Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/4C3DA63EA61411EEB7815026D25BE465.roa
File:                     4C3DA63EA61411EEB7815026D25BE465.roa (raw, json)
Hash identifier:          ulvKdR027ZVKD3Jv2v1PDdSc6dC2pCoFvid0ndHLsgg=
Subject key identifier:   A1:2E:B4:3C:61:C1:EE:19:30:55:7C:76:3D:B6:4A:4D:10:EF:54:45
Certificate issuer:       /CN=F3659F9CAR/serialNumber=09FB3136ECD5E3D7CF00B32C121F12E8AFD0A601
Certificate serial:       01FD
Authority key identifier: 09:FB:31:36:EC:D5:E3:D7:CF:00:B3:2C:12:1F:12:E8:AF:D0:A6:01
Authority info access:    rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/4C3DA63EA61411EEB7815026D25BE465.roa
Signing time:             Fri 29 Dec 2023 06:34:20 +0000
ROA not before:           Fri 29 Dec 2023 06:34:17 +0000
ROA not after:            Sat 28 Dec 2024 06:34:17 +0000
asID:                     53356
IP address blocks:        66.251.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.mft
                          rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:21:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 509 (0x1fd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3659F9CAR/serialNumber=09FB3136ECD5E3D7CF00B32C121F12E8AFD0A601
        Validity
            Not Before: Dec 29 06:34:17 2023 GMT
            Not After : Dec 28 06:34:17 2024 GMT
        Subject: CN=658e686c-f61d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:88:ab:bf:be:0f:67:c5:8a:98:87:12:aa:a0:
                    37:3f:54:5b:32:bf:b7:cb:34:44:92:94:a7:0e:3f:
                    46:80:4f:b7:4b:31:e8:87:b4:d3:c5:6d:08:6c:35:
                    27:c6:44:bf:6d:87:ca:a3:4a:fc:94:a4:02:c8:58:
                    7b:36:e9:84:22:6c:43:58:e2:8d:7b:78:e3:6b:e6:
                    0a:30:b4:79:45:c4:b9:de:62:fd:12:12:4a:21:05:
                    9b:9b:54:44:6a:34:df:9f:1a:cd:3a:15:02:91:f0:
                    6b:b8:67:85:ec:00:5e:8a:17:3a:ab:09:bf:4e:05:
                    37:b6:38:07:bb:9e:df:8e:b6:5b:25:e5:00:23:a8:
                    ae:3f:8c:fa:45:a3:18:d3:e6:f8:93:29:d9:84:ff:
                    d0:5e:83:60:ca:ab:75:60:03:a7:3e:79:1d:8e:ce:
                    08:6e:0f:67:92:cb:c5:2e:5d:80:10:67:c6:de:ea:
                    27:d1:f0:78:56:fa:62:4d:90:50:9f:52:54:76:7f:
                    78:2e:39:5a:b2:2c:27:24:be:bf:d2:34:a2:af:2e:
                    8f:4a:5d:9f:38:e4:bb:36:6d:e1:78:0a:0b:f0:bc:
                    a1:1c:49:29:67:82:0a:e6:5d:62:05:cf:04:8c:9c:
                    a9:4d:7d:4f:2b:d9:23:b4:35:6e:10:1d:af:a1:db:
                    16:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:2E:B4:3C:61:C1:EE:19:30:55:7C:76:3D:B6:4A:4D:10:EF:54:45
            X509v3 Authority Key Identifier:
                keyid:09:FB:31:36:EC:D5:E3:D7:CF:00:B3:2C:12:1F:12:E8:AF:D0:A6:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/4C3DA63EA61411EEB7815026D25BE465.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.251.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:2d:ed:b9:da:c3:9e:92:b2:e0:f1:1b:5c:4d:cf:47:f5:93:
         73:de:17:5e:50:ce:7c:33:8d:96:fe:c1:e3:53:97:e2:0f:59:
         97:cd:28:f8:19:2f:77:39:b4:5f:41:1e:4d:9b:b1:6a:1d:22:
         68:bc:c5:c4:66:b0:2a:7b:29:92:29:80:91:64:0e:da:49:f3:
         9c:90:a9:b4:0f:74:e5:c7:73:64:4f:8e:65:37:c1:a9:61:a1:
         be:87:a7:77:71:6b:56:13:e6:32:df:61:5e:7d:66:d0:5d:b5:
         80:35:db:41:29:85:c8:89:35:5c:7f:b5:5e:de:50:55:f5:7d:
         90:0f:74:b5:ea:10:d9:4a:b5:15:1c:28:15:7c:80:02:af:d1:
         ad:d3:88:1a:65:bc:71:aa:44:38:ed:82:4c:44:50:af:3e:e4:
         2d:b2:8b:31:57:8e:ea:63:22:5d:01:3e:5d:de:c6:6a:69:98:
         10:b7:8f:e3:68:82:01:43:09:ec:4f:ad:3d:ed:a3:18:83:76:
         5a:32:b5:77:9a:75:b8:d7:a1:02:19:a2:ef:38:14:16:ab:e9:
         91:e3:b1:ff:d3:fa:75:20:38:8c:cf:d0:0f:ca:0a:cd:bd:9f:
         c7:5d:7a:b2:c9:e9:2d:41:7f:02:07:3f:75:2b:13:82:a8:e5:
         93:61:4c:66
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICAf0wDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAwwKRjM2
NTlGOUNBUjExMC8GA1UEBRMoMDlGQjMxMzZFQ0Q1RTNEN0NGMDBCMzJDMTIxRjEy
RThBRkQwQTYwMTAeFw0yMzEyMjkwNjM0MTdaFw0yNDEyMjgwNjM0MTdaMBgxFjAU
BgNVBAMTDTY1OGU2ODZjLWY2MWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDdiKu/vg9nxYqYhxKqoDc/VFsyv7fLNESSlKcOP0aAT7dLMeiHtNPFbQhs
NSfGRL9th8qjSvyUpALIWHs26YQibENY4o17eONr5gowtHlFxLneYv0SEkohBZub
VERqNN+fGs06FQKR8Gu4Z4XsAF6KFzqrCb9OBTe2OAe7nt+Otlsl5QAjqK4/jPpF
oxjT5viTKdmE/9Beg2DKq3VgA6c+eR2OzghuD2eSy8UuXYAQZ8be6ifR8HhW+mJN
kFCfUlR2f3guOVqyLCckvr/SNKKvLo9KXZ845Ls2beF4CgvwvKEcSSlnggrmXWIF
zwSMnKlNfU8r2SO0NW4QHa+h2xZJAgMBAAGjggKiMIICnjAdBgNVHQ4EFgQUoS60
PGHB7hkwVXx2PbZKTRDvVEUwHwYDVR0jBBgwFoAUCfsxNuzV49fPALMsEh8S6K/Q
pgEwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjU5RjlDLzFEMjI5OTZFN0EwOTExRURCRDQyMjE4NUYxMjIyNDY4L0Nmc3hO
dXpWNDlmUEFMTXNFaDhTNktfUXBnRS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hcmlu
L0Nmc3hOdXpWNDlmUEFMTXNFaDhTNktfUXBnRS5jZXIwTwYDVR0gAQH/BEUwQzBB
BggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5pYy5u
ZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEFBQcw
C4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9y
ZXBvc2l0b3J5L0YzNjU5RjlDLzFEMjI5OTZFN0EwOTExRURCRDQyMjE4NUYxMjIy
NDY4LzRDM0RBNjNFQTYxNDExRUVCNzgxNTAyNkQyNUJFNDY1LnJvYTA1BggrBgEF
BQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54bWww
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABC+5gwDQYJKoZIhvcNAQELBQAD
ggEBAEIt7bnaw56SsuDxG1xNz0f1k3PeF15QznwzjZb+weNTl+IPWZfNKPgZL3c5
tF9BHk2bsWodImi8xcRmsCp7KZIpgJFkDtpJ85yQqbQPdOXHc2RPjmU3walhob6H
p3dxa1YT5jLfYV59ZtBdtYA120EphciJNVx/tV7eUFX1fZAPdLXqENlKtRUcKBV8
gAKv0a3TiBplvHGqRDjtgkxEUK8+5C2yizFXjupjIl0BPl3exmppmBC3j+NoggFD
CexPrT3toxiDdloytXeadbjXoQIZou84FBar6ZHjsf/T+nUgOIzP0A/KCs29n8dd
erLJ6S1BfwIHP3UrE4Ko5ZNhTGY=
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:03:35 2024 by rpki-client on console-ams.rpki-client.org