Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36549B1/DF788C98561311E5B1A0E360F8AEA228/4252D1905DDE11EEA38F26174AD9E6FC.roa
File:                     4252D1905DDE11EEA38F26174AD9E6FC.roa (raw, json)
Hash identifier:          YEcxnJNljEbbPt+jZqFFjrHFGQrlfrLBxbAphuQ3lR4=
Subject key identifier:   9A:76:28:E7:FD:97:D3:2E:61:4C:E5:EB:14:6E:6C:C4:59:29:33:C5
Certificate issuer:       /CN=F36549B1AF/serialNumber=9F17383EB667E547BA00CFB7F914F4284C5849CC
Certificate serial:       0BCC
Authority key identifier: 9F:17:38:3E:B6:67:E5:47:BA:00:CF:B7:F9:14:F4:28:4C:58:49:CC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/nxc4PrZn5Ue6AM-3-RT0KExYScw.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36549B1/DF788C98561311E5B1A0E360F8AEA228/4252D1905DDE11EEA38F26174AD9E6FC.roa
Signing time:             Thu 28 Sep 2023 09:06:07 +0000
ROA not before:           Thu 28 Sep 2023 09:06:04 +0000
ROA not after:            Wed 01 Dec 2049 09:06:04 +0000
asID:                     0
IP address blocks:        2001:43f8:1f0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36549B1/DF788C98561311E5B1A0E360F8AEA228/nxc4PrZn5Ue6AM-3-RT0KExYScw.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36549B1/DF788C98561311E5B1A0E360F8AEA228/nxc4PrZn5Ue6AM-3-RT0KExYScw.mft
                          rsync://rpki.afrinic.net/repository/afrinic/nxc4PrZn5Ue6AM-3-RT0KExYScw.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sat 23 Nov 2024 00:06:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3020 (0xbcc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36549B1AF/serialNumber=9F17383EB667E547BA00CFB7F914F4284C5849CC
        Validity
            Not Before: Sep 28 09:06:04 2023 GMT
            Not After : Dec  1 09:06:04 2049 GMT
        Subject: CN=651541ff-4e8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f3:a3:57:f1:0f:96:90:1e:7c:41:25:22:15:
                    ee:41:a0:bd:3d:89:af:23:97:21:a6:3f:df:c5:98:
                    09:9c:d0:0e:42:68:df:d0:0e:6c:17:30:25:23:31:
                    06:41:64:3a:a9:a3:2e:73:86:eb:58:02:0d:3f:88:
                    39:d6:9d:f9:31:3d:5f:b4:cd:c8:92:96:30:1e:82:
                    7a:fd:bf:89:8a:67:e3:c6:33:0c:e3:2f:6c:d9:6c:
                    5f:7b:dc:c1:13:13:30:09:cb:b8:63:9f:22:82:c5:
                    c0:2f:43:af:5a:2f:6c:dc:f6:14:51:0c:65:eb:22:
                    13:7a:fd:1f:2f:bc:ea:2c:38:55:5f:9d:b7:7b:b3:
                    59:ec:13:67:59:e4:84:c4:ee:12:38:a8:2f:a7:b4:
                    a2:3b:51:07:57:a8:9e:ca:9b:75:21:18:55:be:74:
                    b3:a6:f7:36:e9:e5:a1:9d:23:c8:d6:21:c9:aa:f7:
                    53:6d:96:42:d0:f0:68:b5:5d:40:37:88:3f:79:68:
                    68:26:19:da:87:58:f9:23:42:07:8a:97:7f:d1:65:
                    41:9b:e4:86:2d:89:cd:4b:c7:e5:ba:ea:95:df:14:
                    31:ea:74:ca:42:ae:cc:d3:fe:ea:09:00:8e:72:73:
                    c5:1e:f4:e7:66:06:6f:6a:ce:e6:df:cc:3c:d5:db:
                    c1:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:76:28:E7:FD:97:D3:2E:61:4C:E5:EB:14:6E:6C:C4:59:29:33:C5
            X509v3 Authority Key Identifier:
                keyid:9F:17:38:3E:B6:67:E5:47:BA:00:CF:B7:F9:14:F4:28:4C:58:49:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36549B1/DF788C98561311E5B1A0E360F8AEA228/nxc4PrZn5Ue6AM-3-RT0KExYScw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/nxc4PrZn5Ue6AM-3-RT0KExYScw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36549B1/DF788C98561311E5B1A0E360F8AEA228/4252D1905DDE11EEA38F26174AD9E6FC.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:43f8:1f0::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:db:a3:ff:64:c7:83:d7:f0:c9:58:46:1e:bb:b3:47:be:cc:
         11:84:34:fe:17:99:96:de:7a:47:9b:95:7a:5b:88:2d:ac:55:
         bc:aa:59:13:b3:00:4c:ac:e1:33:e2:93:3b:a8:2b:55:89:dd:
         05:87:72:fe:80:b0:8d:eb:b2:31:36:ec:93:e7:fc:30:87:e9:
         99:2d:11:9c:5f:0c:d4:57:c3:22:f8:59:1a:37:46:d4:fe:ac:
         6b:bc:02:c0:0a:0f:02:7c:20:e4:7b:a3:5c:1e:ba:69:ba:28:
         d4:60:18:85:a2:d8:a4:f3:f9:42:43:fd:e9:66:6e:1f:38:7a:
         ad:e9:fe:38:d2:bc:e8:7f:59:22:38:3b:3e:84:36:43:46:83:
         40:12:17:a2:c2:f2:8f:fc:b5:c8:ed:c0:25:1c:e6:e6:84:04:
         5a:28:03:db:ba:0d:da:bc:d0:26:7b:9d:b0:ae:0d:6f:1d:73:
         30:cd:8d:f0:bc:42:bd:6c:16:37:c0:a2:d2:32:2a:82:9c:dc:
         e7:54:e8:a1:c3:1c:10:90:a0:8c:d9:82:0f:25:14:1b:d4:29:
         b5:1f:c5:a4:02:3b:4c:ea:1b:8b:f8:48:9c:da:79:3f:6b:4b:
         16:4b:25:f0:e7:b0:2d:16:91:0f:b8:8c:80:9a:18:16:37:4e:
         8a:31:76:5c
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICC8wwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAwwKRjM2
NTQ5QjFBRjExMC8GA1UEBRMoOUYxNzM4M0VCNjY3RTU0N0JBMDBDRkI3RjkxNEY0
Mjg0QzU4NDlDQzAeFw0yMzA5MjgwOTA2MDRaFw00OTEyMDEwOTA2MDRaMBgxFjAU
BgNVBAMTDTY1MTU0MWZmLTRlOGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCx86NX8Q+WkB58QSUiFe5BoL09ia8jlyGmP9/FmAmc0A5CaN/QDmwXMCUj
MQZBZDqpoy5zhutYAg0/iDnWnfkxPV+0zciSljAegnr9v4mKZ+PGMwzjL2zZbF97
3METEzAJy7hjnyKCxcAvQ69aL2zc9hRRDGXrIhN6/R8vvOosOFVfnbd7s1nsE2dZ
5ITE7hI4qC+ntKI7UQdXqJ7Km3UhGFW+dLOm9zbp5aGdI8jWIcmq91NtlkLQ8Gi1
XUA3iD95aGgmGdqHWPkjQgeKl3/RZUGb5IYtic1Lx+W66pXfFDHqdMpCrszT/uoJ
AI5yc8Ue9OdmBm9qzubfzDzV28HzAgMBAAGjggKoMIICpDAdBgNVHQ4EFgQUmnYo
5/2X0y5hTOXrFG5sxFkpM8UwHwYDVR0jBBgwFoAUnxc4PrZn5Ue6AM+3+RT0KExY
ScwwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjU0OUIxL0RGNzg4Qzk4NTYxMzExRTVCMUEwRTM2MEY4QUVBMjI4L254YzRQ
clpuNVVlNkFNLTMtUlQwS0V4WVNjdy5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL254YzRQclpuNVVlNkFNLTMtUlQwS0V4WVNjdy5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjU0OUIxL0RGNzg4Qzk4NTYxMzExRTVCMUEwRTM2MEY4
QUVBMjI4LzQyNTJEMTkwNURERTExRUVBMzhGMjYxNzRBRDlFNkZDLnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAgAUP4AfAwDQYJKoZIhvcN
AQELBQADggEBACDbo/9kx4PX8MlYRh67s0e+zBGENP4XmZbeekeblXpbiC2sVbyq
WROzAEys4TPikzuoK1WJ3QWHcv6AsI3rsjE27JPn/DCH6ZktEZxfDNRXwyL4WRo3
RtT+rGu8AsAKDwJ8IOR7o1weumm6KNRgGIWi2KTz+UJD/elmbh84eq3p/jjSvOh/
WSI4Oz6ENkNGg0ASF6LC8o/8tcjtwCUc5uaEBFooA9u6Ddq80CZ7nbCuDW8dczDN
jfC8Qr1sFjfAotIyKoKc3OdU6KHDHBCQoIzZgg8lFBvUKbUfxaQCO0zqG4v4SJza
eT9rSxZLJfDnsC0WkQ+4jICaGBY3Tooxdlw=
-----END CERTIFICATE-----
Generated at Thu Nov 21 03:19:40 2024 by rpki-client on console-ams.rpki-client.org