Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3634D22/1D5F7C26047311E580C18A06F8AEA228/2C76CC86A33E11EFBB321097762E951A.roa
File:                     2C76CC86A33E11EFBB321097762E951A.roa (raw, json)
Hash identifier:          PemMUTC7nta4SQMeeYXeNHrbnDsXMh5V6ePiUVaeRVo=
Subject key identifier:   2D:AC:3E:CC:95:19:90:B3:B7:1C:FB:60:75:B5:BD:C3:9B:1F:C7:4C
Certificate issuer:       /CN=F3634D22AF/serialNumber=8D01D808E89774543DE22D0DA844378ECEA8BB9B
Certificate serial:       0F1C
Authority key identifier: 8D:01:D8:08:E8:97:74:54:3D:E2:2D:0D:A8:44:37:8E:CE:A8:BB:9B
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/jQHYCOiXdFQ94i0NqEQ3js6ou5s.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3634D22/1D5F7C26047311E580C18A06F8AEA228/2C76CC86A33E11EFBB321097762E951A.roa
Signing time:             Fri 15 Nov 2024 10:41:30 +0000
ROA not before:           Fri 15 Nov 2024 10:41:26 +0000
ROA not after:            Fri 15 Nov 2030 10:41:26 +0000
asID:                     33764
IP address blocks:        2001:42d0:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3634D22/1D5F7C26047311E580C18A06F8AEA228/jQHYCOiXdFQ94i0NqEQ3js6ou5s.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3634D22/1D5F7C26047311E580C18A06F8AEA228/jQHYCOiXdFQ94i0NqEQ3js6ou5s.mft
                          rsync://rpki.afrinic.net/repository/afrinic/jQHYCOiXdFQ94i0NqEQ3js6ou5s.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3868 (0xf1c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3634D22AF/serialNumber=8D01D808E89774543DE22D0DA844378ECEA8BB9B
        Validity
            Not Before: Nov 15 10:41:26 2024 GMT
            Not After : Nov 15 10:41:26 2030 GMT
        Subject: CN=6737255a-569f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:6c:a1:99:90:e4:6b:09:5e:b9:8c:b9:cd:dd:
                    1a:80:50:64:22:f0:2b:4d:ba:ac:a3:ec:51:33:8a:
                    8c:8a:d8:4b:7d:ff:fe:d0:04:b7:f0:d4:3d:36:f2:
                    5a:0c:17:e0:99:fd:cc:c9:44:cc:27:b6:d8:b2:0b:
                    e5:36:ca:3e:e0:26:f8:f1:e5:7a:81:92:43:9a:34:
                    1c:f6:61:bc:63:88:0e:dc:00:68:d3:37:c9:ae:fc:
                    c9:df:3a:c2:1b:7b:30:c4:28:3b:df:27:9c:c6:34:
                    63:f0:99:c8:82:84:cb:f1:d2:62:85:fd:8c:80:aa:
                    28:96:ca:00:03:2a:6a:d9:ef:7f:43:e8:dc:fb:27:
                    95:3c:9a:4b:74:12:c0:ad:f4:22:9e:6d:e7:a5:e0:
                    e5:08:80:f6:ae:c7:9f:5b:7c:24:fb:53:11:29:0b:
                    10:8a:30:4b:41:96:77:db:3c:31:a5:6b:e5:83:12:
                    25:df:91:de:73:05:4b:24:a8:c7:a8:a6:37:d2:05:
                    cf:01:55:74:75:5a:5f:41:f1:a4:05:3e:f8:21:05:
                    7a:21:8c:c0:17:76:33:f5:56:5c:92:83:fe:82:b5:
                    5b:6b:69:eb:c6:24:06:b8:03:5e:f5:a6:e7:54:6d:
                    c6:6a:f3:e6:60:38:da:40:c3:c5:f5:5f:70:db:18:
                    89:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:AC:3E:CC:95:19:90:B3:B7:1C:FB:60:75:B5:BD:C3:9B:1F:C7:4C
            X509v3 Authority Key Identifier:
                keyid:8D:01:D8:08:E8:97:74:54:3D:E2:2D:0D:A8:44:37:8E:CE:A8:BB:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3634D22/1D5F7C26047311E580C18A06F8AEA228/jQHYCOiXdFQ94i0NqEQ3js6ou5s.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/jQHYCOiXdFQ94i0NqEQ3js6ou5s.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3634D22/1D5F7C26047311E580C18A06F8AEA228/2C76CC86A33E11EFBB321097762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:42d0:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:1a:f6:8d:eb:66:02:8e:78:71:94:91:31:24:8c:4f:73:df:
         4f:d0:53:b3:54:47:fc:ab:f6:df:c2:46:fa:7e:11:8c:4a:74:
         93:6f:cf:cd:d2:50:9f:09:cf:01:45:90:33:56:fa:b2:50:7d:
         ae:7e:74:f3:7d:c4:18:23:23:c4:9b:40:78:09:d7:c6:f7:93:
         66:bc:73:a8:b9:a5:9b:a9:12:76:e9:52:bf:d9:b9:88:4b:16:
         94:02:28:d7:fa:8a:0a:55:ab:15:1f:5a:c5:76:29:c2:2b:6b:
         ec:76:fa:06:d3:f8:b8:e7:d4:b7:11:89:70:0a:52:78:6f:cf:
         ad:dc:24:f2:94:9f:52:ca:46:54:f9:e3:b8:42:7f:54:f6:5a:
         21:5e:74:82:1b:d9:6e:53:1a:78:8d:d1:85:46:d2:a2:52:3f:
         38:9f:2f:3c:19:8a:bc:90:1a:2b:90:7c:b7:2a:08:ab:33:1c:
         2c:59:06:db:3b:c7:a0:a5:33:7c:60:ab:aa:e8:f1:55:97:d7:
         d0:9e:1f:59:ca:be:b4:f4:d1:2a:81:bb:ae:0c:86:cb:e4:df:
         2c:dd:c4:a6:80:ff:06:38:6e:e2:a9:43:72:91:13:be:f6:57:
         6b:ef:76:70:61:dd:9b:19:91:d2:8e:d5:5d:29:36:b0:d2:c1:
         4e:3e:28:3f
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICDxwwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
MzREMjJBRjExMC8GA1UEBRMoOEQwMUQ4MDhFODk3NzQ1NDNERTIyRDBEQTg0NDM3
OEVDRUE4QkI5QjAeFw0yNDExMTUxMDQxMjZaFw0zMDExMTUxMDQxMjZaMBgxFjAU
BgNVBAMTDTY3MzcyNTVhLTU2OWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7bKGZkORrCV65jLnN3RqAUGQi8CtNuqyj7FEzioyK2Et9//7QBLfw1D02
8loMF+CZ/czJRMwnttiyC+U2yj7gJvjx5XqBkkOaNBz2YbxjiA7cAGjTN8mu/Mnf
OsIbezDEKDvfJ5zGNGPwmciChMvx0mKF/YyAqiiWygADKmrZ739D6Nz7J5U8mkt0
EsCt9CKebeel4OUIgPaux59bfCT7UxEpCxCKMEtBlnfbPDGla+WDEiXfkd5zBUsk
qMeopjfSBc8BVXR1Wl9B8aQFPvghBXohjMAXdjP1VlySg/6CtVtraevGJAa4A171
pudUbcZq8+ZgONpAw8X1X3DbGIkRAgMBAAGjggKoMIICpDAdBgNVHQ4EFgQULaw+
zJUZkLO3HPtgdbW9w5sfx0wwHwYDVR0jBBgwFoAUjQHYCOiXdFQ94i0NqEQ3js6o
u5swDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjM0RDIyLzFENUY3QzI2MDQ3MzExRTU4MEMxOEEwNkY4QUVBMjI4L2pRSFlD
T2lYZEZROTRpME5xRVEzanM2b3U1cy5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL2pRSFlDT2lYZEZROTRpME5xRVEzanM2b3U1cy5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjM0RDIyLzFENUY3QzI2MDQ3MzExRTU4MEMxOEEwNkY4
QUVBMjI4LzJDNzZDQzg2QTMzRTExRUZCQjMyMTA5Nzc2MkU5NTFBLnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAgAULQAAIwDQYJKoZIhvcN
AQELBQADggEBAAsa9o3rZgKOeHGUkTEkjE9z30/QU7NUR/yr9t/CRvp+EYxKdJNv
z83SUJ8JzwFFkDNW+rJQfa5+dPN9xBgjI8SbQHgJ18b3k2a8c6i5pZupEnbpUr/Z
uYhLFpQCKNf6igpVqxUfWsV2KcIra+x2+gbT+Ljn1LcRiXAKUnhvz63cJPKUn1LK
RlT547hCf1T2WiFedIIb2W5TGniN0YVG0qJSPzifLzwZiryQGiuQfLcqCKszHCxZ
Bts7x6ClM3xgq6ro8VWX19CeH1nKvrT00SqBu64Mhsvk3yzdxKaA/wY4buKpQ3KR
E772V2vvdnBh3ZsZkdKO1V0pNrDSwU4+KD8=
-----END CERTIFICATE-----