Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3621C06/58C9B78C205911EC991B6877D8A014CE/D60E89E25B9511EEB957D7424AD9E6FC.roa
File:                     D60E89E25B9511EEB957D7424AD9E6FC.roa (raw, json)
Hash identifier:          47xOimpLF4HNPtm11zcgdbwCx3vBNH6MpzBlka2soAs=
Subject key identifier:   86:03:CF:3B:15:A4:8C:F4:BA:17:0A:BF:36:67:C4:B8:FA:EE:CE:C2
Certificate issuer:       /CN=F3621C06AF/serialNumber=1DD16FD68BFF7CAB1AB91C55DA61FC0CDFF41743
Certificate serial:       0311
Authority key identifier: 1D:D1:6F:D6:8B:FF:7C:AB:1A:B9:1C:55:DA:61:FC:0C:DF:F4:17:43
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/HdFv1ov_fKsauRxV2mH8DN_0F0M.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3621C06/58C9B78C205911EC991B6877D8A014CE/D60E89E25B9511EEB957D7424AD9E6FC.roa
Signing time:             Mon 25 Sep 2023 11:22:40 +0000
ROA not before:           Mon 25 Sep 2023 11:22:36 +0000
ROA not after:            Tue 30 Sep 2025 11:22:36 +0000
asID:                     328327
IP address blocks:        2c0f:c00:4000::/36 maxlen: 56

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3621C06/58C9B78C205911EC991B6877D8A014CE/HdFv1ov_fKsauRxV2mH8DN_0F0M.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3621C06/58C9B78C205911EC991B6877D8A014CE/HdFv1ov_fKsauRxV2mH8DN_0F0M.mft
                          rsync://rpki.afrinic.net/repository/afrinic/HdFv1ov_fKsauRxV2mH8DN_0F0M.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Wed 27 Nov 2024 00:05:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 785 (0x311)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3621C06AF/serialNumber=1DD16FD68BFF7CAB1AB91C55DA61FC0CDFF41743
        Validity
            Not Before: Sep 25 11:22:36 2023 GMT
            Not After : Sep 30 11:22:36 2025 GMT
        Subject: CN=65116d7f-21de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:4f:8d:43:8f:db:12:2a:0e:53:d3:a1:8b:b5:
                    e5:43:4f:66:0f:77:c8:95:42:60:b6:3f:03:8d:12:
                    cd:58:cc:dd:49:1e:ca:11:dd:dc:99:66:58:b8:5d:
                    05:b4:13:6f:8d:24:2e:43:56:50:14:74:96:b8:8c:
                    ae:3c:0c:b5:b7:1c:47:dc:14:c1:65:a7:55:ab:fd:
                    8d:c5:85:48:2a:ab:89:d9:55:4f:36:8a:02:e3:a8:
                    d3:5c:2a:01:79:6e:36:77:78:ee:9e:c3:60:d8:81:
                    f0:94:80:83:b8:4e:7b:c8:9d:ce:3d:e3:55:67:8e:
                    5a:2a:22:60:f6:02:c5:61:35:a2:67:86:2e:a9:f5:
                    2a:7f:1c:18:29:a5:00:a2:ec:41:87:4e:ff:a4:c3:
                    f6:34:46:fc:b1:38:5c:d2:71:74:9b:02:39:a3:66:
                    ad:29:d7:ec:c0:f8:99:41:1e:7d:e4:bf:b0:6d:a0:
                    0f:8a:d6:ca:ba:2e:21:f9:e7:89:0a:93:d4:7b:43:
                    9e:bd:bd:82:c2:39:5a:b1:81:8c:9c:ac:cb:88:2c:
                    77:ad:24:a7:4d:cb:6f:77:b6:d9:42:35:80:32:1f:
                    85:84:81:55:61:b2:34:76:ef:91:ee:0e:d3:30:a0:
                    66:78:70:c6:f5:d4:6b:1a:ff:10:e1:f8:f7:f7:9b:
                    32:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:03:CF:3B:15:A4:8C:F4:BA:17:0A:BF:36:67:C4:B8:FA:EE:CE:C2
            X509v3 Authority Key Identifier:
                keyid:1D:D1:6F:D6:8B:FF:7C:AB:1A:B9:1C:55:DA:61:FC:0C:DF:F4:17:43

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3621C06/58C9B78C205911EC991B6877D8A014CE/HdFv1ov_fKsauRxV2mH8DN_0F0M.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/HdFv1ov_fKsauRxV2mH8DN_0F0M.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3621C06/58C9B78C205911EC991B6877D8A014CE/D60E89E25B9511EEB957D7424AD9E6FC.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2c0f:c00:4000::/36

    Signature Algorithm: sha256WithRSAEncryption
         5f:79:7e:27:e3:d4:23:81:ca:1c:09:ce:d0:e8:9e:5a:68:93:
         37:8d:74:d1:f5:35:5e:76:db:e9:fe:2e:bf:59:d0:48:18:22:
         4b:b2:a2:84:2d:74:ef:12:99:51:ba:bc:a9:22:d4:9a:7e:bb:
         15:3c:c0:fb:77:b4:3b:18:06:8a:79:f7:fd:dd:df:d2:ec:60:
         af:90:44:44:18:7d:2b:74:e1:a9:87:a4:b1:86:11:82:14:b8:
         d4:11:84:20:d4:89:b0:17:f8:a6:ab:55:8a:8a:1d:b0:4c:b0:
         45:fb:f9:79:37:e3:87:09:ac:ea:d4:af:cb:e7:b7:2f:f7:29:
         92:19:16:fe:3e:6b:05:93:24:d8:ad:8b:d7:dc:b0:88:8d:a8:
         a3:f7:ea:6b:f7:e5:62:1c:fc:23:82:d5:50:88:3d:80:95:6c:
         c0:fe:88:81:e5:43:87:a9:8c:a1:d7:79:3e:da:ea:43:70:7c:
         91:dd:10:83:93:a8:2b:6e:e4:8f:0b:35:f4:3f:37:35:46:86:
         76:7e:c3:73:11:dd:53:c5:f4:c4:60:1d:bc:9c:c2:a3:68:06:
         12:eb:e4:5b:82:e9:a7:9f:cc:77:2e:7a:e8:32:43:42:68:4b:
         50:a7:48:84:40:21:81:d2:21:fa:63:5b:0c:16:db:4a:ac:77:
         8f:c2:28:59
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgICAxEwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAwwKRjM2
MjFDMDZBRjExMC8GA1UEBRMoMUREMTZGRDY4QkZGN0NBQjFBQjkxQzU1REE2MUZD
MENERkY0MTc0MzAeFw0yMzA5MjUxMTIyMzZaFw0yNTA5MzAxMTIyMzZaMBgxFjAU
BgNVBAMTDTY1MTE2ZDdmLTIxZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC1T41Dj9sSKg5T06GLteVDT2YPd8iVQmC2PwONEs1YzN1JHsoR3dyZZli4
XQW0E2+NJC5DVlAUdJa4jK48DLW3HEfcFMFlp1Wr/Y3FhUgqq4nZVU82igLjqNNc
KgF5bjZ3eO6ew2DYgfCUgIO4TnvInc4941VnjloqImD2AsVhNaJnhi6p9Sp/HBgp
pQCi7EGHTv+kw/Y0RvyxOFzScXSbAjmjZq0p1+zA+JlBHn3kv7BtoA+K1sq6LiH5
54kKk9R7Q569vYLCOVqxgYycrMuILHetJKdNy293ttlCNYAyH4WEgVVhsjR275Hu
DtMwoGZ4cMb11Gsa/xDh+Pf3mzJHAgMBAAGjggKnMIICozAdBgNVHQ4EFgQUhgPP
OxWkjPS6Fwq/NmfEuPruzsIwHwYDVR0jBBgwFoAUHdFv1ov/fKsauRxV2mH8DN/0
F0MwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjIxQzA2LzU4QzlCNzhDMjA1OTExRUM5OTFCNjg3N0Q4QTAxNENFL0hkRnYx
b3ZfZktzYXVSeFYybUg4RE5fMEYwTS5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL0hkRnYxb3ZfZktzYXVSeFYybUg4RE5fMEYwTS5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjIxQzA2LzU4QzlCNzhDMjA1OTExRUM5OTFCNjg3N0Q4
QTAxNENFL0Q2MEU4OUUyNUI5NTExRUVCOTU3RDc0MjRBRDlFNkZDLnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgQsDwwAQDANBgkqhkiG9w0B
AQsFAAOCAQEAX3l+J+PUI4HKHAnO0OieWmiTN4100fU1Xnbb6f4uv1nQSBgiS7Ki
hC107xKZUbq8qSLUmn67FTzA+3e0OxgGinn3/d3f0uxgr5BERBh9K3ThqYeksYYR
ghS41BGEINSJsBf4pqtVioodsEywRfv5eTfjhwms6tSvy+e3L/cpkhkW/j5rBZMk
2K2L19ywiI2oo/fqa/flYhz8I4LVUIg9gJVswP6IgeVDh6mModd5PtrqQ3B8kd0Q
g5OoK27kjws19D83NUaGdn7DcxHdU8X0xGAdvJzCo2gGEuvkW4Lpp5/Mdy566DJD
QmhLUKdIhEAhgdIh+mNbDBbbSqx3j8IoWQ==
-----END CERTIFICATE-----
Generated at Mon Nov 25 02:58:24 2024 by rpki-client on console-fra.rpki-client.org