Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3676EF0/6E8128646AAA11EF9DAC8CA5762E951A/20A5B5426AAF11EF9EC3AA42762E951A.roa
File:                     20A5B5426AAF11EF9EC3AA42762E951A.roa (raw, json)
Hash identifier:          0P+WY7UOiMY+YcWMWFMkGPCy9cUGpM29pOZMdtFlc64=
Subject key identifier:   F6:F3:BC:BD:62:9E:A7:E9:2C:F9:41:D7:E0:D5:63:D4:3B:03:FA:4E
Certificate issuer:       /CN=F3676EF0AF/serialNumber=EFD2C3DE3AE8C4CE9E7B93C9F7D45BA92EB14E8C
Certificate serial:       02
Authority key identifier: EF:D2:C3:DE:3A:E8:C4:CE:9E:7B:93:C9:F7:D4:5B:A9:2E:B1:4E:8C
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/79LD3jroxM6ee5PJ99RbqS6xTow.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3676EF0/6E8128646AAA11EF9DAC8CA5762E951A/20A5B5426AAF11EF9EC3AA42762E951A.roa
Signing time:             Wed 04 Sep 2024 11:16:27 +0000
ROA not before:           Wed 04 Sep 2024 11:16:23 +0000
ROA not after:            Mon 31 Mar 2025 11:16:23 +0000
asID:                     37542
IP address blocks:        102.222.128.0/22 maxlen: 24
                          102.223.132.0/22 maxlen: 24
                          197.255.240.0/22 maxlen: 24
                          2c0f:fbd8::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3676EF0/6E8128646AAA11EF9DAC8CA5762E951A/79LD3jroxM6ee5PJ99RbqS6xTow.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3676EF0/6E8128646AAA11EF9DAC8CA5762E951A/79LD3jroxM6ee5PJ99RbqS6xTow.mft
                          rsync://rpki.afrinic.net/repository/afrinic/79LD3jroxM6ee5PJ99RbqS6xTow.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3676EF0AF/serialNumber=EFD2C3DE3AE8C4CE9E7B93C9F7D45BA92EB14E8C
        Validity
            Not Before: Sep  4 11:16:23 2024 GMT
            Not After : Mar 31 11:16:23 2025 GMT
        Subject: CN=66d8418b-c9e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:5b:a7:1f:c9:c1:dc:a1:b3:99:3e:23:69:de:
                    40:55:fc:e6:b2:ee:9b:36:0e:e0:60:0e:2d:a3:a7:
                    84:dd:58:2e:06:6b:cd:dd:63:46:00:42:db:8c:55:
                    cb:cf:d8:2d:87:2e:2e:a2:f2:42:c0:aa:b4:ca:84:
                    d3:eb:27:3a:8c:1b:28:26:05:fb:1d:cb:aa:54:39:
                    3e:08:f8:16:60:f2:35:9a:bb:96:1b:40:a6:3b:98:
                    d0:69:27:aa:4a:52:6c:a6:8f:cb:fd:53:1e:56:4f:
                    b4:5b:30:16:6e:96:70:13:ae:fd:ed:d5:30:cb:09:
                    c4:91:ee:ac:aa:87:2e:72:df:8b:ed:95:93:18:ca:
                    70:6e:ca:cd:65:74:ef:1d:22:ba:06:1a:f9:ab:6a:
                    a4:c9:a1:ea:f9:c3:25:8e:7c:8e:5a:09:41:df:ff:
                    9d:ee:06:4f:b5:9a:eb:3e:a2:c1:50:aa:3b:88:40:
                    56:b4:61:00:df:b4:fe:f6:40:a8:28:62:7b:e6:cc:
                    97:3a:7e:92:ae:97:92:63:41:25:a8:ef:70:6c:2a:
                    3a:8e:bc:5e:89:ca:02:65:60:16:0d:cb:d9:84:c7:
                    ec:07:81:2c:ed:cd:2e:77:8e:25:58:90:93:bc:05:
                    4b:4b:bc:40:1c:59:e9:65:0e:de:60:96:7a:39:cf:
                    a5:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:F3:BC:BD:62:9E:A7:E9:2C:F9:41:D7:E0:D5:63:D4:3B:03:FA:4E
            X509v3 Authority Key Identifier:
                keyid:EF:D2:C3:DE:3A:E8:C4:CE:9E:7B:93:C9:F7:D4:5B:A9:2E:B1:4E:8C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3676EF0/6E8128646AAA11EF9DAC8CA5762E951A/79LD3jroxM6ee5PJ99RbqS6xTow.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/79LD3jroxM6ee5PJ99RbqS6xTow.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3676EF0/6E8128646AAA11EF9DAC8CA5762E951A/20A5B5426AAF11EF9EC3AA42762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.222.128.0/22
                  102.223.132.0/22
                  197.255.240.0/22
                IPv6:
                  2c0f:fbd8::/32

    Signature Algorithm: sha256WithRSAEncryption
         b3:cc:33:ce:bf:02:18:24:40:ba:4d:2c:1d:68:db:b3:8c:8e:
         30:95:bf:39:c6:28:65:58:9c:0b:dc:f7:ef:25:54:86:69:2f:
         1e:a2:e1:e4:90:23:e2:bc:55:96:f1:dc:72:b2:97:96:59:8a:
         5a:8a:6b:1f:dd:4f:29:23:7b:fc:f5:3c:14:33:2e:5e:27:78:
         d7:97:cc:f7:ac:65:da:f7:6c:a8:6d:33:e0:c0:a0:90:37:71:
         2b:7f:87:28:50:82:05:80:14:31:46:a2:e9:f4:62:21:2c:2f:
         91:3f:3e:09:11:b8:47:97:c7:1a:a7:e7:f0:1f:c7:99:ee:8a:
         50:b5:f8:ab:64:e0:8c:f4:2b:43:22:af:88:1e:0b:77:62:c6:
         05:d7:80:1c:4a:08:57:14:d4:49:5b:dd:bc:cd:c5:bd:06:44:
         d2:5c:8b:11:ac:5d:16:7f:12:5d:2e:3e:38:ae:5f:63:fc:9e:
         6b:4c:d4:f5:25:cd:0d:e0:ae:23:1a:c0:57:fd:73:35:10:c3:
         d3:32:01:05:5e:e0:01:5d:f5:01:70:f2:28:bb:9d:7f:a0:de:
         1b:2a:84:1a:3a:73:c4:40:8e:3b:21:4a:88:88:89:b5:21:52:
         e6:6e:e0:fd:7d:5b:c9:24:41:81:f4:14:ea:3e:6a:c5:53:c4:
         9a:e1:3a:14
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzY3
NkVGMEFGMTEwLwYDVQQFEyhFRkQyQzNERTNBRThDNENFOUU3QjkzQzlGN0Q0NUJB
OTJFQjE0RThDMB4XDTI0MDkwNDExMTYyM1oXDTI1MDMzMTExMTYyM1owGDEWMBQG
A1UEAxMNNjZkODQxOGItYzllMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANpbpx/Jwdyhs5k+I2neQFX85rLumzYO4GAOLaOnhN1YLgZrzd1jRgBC24xV
y8/YLYcuLqLyQsCqtMqE0+snOowbKCYF+x3LqlQ5Pgj4FmDyNZq7lhtApjuY0Gkn
qkpSbKaPy/1THlZPtFswFm6WcBOu/e3VMMsJxJHurKqHLnLfi+2VkxjKcG7KzWV0
7x0iugYa+atqpMmh6vnDJY58jloJQd//ne4GT7Wa6z6iwVCqO4hAVrRhAN+0/vZA
qChie+bMlzp+kq6XkmNBJajvcGwqOo68XonKAmVgFg3L2YTH7AeBLO3NLneOJViQ
k7wFS0u8QBxZ6WUO3mCWejnPpb8CAwEAAaOCAsAwggK8MB0GA1UdDgQWBBT287y9
Yp6n6Sz5Qdfg1WPUOwP6TjAfBgNVHSMEGDAWgBTv0sPeOujEzp57k8n31FupLrFO
jDAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2NzZFRjAvNkU4MTI4NjQ2QUFBMTFFRjlEQUM4Q0E1NzYyRTk1MUEvNzlMRDNq
cm94TTZlZTVQSjk5UmJxUzZ4VG93LmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvNzlMRDNqcm94TTZlZTVQSjk5UmJxUzZ4VG93LmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2NzZFRjAvNkU4MTI4NjQ2QUFBMTFFRjlEQUM4Q0E1NzYy
RTk1MUEvMjBBNUI1NDI2QUFGMTFFRjlFQzNBQTQyNzYyRTk1MUEucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDA6BggrBgEFBQcBBwEB/wQrMCkwGAQCAAEwEgMEAmbegAMEAmbfhAMEAsX/8DAN
BAIAAjAHAwUALA/72DANBgkqhkiG9w0BAQsFAAOCAQEAs8wzzr8CGCRAuk0sHWjb
s4yOMJW/OcYoZVicC9z37yVUhmkvHqLh5JAj4rxVlvHccrKXllmKWoprH91PKSN7
/PU8FDMuXid415fM96xl2vdsqG0z4MCgkDdxK3+HKFCCBYAUMUai6fRiISwvkT8+
CRG4R5fHGqfn8B/Hme6KULX4q2TgjPQrQyKviB4Ld2LGBdeAHEoIVxTUSVvdvM3F
vQZE0lyLEaxdFn8SXS4+OK5fY/yea0zU9SXNDeCuIxrAV/1zNRDD0zIBBV7gAV31
AXDyKLudf6DeGyqEGjpzxECOOyFKiIiJtSFS5m7g/X1bySRBgfQU6j5qxVPEmuE6
FA==
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:03:44 2024 by rpki-client on console-ams.rpki-client.org