Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/656BBEC2E28F11EEB6E8E34A775412E6.roa
File:                     656BBEC2E28F11EEB6E8E34A775412E6.roa (raw, json)
Hash identifier:          6RHj/c6Eh/Ku8hXPaLeXfn3mVJgVW335g8a2J7ti7SI=
Subject key identifier:   B1:56:14:F5:E0:E9:8B:AA:FA:BD:FD:91:23:FB:EF:3A:B6:06:71:6E
Certificate issuer:       /CN=F3659F9CAR/serialNumber=09FB3136ECD5E3D7CF00B32C121F12E8AFD0A601
Certificate serial:       0299
Authority key identifier: 09:FB:31:36:EC:D5:E3:D7:CF:00:B3:2C:12:1F:12:E8:AF:D0:A6:01
Authority info access:    rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/656BBEC2E28F11EEB6E8E34A775412E6.roa
Signing time:             Fri 15 Mar 2024 05:46:40 +0000
ROA not before:           Fri 15 Mar 2024 05:46:37 +0000
ROA not after:            Fri 14 Mar 2025 05:46:37 +0000
asID:                     34549
IP address blocks:        66.251.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.mft
                          rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:21:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 665 (0x299)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3659F9CAR/serialNumber=09FB3136ECD5E3D7CF00B32C121F12E8AFD0A601
        Validity
            Not Before: Mar 15 05:46:37 2024 GMT
            Not After : Mar 14 05:46:37 2025 GMT
        Subject: CN=65f3e0c0-ee50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:69:7f:71:20:28:56:4a:c4:16:17:dc:e0:c4:
                    11:ac:78:6f:83:72:29:18:e2:48:04:59:ae:e9:d6:
                    18:60:94:17:db:25:89:12:70:7e:05:01:04:df:1c:
                    7f:1c:85:20:b7:c7:f4:9b:93:a4:c9:9f:1f:39:fc:
                    55:4f:2d:3b:e9:16:6d:4e:c2:68:2c:9a:0e:c9:b2:
                    9d:e0:2b:37:d5:ed:e1:96:73:ac:be:93:ab:c0:c0:
                    39:e9:6a:26:2d:13:0a:0e:75:ab:37:b1:3c:bb:de:
                    cd:e9:51:46:46:53:dd:8a:a8:77:3e:21:be:7c:89:
                    71:1f:65:4b:00:06:c7:a6:34:c4:f4:c7:da:29:3a:
                    fa:2e:d8:c5:99:73:8d:f5:18:f2:39:b8:8e:15:a0:
                    52:0f:84:d0:9a:be:1b:33:e9:8f:52:8b:a2:70:70:
                    3a:9b:4a:91:e8:e8:54:32:ea:16:e1:02:81:a1:96:
                    06:c3:fd:82:24:df:6c:ca:1a:e1:aa:c5:7f:99:5f:
                    d6:2c:c9:2f:93:6c:ac:0d:6d:ff:4e:8d:d2:d2:64:
                    72:9c:37:10:b3:0e:97:f8:be:df:e1:4d:93:89:69:
                    ea:94:29:d4:a9:7e:8d:a5:25:34:5e:ca:75:63:6a:
                    1d:b2:48:5b:34:b3:6c:46:79:55:30:74:7a:ac:b4:
                    b8:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:56:14:F5:E0:E9:8B:AA:FA:BD:FD:91:23:FB:EF:3A:B6:06:71:6E
            X509v3 Authority Key Identifier:
                keyid:09:FB:31:36:EC:D5:E3:D7:CF:00:B3:2C:12:1F:12:E8:AF:D0:A6:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/656BBEC2E28F11EEB6E8E34A775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.251.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:0f:99:b1:37:b2:18:ed:7c:6f:5f:c6:4d:f4:51:56:27:f1:
         be:6f:f8:1b:f1:8e:47:c9:ad:38:4e:59:5c:30:2a:6b:fb:71:
         a3:34:ee:56:78:41:a5:ff:24:5a:d7:dd:1d:80:7a:9d:4d:fb:
         42:0c:83:7e:41:59:71:bc:ea:84:61:56:4b:6b:52:00:71:ef:
         10:bd:9a:24:e3:4b:fd:93:34:28:4e:a7:21:a9:17:84:69:f4:
         85:54:7b:f7:6b:62:89:57:4e:99:f8:8c:0d:5c:b8:d6:b1:fe:
         ed:8c:75:26:fc:b6:7f:88:b2:9b:51:71:1e:ad:c1:f4:bc:54:
         b5:1e:08:aa:e7:23:95:51:af:3a:55:4d:6b:31:dc:ec:1e:40:
         ab:af:72:42:90:fc:b8:8b:ab:02:13:d0:3c:0e:ff:5c:5c:c9:
         20:4d:32:a1:47:32:c0:f7:e8:83:88:da:6b:ff:c6:b2:ea:eb:
         0c:e2:f6:e0:ed:8a:4b:0d:ec:eb:ad:8d:1d:4a:e6:f9:78:fa:
         34:de:d7:35:9f:32:04:b4:f2:18:c3:13:74:a0:b5:9c:b6:29:
         23:0d:c2:db:97:23:2f:15:43:c5:6e:49:16:a4:6c:8d:bb:77:
         0f:6c:39:93:48:0a:9d:d1:e7:e5:55:23:2e:bc:03:6a:fe:1f:
         01:a6:8f:0a
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICApkwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
NTlGOUNBUjExMC8GA1UEBRMoMDlGQjMxMzZFQ0Q1RTNEN0NGMDBCMzJDMTIxRjEy
RThBRkQwQTYwMTAeFw0yNDAzMTUwNTQ2MzdaFw0yNTAzMTQwNTQ2MzdaMBgxFjAU
BgNVBAMTDTY1ZjNlMGMwLWVlNTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDlaX9xIChWSsQWF9zgxBGseG+DcikY4kgEWa7p1hhglBfbJYkScH4FAQTf
HH8chSC3x/Sbk6TJnx85/FVPLTvpFm1Owmgsmg7Jsp3gKzfV7eGWc6y+k6vAwDnp
aiYtEwoOdas3sTy73s3pUUZGU92KqHc+Ib58iXEfZUsABsemNMT0x9opOvou2MWZ
c431GPI5uI4VoFIPhNCavhsz6Y9Si6JwcDqbSpHo6FQy6hbhAoGhlgbD/YIk32zK
GuGqxX+ZX9YsyS+TbKwNbf9OjdLSZHKcNxCzDpf4vt/hTZOJaeqUKdSpfo2lJTRe
ynVjah2ySFs0s2xGeVUwdHqstLiFAgMBAAGjggKiMIICnjAdBgNVHQ4EFgQUsVYU
9eDpi6r6vf2RI/vvOrYGcW4wHwYDVR0jBBgwFoAUCfsxNuzV49fPALMsEh8S6K/Q
pgEwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjU5RjlDLzFEMjI5OTZFN0EwOTExRURCRDQyMjE4NUYxMjIyNDY4L0Nmc3hO
dXpWNDlmUEFMTXNFaDhTNktfUXBnRS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hcmlu
L0Nmc3hOdXpWNDlmUEFMTXNFaDhTNktfUXBnRS5jZXIwTwYDVR0gAQH/BEUwQzBB
BggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5pYy5u
ZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEFBQcw
C4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9y
ZXBvc2l0b3J5L0YzNjU5RjlDLzFEMjI5OTZFN0EwOTExRURCRDQyMjE4NUYxMjIy
NDY4LzY1NkJCRUMyRTI4RjExRUVCNkU4RTM0QTc3NTQxMkU2LnJvYTA1BggrBgEF
BQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54bWww
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABC+6gwDQYJKoZIhvcNAQELBQAD
ggEBABYPmbE3shjtfG9fxk30UVYn8b5v+BvxjkfJrThOWVwwKmv7caM07lZ4QaX/
JFrX3R2Aep1N+0IMg35BWXG86oRhVktrUgBx7xC9miTjS/2TNChOpyGpF4Rp9IVU
e/drYolXTpn4jA1cuNax/u2MdSb8tn+IsptRcR6twfS8VLUeCKrnI5VRrzpVTWsx
3OweQKuvckKQ/LiLqwIT0DwO/1xcySBNMqFHMsD36IOI2mv/xrLq6wzi9uDtiksN
7OutjR1K5vl4+jTe1zWfMgS08hjDE3SgtZy2KSMNwtuXIy8VQ8VuSRakbI27dw9s
OZNICp3R5+VVIy68A2r+HwGmjwo=
-----END CERTIFICATE-----
Generated at Fri Nov 22 03:52:54 2024 by rpki-client on console-fra.rpki-client.org