Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3615A48/460D3588043211EE9946265C4AD9E6FC/A4E38B880D4211EFBFAE0F6C017001B1.roa
File:                     A4E38B880D4211EFBFAE0F6C017001B1.roa (raw, json)
Hash identifier:          U373km8ThmQ4tEdHpVbSUiU0V187z85GTRJnfELwn7k=
Subject key identifier:   7B:3A:5E:41:5E:01:7D:2F:29:D7:2F:72:7D:2A:CC:C0:F6:3F:67:1F
Certificate issuer:       /CN=F3615A48AF/serialNumber=D8613BEF7D7255675A64A9A8E2A5D26FDF2E5C6E
Certificate serial:       015E
Authority key identifier: D8:61:3B:EF:7D:72:55:67:5A:64:A9:A8:E2:A5:D2:6F:DF:2E:5C:6E
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/2GE7731yVWdaZKmo4qXSb98uXG4.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3615A48/460D3588043211EE9946265C4AD9E6FC/A4E38B880D4211EFBFAE0F6C017001B1.roa
Signing time:             Wed 08 May 2024 13:55:36 +0000
ROA not before:           Wed 08 May 2024 13:55:26 +0000
ROA not after:            Sun 07 May 2034 13:55:26 +0000
asID:                     32437
IP address blocks:        41.223.244.0/22 maxlen: 24
                          102.176.224.0/20 maxlen: 24
                          2c0f:f178::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3615A48/460D3588043211EE9946265C4AD9E6FC/2GE7731yVWdaZKmo4qXSb98uXG4.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3615A48/460D3588043211EE9946265C4AD9E6FC/2GE7731yVWdaZKmo4qXSb98uXG4.mft
                          rsync://rpki.afrinic.net/repository/afrinic/2GE7731yVWdaZKmo4qXSb98uXG4.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Wed 27 Nov 2024 00:05:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 350 (0x15e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3615A48AF/serialNumber=D8613BEF7D7255675A64A9A8E2A5D26FDF2E5C6E
        Validity
            Not Before: May  8 13:55:26 2024 GMT
            Not After : May  7 13:55:26 2034 GMT
        Subject: CN=663b8458-bea9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:61:e5:13:36:a8:df:e9:76:4a:68:2e:70:45:
                    7e:fc:3b:a2:24:32:90:2e:d6:f4:e7:3c:ba:2e:22:
                    20:77:29:d5:f1:d0:fc:87:1f:a1:bf:bf:3e:70:2f:
                    02:3a:5c:e7:51:92:53:b1:99:c9:88:70:1a:5f:de:
                    51:5e:d4:31:77:75:85:41:cd:3e:3a:26:bc:3e:41:
                    52:6e:f8:75:2d:2c:27:6e:a9:1e:68:23:e4:f3:0c:
                    52:37:6a:fe:ff:bd:09:ec:1e:77:43:8c:7e:98:9f:
                    ea:7c:c9:25:7e:bc:de:81:4c:c3:a7:7f:bc:b3:4d:
                    ad:c0:23:6e:f0:1f:f1:1c:3e:89:ba:f0:e7:85:8e:
                    7b:e1:00:1c:eb:bb:37:ae:a6:02:46:4f:2a:ee:e2:
                    89:38:73:52:61:55:ee:5c:38:95:c9:af:1f:eb:74:
                    29:85:0b:5f:d1:29:67:77:cb:03:4f:b9:c5:5a:b1:
                    d8:57:cf:de:93:b6:1e:87:94:70:61:f3:ad:52:0c:
                    23:73:93:58:50:bf:fc:0b:93:ca:f0:9b:9b:fd:de:
                    4d:3f:41:b9:42:b2:36:d7:8f:73:43:52:88:73:97:
                    ff:fa:e9:c1:a1:ef:fa:1b:82:b8:fc:8a:9c:f9:69:
                    3b:36:fe:89:7c:f5:e6:07:ba:42:8d:27:dc:bc:2a:
                    bb:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:3A:5E:41:5E:01:7D:2F:29:D7:2F:72:7D:2A:CC:C0:F6:3F:67:1F
            X509v3 Authority Key Identifier:
                keyid:D8:61:3B:EF:7D:72:55:67:5A:64:A9:A8:E2:A5:D2:6F:DF:2E:5C:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3615A48/460D3588043211EE9946265C4AD9E6FC/2GE7731yVWdaZKmo4qXSb98uXG4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/2GE7731yVWdaZKmo4qXSb98uXG4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3615A48/460D3588043211EE9946265C4AD9E6FC/A4E38B880D4211EFBFAE0F6C017001B1.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  41.223.244.0/22
                  102.176.224.0/20
                IPv6:
                  2c0f:f178::/32

    Signature Algorithm: sha256WithRSAEncryption
         3a:f7:52:12:be:4f:52:bf:9d:9b:66:9e:15:23:9d:fb:d9:7f:
         45:b1:d1:09:01:b1:43:6a:a3:78:aa:df:ac:49:e4:15:3e:d8:
         80:a7:e7:ba:19:7e:67:87:db:9c:e2:34:e9:78:d3:0a:2f:57:
         db:74:44:d5:ba:8f:b8:ec:d5:b9:f6:38:d5:04:c4:fd:75:89:
         96:e1:cf:48:d5:22:c4:1f:54:dc:e0:5d:f7:30:72:1e:ed:2e:
         e6:1d:df:9a:57:86:75:d5:0c:e4:ac:4e:b5:5e:0b:c2:38:37:
         5f:25:d0:65:73:0b:0c:04:9b:04:13:ab:56:de:40:d3:cc:fc:
         67:13:3a:fd:4d:4a:c9:88:f4:d4:81:71:59:87:2d:4d:d8:be:
         b8:96:f6:a2:bb:ff:4c:b3:23:94:1f:ec:48:32:a7:83:8c:e6:
         83:8c:45:9d:85:a3:51:13:67:74:f8:28:5a:10:13:11:da:b9:
         c5:b1:dd:63:7d:a0:b9:da:c8:cf:a3:b3:65:ec:40:34:0c:f5:
         6e:8f:f6:3b:41:cc:9c:ce:b0:47:ab:94:23:38:87:f1:5f:fe:
         ca:ed:9b:ab:46:b4:41:ad:09:2d:89:ce:ec:01:17:a3:4d:90:
         2a:5b:21:3e:ab:10:8c:8f:fe:36:d5:91:35:41:8f:b9:af:ca:
         7e:e7:9f:16
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgICAV4wDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
MTVBNDhBRjExMC8GA1UEBRMoRDg2MTNCRUY3RDcyNTU2NzVBNjRBOUE4RTJBNUQy
NkZERjJFNUM2RTAeFw0yNDA1MDgxMzU1MjZaFw0zNDA1MDcxMzU1MjZaMBgxFjAU
BgNVBAMTDTY2M2I4NDU4LWJlYTkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDEYeUTNqjf6XZKaC5wRX78O6IkMpAu1vTnPLouIiB3KdXx0PyHH6G/vz5w
LwI6XOdRklOxmcmIcBpf3lFe1DF3dYVBzT46Jrw+QVJu+HUtLCduqR5oI+TzDFI3
av7/vQnsHndDjH6Yn+p8ySV+vN6BTMOnf7yzTa3AI27wH/EcPom68OeFjnvhABzr
uzeupgJGTyru4ok4c1JhVe5cOJXJrx/rdCmFC1/RKWd3ywNPucVasdhXz96Tth6H
lHBh861SDCNzk1hQv/wLk8rwm5v93k0/QblCsjbXj3NDUohzl//66cGh7/obgrj8
ipz5aTs2/ol89eYHukKNJ9y8Krv/AgMBAAGjggK6MIICtjAdBgNVHQ4EFgQUezpe
QV4BfS8p1y9yfSrMwPY/Zx8wHwYDVR0jBBgwFoAU2GE7731yVWdaZKmo4qXSb98u
XG4wDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjE1QTQ4LzQ2MEQzNTg4MDQzMjExRUU5OTQ2MjY1QzRBRDlFNkZDLzJHRTc3
MzF5VldkYVpLbW80cVhTYjk4dVhHNC5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljLzJHRTc3MzF5VldkYVpLbW80cVhTYjk4dVhHNC5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjE1QTQ4LzQ2MEQzNTg4MDQzMjExRUU5OTQ2MjY1QzRB
RDlFNkZDL0E0RTM4Qjg4MEQ0MjExRUZCRkFFMEY2QzAxNzAwMUIxLnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwNAYIKwYBBQUHAQcBAf8EJTAjMBIEAgABMAwDBAIp3/QDBARmsOAwDQQCAAIw
BwMFACwP8XgwDQYJKoZIhvcNAQELBQADggEBADr3UhK+T1K/nZtmnhUjnfvZf0Wx
0QkBsUNqo3iq36xJ5BU+2ICn57oZfmeH25ziNOl40wovV9t0RNW6j7js1bn2ONUE
xP11iZbhz0jVIsQfVNzgXfcwch7tLuYd35pXhnXVDOSsTrVeC8I4N18l0GVzCwwE
mwQTq1beQNPM/GcTOv1NSsmI9NSBcVmHLU3YvriW9qK7/0yzI5Qf7Egyp4OM5oOM
RZ2Fo1ETZ3T4KFoQExHaucWx3WN9oLnayM+js2XsQDQM9W6P9jtBzJzOsEerlCM4
h/Ff/srtm6tGtEGtCS2JzuwBF6NNkCpbIT6rEIyP/jbVkTVBj7mvyn7nnxY=
-----END CERTIFICATE-----
Generated at Mon Nov 25 04:43:42 2024 by rpki-client on console-ams.rpki-client.org