Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/AFA07508B9EC11EE9900E294775412E6.roa
File:                     AFA07508B9EC11EE9900E294775412E6.roa (raw, json)
Hash identifier:          18GmkPJVDD785Pti2sMB+lgU0CDsvj25CXqvlnQUzOw=
Subject key identifier:   93:64:62:0E:BC:C9:90:48:CD:BB:34:66:EA:7C:C4:37:18:99:22:E7
Certificate issuer:       /CN=F3659F9CAR/serialNumber=09FB3136ECD5E3D7CF00B32C121F12E8AFD0A601
Certificate serial:       0229
Authority key identifier: 09:FB:31:36:EC:D5:E3:D7:CF:00:B3:2C:12:1F:12:E8:AF:D0:A6:01
Authority info access:    rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/AFA07508B9EC11EE9900E294775412E6.roa
Signing time:             Tue 23 Jan 2024 12:41:10 +0000
ROA not before:           Tue 23 Jan 2024 12:41:07 +0000
ROA not after:            Wed 22 Jan 2025 12:41:07 +0000
asID:                     174
IP address blocks:        66.251.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.mft
                          rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Tue 26 Nov 2024 00:21:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 553 (0x229)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3659F9CAR/serialNumber=09FB3136ECD5E3D7CF00B32C121F12E8AFD0A601
        Validity
            Not Before: Jan 23 12:41:07 2024 GMT
            Not After : Jan 22 12:41:07 2025 GMT
        Subject: CN=65afb3e6-ed8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:37:7d:55:e9:d3:a7:17:98:7b:3e:c4:ca:4e:
                    74:e3:8f:41:a7:3e:85:ed:aa:ed:c5:ee:ca:79:7a:
                    34:ff:fc:c5:8f:0d:0f:bc:3d:67:eb:f0:04:21:ca:
                    a0:52:6d:de:bf:ee:34:85:08:8d:2f:7d:d5:94:24:
                    18:06:79:be:4f:e8:04:3f:ec:3c:97:f8:79:28:ce:
                    4e:a9:50:42:1b:f0:d2:84:f1:26:9c:78:b9:97:0e:
                    f4:ce:60:52:33:35:17:c4:2e:16:e5:68:ee:d7:56:
                    93:13:b2:6f:24:03:85:8d:4c:d7:f3:5e:45:0c:7f:
                    66:16:4b:c2:0c:dd:dc:e3:cd:71:35:4f:cc:e2:52:
                    42:bb:bd:9c:df:ee:a3:8e:94:b9:a9:d1:ff:2b:46:
                    dc:e9:d5:3f:17:cb:ad:23:07:b9:e3:07:5c:b2:69:
                    ab:e7:3d:ef:47:ca:78:77:b0:38:0b:c5:de:01:63:
                    6e:5c:19:7c:71:27:19:1b:cb:64:b6:68:19:e7:b2:
                    f5:cf:b6:cc:66:89:ea:ba:2d:87:3b:2c:f5:a6:6c:
                    c5:97:ac:c2:67:12:59:1b:93:96:79:4e:bd:d3:80:
                    96:bd:83:00:aa:72:c5:8b:02:15:67:19:46:df:93:
                    b1:ea:47:33:a6:74:48:6e:67:f3:31:a6:93:5d:70:
                    ba:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:64:62:0E:BC:C9:90:48:CD:BB:34:66:EA:7C:C4:37:18:99:22:E7
            X509v3 Authority Key Identifier:
                keyid:09:FB:31:36:EC:D5:E3:D7:CF:00:B3:2C:12:1F:12:E8:AF:D0:A6:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/AFA07508B9EC11EE9900E294775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.251.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:f3:df:0d:ad:23:97:f8:2c:c4:3c:f9:db:45:af:73:a1:2c:
         a5:7d:89:40:70:60:7a:1d:7d:da:0e:e8:57:f8:66:c8:55:a9:
         60:b7:dc:40:71:29:79:27:e7:a3:32:92:ff:c0:2e:b5:ec:f6:
         7f:93:2b:d6:b2:51:98:54:bb:a5:c7:10:af:35:15:e0:b3:16:
         61:5e:02:0e:f0:45:8f:0f:11:92:76:4f:16:63:42:f7:90:d2:
         0e:25:3f:24:25:7a:e8:5f:7d:e7:1c:a8:af:21:08:9e:10:96:
         ab:86:1d:7b:60:61:83:f3:fa:ac:d3:e2:50:88:5d:33:a3:ae:
         40:f9:52:0b:dd:92:20:c0:53:45:23:a7:93:2d:c5:25:24:7e:
         fe:af:75:46:a7:ae:f2:dc:62:00:b4:49:0b:5d:e2:28:1e:47:
         fd:ee:0e:bc:d1:f3:d0:40:cf:47:66:ff:7a:ca:1e:1c:f8:40:
         5e:d8:4e:d2:c4:6a:7b:7d:15:c1:e0:e9:d4:1b:0f:9f:63:e0:
         68:b1:99:5d:57:58:b2:aa:33:2a:56:9b:0e:6a:24:6e:72:e4:
         51:d7:cb:65:41:fc:09:25:72:49:3d:3f:96:3e:20:d4:63:8c:
         ad:55:cc:eb:bc:9f:2b:e3:84:89:96:da:6f:3d:62:a2:ce:b8:
         f7:c6:0e:14
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICAikwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
NTlGOUNBUjExMC8GA1UEBRMoMDlGQjMxMzZFQ0Q1RTNEN0NGMDBCMzJDMTIxRjEy
RThBRkQwQTYwMTAeFw0yNDAxMjMxMjQxMDdaFw0yNTAxMjIxMjQxMDdaMBgxFjAU
BgNVBAMTDTY1YWZiM2U2LWVkOGYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDoN31V6dOnF5h7PsTKTnTjj0GnPoXtqu3F7sp5ejT//MWPDQ+8PWfr8AQh
yqBSbd6/7jSFCI0vfdWUJBgGeb5P6AQ/7DyX+Hkozk6pUEIb8NKE8SaceLmXDvTO
YFIzNRfELhblaO7XVpMTsm8kA4WNTNfzXkUMf2YWS8IM3dzjzXE1T8ziUkK7vZzf
7qOOlLmp0f8rRtzp1T8Xy60jB7njB1yyaavnPe9Hynh3sDgLxd4BY25cGXxxJxkb
y2S2aBnnsvXPtsxmieq6LYc7LPWmbMWXrMJnElkbk5Z5Tr3TgJa9gwCqcsWLAhVn
GUbfk7HqRzOmdEhuZ/MxppNdcLrFAgMBAAGjggKiMIICnjAdBgNVHQ4EFgQUk2Ri
DrzJkEjNuzRm6nzENxiZIucwHwYDVR0jBBgwFoAUCfsxNuzV49fPALMsEh8S6K/Q
pgEwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjU5RjlDLzFEMjI5OTZFN0EwOTExRURCRDQyMjE4NUYxMjIyNDY4L0Nmc3hO
dXpWNDlmUEFMTXNFaDhTNktfUXBnRS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hcmlu
L0Nmc3hOdXpWNDlmUEFMTXNFaDhTNktfUXBnRS5jZXIwTwYDVR0gAQH/BEUwQzBB
BggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5pYy5u
ZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEFBQcw
C4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9y
ZXBvc2l0b3J5L0YzNjU5RjlDLzFEMjI5OTZFN0EwOTExRURCRDQyMjE4NUYxMjIy
NDY4L0FGQTA3NTA4QjlFQzExRUU5OTAwRTI5NDc3NTQxMkU2LnJvYTA1BggrBgEF
BQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54bWww
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABC+4owDQYJKoZIhvcNAQELBQAD
ggEBADrz3w2tI5f4LMQ8+dtFr3OhLKV9iUBwYHodfdoO6Ff4ZshVqWC33EBxKXkn
56Mykv/ALrXs9n+TK9ayUZhUu6XHEK81FeCzFmFeAg7wRY8PEZJ2TxZjQveQ0g4l
PyQleuhffeccqK8hCJ4QlquGHXtgYYPz+qzT4lCIXTOjrkD5UgvdkiDAU0Ujp5Mt
xSUkfv6vdUanrvLcYgC0SQtd4igeR/3uDrzR89BAz0dm/3rKHhz4QF7YTtLEant9
FcHg6dQbD59j4GixmV1XWLKqMypWmw5qJG5y5FHXy2VB/Aklckk9P5Y+INRjjK1V
zOu8nyvjhImW2m89YqLOuPfGDhQ=
-----END CERTIFICATE-----
Generated at Sun Nov 24 04:29:36 2024 by rpki-client on console-fra.rpki-client.org