Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3675292/264D17FEBDDC11EEB41E414D775412E6/8F2451D0BE9E11EEBA8196AA775412E6.roa
File:                     8F2451D0BE9E11EEBA8196AA775412E6.roa (raw, json)
Hash identifier:          4AAd/b+kE9JKp63Wlhwua7XjTGFImGjuMiypLHiKkR8=
Subject key identifier:   B1:34:8A:3D:1D:B0:1F:F3:03:83:74:9F:CB:61:F4:DB:CA:84:94:F7
Certificate issuer:       /CN=F3675292AF/serialNumber=8579BC27E73D7B29108EBFF397FB6CFD5C6B0247
Certificate serial:       05
Authority key identifier: 85:79:BC:27:E7:3D:7B:29:10:8E:BF:F3:97:FB:6C:FD:5C:6B:02:47
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/hXm8J-c9eykQjr_zl_ts_VxrAkc.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3675292/264D17FEBDDC11EEB41E414D775412E6/8F2451D0BE9E11EEBA8196AA775412E6.roa
Signing time:             Mon 29 Jan 2024 12:04:31 +0000
ROA not before:           Mon 29 Jan 2024 12:04:28 +0000
ROA not after:            Thu 29 Jan 2026 12:04:28 +0000
asID:                     21003
IP address blocks:        102.215.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3675292/264D17FEBDDC11EEB41E414D775412E6/hXm8J-c9eykQjr_zl_ts_VxrAkc.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3675292/264D17FEBDDC11EEB41E414D775412E6/hXm8J-c9eykQjr_zl_ts_VxrAkc.mft
                          rsync://rpki.afrinic.net/repository/afrinic/hXm8J-c9eykQjr_zl_ts_VxrAkc.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5 (0x5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3675292AF/serialNumber=8579BC27E73D7B29108EBFF397FB6CFD5C6B0247
        Validity
            Not Before: Jan 29 12:04:28 2024 GMT
            Not After : Jan 29 12:04:28 2026 GMT
        Subject: CN=65b7944f-1076
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:89:2b:6f:66:47:14:61:7d:87:b6:56:54:7a:
                    87:7c:d2:dd:e2:c1:a8:da:ed:de:a6:92:a2:17:b4:
                    c8:c5:f4:17:5c:e7:4a:f4:89:7c:15:19:00:9b:1c:
                    21:d8:b6:cf:c5:94:2e:c7:a9:0b:4a:5c:b6:cb:08:
                    bf:d8:df:71:4d:06:08:c5:14:43:e8:7e:10:ac:75:
                    bf:60:1e:32:fb:be:8e:b1:32:00:62:f7:70:45:b1:
                    11:54:7a:5a:04:4b:48:36:c4:0e:7e:56:17:41:4a:
                    c7:ed:9a:da:53:59:77:dc:c2:b1:81:52:74:74:49:
                    c7:7f:f9:0d:cb:20:7a:f5:72:62:4b:0f:d3:7f:b8:
                    de:50:d1:a4:eb:b2:d0:06:43:00:c7:b9:c6:33:a0:
                    0c:a1:79:e5:95:7a:a8:c2:65:7a:24:11:fe:3a:3c:
                    9f:08:2d:69:cc:30:c4:e9:61:1c:65:4d:ca:97:7f:
                    e8:ee:b9:0a:64:4e:6a:53:23:e2:35:e2:a5:f8:3a:
                    a4:d6:93:ad:fc:02:b5:d6:f1:34:8c:b5:76:26:23:
                    b3:f4:3c:03:d2:4c:ee:a0:a6:fd:ee:78:2e:c6:e1:
                    4e:12:38:77:9c:47:69:d6:0d:c8:7d:53:53:50:18:
                    dd:b8:7c:93:e6:34:b2:86:17:55:36:ed:ff:d6:80:
                    1a:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:34:8A:3D:1D:B0:1F:F3:03:83:74:9F:CB:61:F4:DB:CA:84:94:F7
            X509v3 Authority Key Identifier:
                keyid:85:79:BC:27:E7:3D:7B:29:10:8E:BF:F3:97:FB:6C:FD:5C:6B:02:47

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3675292/264D17FEBDDC11EEB41E414D775412E6/hXm8J-c9eykQjr_zl_ts_VxrAkc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/hXm8J-c9eykQjr_zl_ts_VxrAkc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3675292/264D17FEBDDC11EEB41E414D775412E6/8F2451D0BE9E11EEBA8196AA775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.215.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:90:44:ad:8a:43:d3:72:8f:ad:c6:e7:1f:02:55:bd:5e:df:
         84:e4:d7:6e:7e:a9:c9:eb:35:f2:80:92:54:5c:36:86:bf:60:
         8a:87:65:a6:22:ff:db:c9:d3:dd:a2:1b:13:62:0b:47:2c:19:
         21:b9:cb:72:5f:f1:d5:64:db:a0:28:e8:52:2a:5d:3c:5a:c5:
         1d:82:62:61:25:c9:e5:07:f5:1c:4c:48:fd:60:e0:41:c5:17:
         11:cd:11:80:f5:c9:ab:a6:6b:1d:02:18:92:bf:bd:98:8b:5c:
         e5:92:ab:31:00:d2:de:0f:c4:af:29:e5:44:17:fc:06:90:b1:
         d5:d6:32:ed:93:95:a6:0a:16:80:8b:88:be:24:92:bd:05:c4:
         8b:98:2e:4f:9f:4c:8d:8c:5b:c6:ea:69:b1:ba:9e:5a:3b:c3:
         9c:35:a8:8c:ed:57:57:55:ef:e6:a4:1d:f7:60:7c:16:da:60:
         f6:3e:88:2c:04:c2:9c:3f:bf:ea:7d:73:a7:72:44:7a:cb:ae:
         c4:0c:0f:13:c4:3c:8b:4e:08:76:23:55:ea:c2:25:6b:df:9d:
         72:02:c7:d4:e2:be:9e:8d:be:6c:d1:e9:f8:20:cd:ae:f5:d7:
         cb:18:91:5d:56:89:f0:a5:f2:c0:c5:18:6d:32:40:f8:34:ae:
         f4:aa:f8:b4
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzY3
NTI5MkFGMTEwLwYDVQQFEyg4NTc5QkMyN0U3M0Q3QjI5MTA4RUJGRjM5N0ZCNkNG
RDVDNkIwMjQ3MB4XDTI0MDEyOTEyMDQyOFoXDTI2MDEyOTEyMDQyOFowGDEWMBQG
A1UEAxMNNjViNzk0NGYtMTA3NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPWJK29mRxRhfYe2VlR6h3zS3eLBqNrt3qaSohe0yMX0F1znSvSJfBUZAJsc
Idi2z8WULsepC0pctssIv9jfcU0GCMUUQ+h+EKx1v2AeMvu+jrEyAGL3cEWxEVR6
WgRLSDbEDn5WF0FKx+2a2lNZd9zCsYFSdHRJx3/5DcsgevVyYksP03+43lDRpOuy
0AZDAMe5xjOgDKF55ZV6qMJleiQR/jo8nwgtacwwxOlhHGVNypd/6O65CmROalMj
4jXipfg6pNaTrfwCtdbxNIy1diYjs/Q8A9JM7qCm/e54LsbhThI4d5xHadYNyH1T
U1AY3bh8k+Y0soYXVTbt/9aAGgUCAwEAAaOCAqUwggKhMB0GA1UdDgQWBBSxNIo9
HbAf8wODdJ/LYfTbyoSU9zAfBgNVHSMEGDAWgBSFebwn5z17KRCOv/OX+2z9XGsC
RzAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2NzUyOTIvMjY0RDE3RkVCRERDMTFFRUI0MUU0MTRENzc1NDEyRTYvaFhtOEot
YzlleWtRanJfemxfdHNfVnhyQWtjLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvaFhtOEotYzlleWtRanJfemxfdHNfVnhyQWtjLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2NzUyOTIvMjY0RDE3RkVCRERDMTFFRUI0MUU0MTRENzc1
NDEyRTYvOEYyNDUxRDBCRTlFMTFFRUJBODE5NkFBNzc1NDEyRTYucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAGbXxTANBgkqhkiG9w0BAQsF
AAOCAQEAGpBErYpD03KPrcbnHwJVvV7fhOTXbn6pyes18oCSVFw2hr9giodlpiL/
28nT3aIbE2ILRywZIbnLcl/x1WTboCjoUipdPFrFHYJiYSXJ5Qf1HExI/WDgQcUX
Ec0RgPXJq6ZrHQIYkr+9mItc5ZKrMQDS3g/ErynlRBf8BpCx1dYy7ZOVpgoWgIuI
viSSvQXEi5guT59MjYxbxuppsbqeWjvDnDWojO1XV1Xv5qQd92B8Ftpg9j6ILATC
nD+/6n1zp3JEesuuxAwPE8Q8i04IdiNV6sIla9+dcgLH1OK+no2+bNHp+CDNrvXX
yxiRXVaJ8KXywMUYbTJA+DSu9Kr4tA==
-----END CERTIFICATE-----
Generated at Fri Nov 22 03:52:56 2024 by rpki-client on console-fra.rpki-client.org