Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/97BC89BCB9F211EEB8A6129F775412E6.roa
File:                     97BC89BCB9F211EEB8A6129F775412E6.roa (raw, json)
Hash identifier:          yrig72d/4zhuguIfR46TPZA6ybV6H29xFesMft0ldAY=
Subject key identifier:   53:98:89:6E:8B:B4:DB:44:91:9F:62:3C:CE:2B:5C:49:A1:08:A1:5D
Certificate issuer:       /CN=F3659F9CAR/serialNumber=09FB3136ECD5E3D7CF00B32C121F12E8AFD0A601
Certificate serial:       023F
Authority key identifier: 09:FB:31:36:EC:D5:E3:D7:CF:00:B3:2C:12:1F:12:E8:AF:D0:A6:01
Authority info access:    rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/97BC89BCB9F211EEB8A6129F775412E6.roa
Signing time:             Tue 23 Jan 2024 13:23:27 +0000
ROA not before:           Tue 23 Jan 2024 13:23:24 +0000
ROA not after:            Wed 22 Jan 2025 13:23:24 +0000
asID:                     174
IP address blocks:        66.251.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.mft
                          rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sat 23 Nov 2024 00:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 575 (0x23f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3659F9CAR/serialNumber=09FB3136ECD5E3D7CF00B32C121F12E8AFD0A601
        Validity
            Not Before: Jan 23 13:23:24 2024 GMT
            Not After : Jan 22 13:23:24 2025 GMT
        Subject: CN=65afbdcf-7ba5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:17:e4:d3:3c:31:5d:99:65:29:19:8a:07:ba:
                    6b:70:e8:37:40:2c:37:65:8e:c6:f9:a4:cc:1e:cd:
                    8a:b1:fa:2a:15:ec:4b:05:81:54:0f:b7:b7:c8:41:
                    21:5c:ab:03:5c:ae:ed:e2:6e:c3:48:83:d0:6f:84:
                    ba:e4:a2:36:24:35:01:fa:69:23:9a:26:8a:7d:1c:
                    67:85:11:c4:64:b2:f0:8b:ba:03:cc:79:df:a3:c7:
                    84:93:f9:4a:87:1a:72:20:9d:3d:3f:5a:c7:12:aa:
                    a7:cc:b9:b9:83:f6:60:d3:1b:3a:ae:26:da:7d:16:
                    41:64:f6:82:3a:f1:8e:bb:3d:8d:a9:62:4a:fc:f3:
                    d0:4a:c5:ea:be:5a:01:e0:d8:92:22:74:3b:6a:8e:
                    fc:9e:bc:ad:aa:9b:0a:a1:f3:3d:39:b4:ad:2c:9f:
                    91:5e:2c:83:ef:e2:8b:69:14:ee:53:5f:a6:7a:7d:
                    a0:1f:c1:6f:8a:d7:f8:4a:38:f6:5c:f0:c8:e6:7f:
                    e9:a5:95:55:d5:ee:e9:d9:b5:eb:ad:09:e8:b2:04:
                    50:2c:4d:30:f7:af:a6:85:a6:de:d4:53:0c:3f:ba:
                    6a:a3:03:83:4a:85:a9:3c:0b:ca:a6:8d:70:91:35:
                    b9:76:a4:fd:e7:9c:bd:41:a2:3a:44:24:4e:a7:64:
                    b3:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:98:89:6E:8B:B4:DB:44:91:9F:62:3C:CE:2B:5C:49:A1:08:A1:5D
            X509v3 Authority Key Identifier:
                keyid:09:FB:31:36:EC:D5:E3:D7:CF:00:B3:2C:12:1F:12:E8:AF:D0:A6:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/97BC89BCB9F211EEB8A6129F775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.251.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:4d:ae:5a:16:60:28:82:06:9d:0e:14:3f:f0:62:ff:19:4e:
         d0:a3:69:49:03:d6:ae:b1:fd:8a:dd:4e:65:01:ca:34:a4:cb:
         d9:7c:96:d8:1d:97:bc:83:6d:89:d5:8f:26:9b:62:db:dc:cb:
         40:86:86:cc:c1:be:eb:db:f1:8e:e0:0d:de:10:12:51:ac:d0:
         30:d1:9d:ea:96:f9:35:68:81:99:f0:76:0a:7a:5c:6b:07:ac:
         e2:75:a9:70:6a:3f:1f:8a:76:5b:83:e6:15:02:36:c6:02:07:
         0b:75:21:3f:7d:4d:ca:b2:a6:1d:56:bb:50:d8:29:bc:56:e2:
         3b:f9:fb:2e:8e:96:f3:f1:c5:34:83:dd:3b:a5:44:57:0b:a3:
         00:2e:5e:e7:b4:28:66:63:53:d8:43:11:d6:07:ce:9c:1e:ef:
         d6:55:e4:ed:8c:0b:e5:b9:e6:a5:9a:6e:a3:9c:03:fe:fb:cc:
         78:a4:40:e1:e7:2b:e5:51:d3:14:0c:1b:6a:f9:94:03:b0:f9:
         e1:90:cb:0a:67:8a:43:21:92:26:4d:58:fa:3b:e3:f6:d8:7c:
         15:b8:e0:4c:aa:41:2e:68:a3:5d:4f:b5:b4:33:f4:ea:2e:c0:
         9c:ca:03:d7:53:fe:20:10:24:c0:82:c1:f9:0c:6b:5b:0e:a7:
         c9:19:7d:2f
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICAj8wDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
NTlGOUNBUjExMC8GA1UEBRMoMDlGQjMxMzZFQ0Q1RTNEN0NGMDBCMzJDMTIxRjEy
RThBRkQwQTYwMTAeFw0yNDAxMjMxMzIzMjRaFw0yNTAxMjIxMzIzMjRaMBgxFjAU
BgNVBAMTDTY1YWZiZGNmLTdiYTUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDHF+TTPDFdmWUpGYoHumtw6DdALDdljsb5pMwezYqx+ioV7EsFgVQPt7fI
QSFcqwNcru3ibsNIg9BvhLrkojYkNQH6aSOaJop9HGeFEcRksvCLugPMed+jx4ST
+UqHGnIgnT0/WscSqqfMubmD9mDTGzquJtp9FkFk9oI68Y67PY2pYkr889BKxeq+
WgHg2JIidDtqjvyevK2qmwqh8z05tK0sn5FeLIPv4otpFO5TX6Z6faAfwW+K1/hK
OPZc8Mjmf+mllVXV7unZteutCeiyBFAsTTD3r6aFpt7UUww/umqjA4NKhak8C8qm
jXCRNbl2pP3nnL1BojpEJE6nZLP/AgMBAAGjggKiMIICnjAdBgNVHQ4EFgQUU5iJ
bou020SRn2I8zitcSaEIoV0wHwYDVR0jBBgwFoAUCfsxNuzV49fPALMsEh8S6K/Q
pgEwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjU5RjlDLzFEMjI5OTZFN0EwOTExRURCRDQyMjE4NUYxMjIyNDY4L0Nmc3hO
dXpWNDlmUEFMTXNFaDhTNktfUXBnRS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hcmlu
L0Nmc3hOdXpWNDlmUEFMTXNFaDhTNktfUXBnRS5jZXIwTwYDVR0gAQH/BEUwQzBB
BggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5pYy5u
ZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEFBQcw
C4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9y
ZXBvc2l0b3J5L0YzNjU5RjlDLzFEMjI5OTZFN0EwOTExRURCRDQyMjE4NUYxMjIy
NDY4Lzk3QkM4OUJDQjlGMjExRUVCOEE2MTI5Rjc3NTQxMkU2LnJvYTA1BggrBgEF
BQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54bWww
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABC+6wwDQYJKoZIhvcNAQELBQAD
ggEBAGJNrloWYCiCBp0OFD/wYv8ZTtCjaUkD1q6x/YrdTmUByjSky9l8ltgdl7yD
bYnVjyabYtvcy0CGhszBvuvb8Y7gDd4QElGs0DDRneqW+TVogZnwdgp6XGsHrOJ1
qXBqPx+KdluD5hUCNsYCBwt1IT99Tcqyph1Wu1DYKbxW4jv5+y6OlvPxxTSD3Tul
RFcLowAuXue0KGZjU9hDEdYHzpwe79ZV5O2MC+W55qWabqOcA/77zHikQOHnK+VR
0xQMG2r5lAOw+eGQywpnikMhkiZNWPo74/bYfBW44EyqQS5oo11PtbQz9OouwJzK
A9dT/iAQJMCCwfkMa1sOp8kZfS8=
-----END CERTIFICATE-----
Generated at Thu Nov 21 03:19:40 2024 by rpki-client on console-ams.rpki-client.org