Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/3A83DE2EB9EF11EE855D2699775412E6.roa
File:                     3A83DE2EB9EF11EE855D2699775412E6.roa (raw, json)
Hash identifier:          Ji24HANBydgM5FZRYAA6kmMehCTfNHVI1J4kUCYNXBQ=
Subject key identifier:   80:03:B3:28:CB:9B:8C:22:DD:88:7E:BE:47:89:4B:10:31:6D:F9:F6
Certificate issuer:       /CN=F3659F9CAR/serialNumber=09FB3136ECD5E3D7CF00B32C121F12E8AFD0A601
Certificate serial:       022B
Authority key identifier: 09:FB:31:36:EC:D5:E3:D7:CF:00:B3:2C:12:1F:12:E8:AF:D0:A6:01
Authority info access:    rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/3A83DE2EB9EF11EE855D2699775412E6.roa
Signing time:             Tue 23 Jan 2024 12:59:23 +0000
ROA not before:           Tue 23 Jan 2024 12:59:19 +0000
ROA not after:            Wed 22 Jan 2025 12:59:19 +0000
asID:                     174
IP address blocks:        66.251.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.mft
                          rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sat 23 Nov 2024 00:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 555 (0x22b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3659F9CAR/serialNumber=09FB3136ECD5E3D7CF00B32C121F12E8AFD0A601
        Validity
            Not Before: Jan 23 12:59:19 2024 GMT
            Not After : Jan 22 12:59:19 2025 GMT
        Subject: CN=65afb82a-a96b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:39:1b:4c:8b:d3:b1:08:5c:32:f0:b9:ef:52:
                    27:af:6c:21:6d:8b:cb:e6:8f:c8:6a:9c:73:10:9a:
                    39:fe:50:1b:e7:92:ba:58:ba:0c:11:4a:80:53:ab:
                    8a:86:0e:9a:e4:53:cd:6f:21:65:09:d1:05:b6:0c:
                    3c:ed:36:2f:0a:5c:ff:c5:91:36:9e:c4:e3:d4:34:
                    a6:05:03:e9:fc:79:f6:a6:69:0b:17:ee:5a:4b:35:
                    ff:4d:56:d7:d7:47:b7:0a:63:64:a8:a0:42:a1:d3:
                    13:fc:b0:0c:61:65:ff:ba:cd:23:1b:f3:62:5f:4f:
                    0c:bd:03:bf:59:bd:4a:2c:90:1c:a3:cb:bb:58:0f:
                    de:64:59:3d:b5:5f:09:4b:4a:03:6b:5a:83:f3:92:
                    9f:ec:e5:52:be:22:d2:e0:14:99:4a:05:31:ac:7b:
                    b1:8f:89:ef:ff:65:78:1a:7f:88:02:e9:ed:7c:0d:
                    d7:6f:4b:72:0c:69:e5:16:ef:d6:09:cf:7e:a4:01:
                    91:54:b7:31:f9:01:13:93:e3:33:0f:ae:f7:e6:5a:
                    11:44:2a:ef:6f:a3:d5:98:58:55:00:3d:86:96:21:
                    e2:b0:b2:77:16:c3:19:0e:2f:25:6f:e4:9e:d0:01:
                    34:cd:48:dd:57:bf:c4:54:85:17:7e:fc:c5:9a:3d:
                    2f:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:03:B3:28:CB:9B:8C:22:DD:88:7E:BE:47:89:4B:10:31:6D:F9:F6
            X509v3 Authority Key Identifier:
                keyid:09:FB:31:36:EC:D5:E3:D7:CF:00:B3:2C:12:1F:12:E8:AF:D0:A6:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/3A83DE2EB9EF11EE855D2699775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.251.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:56:40:6b:23:52:aa:4e:fd:88:65:80:7d:e4:06:61:42:6e:
         f6:8d:0d:f4:2d:4b:cf:09:4f:86:61:90:bf:5d:b8:5a:d6:06:
         12:45:e1:76:bd:48:f9:7b:72:46:0a:97:a7:5d:9e:92:c0:8e:
         fa:5e:3b:ad:24:a0:3f:9b:9a:68:6d:5d:ed:00:2a:b0:4f:28:
         4a:94:d4:6a:d6:38:58:6c:7f:99:4b:d7:b3:bf:a1:a9:1d:3c:
         c5:8f:29:1a:1a:b4:ee:e4:43:06:75:94:38:a0:ea:27:34:09:
         95:b5:f4:2f:95:75:28:fd:cf:6e:99:ff:1b:51:53:5d:6a:ca:
         96:4c:fd:9d:49:ee:c3:2a:44:34:c7:35:31:ab:58:ba:d7:04:
         53:7f:c9:bf:53:26:80:15:8c:54:65:00:1c:89:3a:94:1a:01:
         a4:e4:2d:7d:f5:d8:13:3c:08:83:80:91:73:66:23:2f:7d:21:
         08:c1:4a:34:3f:b2:cb:19:9a:5e:f7:60:d9:f4:c6:bd:51:09:
         11:e2:01:09:98:ff:04:7e:fc:f3:85:d2:6b:1f:88:af:84:18:
         cf:ae:a2:d1:27:48:7f:ed:f3:20:94:bf:81:b5:35:97:51:ff:
         35:08:5a:9b:cd:b8:81:38:31:68:df:bc:ef:e6:65:cd:b4:9a:
         aa:c3:64:df
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICAiswDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
NTlGOUNBUjExMC8GA1UEBRMoMDlGQjMxMzZFQ0Q1RTNEN0NGMDBCMzJDMTIxRjEy
RThBRkQwQTYwMTAeFw0yNDAxMjMxMjU5MTlaFw0yNTAxMjIxMjU5MTlaMBgxFjAU
BgNVBAMTDTY1YWZiODJhLWE5NmIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDdORtMi9OxCFwy8LnvUievbCFti8vmj8hqnHMQmjn+UBvnkrpYugwRSoBT
q4qGDprkU81vIWUJ0QW2DDztNi8KXP/FkTaexOPUNKYFA+n8efamaQsX7lpLNf9N
VtfXR7cKY2SooEKh0xP8sAxhZf+6zSMb82JfTwy9A79ZvUoskByjy7tYD95kWT21
XwlLSgNrWoPzkp/s5VK+ItLgFJlKBTGse7GPie//ZXgaf4gC6e18DddvS3IMaeUW
79YJz36kAZFUtzH5AROT4zMPrvfmWhFEKu9vo9WYWFUAPYaWIeKwsncWwxkOLyVv
5J7QATTNSN1Xv8RUhRd+/MWaPS+bAgMBAAGjggKiMIICnjAdBgNVHQ4EFgQUgAOz
KMubjCLdiH6+R4lLEDFt+fYwHwYDVR0jBBgwFoAUCfsxNuzV49fPALMsEh8S6K/Q
pgEwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjU5RjlDLzFEMjI5OTZFN0EwOTExRURCRDQyMjE4NUYxMjIyNDY4L0Nmc3hO
dXpWNDlmUEFMTXNFaDhTNktfUXBnRS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hcmlu
L0Nmc3hOdXpWNDlmUEFMTXNFaDhTNktfUXBnRS5jZXIwTwYDVR0gAQH/BEUwQzBB
BggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5pYy5u
ZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEFBQcw
C4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9y
ZXBvc2l0b3J5L0YzNjU5RjlDLzFEMjI5OTZFN0EwOTExRURCRDQyMjE4NUYxMjIy
NDY4LzNBODNERTJFQjlFRjExRUU4NTVEMjY5OTc3NTQxMkU2LnJvYTA1BggrBgEF
BQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54bWww
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABC+5AwDQYJKoZIhvcNAQELBQAD
ggEBAAVWQGsjUqpO/YhlgH3kBmFCbvaNDfQtS88JT4ZhkL9duFrWBhJF4Xa9SPl7
ckYKl6ddnpLAjvpeO60koD+bmmhtXe0AKrBPKEqU1GrWOFhsf5lL17O/oakdPMWP
KRoatO7kQwZ1lDig6ic0CZW19C+VdSj9z26Z/xtRU11qypZM/Z1J7sMqRDTHNTGr
WLrXBFN/yb9TJoAVjFRlAByJOpQaAaTkLX312BM8CIOAkXNmIy99IQjBSjQ/sssZ
ml73YNn0xr1RCRHiAQmY/wR+/POF0msfiK+EGM+uotEnSH/t8yCUv4G1NZdR/zUI
WpvNuIE4MWjfvO/mZc20mqrDZN8=
-----END CERTIFICATE-----
Generated at Thu Nov 21 03:19:40 2024 by rpki-client on console-ams.rpki-client.org