Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/DE475620B9F511EEA4C5E6A4775412E6.roa
File:                     DE475620B9F511EEA4C5E6A4775412E6.roa (raw, json)
Hash identifier:          Qe4CIo6kIW6n8ZPKNhU5NixdzDFPNNOF5hzsRNab/1E=
Subject key identifier:   32:E0:1D:37:81:C5:61:B9:96:DD:73:7A:42:84:D9:74:03:8B:FC:FB
Certificate issuer:       /CN=F3659F9CAR/serialNumber=09FB3136ECD5E3D7CF00B32C121F12E8AFD0A601
Certificate serial:       025E
Authority key identifier: 09:FB:31:36:EC:D5:E3:D7:CF:00:B3:2C:12:1F:12:E8:AF:D0:A6:01
Authority info access:    rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/DE475620B9F511EEA4C5E6A4775412E6.roa
Signing time:             Tue 23 Jan 2024 13:46:54 +0000
ROA not before:           Tue 23 Jan 2024 13:46:51 +0000
ROA not after:            Wed 22 Jan 2025 13:46:51 +0000
asID:                     174
IP address blocks:        66.251.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.mft
                          rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sat 23 Nov 2024 00:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 606 (0x25e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3659F9CAR/serialNumber=09FB3136ECD5E3D7CF00B32C121F12E8AFD0A601
        Validity
            Not Before: Jan 23 13:46:51 2024 GMT
            Not After : Jan 22 13:46:51 2025 GMT
        Subject: CN=65afc34e-a13b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:00:74:65:7f:b8:b1:c1:46:e9:b0:9d:1d:d4:
                    01:d0:86:4c:54:8b:8f:1d:db:1c:1f:c8:94:89:17:
                    18:a4:b7:4b:d1:36:0b:13:4d:53:46:4d:68:0c:77:
                    e9:ec:3c:4d:b6:df:e9:cc:de:a3:3a:f4:9e:2b:29:
                    ee:7f:d8:d5:ba:b6:37:2b:13:1e:fd:52:21:b0:d2:
                    93:70:9d:50:c4:ec:c0:ee:e0:2b:1d:00:f4:3e:a9:
                    e9:c6:20:f0:9b:dc:a6:b1:ac:2e:73:d1:7a:3d:4c:
                    ce:e0:1c:15:67:dd:cd:3c:7a:41:07:f0:cd:10:c0:
                    55:46:58:47:59:40:c3:df:7a:65:15:02:0c:49:06:
                    65:e5:7b:3b:20:80:b4:74:8f:db:fe:16:34:dc:a1:
                    7d:37:01:31:55:cf:8d:db:c8:2e:a7:f9:87:5c:5d:
                    87:e7:37:dd:b3:d5:27:48:6a:0e:c3:d0:df:fb:76:
                    ff:53:30:5d:d9:4e:c3:b1:b2:88:7c:8c:33:65:d0:
                    88:20:9f:54:19:ab:e4:78:1b:d9:de:b3:84:25:4b:
                    78:f0:ff:74:0c:d5:3c:dc:9e:12:88:08:ef:35:83:
                    31:7e:d0:d9:06:96:f7:38:7f:85:aa:30:75:26:28:
                    a8:ce:0d:d7:16:1d:2a:5b:8e:bc:ff:d1:c1:1a:65:
                    26:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:E0:1D:37:81:C5:61:B9:96:DD:73:7A:42:84:D9:74:03:8B:FC:FB
            X509v3 Authority Key Identifier:
                keyid:09:FB:31:36:EC:D5:E3:D7:CF:00:B3:2C:12:1F:12:E8:AF:D0:A6:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/DE475620B9F511EEA4C5E6A4775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.251.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:5a:e8:f9:89:7c:73:d8:b9:4a:ad:30:ec:c8:69:16:c0:d1:
         71:4f:40:34:8b:65:36:54:06:04:4d:36:94:c4:17:d5:05:cc:
         6b:75:4e:a0:1c:57:26:47:fa:ab:d8:2f:ba:58:bb:0e:6a:cf:
         d5:67:94:3c:ac:e0:3f:74:fe:17:d7:f3:03:70:a5:5b:f4:56:
         39:8c:a9:e0:66:d7:d5:70:ec:fc:2f:3c:5f:a1:0a:4b:07:95:
         21:6e:60:d3:6e:01:95:6a:df:a0:4f:fa:fe:20:51:6a:8d:27:
         2b:2f:aa:f9:db:9f:bd:fa:e3:73:e0:a2:d8:45:0e:b8:57:4a:
         07:e3:6d:0c:04:03:8a:e8:45:8a:c7:6d:aa:cc:d2:3a:86:9d:
         d5:bc:db:33:68:50:90:2f:d4:51:2b:52:8a:cf:93:a0:3a:4d:
         0e:cc:f8:49:f6:78:30:d4:77:4a:3e:e4:a8:df:44:a8:56:e7:
         39:54:48:a5:58:4d:43:12:29:d0:0f:d1:ae:7a:81:01:85:00:
         4e:c2:ce:58:c0:f7:76:a1:42:f1:48:7d:9d:b2:00:a5:0f:14:
         86:af:c1:1c:82:6c:98:c4:2f:66:46:98:c8:0c:e1:79:11:aa:
         4d:b9:8b:73:a8:d0:96:08:e4:6f:04:2b:23:2d:a4:96:29:5b:
         0d:af:37:fc
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICAl4wDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
NTlGOUNBUjExMC8GA1UEBRMoMDlGQjMxMzZFQ0Q1RTNEN0NGMDBCMzJDMTIxRjEy
RThBRkQwQTYwMTAeFw0yNDAxMjMxMzQ2NTFaFw0yNTAxMjIxMzQ2NTFaMBgxFjAU
BgNVBAMTDTY1YWZjMzRlLWExM2IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDfAHRlf7ixwUbpsJ0d1AHQhkxUi48d2xwfyJSJFxikt0vRNgsTTVNGTWgM
d+nsPE223+nM3qM69J4rKe5/2NW6tjcrEx79UiGw0pNwnVDE7MDu4CsdAPQ+qenG
IPCb3KaxrC5z0Xo9TM7gHBVn3c08ekEH8M0QwFVGWEdZQMPfemUVAgxJBmXlezsg
gLR0j9v+FjTcoX03ATFVz43byC6n+YdcXYfnN92z1SdIag7D0N/7dv9TMF3ZTsOx
soh8jDNl0Iggn1QZq+R4G9nes4QlS3jw/3QM1TzcnhKICO81gzF+0NkGlvc4f4Wq
MHUmKKjODdcWHSpbjrz/0cEaZSadAgMBAAGjggKiMIICnjAdBgNVHQ4EFgQUMuAd
N4HFYbmW3XN6QoTZdAOL/PswHwYDVR0jBBgwFoAUCfsxNuzV49fPALMsEh8S6K/Q
pgEwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjU5RjlDLzFEMjI5OTZFN0EwOTExRURCRDQyMjE4NUYxMjIyNDY4L0Nmc3hO
dXpWNDlmUEFMTXNFaDhTNktfUXBnRS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hcmlu
L0Nmc3hOdXpWNDlmUEFMTXNFaDhTNktfUXBnRS5jZXIwTwYDVR0gAQH/BEUwQzBB
BggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5pYy5u
ZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEFBQcw
C4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9y
ZXBvc2l0b3J5L0YzNjU5RjlDLzFEMjI5OTZFN0EwOTExRURCRDQyMjE4NUYxMjIy
NDY4L0RFNDc1NjIwQjlGNTExRUVBNEM1RTZBNDc3NTQxMkU2LnJvYTA1BggrBgEF
BQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54bWww
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABC+4EwDQYJKoZIhvcNAQELBQAD
ggEBAIda6PmJfHPYuUqtMOzIaRbA0XFPQDSLZTZUBgRNNpTEF9UFzGt1TqAcVyZH
+qvYL7pYuw5qz9VnlDys4D90/hfX8wNwpVv0VjmMqeBm19Vw7PwvPF+hCksHlSFu
YNNuAZVq36BP+v4gUWqNJysvqvnbn73643PgothFDrhXSgfjbQwEA4roRYrHbarM
0jqGndW82zNoUJAv1FErUorPk6A6TQ7M+En2eDDUd0o+5KjfRKhW5zlUSKVYTUMS
KdAP0a56gQGFAE7CzljA93ahQvFIfZ2yAKUPFIavwRyCbJjEL2ZGmMgM4XkRqk25
i3Oo0JYI5G8EKyMtpJYpWw2vN/w=
-----END CERTIFICATE-----
Generated at Thu Nov 21 03:19:40 2024 by rpki-client on console-ams.rpki-client.org