Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/FD35CA6AB9F211EEBCB0B29F775412E6.roa
File:                     FD35CA6AB9F211EEBCB0B29F775412E6.roa (raw, json)
Hash identifier:          YzFQhFMju1M+RoJr7izG3uCIIdiAsPr3cs3EV0iSGGg=
Subject key identifier:   EC:B3:83:42:D3:27:64:02:A9:D9:AA:1C:93:99:31:CC:40:8B:07:67
Certificate issuer:       /CN=F3659F9CAR/serialNumber=09FB3136ECD5E3D7CF00B32C121F12E8AFD0A601
Certificate serial:       0245
Authority key identifier: 09:FB:31:36:EC:D5:E3:D7:CF:00:B3:2C:12:1F:12:E8:AF:D0:A6:01
Authority info access:    rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/FD35CA6AB9F211EEBCB0B29F775412E6.roa
Signing time:             Tue 23 Jan 2024 13:26:18 +0000
ROA not before:           Tue 23 Jan 2024 13:26:14 +0000
ROA not after:            Wed 22 Jan 2025 13:26:14 +0000
asID:                     174
IP address blocks:        66.251.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.mft
                          rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sat 23 Nov 2024 00:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 581 (0x245)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3659F9CAR/serialNumber=09FB3136ECD5E3D7CF00B32C121F12E8AFD0A601
        Validity
            Not Before: Jan 23 13:26:14 2024 GMT
            Not After : Jan 22 13:26:14 2025 GMT
        Subject: CN=65afbe7a-9431
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:c6:56:d1:ac:43:b3:53:64:40:8f:84:bd:80:
                    8d:71:73:1c:34:a7:9d:35:ee:0a:73:b4:03:47:d0:
                    90:1d:42:e6:f9:d4:6c:f7:93:8a:d3:c7:be:24:37:
                    3c:fd:c6:db:42:ff:d6:aa:69:14:06:76:a9:36:47:
                    2e:da:8c:5d:2f:11:e5:b9:d8:c5:05:66:d6:df:9d:
                    fd:8c:4f:53:59:72:7d:3a:70:0e:5c:04:5a:08:5b:
                    d0:5e:b6:7e:21:f6:d0:20:88:44:49:fc:c2:4a:37:
                    19:96:5e:6a:4f:01:53:1c:a2:24:49:04:8a:3f:40:
                    cb:93:f9:e0:9b:fd:fa:db:56:c4:ec:63:97:e4:15:
                    7b:0d:10:f1:36:c2:7d:a9:74:8b:de:e5:ac:83:f4:
                    21:ba:5d:76:7a:29:af:c1:ba:d0:5d:b9:62:ca:74:
                    b6:bd:e3:fd:1a:f7:b9:a5:43:90:96:ef:af:fe:84:
                    6b:e3:b0:cc:cd:29:ae:08:bb:12:07:06:6a:19:37:
                    24:0c:ff:82:c7:23:92:2a:ed:2e:13:54:29:2d:8d:
                    35:b2:87:8b:b6:93:c1:f1:65:e6:71:f8:00:b2:3d:
                    17:dc:28:00:e4:63:d3:64:2f:06:57:21:eb:97:f9:
                    ec:6c:9f:0d:ac:eb:09:cd:11:e0:68:bc:03:f2:12:
                    f4:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:B3:83:42:D3:27:64:02:A9:D9:AA:1C:93:99:31:CC:40:8B:07:67
            X509v3 Authority Key Identifier:
                keyid:09:FB:31:36:EC:D5:E3:D7:CF:00:B3:2C:12:1F:12:E8:AF:D0:A6:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/CfsxNuzV49fPALMsEh8S6K_QpgE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/CfsxNuzV49fPALMsEh8S6K_QpgE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3659F9C/1D22996E7A0911EDBD422185F1222468/FD35CA6AB9F211EEBCB0B29F775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.251.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:11:e0:2b:a1:1e:a6:ec:b5:46:29:54:3e:b2:81:83:5a:5a:
         7c:1b:b3:70:c3:db:b0:ac:25:72:c4:96:bf:2f:d7:1a:5c:86:
         c4:43:a5:a1:b3:c5:e7:f4:33:0e:ff:9b:d4:24:77:a3:81:13:
         9f:4d:82:2a:ce:79:80:22:af:a9:0d:b2:79:d6:bc:0a:6e:28:
         20:1b:4f:ee:15:4d:0e:f4:1c:6e:59:09:b0:33:08:c9:19:3d:
         6a:c7:2b:d4:93:65:eb:6d:3f:2d:12:db:b9:18:de:92:b3:9f:
         eb:3a:a0:c1:10:a5:ca:64:60:11:c9:18:43:f2:23:90:f8:f5:
         2c:44:f6:83:9d:24:4a:ac:19:7d:6a:53:29:bc:55:83:26:f3:
         ba:6a:ef:6d:71:1f:90:f6:86:a3:0a:82:e8:bc:ca:59:35:ac:
         f5:b5:5b:23:b7:09:5a:44:a1:80:b7:c5:a2:95:e5:f4:a1:ee:
         e2:9f:05:a6:ff:af:4f:3f:23:96:47:54:87:8b:cd:81:8b:f3:
         13:f6:6a:89:df:99:02:38:19:53:12:e0:b8:ac:90:de:f0:24:
         39:d7:a9:6b:18:12:0f:5c:27:c1:b5:87:33:60:fd:70:93:e8:
         51:f3:12:78:b7:c0:31:e4:e5:82:87:13:b5:85:f2:ac:4b:c7:
         74:a6:7b:70
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICAkUwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
NTlGOUNBUjExMC8GA1UEBRMoMDlGQjMxMzZFQ0Q1RTNEN0NGMDBCMzJDMTIxRjEy
RThBRkQwQTYwMTAeFw0yNDAxMjMxMzI2MTRaFw0yNTAxMjIxMzI2MTRaMBgxFjAU
BgNVBAMTDTY1YWZiZTdhLTk0MzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDqxlbRrEOzU2RAj4S9gI1xcxw0p5017gpztANH0JAdQub51Gz3k4rTx74k
Nzz9xttC/9aqaRQGdqk2Ry7ajF0vEeW52MUFZtbfnf2MT1NZcn06cA5cBFoIW9Be
tn4h9tAgiERJ/MJKNxmWXmpPAVMcoiRJBIo/QMuT+eCb/frbVsTsY5fkFXsNEPE2
wn2pdIve5ayD9CG6XXZ6Ka/ButBduWLKdLa94/0a97mlQ5CW76/+hGvjsMzNKa4I
uxIHBmoZNyQM/4LHI5Iq7S4TVCktjTWyh4u2k8HxZeZx+ACyPRfcKADkY9NkLwZX
IeuX+exsnw2s6wnNEeBovAPyEvRlAgMBAAGjggKiMIICnjAdBgNVHQ4EFgQU7LOD
QtMnZAKp2aock5kxzECLB2cwHwYDVR0jBBgwFoAUCfsxNuzV49fPALMsEh8S6K/Q
pgEwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjU5RjlDLzFEMjI5OTZFN0EwOTExRURCRDQyMjE4NUYxMjIyNDY4L0Nmc3hO
dXpWNDlmUEFMTXNFaDhTNktfUXBnRS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hcmlu
L0Nmc3hOdXpWNDlmUEFMTXNFaDhTNktfUXBnRS5jZXIwTwYDVR0gAQH/BEUwQzBB
BggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5pYy5u
ZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEFBQcw
C4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9y
ZXBvc2l0b3J5L0YzNjU5RjlDLzFEMjI5OTZFN0EwOTExRURCRDQyMjE4NUYxMjIy
NDY4L0ZEMzVDQTZBQjlGMjExRUVCQ0IwQjI5Rjc3NTQxMkU2LnJvYTA1BggrBgEF
BQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54bWww
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABC+68wDQYJKoZIhvcNAQELBQAD
ggEBAEER4CuhHqbstUYpVD6ygYNaWnwbs3DD27CsJXLElr8v1xpchsRDpaGzxef0
Mw7/m9Qkd6OBE59NgirOeYAir6kNsnnWvApuKCAbT+4VTQ70HG5ZCbAzCMkZPWrH
K9STZettPy0S27kY3pKzn+s6oMEQpcpkYBHJGEPyI5D49SxE9oOdJEqsGX1qUym8
VYMm87pq721xH5D2hqMKgui8ylk1rPW1WyO3CVpEoYC3xaKV5fSh7uKfBab/r08/
I5ZHVIeLzYGL8xP2aonfmQI4GVMS4LiskN7wJDnXqWsYEg9cJ8G1hzNg/XCT6FHz
Eni3wDHk5YKHE7WF8qxLx3Sme3A=
-----END CERTIFICATE-----
Generated at Thu Nov 21 03:19:40 2024 by rpki-client on console-ams.rpki-client.org