Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36723E1/7E3FA3F0FA1911EDBE8EE4254AD9E6FC/BFFF93DCB91C11EEADB54E9A775412E6.roa
File:                     BFFF93DCB91C11EEADB54E9A775412E6.roa (raw, json)
Hash identifier:          sdzYfCyDwg/PUEGK3tXmINjr+Wb452fyHwxFLwrRQCs=
Subject key identifier:   95:69:F0:05:42:2B:83:70:5A:22:0C:C5:1C:AA:58:31:D7:C4:E5:AD
Certificate issuer:       /CN=F36723E1AF/serialNumber=D110DA322F9985CFBEC28CA9CE8520444866BA37
Certificate serial:       010D
Authority key identifier: D1:10:DA:32:2F:99:85:CF:BE:C2:8C:A9:CE:85:20:44:48:66:BA:37
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/0RDaMi-Zhc--woypzoUgREhmujc.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36723E1/7E3FA3F0FA1911EDBE8EE4254AD9E6FC/BFFF93DCB91C11EEADB54E9A775412E6.roa
Signing time:             Mon 22 Jan 2024 11:52:43 +0000
ROA not before:           Mon 22 Jan 2024 11:52:39 +0000
ROA not after:            Wed 31 Dec 2025 11:52:39 +0000
asID:                     327765
IP address blocks:        41.211.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36723E1/7E3FA3F0FA1911EDBE8EE4254AD9E6FC/0RDaMi-Zhc--woypzoUgREhmujc.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36723E1/7E3FA3F0FA1911EDBE8EE4254AD9E6FC/0RDaMi-Zhc--woypzoUgREhmujc.mft
                          rsync://rpki.afrinic.net/repository/afrinic/0RDaMi-Zhc--woypzoUgREhmujc.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Tue 18 Jun 2024 00:04:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 269 (0x10d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36723E1AF/serialNumber=D110DA322F9985CFBEC28CA9CE8520444866BA37
        Validity
            Not Before: Jan 22 11:52:39 2024 GMT
            Not After : Dec 31 11:52:39 2025 GMT
        Subject: CN=65ae570b-4f33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:2c:31:76:08:f2:a6:38:01:2d:b4:1b:aa:49:
                    14:51:f1:07:d8:b2:37:12:8a:5c:ab:b0:e1:db:f8:
                    16:71:c7:5d:a1:f6:45:9e:bb:fb:cd:91:61:b8:81:
                    d6:8d:73:5c:43:7c:8a:54:2d:e4:b2:0e:f8:8d:9e:
                    6f:44:6a:d2:87:cf:4b:e0:69:a9:0e:28:00:00:65:
                    87:0a:f0:67:05:c4:c0:21:bc:04:10:1e:de:c0:a0:
                    82:fd:d9:c1:91:a3:b6:08:9b:f4:e8:09:9f:f9:6f:
                    55:8b:23:15:a0:53:a8:73:ac:34:df:ec:84:f5:f3:
                    20:1c:e3:7b:f6:1d:f6:9d:16:a5:ae:a6:94:0d:d7:
                    8c:f1:cd:93:4f:62:df:54:ad:31:4f:a3:e9:59:bc:
                    a9:63:af:ac:e9:2a:d5:18:94:a0:ac:5d:0a:f7:94:
                    94:05:03:71:e7:2b:e0:35:d8:2f:a3:fe:d7:17:73:
                    22:f0:f9:ba:ef:83:89:30:9b:e1:f6:73:35:dc:d9:
                    52:a7:c2:43:8d:c5:5f:03:04:32:77:b4:b0:41:9a:
                    ae:cc:4d:bc:ac:a3:d7:3f:96:07:f8:d7:26:e7:53:
                    2a:9b:15:62:23:13:d5:13:07:d6:54:c0:57:f7:3a:
                    ef:f4:16:69:d4:5f:34:5a:5e:97:a5:97:de:04:02:
                    67:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:69:F0:05:42:2B:83:70:5A:22:0C:C5:1C:AA:58:31:D7:C4:E5:AD
            X509v3 Authority Key Identifier:
                keyid:D1:10:DA:32:2F:99:85:CF:BE:C2:8C:A9:CE:85:20:44:48:66:BA:37

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36723E1/7E3FA3F0FA1911EDBE8EE4254AD9E6FC/0RDaMi-Zhc--woypzoUgREhmujc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/0RDaMi-Zhc--woypzoUgREhmujc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36723E1/7E3FA3F0FA1911EDBE8EE4254AD9E6FC/BFFF93DCB91C11EEADB54E9A775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  41.211.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:c2:6b:b1:45:42:d3:7b:fe:59:b6:a7:da:7e:0f:23:ef:3f:
         92:99:18:38:fe:fd:c9:e0:2b:ac:4d:68:ec:12:c7:8f:68:e9:
         4a:d1:bd:7b:c5:1d:6a:61:f5:ba:47:ad:1c:22:7a:80:25:06:
         e1:92:81:e2:9e:29:3b:ea:d5:d3:ae:ae:8d:34:40:8c:d7:3c:
         77:5f:9d:ca:79:6e:b9:74:2d:a4:a2:81:3f:05:6f:3b:34:7d:
         b5:3b:0d:30:94:85:49:da:46:0d:5c:53:2a:bf:90:f0:cf:d1:
         ae:1b:8f:fc:ca:01:da:6d:8b:66:36:5c:35:72:af:bf:2b:da:
         b3:71:17:04:ed:9e:6f:b3:e0:fe:f5:01:1c:c7:1a:10:5e:7a:
         70:f9:fc:fd:73:88:6a:35:69:08:b7:c3:98:7b:77:68:82:85:
         50:96:3b:4b:67:05:50:4e:66:8d:b7:0f:59:90:4a:d4:79:b7:
         fb:7e:ec:d6:7f:af:8c:67:86:90:07:25:11:a8:ff:37:39:ae:
         87:e3:6d:4a:0a:94:dc:38:18:77:e7:c1:64:af:2a:ee:b1:ab:
         3a:cb:25:f3:97:18:51:30:e8:3d:10:35:53:14:67:6b:b7:69:
         5d:e2:a3:50:2c:29:2b:20:19:a9:c2:0a:c0:6b:05:e8:0f:37:
         e7:d5:ab:9d
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICAQ0wDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
NzIzRTFBRjExMC8GA1UEBRMoRDExMERBMzIyRjk5ODVDRkJFQzI4Q0E5Q0U4NTIw
NDQ0ODY2QkEzNzAeFw0yNDAxMjIxMTUyMzlaFw0yNTEyMzExMTUyMzlaMBgxFjAU
BgNVBAMTDTY1YWU1NzBiLTRmMzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDLLDF2CPKmOAEttBuqSRRR8QfYsjcSilyrsOHb+BZxx12h9kWeu/vNkWG4
gdaNc1xDfIpULeSyDviNnm9EatKHz0vgaakOKAAAZYcK8GcFxMAhvAQQHt7AoIL9
2cGRo7YIm/ToCZ/5b1WLIxWgU6hzrDTf7IT18yAc43v2HfadFqWuppQN14zxzZNP
Yt9UrTFPo+lZvKljr6zpKtUYlKCsXQr3lJQFA3HnK+A12C+j/tcXcyLw+brvg4kw
m+H2czXc2VKnwkONxV8DBDJ3tLBBmq7MTbyso9c/lgf41ybnUyqbFWIjE9UTB9ZU
wFf3Ou/0FmnUXzRaXpell94EAmcJAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQUlWnw
BUIrg3BaIgzFHKpYMdfE5a0wHwYDVR0jBBgwFoAU0RDaMi+Zhc++woypzoUgREhm
ujcwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjcyM0UxLzdFM0ZBM0YwRkExOTExRURCRThFRTQyNTRBRDlFNkZDLzBSRGFN
aS1aaGMtLXdveXB6b1VnUkVobXVqYy5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljLzBSRGFNaS1aaGMtLXdveXB6b1VnUkVobXVqYy5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjcyM0UxLzdFM0ZBM0YwRkExOTExRURCRThFRTQyNTRB
RDlFNkZDL0JGRkY5M0RDQjkxQzExRUVBREI1NEU5QTc3NTQxMkU2LnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAp0ycwDQYJKoZIhvcNAQEL
BQADggEBACLCa7FFQtN7/lm2p9p+DyPvP5KZGDj+/cngK6xNaOwSx49o6UrRvXvF
HWph9bpHrRwieoAlBuGSgeKeKTvq1dOuro00QIzXPHdfncp5brl0LaSigT8Fbzs0
fbU7DTCUhUnaRg1cUyq/kPDP0a4bj/zKAdpti2Y2XDVyr78r2rNxFwTtnm+z4P71
ARzHGhBeenD5/P1ziGo1aQi3w5h7d2iChVCWO0tnBVBOZo23D1mQStR5t/t+7NZ/
r4xnhpAHJRGo/zc5rofjbUoKlNw4GHfnwWSvKu6xqzrLJfOXGFEw6D0QNVMUZ2u3
aV3io1AsKSsgGanCCsBrBegPN+fVq50=
-----END CERTIFICATE-----
Generated at Sun Jun 16 02:45:08 2024 by rpki-client on console-fra.rpki-client.org