Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/B6C03066B9F211EEB096369F775412E6.roa
File:                     B6C03066B9F211EEB096369F775412E6.roa (raw, json)
Hash identifier:          6JlQOOzx4HszMh76EYYWHmuPT3Csz/WpYTR10xXzDGc=
Subject key identifier:   89:01:26:3C:03:0D:9B:79:00:FC:F3:E6:C4:47:82:17:80:09:20:4D
Certificate issuer:       /CN=F3659F9CAR/serialNumber=09FB3136ECD5E3D7CF00B32C121F12E8AFD0A601
Certificate serial:       0241
Authority key identifier: 09:FB:31:36:EC:D5:E3:D7:CF:00:B3:2C:12:1F:12:E8:AF:D0:A6:01
Authority info access:    rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/B6C03066B9F211EEB096369F775412E6.roa
Signing time:             Tue 23 Jan 2024 13:24:19 +0000
ROA not before:           Tue 23 Jan 2024 13:24:16 +0000
ROA not after:            Wed 22 Jan 2025 13:24:16 +0000
asID:                     174
IP address blocks:        66.251.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.mft
                          rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sat 23 Nov 2024 00:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 577 (0x241)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3659F9CAR/serialNumber=09FB3136ECD5E3D7CF00B32C121F12E8AFD0A601
        Validity
            Not Before: Jan 23 13:24:16 2024 GMT
            Not After : Jan 22 13:24:16 2025 GMT
        Subject: CN=65afbe03-0b65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:5f:42:bf:03:72:1a:9b:60:65:a9:22:ac:2d:
                    14:fb:fa:ed:5c:c9:f7:c1:9c:cc:b8:a6:fb:0f:75:
                    82:94:46:b8:eb:94:ac:3e:ed:20:82:9b:1b:b2:8c:
                    40:b8:bf:2b:a5:60:c7:0e:c5:62:32:a4:06:36:0a:
                    39:10:55:23:1d:40:52:d1:e9:d9:d2:4e:fb:4f:9d:
                    56:be:74:70:ee:13:78:12:60:4f:d5:3b:26:7e:ad:
                    00:06:20:14:90:67:d0:17:02:bd:5c:d2:7c:2c:7b:
                    c0:0e:fa:40:48:8a:15:82:30:79:27:89:57:52:91:
                    9f:f2:0b:51:1d:09:a0:58:af:79:b9:cb:97:96:be:
                    e4:a2:f7:06:1d:0d:cf:7d:75:2a:64:d2:d9:5b:42:
                    ee:15:75:66:e9:6f:5b:2e:6a:cd:59:b7:59:68:df:
                    e8:15:3e:5c:2f:1a:1f:8b:7f:d8:71:55:a7:33:7f:
                    7f:8b:22:ee:17:a5:d8:e0:19:cd:a5:5a:ee:e8:19:
                    d4:d4:97:8f:ac:af:cf:76:98:05:c8:eb:f3:25:cb:
                    d4:1e:a0:72:6e:9a:db:e9:53:fc:81:aa:84:e9:ef:
                    8d:5e:e3:36:2b:3a:6c:88:af:66:8c:a1:45:1f:7b:
                    28:c3:9d:c8:15:a8:ed:3a:71:e5:53:ca:02:2b:be:
                    49:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:01:26:3C:03:0D:9B:79:00:FC:F3:E6:C4:47:82:17:80:09:20:4D
            X509v3 Authority Key Identifier:
                keyid:09:FB:31:36:EC:D5:E3:D7:CF:00:B3:2C:12:1F:12:E8:AF:D0:A6:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/B6C03066B9F211EEB096369F775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.251.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:23:0d:5b:37:79:ad:31:72:03:a2:7f:85:49:ea:41:15:45:
         17:31:cf:88:00:99:54:db:90:e4:f8:34:92:4c:ce:74:05:dc:
         98:e6:cc:86:ab:fc:ef:69:a9:d7:65:ef:1a:e9:6d:4b:1a:e5:
         5d:dd:45:fb:aa:36:3a:d1:78:20:cf:90:84:df:4f:fe:2c:70:
         1b:11:76:2e:42:f7:2c:3c:df:f0:00:8f:cf:c4:2a:7d:8a:f6:
         ce:1e:48:86:ce:17:df:5a:fa:5e:62:3b:29:a3:dc:6b:f5:8e:
         84:50:b1:32:a3:5c:ea:3e:01:67:3e:ca:6f:e8:7c:60:d1:af:
         f9:25:05:7f:c5:a2:d6:ed:43:cf:3f:d9:f1:b8:b2:a0:2d:84:
         0f:91:1a:c6:33:2e:9e:6a:d2:27:f1:a9:cc:cd:93:54:05:b3:
         88:32:12:bf:62:c0:c1:3b:1d:ad:8d:6d:f7:90:f0:b8:70:32:
         c1:8a:45:b7:a4:6b:30:67:60:03:c9:99:04:be:1a:b0:87:99:
         fc:6a:01:7d:ba:5d:9d:98:2a:38:94:f6:94:19:8d:5b:34:63:
         f0:6c:a8:0e:3f:d8:29:f8:d9:48:65:d6:9d:34:4a:52:a2:39:
         4d:65:f0:6f:9d:05:c9:6e:a5:82:57:17:b4:3a:81:53:e5:31:
         d2:a0:8f:f3
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICAkEwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
NTlGOUNBUjExMC8GA1UEBRMoMDlGQjMxMzZFQ0Q1RTNEN0NGMDBCMzJDMTIxRjEy
RThBRkQwQTYwMTAeFw0yNDAxMjMxMzI0MTZaFw0yNTAxMjIxMzI0MTZaMBgxFjAU
BgNVBAMTDTY1YWZiZTAzLTBiNjUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC+X0K/A3Iam2BlqSKsLRT7+u1cyffBnMy4pvsPdYKURrjrlKw+7SCCmxuy
jEC4vyulYMcOxWIypAY2CjkQVSMdQFLR6dnSTvtPnVa+dHDuE3gSYE/VOyZ+rQAG
IBSQZ9AXAr1c0nwse8AO+kBIihWCMHkniVdSkZ/yC1EdCaBYr3m5y5eWvuSi9wYd
Dc99dSpk0tlbQu4VdWbpb1suas1Zt1lo3+gVPlwvGh+Lf9hxVaczf3+LIu4Xpdjg
Gc2lWu7oGdTUl4+sr892mAXI6/Mly9QeoHJumtvpU/yBqoTp741e4zYrOmyIr2aM
oUUfeyjDncgVqO06ceVTygIrvknNAgMBAAGjggKiMIICnjAdBgNVHQ4EFgQUiQEm
PAMNm3kA/PPmxEeCF4AJIE0wHwYDVR0jBBgwFoAUCfsxNuzV49fPALMsEh8S6K/Q
pgEwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjU5RjlDLzFEMjI5OTZFN0EwOTExRURCRDQyMjE4NUYxMjIyNDY4L0Nmc3hO
dXpWNDlmUEFMTXNFaDhTNktfUXBnRS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hcmlu
L0Nmc3hOdXpWNDlmUEFMTXNFaDhTNktfUXBnRS5jZXIwTwYDVR0gAQH/BEUwQzBB
BggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5pYy5u
ZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEFBQcw
C4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9y
ZXBvc2l0b3J5L0YzNjU5RjlDLzFEMjI5OTZFN0EwOTExRURCRDQyMjE4NUYxMjIy
NDY4L0I2QzAzMDY2QjlGMjExRUVCMDk2MzY5Rjc3NTQxMkU2LnJvYTA1BggrBgEF
BQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54bWww
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABC+60wDQYJKoZIhvcNAQELBQAD
ggEBABYjDVs3ea0xcgOif4VJ6kEVRRcxz4gAmVTbkOT4NJJMznQF3JjmzIar/O9p
qddl7xrpbUsa5V3dRfuqNjrReCDPkITfT/4scBsRdi5C9yw83/AAj8/EKn2K9s4e
SIbOF99a+l5iOymj3Gv1joRQsTKjXOo+AWc+ym/ofGDRr/klBX/FotbtQ88/2fG4
sqAthA+RGsYzLp5q0ifxqczNk1QFs4gyEr9iwME7Ha2NbfeQ8LhwMsGKRbekazBn
YAPJmQS+GrCHmfxqAX26XZ2YKjiU9pQZjVs0Y/BsqA4/2Cn42Uhl1p00SlKiOU1l
8G+dBclupYJXF7Q6gVPlMdKgj/M=
-----END CERTIFICATE-----
Generated at Thu Nov 21 03:10:17 2024 by rpki-client on console-fra.rpki-client.org