Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F364791E/7EC3F6362F8511EEA83976724AD9E6FC/BF7E3710144311EFA22B150D017001B1.roa
File:                     BF7E3710144311EFA22B150D017001B1.roa (raw, json)
Hash identifier:          8/PkEBIvQqXhRj2NABgd13CMYm/zHriVEu3SoXyW4r4=
Subject key identifier:   74:A9:E5:6B:2E:64:67:50:7B:72:92:B3:1B:D6:B9:54:1E:25:43:F8
Certificate issuer:       /CN=F364791EAF/serialNumber=292584A1ECFE2AF309322D72E62D8D5C6A5EF7AF
Certificate serial:       0132
Authority key identifier: 29:25:84:A1:EC:FE:2A:F3:09:32:2D:72:E6:2D:8D:5C:6A:5E:F7:AF
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/KSWEoez-KvMJMi1y5i2NXGpe968.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F364791E/7EC3F6362F8511EEA83976724AD9E6FC/BF7E3710144311EFA22B150D017001B1.roa
Signing time:             Fri 17 May 2024 11:51:08 +0000
ROA not before:           Fri 17 May 2024 11:51:05 +0000
ROA not after:            Wed 31 May 2034 11:51:05 +0000
asID:                     329206
IP address blocks:        102.209.20.0/22 maxlen: 24
                          102.213.4.0/22 maxlen: 24
                          2c0f:7580::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F364791E/7EC3F6362F8511EEA83976724AD9E6FC/KSWEoez-KvMJMi1y5i2NXGpe968.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F364791E/7EC3F6362F8511EEA83976724AD9E6FC/KSWEoez-KvMJMi1y5i2NXGpe968.mft
                          rsync://rpki.afrinic.net/repository/afrinic/KSWEoez-KvMJMi1y5i2NXGpe968.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 306 (0x132)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F364791EAF/serialNumber=292584A1ECFE2AF309322D72E62D8D5C6A5EF7AF
        Validity
            Not Before: May 17 11:51:05 2024 GMT
            Not After : May 31 11:51:05 2034 GMT
        Subject: CN=664744ac-d02f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:11:cd:09:3b:3b:cc:eb:9c:7d:19:20:80:45:
                    b9:6c:28:68:0a:b8:37:47:e1:6b:99:1d:93:21:72:
                    27:f5:40:91:bf:c0:9d:33:da:ae:e7:23:4e:1e:40:
                    e8:e6:bb:8e:99:f7:b5:17:ee:8c:39:2c:d1:d7:9a:
                    4f:2c:3d:96:e9:9e:fa:7c:c4:76:8f:ed:0c:d1:1c:
                    b0:3f:c3:d8:49:30:13:49:d3:af:d1:d7:32:cc:e6:
                    29:01:cf:c1:e7:ab:88:df:a2:b4:57:b5:67:5c:dd:
                    49:b2:dd:bf:f2:e6:e3:ef:48:a9:64:57:22:9d:80:
                    75:c3:61:7a:5f:3d:ce:03:a8:b7:d1:b5:29:5f:16:
                    35:10:ff:57:f1:e1:a4:da:3c:bb:76:80:89:9e:6a:
                    a4:9d:a7:33:57:1e:52:54:1d:72:61:8e:1f:60:ff:
                    12:f6:8a:96:4e:74:e0:8d:d3:df:f7:8f:96:eb:6f:
                    7c:67:c6:5c:07:eb:ec:02:a2:94:9c:b5:a3:4e:89:
                    bc:86:8f:ca:7a:b6:25:20:ad:f8:de:1f:b3:e1:4b:
                    67:25:9c:3c:83:31:85:4e:28:23:ee:83:71:59:ff:
                    4a:45:5c:32:35:a4:49:81:f3:6b:f8:2a:5d:ca:e9:
                    3b:53:ed:e3:e9:5a:52:0f:1f:16:1c:09:0b:68:30:
                    81:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:A9:E5:6B:2E:64:67:50:7B:72:92:B3:1B:D6:B9:54:1E:25:43:F8
            X509v3 Authority Key Identifier:
                keyid:29:25:84:A1:EC:FE:2A:F3:09:32:2D:72:E6:2D:8D:5C:6A:5E:F7:AF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F364791E/7EC3F6362F8511EEA83976724AD9E6FC/KSWEoez-KvMJMi1y5i2NXGpe968.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/KSWEoez-KvMJMi1y5i2NXGpe968.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F364791E/7EC3F6362F8511EEA83976724AD9E6FC/BF7E3710144311EFA22B150D017001B1.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.209.20.0/22
                  102.213.4.0/22
                IPv6:
                  2c0f:7580::/32

    Signature Algorithm: sha256WithRSAEncryption
         63:ea:97:16:b9:ce:cb:43:e4:d8:00:74:86:e9:f3:23:c2:28:
         a9:e9:b3:7b:e3:33:72:87:e1:30:59:79:a2:4b:8d:8a:ce:a0:
         10:98:3d:5d:52:55:cb:1f:f3:2e:22:45:09:c1:04:71:67:f3:
         1d:1e:bd:b0:3c:ff:4a:03:0f:5a:a5:41:8b:36:39:49:d7:2a:
         2e:0a:7f:4c:e6:9f:d9:cb:90:b9:96:fb:00:0b:37:f9:6c:a6:
         3e:d4:0a:74:33:f2:c5:95:f7:82:35:43:cd:2f:02:fb:9c:ef:
         fd:c2:3f:a9:b8:5e:cb:a6:2b:62:cd:dc:bb:df:27:e1:10:eb:
         2f:a4:55:76:ea:51:39:da:e6:21:69:84:ac:4a:06:52:92:92:
         d4:b8:3d:6f:8c:79:d4:62:56:d3:4d:4a:c7:3f:5f:a2:1d:31:
         65:c3:bf:ea:bc:3c:a1:0b:fe:f4:3f:2d:8c:ab:36:10:b9:5f:
         dc:73:f0:8b:a9:a1:13:64:53:fe:c1:1e:21:2d:a1:1b:bb:63:
         fb:24:6e:a8:93:db:a5:86:d0:ed:89:f1:3a:20:64:63:2c:45:
         b4:03:4c:4d:72:56:42:97:35:11:97:04:cc:33:6e:16:1a:41:
         be:cf:ad:8c:c7:12:d7:1b:08:48:5d:37:e4:8d:0d:30:93:e7:
         a7:d5:e2:fe
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgICATIwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
NDc5MUVBRjExMC8GA1UEBRMoMjkyNTg0QTFFQ0ZFMkFGMzA5MzIyRDcyRTYyRDhE
NUM2QTVFRjdBRjAeFw0yNDA1MTcxMTUxMDVaFw0zNDA1MzExMTUxMDVaMBgxFjAU
BgNVBAMTDTY2NDc0NGFjLWQwMmYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQD0Ec0JOzvM65x9GSCARblsKGgKuDdH4WuZHZMhcif1QJG/wJ0z2q7nI04e
QOjmu46Z97UX7ow5LNHXmk8sPZbpnvp8xHaP7QzRHLA/w9hJMBNJ06/R1zLM5ikB
z8Hnq4jforRXtWdc3Umy3b/y5uPvSKlkVyKdgHXDYXpfPc4DqLfRtSlfFjUQ/1fx
4aTaPLt2gImeaqSdpzNXHlJUHXJhjh9g/xL2ipZOdOCN09/3j5brb3xnxlwH6+wC
opSctaNOibyGj8p6tiUgrfjeH7PhS2clnDyDMYVOKCPug3FZ/0pFXDI1pEmB82v4
Kl3K6TtT7ePpWlIPHxYcCQtoMIG9AgMBAAGjggK6MIICtjAdBgNVHQ4EFgQUdKnl
ay5kZ1B7cpKzG9a5VB4lQ/gwHwYDVR0jBBgwFoAUKSWEoez+KvMJMi1y5i2NXGpe
968wDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjQ3OTFFLzdFQzNGNjM2MkY4NTExRUVBODM5NzY3MjRBRDlFNkZDL0tTV0Vv
ZXotS3ZNSk1pMXk1aTJOWEdwZTk2OC5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL0tTV0VvZXotS3ZNSk1pMXk1aTJOWEdwZTk2OC5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjQ3OTFFLzdFQzNGNjM2MkY4NTExRUVBODM5NzY3MjRB
RDlFNkZDL0JGN0UzNzEwMTQ0MzExRUZBMjJCMTUwRDAxNzAwMUIxLnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwNAYIKwYBBQUHAQcBAf8EJTAjMBIEAgABMAwDBAJm0RQDBAJm1QQwDQQCAAIw
BwMFACwPdYAwDQYJKoZIhvcNAQELBQADggEBAGPqlxa5zstD5NgAdIbp8yPCKKnp
s3vjM3KH4TBZeaJLjYrOoBCYPV1SVcsf8y4iRQnBBHFn8x0evbA8/0oDD1qlQYs2
OUnXKi4Kf0zmn9nLkLmW+wALN/lspj7UCnQz8sWV94I1Q80vAvuc7/3CP6m4Xsum
K2LN3LvfJ+EQ6y+kVXbqUTna5iFphKxKBlKSktS4PW+MedRiVtNNSsc/X6IdMWXD
v+q8PKEL/vQ/LYyrNhC5X9xz8IupoRNkU/7BHiEtoRu7Y/skbqiT26WG0O2J8Tog
ZGMsRbQDTE1yVkKXNRGXBMwzbhYaQb7PrYzHEtcbCEhdN+SNDTCT56fV4v4=
-----END CERTIFICATE-----
Generated at Fri Nov 22 03:52:53 2024 by rpki-client on console-fra.rpki-client.org