Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3650567/33E3302674BA11EEAA94C1734AD9E6FC/AFB99BECE84911EEAC2817B0775412E6.roa
File:                     AFB99BECE84911EEAC2817B0775412E6.roa (raw, json)
Hash identifier:          wK3m6AVUUHERab175Vm2uBvPVoVJqj98kbxVNm98qWY=
Subject key identifier:   6B:17:E6:EE:71:6C:A4:50:8C:4B:4E:3C:A6:EB:CF:88:AC:60:7C:FA
Certificate issuer:       /CN=F3650567AF/serialNumber=5FC37DECEB7008BBA741347845B76B47677AEA69
Certificate serial:       A6
Authority key identifier: 5F:C3:7D:EC:EB:70:08:BB:A7:41:34:78:45:B7:6B:47:67:7A:EA:69
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/X8N97OtwCLunQTR4RbdrR2d66mk.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3650567/33E3302674BA11EEAA94C1734AD9E6FC/AFB99BECE84911EEAC2817B0775412E6.roa
Signing time:             Fri 22 Mar 2024 12:42:47 +0000
ROA not before:           Fri 22 Mar 2024 12:42:44 +0000
ROA not after:            Sat 22 Mar 2025 12:42:44 +0000
asID:                     37073
IP address blocks:        41.216.144.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3650567/33E3302674BA11EEAA94C1734AD9E6FC/X8N97OtwCLunQTR4RbdrR2d66mk.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3650567/33E3302674BA11EEAA94C1734AD9E6FC/X8N97OtwCLunQTR4RbdrR2d66mk.mft
                          rsync://rpki.afrinic.net/repository/afrinic/X8N97OtwCLunQTR4RbdrR2d66mk.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 166 (0xa6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3650567AF/serialNumber=5FC37DECEB7008BBA741347845B76B47677AEA69
        Validity
            Not Before: Mar 22 12:42:44 2024 GMT
            Not After : Mar 22 12:42:44 2025 GMT
        Subject: CN=65fd7cc7-ed45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:78:78:3f:ff:97:4a:54:65:cd:1c:f4:70:9d:
                    2e:e4:06:36:0b:31:f6:e5:40:d6:05:e2:bf:53:8c:
                    37:a8:87:30:75:ef:ae:1c:7a:d5:f2:9d:91:5e:ce:
                    c2:82:00:54:77:3b:fa:c2:90:47:9d:07:3b:13:bb:
                    95:a2:8b:d6:c0:3e:81:7e:58:27:80:af:ee:a4:55:
                    aa:1e:95:10:31:ea:75:d7:a5:5c:f4:b7:cc:e5:1a:
                    ed:9e:fe:8c:04:6e:82:8f:b9:14:e9:d6:63:1a:27:
                    37:a6:be:db:8d:6f:9c:43:e3:86:f6:2a:8c:a0:43:
                    cb:39:9e:a6:22:55:e3:1a:ba:6b:38:9c:1b:ce:c7:
                    e3:8b:8d:8b:8a:a0:70:25:46:2e:60:44:bf:f4:e8:
                    18:a2:7a:18:57:5b:b4:02:5a:70:0b:9c:a0:76:fd:
                    39:4d:0c:9b:3b:c7:24:2d:b8:0a:8f:a3:89:ab:76:
                    7d:b3:c0:f2:08:df:a0:fe:dd:93:55:dd:0f:85:23:
                    29:6f:6b:a5:ac:23:ba:5f:32:70:c4:5d:ea:fe:35:
                    4c:40:cb:1a:50:e3:fa:22:5d:41:69:60:df:ad:85:
                    68:83:ca:49:9b:6f:88:57:3b:c9:8f:bc:fc:99:ef:
                    8a:df:63:92:ed:90:25:ff:9c:c8:63:3b:e9:7f:6d:
                    f0:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:17:E6:EE:71:6C:A4:50:8C:4B:4E:3C:A6:EB:CF:88:AC:60:7C:FA
            X509v3 Authority Key Identifier:
                keyid:5F:C3:7D:EC:EB:70:08:BB:A7:41:34:78:45:B7:6B:47:67:7A:EA:69

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3650567/33E3302674BA11EEAA94C1734AD9E6FC/X8N97OtwCLunQTR4RbdrR2d66mk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/X8N97OtwCLunQTR4RbdrR2d66mk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3650567/33E3302674BA11EEAA94C1734AD9E6FC/AFB99BECE84911EEAC2817B0775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  41.216.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         34:66:7e:4d:85:5a:61:0f:a1:83:9e:11:6b:06:10:36:8b:7a:
         3e:31:c9:15:d5:c3:af:1c:6c:36:02:ab:d3:bf:ca:a8:32:c1:
         bf:99:52:bd:09:3f:49:dd:af:0c:28:4b:7b:c6:98:b8:b5:b6:
         da:03:79:3f:87:71:ef:e9:37:f9:0e:3c:52:ca:dd:33:8e:91:
         7a:7f:1b:8c:c4:5a:85:0d:bc:5f:38:ab:bd:b6:82:2a:fe:ba:
         0a:a2:c7:28:76:d4:66:28:b1:52:b5:e5:92:7a:ab:6e:2b:29:
         fc:19:fa:42:d4:f4:f5:24:3c:60:7a:94:c7:9c:ba:a6:4f:86:
         93:84:e2:09:bb:9a:82:08:1b:45:df:8e:ec:20:43:36:90:6d:
         34:ee:9c:97:a1:d9:ca:38:e7:bd:be:b8:d7:69:b4:ae:7a:10:
         98:47:be:1a:9e:77:b6:55:fa:6e:e4:03:a2:69:d8:74:8b:42:
         7c:12:ef:00:e0:a6:2c:a6:a6:55:bb:64:32:e4:67:ea:34:4a:
         92:3c:d7:6e:7e:5c:51:b6:1b:6f:17:36:f9:34:c0:3a:1f:fe:
         7c:2c:33:71:53:8d:38:89:42:aa:0b:03:e4:d5:dd:f9:ee:49:
         c1:a7:f8:79:70:30:0a:6c:90:29:27:82:53:39:24:0a:37:c3:
         0f:e1:5d:2d
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICAKYwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
NTA1NjdBRjExMC8GA1UEBRMoNUZDMzdERUNFQjcwMDhCQkE3NDEzNDc4NDVCNzZC
NDc2NzdBRUE2OTAeFw0yNDAzMjIxMjQyNDRaFw0yNTAzMjIxMjQyNDRaMBgxFjAU
BgNVBAMTDTY1ZmQ3Y2M3LWVkNDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDqeHg//5dKVGXNHPRwnS7kBjYLMfblQNYF4r9TjDeohzB1764cetXynZFe
zsKCAFR3O/rCkEedBzsTu5Wii9bAPoF+WCeAr+6kVaoelRAx6nXXpVz0t8zlGu2e
/owEboKPuRTp1mMaJzemvtuNb5xD44b2KoygQ8s5nqYiVeMaums4nBvOx+OLjYuK
oHAlRi5gRL/06BiiehhXW7QCWnALnKB2/TlNDJs7xyQtuAqPo4mrdn2zwPII36D+
3ZNV3Q+FIylva6WsI7pfMnDEXer+NUxAyxpQ4/oiXUFpYN+thWiDykmbb4hXO8mP
vPyZ74rfY5LtkCX/nMhjO+l/bfDZAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQUaxfm
7nFspFCMS048puvPiKxgfPowHwYDVR0jBBgwFoAUX8N97OtwCLunQTR4RbdrR2d6
6mkwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjUwNTY3LzMzRTMzMDI2NzRCQTExRUVBQTk0QzE3MzRBRDlFNkZDL1g4Tjk3
T3R3Q0x1blFUUjRSYmRyUjJkNjZtay5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL1g4Tjk3T3R3Q0x1blFUUjRSYmRyUjJkNjZtay5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjUwNTY3LzMzRTMzMDI2NzRCQTExRUVBQTk0QzE3MzRB
RDlFNkZDL0FGQjk5QkVDRTg0OTExRUVBQzI4MTdCMDc3NTQxMkU2LnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAQp2JAwDQYJKoZIhvcNAQEL
BQADggEBADRmfk2FWmEPoYOeEWsGEDaLej4xyRXVw68cbDYCq9O/yqgywb+ZUr0J
P0ndrwwoS3vGmLi1ttoDeT+Hce/pN/kOPFLK3TOOkXp/G4zEWoUNvF84q722gir+
ugqixyh21GYosVK15ZJ6q24rKfwZ+kLU9PUkPGB6lMecuqZPhpOE4gm7moIIG0Xf
juwgQzaQbTTunJeh2co4572+uNdptK56EJhHvhqed7ZV+m7kA6Jp2HSLQnwS7wDg
piymplW7ZDLkZ+o0SpI8125+XFG2G28XNvk0wDof/nwsM3FTjTiJQqoLA+TV3fnu
ScGn+HlwMApskCknglM5JAo3ww/hXS0=
-----END CERTIFICATE-----
Generated at Fri Nov 22 03:52:54 2024 by rpki-client on console-fra.rpki-client.org