzNTMwNFowGDEWMBQG
A1UEAxMNNjUyN2ZhNDMtMTZlZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOQRx3Qe+f7Ax6eZanfHaI1tyHyF9lfoLdKZNI7R8BlKuJJ4cpebDXVcIgyg
YLH3YUNenOxdxwvRC1b1KySYDtG+tZ/WJvnZvz5+xFeZIa7FUM8TNlFKFi9mxC0U
wkRAwEl4MRXuvjm8H68cgz7rgCSu7Feq5/xw3KkXv5iJ111KhFpS33SZy58triKZ
n9pNCXqCZhyc+btjWau/YRxs17tHxfDL2xiNqGFVMBBHeFQ6Ut5PCnT0MHGlliMF
mPi0bTH24mWK5AfRNbLmPbw6ZpLUEqOrQaU1LMs+l8dimw7U1b10i1iG/xPcAJmP
Gf6y3Wm6OzZDkdI+gdjtm5+2L+kCAwEAAaOCArowggK2MB0GA1UdDgQWBBSggDk8
hugIutQvb70tCIdfbF9CJzAfBgNVHSMEGDAWgBQz6EZhThVELGgAWl4/zly3VuBK
fzAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2MTNGMDgvQkY0NzJDNzg2OTA1MTFFRUIwOTkyNTg4NEFEOUU2RkMvTS1oR1lV
NFZSQ3hvQUZwZVA4NWN0MWJnU244LmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvTS1oR1lVNFZSQ3hvQUZwZVA4NWN0MWJnU244LmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2MTNGMDgvQkY0NzJDNzg2OTA1MTFFRUIwOTkyNTg4NEFE
OUU2RkMvQUMwQTMyRDA2OTA2MTFFRUIzMzg0RThCNEFEOUU2RkMucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDA0BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEAmbTfAMEAmbbTDANBAIAAjAH
AwUALA9SQDANBgkqhkiG9w0BAQsFAAOCAQEAVSELmpKp8m2O0eYhNjDa7WZSY2HQ
mwq9G91Dp50qjDuLI5xUhjZwax9X+CJCusG9EbIeJv5YrjS+btjr8VxK4RI22X1e
StthADkp2aHcYiUiMYCqfQo0vPKuyGbSy8NADAXNacyhBCiEpr9fjlpH4iezoLb+
SRV19wYsAfmmsQXkk1zzV234g8wjzdq7xg786CWjdoLJwdNr7qqBwe9CKsW/ar0/
yoB3ZirXUpBA/dlYmdiDKka3gqPdlHpqYpn+LHR1HTD979kdwBsiOd5KYMMDoEvh
0GtNlcnFP1sUrpN68IZYPm3qcW5sdnL4CNIZYox/MoWe4LfOfcCwBPlVWw==
-----END CERTIFICATE-----
Generated at Mon Nov 25 04:43:42 2024 by rpki-client on console-ams.rpki-client.org