Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/2E35FA58551E11ED8AF09E80F1222468.roa
File:                     2E35FA58551E11ED8AF09E80F1222468.roa (raw, json)
Hash identifier:          AruVcOnt+eEInOP8my93JRYGCmgLdoN4SSF4PTrluD8=
Subject key identifier:   2A:77:A8:0E:BB:A3:F8:EF:39:1C:3C:97:B4:67:F6:FA:39:8F:9C:D8
Certificate issuer:       /CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
Certificate serial:       0A49
Authority key identifier: 09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/2E35FA58551E11ED8AF09E80F1222468.roa
Signing time:             Wed 26 Oct 2022 11:06:03 +0000
ROA not before:           Wed 26 Oct 2022 11:05:58 +0000
ROA not after:            Sun 27 Oct 2024 11:05:58 +0000
asID:                     212238
IP address blocks:        154.16.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.mft
                          rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 31 Mar 2024 00:04:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2633 (0xa49)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
        Validity
            Not Before: Oct 26 11:05:58 2022 GMT
            Not After : Oct 27 11:05:58 2024 GMT
        Subject: CN=6359149b-38b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:39:94:a5:ee:ac:7d:b6:03:fc:ba:ba:2e:91:
                    e9:95:2f:de:cb:94:2b:c5:c4:20:a7:5e:5e:5b:3f:
                    af:4a:eb:48:e2:57:12:c6:dc:ee:63:bd:02:c1:36:
                    1e:6a:3b:44:4a:0e:12:02:72:38:c4:88:06:64:12:
                    c6:d0:d3:ce:a1:c8:6b:41:3b:3e:4d:1a:6d:10:b8:
                    85:c1:a0:6e:1d:62:37:c6:e1:f6:19:db:be:eb:33:
                    4e:c2:21:48:a5:dc:1d:14:9d:fa:df:b9:08:84:bb:
                    1f:ae:8f:b4:b5:3b:2b:25:f7:fe:4e:23:0a:c3:d0:
                    c0:ff:6b:eb:4d:cd:75:5a:88:7f:26:d3:9b:d1:ba:
                    68:5c:c2:01:4e:0f:e4:16:30:74:f9:89:c2:51:c9:
                    38:a8:89:f2:7f:c3:cc:6d:90:f7:28:42:c3:11:80:
                    f4:11:3d:f9:40:3b:f1:3c:c1:70:67:ef:cb:56:6e:
                    5f:b6:7b:d1:e5:a5:1f:3d:72:40:5b:80:7a:b9:3d:
                    6f:5f:9b:34:c0:93:39:86:52:d3:3d:ef:58:2c:94:
                    b7:d8:a5:ff:73:49:29:5d:c0:09:2a:22:4e:13:3f:
                    7d:70:40:d7:dc:f6:d9:34:da:92:38:45:4c:9f:03:
                    00:e9:3c:12:4a:e1:b5:44:e6:21:38:b3:c0:9c:5a:
                    19:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:77:A8:0E:BB:A3:F8:EF:39:1C:3C:97:B4:67:F6:FA:39:8F:9C:D8
            X509v3 Authority Key Identifier:
                keyid:09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/2E35FA58551E11ED8AF09E80F1222468.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.16.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:ac:e6:ac:bd:a4:24:23:dc:59:98:8b:1a:cb:25:97:ee:d0:
         3b:45:d8:56:34:5a:4e:3a:56:42:af:09:83:7d:27:89:93:b0:
         48:f5:52:1d:a2:89:59:b0:54:06:58:fd:a2:21:22:82:e4:15:
         ed:42:d0:85:25:c7:7f:d9:66:23:72:b6:de:d3:36:ac:fe:70:
         18:44:3c:87:f0:4b:70:60:b4:b1:9d:0e:04:6d:d8:33:a3:0a:
         b4:23:0c:09:85:8e:d6:7c:d1:cb:e7:39:84:01:0f:7b:9c:4b:
         85:7f:78:26:6e:4e:93:ba:c0:8f:96:61:51:62:be:fb:e0:d7:
         ff:b7:95:77:3c:ba:f3:5c:c5:ae:4c:c7:9f:4f:2f:b1:0b:48:
         7f:0c:4e:1c:8a:08:f4:a0:33:cf:ef:ec:a0:92:f7:53:dd:d9:
         23:7b:1e:30:11:da:d3:dd:05:4c:3f:45:c9:9e:75:fd:af:9b:
         06:a8:61:58:4f:68:83:62:80:aa:e3:56:cc:da:d8:70:fa:44:
         7c:14:ac:97:93:e4:1b:26:14:4d:63:4f:cb:b0:b7:3e:80:3b:
         ee:aa:9e:52:0d:57:e1:97:f9:f2:15:b6:6d:93:50:e2:b4:a4:
         48:5f:a9:7c:15:08:7d:f3:e8:89:35:21:38:b3:df:e3:88:a0:
         5d:96:05:15
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICCkkwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAwwKRjM2
ODJCNjVBRjExMC8GA1UEBRMoMDk0MEU2MzgyODMzMzZERTVDOEM1QTQwQTRDMjNC
MzRGM0Y5Q0E1MzAeFw0yMjEwMjYxMTA1NThaFw0yNDEwMjcxMTA1NThaMBgxFjAU
BgNVBAMMDTYzNTkxNDliLTM4YjAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDKOZSl7qx9tgP8uroukemVL97LlCvFxCCnXl5bP69K60jiVxLG3O5jvQLB
Nh5qO0RKDhICcjjEiAZkEsbQ086hyGtBOz5NGm0QuIXBoG4dYjfG4fYZ277rM07C
IUil3B0UnfrfuQiEux+uj7S1Oysl9/5OIwrD0MD/a+tNzXVaiH8m05vRumhcwgFO
D+QWMHT5icJRyTioifJ/w8xtkPcoQsMRgPQRPflAO/E8wXBn78tWbl+2e9HlpR89
ckBbgHq5PW9fmzTAkzmGUtM971gslLfYpf9zSSldwAkqIk4TP31wQNfc9tk02pI4
RUyfAwDpPBJK4bVE5iE4s8CcWhm/AgMBAAGjggKlMIICoTAdBgNVHQ4EFgQUKneo
Druj+O85HDyXtGf2+jmPnNgwHwYDVR0jBBgwFoAUCUDmOCgzNt5cjFpApMI7NPP5
ylMwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4QUVBMjI4L0NVRG1P
Q2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL0NVRG1PQ2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4
QUVBMjI4LzJFMzVGQTU4NTUxRTExRUQ4QUYwOUU4MEYxMjIyNDY4LnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACaEL0wDQYJKoZIhvcNAQEL
BQADggEBAJ+s5qy9pCQj3FmYixrLJZfu0DtF2FY0Wk46VkKvCYN9J4mTsEj1Uh2i
iVmwVAZY/aIhIoLkFe1C0IUlx3/ZZiNytt7TNqz+cBhEPIfwS3BgtLGdDgRt2DOj
CrQjDAmFjtZ80cvnOYQBD3ucS4V/eCZuTpO6wI+WYVFivvvg1/+3lXc8uvNcxa5M
x59PL7ELSH8MThyKCPSgM8/v7KCS91Pd2SN7HjAR2tPdBUw/Rcmedf2vmwaoYVhP
aINigKrjVsza2HD6RHwUrJeT5BsmFE1jT8uwtz6AO+6qnlINV+GX+fIVtm2TUOK0
pEhfqXwVCH3z6Ik1ITiz3+OIoF2WBRU=
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:18:49 2024 by rpki-client on console-ams.rpki-client.org