Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/44EACAEAB9F311EEA7FA48A0775412E6.roa
File:                     44EACAEAB9F311EEA7FA48A0775412E6.roa (raw, json)
Hash identifier:          4c/3P3FcbuiBiI/SkpqEoObK1ejda09QlnBIBMetK3o=
Subject key identifier:   82:18:18:EF:23:49:39:36:C4:9D:44:F4:F4:FA:E1:FB:B8:9B:FE:1D
Certificate issuer:       /CN=F3659F9CAR/serialNumber=09FB3136ECD5E3D7CF00B32C121F12E8AFD0A601
Certificate serial:       0249
Authority key identifier: 09:FB:31:36:EC:D5:E3:D7:CF:00:B3:2C:12:1F:12:E8:AF:D0:A6:01
Authority info access:    rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/44EACAEAB9F311EEA7FA48A0775412E6.roa
Signing time:             Tue 23 Jan 2024 13:28:18 +0000
ROA not before:           Tue 23 Jan 2024 13:28:15 +0000
ROA not after:            Wed 22 Jan 2025 13:28:15 +0000
asID:                     174
IP address blocks:        66.251.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.mft
                          rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Tue 26 Nov 2024 00:21:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 585 (0x249)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3659F9CAR/serialNumber=09FB3136ECD5E3D7CF00B32C121F12E8AFD0A601
        Validity
            Not Before: Jan 23 13:28:15 2024 GMT
            Not After : Jan 22 13:28:15 2025 GMT
        Subject: CN=65afbef2-b2b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:a9:f3:0f:55:07:35:bf:98:63:2a:d8:f6:90:
                    89:8d:4f:7f:3d:f2:52:9d:8c:e3:8d:f4:24:80:7f:
                    c4:35:f2:b5:f3:8f:20:9f:90:42:87:84:7b:1f:a7:
                    57:ee:e5:8b:80:c5:09:b0:de:fb:e2:b3:8c:b0:65:
                    69:43:cf:39:fa:a0:f6:60:92:b2:e4:41:a7:3a:a0:
                    18:f0:30:ca:94:1b:96:19:01:06:e2:8d:46:3b:54:
                    8e:74:e1:9a:e5:2f:b8:96:b0:ff:03:6d:c2:b2:95:
                    76:b1:82:35:33:f0:cf:8d:fa:bb:dc:a6:a6:ef:0a:
                    0f:7a:60:7a:66:a0:17:14:8b:87:a2:fa:14:72:99:
                    81:1c:dc:14:0a:7d:6e:8f:de:6c:b6:12:4f:76:b8:
                    6b:52:b9:94:81:36:3a:1f:9c:d2:2a:c2:e5:43:0d:
                    1d:de:8a:00:c8:9c:cf:39:52:d9:81:a3:d2:73:27:
                    a9:3f:11:c4:10:81:a5:b3:12:f5:89:dd:35:4d:55:
                    0a:da:42:ee:a2:c9:64:96:32:90:29:c6:c6:9b:e8:
                    2b:fa:8a:e1:e1:9b:eb:c9:27:3c:be:6c:33:4e:b4:
                    0f:e1:33:f0:86:98:ac:dc:50:0d:e4:7b:6e:b9:8a:
                    ea:9e:9d:22:b5:c7:0b:8b:74:ec:2e:8e:89:9e:e3:
                    ed:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:18:18:EF:23:49:39:36:C4:9D:44:F4:F4:FA:E1:FB:B8:9B:FE:1D
            X509v3 Authority Key Identifier:
                keyid:09:FB:31:36:EC:D5:E3:D7:CF:00:B3:2C:12:1F:12:E8:AF:D0:A6:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/44EACAEAB9F311EEA7FA48A0775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.251.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:a2:b9:c7:ff:23:72:b6:4a:5d:65:56:ea:09:ac:a3:87:24:
         e4:70:b7:f4:2f:e0:12:2b:30:70:d8:72:6c:cf:7f:66:d9:2c:
         f7:a8:98:64:0d:11:2a:c1:15:fc:a2:e6:9b:b5:fa:93:82:0b:
         bf:17:3e:8a:a4:03:d0:12:53:21:ca:84:16:1d:55:72:5d:19:
         f9:bb:f4:7a:30:e4:78:23:65:75:49:12:4e:78:b6:8c:c0:bb:
         66:c1:9d:12:80:13:18:63:a3:54:2f:34:83:ec:e2:03:d3:f9:
         65:ab:15:df:9d:5a:af:0b:9e:57:26:3b:ec:01:a0:87:c9:ca:
         84:98:05:58:80:eb:87:33:cf:6e:0a:ef:09:cc:23:2f:d2:d4:
         9f:29:ab:6d:04:bc:d9:d0:b1:f3:38:55:69:b6:ed:9a:1a:9b:
         6a:68:12:ea:ab:d3:b7:db:6f:9f:26:69:2a:85:93:47:49:c9:
         bd:7d:a1:4f:d9:cb:40:a9:0d:9c:74:f0:95:71:47:fb:92:4f:
         94:3d:1e:65:0e:0b:e9:ac:b7:ca:6b:ff:d0:82:4d:91:75:fd:
         b1:05:2a:9a:9e:ab:40:3a:f9:44:61:9c:ad:8f:9a:4b:c3:18:
         f3:f4:2a:d1:84:0d:81:ed:1a:a3:a0:80:d7:d3:fb:e6:34:55:
         48:95:2c:82
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICAkkwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
NTlGOUNBUjExMC8GA1UEBRMoMDlGQjMxMzZFQ0Q1RTNEN0NGMDBCMzJDMTIxRjEy
RThBRkQwQTYwMTAeFw0yNDAxMjMxMzI4MTVaFw0yNTAxMjIxMzI4MTVaMBgxFjAU
BgNVBAMTDTY1YWZiZWYyLWIyYjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDbqfMPVQc1v5hjKtj2kImNT3898lKdjOON9CSAf8Q18rXzjyCfkEKHhHsf
p1fu5YuAxQmw3vvis4ywZWlDzzn6oPZgkrLkQac6oBjwMMqUG5YZAQbijUY7VI50
4ZrlL7iWsP8DbcKylXaxgjUz8M+N+rvcpqbvCg96YHpmoBcUi4ei+hRymYEc3BQK
fW6P3my2Ek92uGtSuZSBNjofnNIqwuVDDR3eigDInM85UtmBo9JzJ6k/EcQQgaWz
EvWJ3TVNVQraQu6iyWSWMpApxsab6Cv6iuHhm+vJJzy+bDNOtA/hM/CGmKzcUA3k
e265iuqenSK1xwuLdOwujome4+25AgMBAAGjggKiMIICnjAdBgNVHQ4EFgQUghgY
7yNJOTbEnUT09Prh+7ib/h0wHwYDVR0jBBgwFoAUCfsxNuzV49fPALMsEh8S6K/Q
pgEwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjU5RjlDLzFEMjI5OTZFN0EwOTExRURCRDQyMjE4NUYxMjIyNDY4L0Nmc3hO
dXpWNDlmUEFMTXNFaDhTNktfUXBnRS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hcmlu
L0Nmc3hOdXpWNDlmUEFMTXNFaDhTNktfUXBnRS5jZXIwTwYDVR0gAQH/BEUwQzBB
BggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5pYy5u
ZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEFBQcw
C4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9y
ZXBvc2l0b3J5L0YzNjU5RjlDLzFEMjI5OTZFN0EwOTExRURCRDQyMjE4NUYxMjIy
NDY4LzQ0RUFDQUVBQjlGMzExRUVBN0ZBNDhBMDc3NTQxMkU2LnJvYTA1BggrBgEF
BQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54bWww
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABC+7EwDQYJKoZIhvcNAQELBQAD
ggEBAGWiucf/I3K2Sl1lVuoJrKOHJORwt/Qv4BIrMHDYcmzPf2bZLPeomGQNESrB
Ffyi5pu1+pOCC78XPoqkA9ASUyHKhBYdVXJdGfm79How5HgjZXVJEk54tozAu2bB
nRKAExhjo1QvNIPs4gPT+WWrFd+dWq8LnlcmO+wBoIfJyoSYBViA64czz24K7wnM
Iy/S1J8pq20EvNnQsfM4VWm27Zoam2poEuqr07fbb58maSqFk0dJyb19oU/Zy0Cp
DZx08JVxR/uST5Q9HmUOC+mst8pr/9CCTZF1/bEFKpqeq0A6+URhnK2PmkvDGPP0
KtGEDYHtGqOggNfT++Y0VUiVLII=
-----END CERTIFICATE-----
Generated at Sun Nov 24 03:17:55 2024 by rpki-client on console-ams.rpki-client.org