Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3668A5F/B89B73A41D2E11ECB9DF207ED8A014CE/DF0B42061D3011ECBD63FB02D8A014CE.roa
File:                     DF0B42061D3011ECBD63FB02D8A014CE.roa (raw, json)
Hash identifier:          /YQXCdcgCrNhLL360EhRhY7BDY5J8NgmUeOOyfGlQ8Y=
Subject key identifier:   DE:CD:22:3E:A1:AD:6A:87:8B:1F:26:99:B3:57:CC:E7:BC:5A:91:1B
Certificate issuer:       /CN=F3668A5FAF/serialNumber=16B8DF5B3BE74C1AE68E31C170115AA737BD5E70
Certificate serial:       02
Authority key identifier: 16:B8:DF:5B:3B:E7:4C:1A:E6:8E:31:C1:70:11:5A:A7:37:BD:5E:70
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/FrjfWzvnTBrmjjHBcBFapze9XnA.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3668A5F/B89B73A41D2E11ECB9DF207ED8A014CE/DF0B42061D3011ECBD63FB02D8A014CE.roa
Signing time:             Fri 24 Sep 2021 12:13:48 +0000
ROA not before:           Fri 24 Sep 2021 12:13:44 +0000
ROA not after:            Tue 31 Dec 2030 12:13:44 +0000
asID:                     37608
IP address blocks:        41.242.96.0/20 maxlen: 20
                          2c0f:f9f0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3668A5F/B89B73A41D2E11ECB9DF207ED8A014CE/FrjfWzvnTBrmjjHBcBFapze9XnA.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3668A5F/B89B73A41D2E11ECB9DF207ED8A014CE/FrjfWzvnTBrmjjHBcBFapze9XnA.mft
                          rsync://rpki.afrinic.net/repository/afrinic/FrjfWzvnTBrmjjHBcBFapze9XnA.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Mon 17 Jun 2024 00:04:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3668A5FAF/serialNumber=16B8DF5B3BE74C1AE68E31C170115AA737BD5E70
        Validity
            Not Before: Sep 24 12:13:44 2021 GMT
            Not After : Dec 31 12:13:44 2030 GMT
        Subject: CN=614dc0fc-94ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:a1:a0:1f:0a:71:00:ea:ec:cf:68:93:9b:44:
                    ee:81:b6:4e:d8:d6:c6:fd:99:dc:b9:01:5d:b0:9d:
                    7f:30:89:fd:cb:46:cf:2a:5d:7b:c2:06:c8:d2:8e:
                    04:1d:0a:92:35:13:54:af:ff:93:7a:9e:5f:6d:7d:
                    92:65:90:2f:a1:a9:a5:56:74:5a:30:16:d9:10:f9:
                    38:b6:6e:ca:3c:ca:0e:46:a0:09:07:92:ca:6d:37:
                    61:20:2a:f6:4e:87:43:1d:d6:fb:b0:21:d9:e1:7f:
                    77:f3:43:01:ea:5e:8b:4a:f2:21:95:31:fb:b4:99:
                    40:04:cc:b5:60:ad:2a:44:e9:e7:de:f2:c8:f8:e3:
                    4e:64:52:3b:e2:1e:f0:dc:1a:8a:88:6d:6c:d1:6f:
                    3f:1d:5b:00:c4:54:9a:28:e5:62:90:f7:5a:e5:86:
                    a6:45:2a:02:02:3d:a9:c9:55:aa:b9:b3:10:a9:e1:
                    e7:30:f9:7a:29:e7:12:e3:ab:2a:32:1f:0f:ef:fe:
                    ae:a4:71:11:5a:80:c6:77:b4:a7:9a:1c:4a:37:5a:
                    32:0d:01:a9:e7:91:b4:3a:6f:0c:a0:06:15:8d:bd:
                    4d:1e:08:11:41:91:f4:e5:f9:52:7c:66:88:bd:5f:
                    47:20:33:2a:00:bc:8f:8d:1b:68:55:d7:78:83:9c:
                    19:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:CD:22:3E:A1:AD:6A:87:8B:1F:26:99:B3:57:CC:E7:BC:5A:91:1B
            X509v3 Authority Key Identifier:
                keyid:16:B8:DF:5B:3B:E7:4C:1A:E6:8E:31:C1:70:11:5A:A7:37:BD:5E:70

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3668A5F/B89B73A41D2E11ECB9DF207ED8A014CE/FrjfWzvnTBrmjjHBcBFapze9XnA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/FrjfWzvnTBrmjjHBcBFapze9XnA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3668A5F/B89B73A41D2E11ECB9DF207ED8A014CE/DF0B42061D3011ECBD63FB02D8A014CE.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  41.242.96.0/20
                IPv6:
                  2c0f:f9f0::/32

    Signature Algorithm: sha256WithRSAEncryption
         6f:8e:23:39:e0:d3:60:71:5b:04:db:44:38:8f:90:3b:6c:57:
         aa:ca:f9:d2:48:0f:b6:77:62:42:67:07:8d:6b:50:0b:5c:44:
         b2:4f:5f:15:f0:44:e1:61:3c:2b:cc:e3:b8:2a:8a:bc:f9:ce:
         85:5c:83:f8:0f:bd:68:e7:5d:24:5d:47:25:a3:59:ec:3e:fb:
         43:85:0e:85:a4:f2:58:63:f3:2a:a9:a9:6b:2f:cb:b0:69:15:
         58:00:92:a6:ee:f3:ed:fd:3f:aa:34:0f:af:0f:fa:65:70:6d:
         9a:6a:d0:9c:dc:33:6e:88:6b:2a:26:b8:c3:d3:6d:57:7a:a3:
         f5:ad:26:a6:d3:6d:90:10:08:7b:82:8a:91:02:57:63:7b:a1:
         65:96:a6:41:2f:a0:eb:45:40:ff:2c:70:d6:02:e7:86:a2:a6:
         3f:01:3b:50:bc:03:7f:d2:56:5a:9b:83:04:41:e7:9c:13:00:
         e3:56:1e:0e:ed:2d:37:b4:b1:42:cd:53:f6:81:20:30:35:94:
         48:31:05:63:f7:10:9f:ff:02:3d:5d:cf:1f:b6:e5:1e:8d:4e:
         fd:80:51:8f:1f:bd:f5:a1:70:a2:82:b9:3b:f9:c9:39:a7:1e:
         8f:b7:ec:73:96:35:18:49:a1:b2:f1:5e:79:e4:5e:9e:01:cd:
         00:0b:b8:c6
-----BEGIN CERTIFICATE-----
MIIFkTCCBHmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDDApGMzY2
OEE1RkFGMTEwLwYDVQQFEygxNkI4REY1QjNCRTc0QzFBRTY4RTMxQzE3MDExNUFB
NzM3QkQ1RTcwMB4XDTIxMDkyNDEyMTM0NFoXDTMwMTIzMTEyMTM0NFowGDEWMBQG
A1UEAwwNNjE0ZGMwZmMtOTRlZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKShoB8KcQDq7M9ok5tE7oG2TtjWxv2Z3LkBXbCdfzCJ/ctGzypde8IGyNKO
BB0KkjUTVK//k3qeX219kmWQL6GppVZ0WjAW2RD5OLZuyjzKDkagCQeSym03YSAq
9k6HQx3W+7Ah2eF/d/NDAepei0ryIZUx+7SZQATMtWCtKkTp597yyPjjTmRSO+Ie
8NwaiohtbNFvPx1bAMRUmijlYpD3WuWGpkUqAgI9qclVqrmzEKnh5zD5einnEuOr
KjIfD+/+rqRxEVqAxne0p5ocSjdaMg0BqeeRtDpvDKAGFY29TR4IEUGR9OX5Unxm
iL1fRyAzKgC8j40baFXXeIOcGdUCAwEAAaOCArQwggKwMB0GA1UdDgQWBBTezSI+
oa1qh4sfJpmzV8znvFqRGzAfBgNVHSMEGDAWgBQWuN9bO+dMGuaOMcFwEVqnN71e
cDAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2NjhBNUYvQjg5QjczQTQxRDJFMTFFQ0I5REYyMDdFRDhBMDE0Q0UvRnJqZld6
dm5UQnJtampIQmNCRmFwemU5WG5BLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvRnJqZld6dm5UQnJtampIQmNCRmFwemU5WG5BLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2NjhBNUYvQjg5QjczQTQxRDJFMTFFQ0I5REYyMDdFRDhB
MDE0Q0UvREYwQjQyMDYxRDMwMTFFQ0JENjNGQjAyRDhBMDE0Q0Uucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEBCnyYDANBAIAAjAHAwUALA/5
8DANBgkqhkiG9w0BAQsFAAOCAQEAb44jOeDTYHFbBNtEOI+QO2xXqsr50kgPtndi
QmcHjWtQC1xEsk9fFfBE4WE8K8zjuCqKvPnOhVyD+A+9aOddJF1HJaNZ7D77Q4UO
haTyWGPzKqmpay/LsGkVWACSpu7z7f0/qjQPrw/6ZXBtmmrQnNwzbohrKia4w9Nt
V3qj9a0mptNtkBAIe4KKkQJXY3uhZZamQS+g60VA/yxw1gLnhqKmPwE7ULwDf9JW
WpuDBEHnnBMA41YeDu0tN7SxQs1T9oEgMDWUSDEFY/cQn/8CPV3PH7blHo1O/YBR
jx+99aFwooK5O/nJOacej7fsc5Y1GEmhsvFeeeRengHNAAu4xg==
-----END CERTIFICATE-----
Generated at Sat Jun 15 02:43:33 2024 by rpki-client on console-ams.rpki-client.org