Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3668CFE/95EFD74C375711EEBB1432184AD9E6FC/39E85D245B7F11EE90195D7C4AD9E6FC.roa
File:                     39E85D245B7F11EE90195D7C4AD9E6FC.roa (raw, json)
Hash identifier:          eHbXQ/7kild+PjHeBFmSGxlAnlG3pi2uyC9o63m5Mio=
Subject key identifier:   A0:57:7B:EF:34:C9:DE:92:10:D3:86:66:6C:60:D0:2C:1E:83:AF:BC
Certificate issuer:       /CN=F3668CFEAF/serialNumber=A8EF960514E336444D3CDE37B24B66DC39D43D1B
Certificate serial:       46
Authority key identifier: A8:EF:96:05:14:E3:36:44:4D:3C:DE:37:B2:4B:66:DC:39:D4:3D:1B
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/qO-WBRTjNkRNPN43sktm3DnUPRs.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3668CFE/95EFD74C375711EEBB1432184AD9E6FC/39E85D245B7F11EE90195D7C4AD9E6FC.roa
Signing time:             Mon 25 Sep 2023 08:40:49 +0000
ROA not before:           Mon 25 Sep 2023 08:40:45 +0000
ROA not after:            Sat 31 Dec 2033 08:40:45 +0000
asID:                     61266
IP address blocks:        2c0f:eb00:100::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3668CFE/95EFD74C375711EEBB1432184AD9E6FC/qO-WBRTjNkRNPN43sktm3DnUPRs.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3668CFE/95EFD74C375711EEBB1432184AD9E6FC/qO-WBRTjNkRNPN43sktm3DnUPRs.mft
                          rsync://rpki.afrinic.net/repository/afrinic/qO-WBRTjNkRNPN43sktm3DnUPRs.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 70 (0x46)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3668CFEAF/serialNumber=A8EF960514E336444D3CDE37B24B66DC39D43D1B
        Validity
            Not Before: Sep 25 08:40:45 2023 GMT
            Not After : Dec 31 08:40:45 2033 GMT
        Subject: CN=65114790-bfe8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:fb:4c:01:ad:90:ca:fc:45:97:65:e7:5c:7d:
                    db:e4:c4:cd:9b:06:af:d4:c4:f8:ef:f6:5f:03:85:
                    fd:68:6e:83:12:1a:32:7a:a9:d7:1b:6c:ee:0b:86:
                    fe:92:e6:73:52:6f:14:7d:b6:b2:d8:1a:39:8f:7a:
                    a9:d1:42:07:80:68:e5:27:2b:7e:c9:3c:ee:63:ff:
                    fc:24:b3:8a:01:82:d5:be:7f:52:6c:ec:a2:68:c8:
                    88:7f:d8:ee:23:cc:d6:df:65:82:d5:18:80:6f:98:
                    47:c5:a3:22:3c:10:2c:99:b9:cb:eb:19:aa:77:49:
                    5e:8e:e1:d8:26:29:1e:86:3f:2d:8d:76:20:39:3e:
                    a8:2b:db:d4:7e:6a:57:15:22:07:c9:60:d3:aa:cc:
                    26:da:7d:20:77:8e:57:22:3a:b5:5f:db:02:f6:5f:
                    53:44:7c:76:1b:c1:15:c9:85:a0:cf:e2:ef:32:ea:
                    7d:c1:d4:cc:9f:69:de:48:51:94:79:36:32:18:99:
                    bc:79:85:09:2f:f2:ea:9c:b7:a7:3c:7f:ca:c9:01:
                    64:05:59:41:22:9e:e9:92:bc:be:e9:55:b4:db:c1:
                    4d:e2:e1:20:d6:ed:c5:03:bb:c0:82:ed:ef:b9:f0:
                    af:82:4c:50:8f:7c:84:84:60:d8:09:14:bb:fb:fc:
                    45:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:57:7B:EF:34:C9:DE:92:10:D3:86:66:6C:60:D0:2C:1E:83:AF:BC
            X509v3 Authority Key Identifier:
                keyid:A8:EF:96:05:14:E3:36:44:4D:3C:DE:37:B2:4B:66:DC:39:D4:3D:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3668CFE/95EFD74C375711EEBB1432184AD9E6FC/qO-WBRTjNkRNPN43sktm3DnUPRs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/qO-WBRTjNkRNPN43sktm3DnUPRs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3668CFE/95EFD74C375711EEBB1432184AD9E6FC/39E85D245B7F11EE90195D7C4AD9E6FC.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2c0f:eb00:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         99:ce:ff:0d:33:e2:3a:9a:3f:13:9b:b8:29:d2:9c:62:e4:98:
         f3:ec:d5:93:fa:9c:20:89:17:83:9a:5b:5e:bb:f7:91:27:97:
         05:d6:4a:c7:14:6b:d7:3d:1a:d2:38:e6:30:85:aa:38:60:e3:
         1c:46:72:ff:77:f3:7e:17:10:d6:7a:41:af:c0:e7:32:96:0a:
         ad:0c:21:4f:c1:fe:cd:db:6e:e4:74:5d:f0:b0:86:48:1d:5c:
         a9:10:75:ca:88:7a:17:30:47:34:83:65:10:c4:f2:a4:fd:36:
         95:1a:9e:2e:6a:52:f2:a6:22:8e:53:af:73:f3:59:f7:b3:71:
         ed:ab:62:6c:69:7b:08:9d:f5:9b:8c:d9:71:df:f4:56:34:66:
         49:e3:d9:8b:96:22:7d:0d:32:d9:c9:4b:59:35:d3:5e:d2:38:
         a6:16:55:b1:a9:e2:57:ed:74:cb:ad:e2:6c:b2:62:7b:17:5d:
         06:e9:c6:87:7c:05:35:ef:ae:95:7b:7f:9f:bb:e4:1f:a0:70:
         87:df:c8:e7:69:b0:84:45:32:02:b0:7e:8e:3e:52:4e:1b:6d:
         ba:5b:53:46:9f:30:53:62:f5:53:45:d3:04:b9:17:5d:17:0c:
         f6:2b:6d:62:37:69:c0:16:9a:96:10:32:75:a7:ad:ad:70:c0:
         ce:ad:2b:79
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIBRjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzY2
OENGRUFGMTEwLwYDVQQFEyhBOEVGOTYwNTE0RTMzNjQ0NEQzQ0RFMzdCMjRCNjZE
QzM5RDQzRDFCMB4XDTIzMDkyNTA4NDA0NVoXDTMzMTIzMTA4NDA0NVowGDEWMBQG
A1UEAxMNNjUxMTQ3OTAtYmZlODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALf7TAGtkMr8RZdl51x92+TEzZsGr9TE+O/2XwOF/WhugxIaMnqp1xts7guG
/pLmc1JvFH22stgaOY96qdFCB4Bo5Scrfsk87mP//CSzigGC1b5/UmzsomjIiH/Y
7iPM1t9lgtUYgG+YR8WjIjwQLJm5y+sZqndJXo7h2CYpHoY/LY12IDk+qCvb1H5q
VxUiB8lg06rMJtp9IHeOVyI6tV/bAvZfU0R8dhvBFcmFoM/i7zLqfcHUzJ9p3khR
lHk2MhiZvHmFCS/y6py3pzx/yskBZAVZQSKe6ZK8vulVtNvBTeLhINbtxQO7wILt
77nwr4JMUI98hIRg2AkUu/v8ReUCAwEAAaOCAqcwggKjMB0GA1UdDgQWBBSgV3vv
NMnekhDThmZsYNAsHoOvvDAfBgNVHSMEGDAWgBSo75YFFOM2RE083jeyS2bcOdQ9
GzAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2NjhDRkUvOTVFRkQ3NEMzNzU3MTFFRUJCMTQzMjE4NEFEOUU2RkMvcU8tV0JS
VGpOa1JOUE40M3NrdG0zRG5VUFJzLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvcU8tV0JSVGpOa1JOUE40M3NrdG0zRG5VUFJzLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2NjhDRkUvOTVFRkQ3NEMzNzU3MTFFRUJCMTQzMjE4NEFE
OUU2RkMvMzlFODVEMjQ1QjdGMTFFRTkwMTk1RDdDNEFEOUU2RkMucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACwP6wABMA0GCSqGSIb3DQEB
CwUAA4IBAQCZzv8NM+I6mj8Tm7gp0pxi5Jjz7NWT+pwgiReDmlteu/eRJ5cF1krH
FGvXPRrSOOYwhao4YOMcRnL/d/N+FxDWekGvwOcylgqtDCFPwf7N227kdF3wsIZI
HVypEHXKiHoXMEc0g2UQxPKk/TaVGp4ualLypiKOU69z81n3s3Htq2JsaXsInfWb
jNlx3/RWNGZJ49mLliJ9DTLZyUtZNdNe0jimFlWxqeJX7XTLreJssmJ7F10G6caH
fAU1766Ve3+fu+QfoHCH38jnabCERTICsH6OPlJOG226W1NGnzBTYvVTRdMEuRdd
Fwz2K21iN2nAFpqWEDJ1p62tcMDOrSt5
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:03:41 2024 by rpki-client on console-ams.rpki-client.org