Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F364321A/493E462EBCDA11EDA1FB0FB0F1222468/BCD1ADAAD53511EEA3B22470775412E6.roa
File:                     BCD1ADAAD53511EEA3B22470775412E6.roa (raw, json)
Hash identifier:          d12Kr2qwAhbDBscwoutPKxlu3aElunyjg9Yu2LBeVsw=
Subject key identifier:   1B:22:C4:6B:3C:FC:57:BE:1C:0F:56:13:0E:A1:93:71:6E:7C:1D:B5
Certificate issuer:       /CN=F364321AAR/serialNumber=933F70DB9817B848F8C0861A824B10117DC5192C
Certificate serial:       018B
Authority key identifier: 93:3F:70:DB:98:17:B8:48:F8:C0:86:1A:82:4B:10:11:7D:C5:19:2C
Authority info access:    rsync://rpki.afrinic.net/repository/arin/kz9w25gXuEj4wIYagksQEX3FGSw.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F364321A/493E462EBCDA11EDA1FB0FB0F1222468/BCD1ADAAD53511EEA3B22470775412E6.roa
Signing time:             Tue 27 Feb 2024 06:02:07 +0000
ROA not before:           Tue 27 Feb 2024 06:02:04 +0000
ROA not after:            Wed 27 Feb 2030 06:02:04 +0000
asID:                     202023
IP address blocks:        139.26.0.0/21 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F364321A/493E462EBCDA11EDA1FB0FB0F1222468/kz9w25gXuEj4wIYagksQEX3FGSw.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F364321A/493E462EBCDA11EDA1FB0FB0F1222468/kz9w25gXuEj4wIYagksQEX3FGSw.mft
                          rsync://rpki.afrinic.net/repository/arin/kz9w25gXuEj4wIYagksQEX3FGSw.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:21:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 395 (0x18b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F364321AAR/serialNumber=933F70DB9817B848F8C0861A824B10117DC5192C
        Validity
            Not Before: Feb 27 06:02:04 2024 GMT
            Not After : Feb 27 06:02:04 2030 GMT
        Subject: CN=65dd7adf-c26f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:1d:77:86:1f:2f:40:bf:9c:98:01:a1:f9:ad:
                    73:a4:ad:aa:16:a2:9e:f4:6d:cb:e5:81:05:69:2c:
                    66:e5:32:25:fb:bb:c2:68:15:b6:37:1d:f7:65:73:
                    95:0d:f7:2c:76:d7:d0:1c:ee:e7:ad:01:71:28:11:
                    de:dc:8f:06:40:7b:ca:43:e7:bb:99:19:44:fc:c4:
                    58:fe:77:f4:d5:c9:b5:70:56:df:9b:1c:a8:d4:51:
                    47:00:06:50:a7:9f:cb:f0:d2:5d:5b:ed:fb:02:e7:
                    b9:c8:01:24:5e:76:5b:70:eb:b8:a1:1b:6e:53:49:
                    f3:92:53:27:3f:6c:db:bb:9f:45:65:1d:d0:2a:d8:
                    d9:36:46:94:ee:25:09:db:1a:6a:69:75:5d:81:8b:
                    6f:4c:cd:d9:db:fa:3b:d6:02:ee:0b:58:6e:a8:f0:
                    7e:89:2a:1d:d6:8d:f1:cd:a4:ef:32:6e:99:29:66:
                    01:03:3e:ad:7c:e4:4a:e1:b3:a0:49:db:8a:c5:25:
                    c6:c6:10:fe:8d:32:24:ef:62:7b:e5:2b:86:22:04:
                    dc:33:96:1c:7f:0b:06:46:86:7b:00:a2:51:84:10:
                    d7:04:86:eb:33:2c:3d:19:8f:ee:70:9a:bd:14:b9:
                    ea:ce:ea:36:e3:43:f3:9e:fa:98:85:9c:1b:04:8d:
                    fe:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:22:C4:6B:3C:FC:57:BE:1C:0F:56:13:0E:A1:93:71:6E:7C:1D:B5
            X509v3 Authority Key Identifier:
                keyid:93:3F:70:DB:98:17:B8:48:F8:C0:86:1A:82:4B:10:11:7D:C5:19:2C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F364321A/493E462EBCDA11EDA1FB0FB0F1222468/kz9w25gXuEj4wIYagksQEX3FGSw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/kz9w25gXuEj4wIYagksQEX3FGSw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F364321A/493E462EBCDA11EDA1FB0FB0F1222468/BCD1ADAAD53511EEA3B22470775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.26.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         58:1f:60:db:ce:05:2f:56:d0:80:1d:5f:86:01:5f:90:56:e2:
         53:ba:37:ad:29:60:a1:67:52:ec:4d:33:89:31:02:d5:3c:f5:
         7c:ec:ae:3a:78:c0:8a:15:57:47:2b:d0:3e:0d:52:86:2e:e7:
         7a:d2:af:a4:d5:5d:4a:f1:4c:eb:93:67:2b:12:c8:a8:4f:40:
         a7:31:44:1b:36:2d:6c:26:4d:a5:42:dd:ed:40:32:c7:45:00:
         27:76:f8:57:30:75:c9:68:bd:ec:d3:a7:62:d4:da:49:cf:b1:
         2a:15:cc:48:21:1f:8c:7b:37:65:90:ea:e7:9c:e9:b1:55:cb:
         53:5c:43:e7:62:56:95:dd:92:5f:f4:9f:73:37:9a:d6:2f:68:
         cd:73:3e:fa:0b:b8:5f:5a:56:58:8f:d8:f3:fa:e5:98:f3:6e:
         32:d4:f5:ca:c2:18:15:1e:cb:46:76:86:dd:93:44:d9:ce:07:
         e5:6e:a0:d9:b1:95:d6:ea:2d:ef:c8:41:7f:02:21:c7:14:ce:
         8f:10:8f:cb:e6:7a:ed:b5:fe:7d:38:c1:07:14:1a:aa:c9:7a:
         cf:3a:37:a8:05:dc:ac:87:57:df:68:f1:d3:a2:22:01:6e:06:
         ca:6d:55:73:f7:43:84:b8:64:df:e6:a2:08:60:a4:cb:0d:90:
         49:ec:d6:a3
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICAYswDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
NDMyMUFBUjExMC8GA1UEBRMoOTMzRjcwREI5ODE3Qjg0OEY4QzA4NjFBODI0QjEw
MTE3REM1MTkyQzAeFw0yNDAyMjcwNjAyMDRaFw0zMDAyMjcwNjAyMDRaMBgxFjAU
BgNVBAMTDTY1ZGQ3YWRmLWMyNmYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCyHXeGHy9Av5yYAaH5rXOkraoWop70bcvlgQVpLGblMiX7u8JoFbY3Hfdl
c5UN9yx219Ac7uetAXEoEd7cjwZAe8pD57uZGUT8xFj+d/TVybVwVt+bHKjUUUcA
BlCnn8vw0l1b7fsC57nIASRedltw67ihG25TSfOSUyc/bNu7n0VlHdAq2Nk2RpTu
JQnbGmppdV2Bi29Mzdnb+jvWAu4LWG6o8H6JKh3WjfHNpO8ybpkpZgEDPq185Erh
s6BJ24rFJcbGEP6NMiTvYnvlK4YiBNwzlhx/CwZGhnsAolGEENcEhuszLD0Zj+5w
mr0UuerO6jbjQ/Oe+piFnBsEjf65AgMBAAGjggKiMIICnjAdBgNVHQ4EFgQUGyLE
azz8V74cD1YTDqGTcW58HbUwHwYDVR0jBBgwFoAUkz9w25gXuEj4wIYagksQEX3F
GSwwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjQzMjFBLzQ5M0U0NjJFQkNEQTExRURBMUZCMEZCMEYxMjIyNDY4L2t6OXcy
NWdYdUVqNHdJWWFna3NRRVgzRkdTdy5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hcmlu
L2t6OXcyNWdYdUVqNHdJWWFna3NRRVgzRkdTdy5jZXIwTwYDVR0gAQH/BEUwQzBB
BggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5pYy5u
ZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEFBQcw
C4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9y
ZXBvc2l0b3J5L0YzNjQzMjFBLzQ5M0U0NjJFQkNEQTExRURBMUZCMEZCMEYxMjIy
NDY4L0JDRDFBREFBRDUzNTExRUVBM0IyMjQ3MDc3NTQxMkU2LnJvYTA1BggrBgEF
BQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54bWww
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAOLGgAwDQYJKoZIhvcNAQELBQAD
ggEBAFgfYNvOBS9W0IAdX4YBX5BW4lO6N60pYKFnUuxNM4kxAtU89Xzsrjp4wIoV
V0cr0D4NUoYu53rSr6TVXUrxTOuTZysSyKhPQKcxRBs2LWwmTaVC3e1AMsdFACd2
+FcwdclovezTp2LU2knPsSoVzEghH4x7N2WQ6uec6bFVy1NcQ+diVpXdkl/0n3M3
mtYvaM1zPvoLuF9aVliP2PP65ZjzbjLU9crCGBUey0Z2ht2TRNnOB+VuoNmxldbq
Le/IQX8CIccUzo8Qj8vmeu21/n04wQcUGqrJes86N6gF3KyHV99o8dOiIgFuBspt
VXP3Q4S4ZN/moghgpMsNkEns1qM=
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:03:33 2024 by rpki-client on console-ams.rpki-client.org