Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36709ED/978FB7C6A97011EEB936A996775412E6/41F9AFDEA97411EEB0AFAB9C775412E6.roa
File:                     41F9AFDEA97411EEB0AFAB9C775412E6.roa (raw, json)
Hash identifier:          Pt7jFsZb/eRJPwvxWbE2QqRIPTR2VlpkPA1ZKM5aPIE=
Subject key identifier:   E9:40:A4:27:DB:B5:62:CF:B6:6B:C0:B1:E5:34:37:12:E1:66:89:A7
Certificate issuer:       /CN=F36709EDAF/serialNumber=6F22BBC87A0F084A04E488AE91F46EC88A0FB6BB
Certificate serial:       04
Authority key identifier: 6F:22:BB:C8:7A:0F:08:4A:04:E4:88:AE:91:F4:6E:C8:8A:0F:B6:BB
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/byK7yHoPCEoE5IiukfRuyIoPtrs.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36709ED/978FB7C6A97011EEB936A996775412E6/41F9AFDEA97411EEB0AFAB9C775412E6.roa
Signing time:             Tue 02 Jan 2024 13:38:48 +0000
ROA not before:           Tue 02 Jan 2024 13:38:45 +0000
ROA not after:            Thu 01 Jan 2026 13:38:45 +0000
asID:                     329297
IP address blocks:        102.211.172.0/22 maxlen: 22
                          102.211.172.0/24 maxlen: 24
                          102.211.173.0/24 maxlen: 24
                          102.211.174.0/24 maxlen: 24
                          102.211.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36709ED/978FB7C6A97011EEB936A996775412E6/byK7yHoPCEoE5IiukfRuyIoPtrs.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36709ED/978FB7C6A97011EEB936A996775412E6/byK7yHoPCEoE5IiukfRuyIoPtrs.mft
                          rsync://rpki.afrinic.net/repository/afrinic/byK7yHoPCEoE5IiukfRuyIoPtrs.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4 (0x4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36709EDAF/serialNumber=6F22BBC87A0F084A04E488AE91F46EC88A0FB6BB
        Validity
            Not Before: Jan  2 13:38:45 2024 GMT
            Not After : Jan  1 13:38:45 2026 GMT
        Subject: CN=659411e8-d125
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:1c:8c:80:70:8b:fb:2f:33:aa:29:3f:10:e2:
                    1b:5e:c1:4a:1e:64:25:fd:a2:f7:da:7d:a7:ca:50:
                    2c:ee:f9:ab:b3:af:51:81:d4:f4:68:d1:55:9f:74:
                    db:95:f9:4b:88:2a:a3:06:c9:4b:4a:c0:7c:ff:5f:
                    0e:76:49:1f:8a:de:30:e7:84:0e:60:b1:e8:bc:8d:
                    77:ff:0e:91:3f:30:33:1c:0a:df:97:47:3d:ab:de:
                    ba:5f:ad:3b:03:a1:6e:59:b9:e7:4f:d4:fd:8c:c1:
                    b3:be:60:ad:35:a1:5b:b3:6f:f1:70:60:f8:a9:09:
                    ea:5a:42:08:97:68:59:b3:f6:cd:46:12:ca:a3:f3:
                    fb:fc:5a:1a:e0:98:99:db:c9:8b:21:c9:8e:9b:fd:
                    30:d8:d0:60:98:1f:45:6c:53:aa:21:89:16:e4:87:
                    a7:1d:90:25:bc:60:19:d7:94:84:04:fc:96:ee:76:
                    49:fa:b4:e0:d7:8b:77:4e:b2:ec:f3:62:6d:06:07:
                    76:ea:dc:69:e2:22:23:cc:7c:f2:26:d1:6b:65:75:
                    db:36:ec:db:de:bd:4f:e4:c6:e0:fc:6e:0e:55:f6:
                    34:ea:a5:c6:6f:61:7d:03:b9:4c:1a:d0:c3:b5:a4:
                    f5:4f:40:88:3f:2d:27:f2:29:6b:48:c6:38:0a:32:
                    4f:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:40:A4:27:DB:B5:62:CF:B6:6B:C0:B1:E5:34:37:12:E1:66:89:A7
            X509v3 Authority Key Identifier:
                keyid:6F:22:BB:C8:7A:0F:08:4A:04:E4:88:AE:91:F4:6E:C8:8A:0F:B6:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36709ED/978FB7C6A97011EEB936A996775412E6/byK7yHoPCEoE5IiukfRuyIoPtrs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/byK7yHoPCEoE5IiukfRuyIoPtrs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36709ED/978FB7C6A97011EEB936A996775412E6/41F9AFDEA97411EEB0AFAB9C775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.211.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:d4:15:c3:fa:7e:67:3c:e0:b5:c5:d1:91:81:c9:43:94:0c:
         01:53:01:c1:5f:1e:cb:48:c1:b0:ea:b4:c5:f4:37:f3:5f:b3:
         47:a6:89:b4:e1:43:82:4d:a7:1f:6a:b9:9f:05:d5:f2:4c:1f:
         37:ac:36:53:4e:e2:6a:08:25:6e:92:b8:23:c7:17:68:ea:67:
         c8:a5:00:16:99:81:aa:3a:c6:4d:43:4e:ec:34:54:32:54:1a:
         4a:d7:2c:a0:16:0a:1d:dc:08:8c:f9:49:3e:1e:51:ca:f2:8a:
         ad:84:18:6c:f3:40:a1:ba:51:c7:f8:58:39:71:bb:df:37:1d:
         5f:76:b2:9e:85:89:a6:ef:b0:18:b1:76:33:88:c2:78:c0:e4:
         87:51:85:d2:6a:73:a7:bd:31:22:0e:da:f6:35:fd:98:8f:29:
         93:c6:f4:ce:5b:59:e0:00:61:7f:93:03:58:f0:7f:98:2f:35:
         7f:4f:f8:b7:42:05:d2:8f:bc:0b:f7:f7:5c:fe:88:f5:47:c8:
         ac:8b:1d:85:06:2e:6a:8c:c1:c2:74:a2:67:6a:38:76:66:c7:
         6d:84:ad:e4:93:05:90:21:8e:63:53:65:65:02:7f:4b:5d:9a:
         a3:da:ce:e8:f0:a8:26:6a:e2:04:4d:10:8e:72:49:0c:24:44:
         78:b6:47:79
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzY3
MDlFREFGMTEwLwYDVQQFEyg2RjIyQkJDODdBMEYwODRBMDRFNDg4QUU5MUY0NkVD
ODhBMEZCNkJCMB4XDTI0MDEwMjEzMzg0NVoXDTI2MDEwMTEzMzg0NVowGDEWMBQG
A1UEAxMNNjU5NDExZTgtZDEyNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALccjIBwi/svM6opPxDiG17BSh5kJf2i99p9p8pQLO75q7OvUYHU9GjRVZ90
25X5S4gqowbJS0rAfP9fDnZJH4reMOeEDmCx6LyNd/8OkT8wMxwK35dHPaveul+t
OwOhblm550/U/YzBs75grTWhW7Nv8XBg+KkJ6lpCCJdoWbP2zUYSyqPz+/xaGuCY
mdvJiyHJjpv9MNjQYJgfRWxTqiGJFuSHpx2QJbxgGdeUhAT8lu52Sfq04NeLd06y
7PNibQYHdurcaeIiI8x88ibRa2V12zbs2969T+TG4PxuDlX2NOqlxm9hfQO5TBrQ
w7Wk9U9AiD8tJ/Ipa0jGOAoyT3kCAwEAAaOCAqUwggKhMB0GA1UdDgQWBBTpQKQn
27Viz7ZrwLHlNDcS4WaJpzAfBgNVHSMEGDAWgBRvIrvIeg8ISgTkiK6R9G7Iig+2
uzAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2NzA5RUQvOTc4RkI3QzZBOTcwMTFFRUI5MzZBOTk2Nzc1NDEyRTYvYnlLN3lI
b1BDRW9FNUlpdWtmUnV5SW9QdHJzLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvYnlLN3lIb1BDRW9FNUlpdWtmUnV5SW9QdHJzLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2NzA5RUQvOTc4RkI3QzZBOTcwMTFFRUI5MzZBOTk2Nzc1
NDEyRTYvNDFGOUFGREVBOTc0MTFFRUIwQUZBQjlDNzc1NDEyRTYucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAmbTrDANBgkqhkiG9w0BAQsF
AAOCAQEAf9QVw/p+ZzzgtcXRkYHJQ5QMAVMBwV8ey0jBsOq0xfQ381+zR6aJtOFD
gk2nH2q5nwXV8kwfN6w2U07iagglbpK4I8cXaOpnyKUAFpmBqjrGTUNO7DRUMlQa
StcsoBYKHdwIjPlJPh5RyvKKrYQYbPNAobpRx/hYOXG73zcdX3aynoWJpu+wGLF2
M4jCeMDkh1GF0mpzp70xIg7a9jX9mI8pk8b0zltZ4ABhf5MDWPB/mC81f0/4t0IF
0o+8C/f3XP6I9UfIrIsdhQYuaozBwnSiZ2o4dmbHbYSt5JMFkCGOY1NlZQJ/S12a
o9rO6PCoJmriBE0QjnJJDCREeLZHeQ==
-----END CERTIFICATE-----
Generated at Fri Nov 22 03:52:56 2024 by rpki-client on console-fra.rpki-client.org