Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/3457C0C28B8411EEB8B434144AD9E6FC.roa
File:                     3457C0C28B8411EEB8B434144AD9E6FC.roa (raw, json)
Hash identifier:          y0izVYTWxrCYV6SRapzQRlN9PGfbXW0zpa4YwRIovu4=
Subject key identifier:   24:8C:8A:7B:C6:F5:88:AC:A8:8D:1F:8A:21:5D:E9:63:1B:E3:05:79
Certificate issuer:       /CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
Certificate serial:       1355
Authority key identifier: 09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/3457C0C28B8411EEB8B434144AD9E6FC.roa
Signing time:             Sat 25 Nov 2023 11:17:23 +0000
ROA not before:           Sat 25 Nov 2023 11:17:19 +0000
ROA not after:            Tue 25 Nov 2025 11:17:19 +0000
asID:                     212238
IP address blocks:        154.16.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.mft
                          rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sat 20 Jul 2024 00:05:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4949 (0x1355)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
        Validity
            Not Before: Nov 25 11:17:19 2023 GMT
            Not After : Nov 25 11:17:19 2025 GMT
        Subject: CN=6561d7c2-b6ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:f4:05:a6:bb:e3:cd:c5:5c:8e:eb:63:41:a3:
                    50:da:f6:40:bf:1e:a4:ff:9e:6f:b3:e4:7c:18:1b:
                    f2:e8:3a:a9:3a:cf:c0:27:bc:e0:39:b2:0a:f4:7d:
                    b1:bb:ea:04:0b:09:36:bd:24:23:cd:d8:c9:fb:f0:
                    65:1f:5a:ae:78:9a:50:31:bb:6b:b7:49:fa:63:41:
                    8e:38:87:f9:99:6f:e1:5f:64:76:a8:8e:7c:04:02:
                    32:0c:99:8e:d6:e6:4d:40:87:ca:02:38:b2:31:0b:
                    c4:82:fe:22:aa:ad:8b:a4:8b:b0:20:9c:a8:e7:2c:
                    77:45:15:10:e7:c0:b7:c7:a5:1e:42:f8:36:6b:85:
                    8c:e8:c6:de:d3:7d:34:2c:17:41:c9:e6:33:6f:04:
                    9b:48:f4:60:8b:47:69:2e:f9:63:98:7d:20:ac:58:
                    6e:13:67:9b:3a:04:f3:0b:92:03:1f:3e:48:24:12:
                    39:88:d7:fc:b9:1b:9c:7d:8e:c5:37:c2:0d:5a:3c:
                    9b:6e:39:79:8f:ab:ce:49:b5:75:74:b2:df:12:19:
                    aa:1b:2d:c6:f9:44:08:23:89:04:eb:4f:2a:49:10:
                    62:08:73:ec:73:72:e7:d2:e3:5f:98:6c:e6:95:39:
                    02:c7:58:e1:c7:41:15:91:3e:c1:5f:33:26:64:88:
                    54:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:8C:8A:7B:C6:F5:88:AC:A8:8D:1F:8A:21:5D:E9:63:1B:E3:05:79
            X509v3 Authority Key Identifier:
                keyid:09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/3457C0C28B8411EEB8B434144AD9E6FC.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.16.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:d4:eb:00:cd:2b:f0:86:cb:9b:87:4f:35:d5:ca:7c:ee:dd:
         f6:c6:94:84:df:f8:fb:ed:c2:99:13:07:7a:8d:69:e9:ee:ea:
         2d:b4:9a:79:28:6b:93:f2:4c:68:73:ea:a9:9a:04:8e:3c:2b:
         96:53:d2:18:fe:1b:b7:ae:51:3e:0c:65:96:30:79:6c:b6:d8:
         b0:a5:5f:a8:ed:58:91:57:0b:a5:cf:0c:57:b5:aa:3a:31:9a:
         81:b0:b2:a5:e0:fb:98:60:e1:c6:0a:d0:b1:2f:72:cc:20:4d:
         6f:9c:18:7e:70:13:b7:b6:83:e9:bc:a2:8d:35:85:21:3f:17:
         7f:18:4f:0e:d2:c1:90:f7:02:34:09:78:74:ba:24:04:0b:36:
         90:42:0d:2b:51:be:e4:be:74:f0:43:e9:54:35:d8:f9:71:8f:
         24:8f:4e:bc:b9:2f:42:b9:7e:af:af:28:e9:00:b7:df:9f:7e:
         ba:19:a9:80:cb:83:84:85:da:1f:08:b0:03:3b:09:9c:87:ac:
         58:ab:06:59:3f:2e:97:89:4e:cd:65:b9:4d:a9:86:d7:01:a3:
         2c:61:ae:8b:49:35:b6:35:9f:db:46:a6:50:09:10:e5:b0:49:
         b0:6a:25:9e:85:31:d1:b3:63:6f:1d:bf:f6:d0:a5:73:81:26:
         53:f8:37:df
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICE1UwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAwwKRjM2
ODJCNjVBRjExMC8GA1UEBRMoMDk0MEU2MzgyODMzMzZERTVDOEM1QTQwQTRDMjNC
MzRGM0Y5Q0E1MzAeFw0yMzExMjUxMTE3MTlaFw0yNTExMjUxMTE3MTlaMBgxFjAU
BgNVBAMTDTY1NjFkN2MyLWI2ZWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQD29AWmu+PNxVyO62NBo1Da9kC/HqT/nm+z5HwYG/LoOqk6z8AnvOA5sgr0
fbG76gQLCTa9JCPN2Mn78GUfWq54mlAxu2u3SfpjQY44h/mZb+FfZHaojnwEAjIM
mY7W5k1Ah8oCOLIxC8SC/iKqrYuki7AgnKjnLHdFFRDnwLfHpR5C+DZrhYzoxt7T
fTQsF0HJ5jNvBJtI9GCLR2ku+WOYfSCsWG4TZ5s6BPMLkgMfPkgkEjmI1/y5G5x9
jsU3wg1aPJtuOXmPq85JtXV0st8SGaobLcb5RAgjiQTrTypJEGIIc+xzcufS41+Y
bOaVOQLHWOHHQRWRPsFfMyZkiFSTAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQUJIyK
e8b1iKyojR+KIV3pYxvjBXkwHwYDVR0jBBgwFoAUCUDmOCgzNt5cjFpApMI7NPP5
ylMwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4QUVBMjI4L0NVRG1P
Q2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL0NVRG1PQ2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4
QUVBMjI4LzM0NTdDMEMyOEI4NDExRUVCOEI0MzQxNDRBRDlFNkZDLnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACaEAMwDQYJKoZIhvcNAQEL
BQADggEBAGjU6wDNK/CGy5uHTzXVynzu3fbGlITf+PvtwpkTB3qNaenu6i20mnko
a5PyTGhz6qmaBI48K5ZT0hj+G7euUT4MZZYweWy22LClX6jtWJFXC6XPDFe1qjox
moGwsqXg+5hg4cYK0LEvcswgTW+cGH5wE7e2g+m8oo01hSE/F38YTw7SwZD3AjQJ
eHS6JAQLNpBCDStRvuS+dPBD6VQ12PlxjySPTry5L0K5fq+vKOkAt9+ffroZqYDL
g4SF2h8IsAM7CZyHrFirBlk/LpeJTs1luU2phtcBoyxhrotJNbY1n9tGplAJEOWw
SbBqJZ6FMdGzY28dv/bQpXOBJlP4N98=
-----END CERTIFICATE-----
Generated at Thu Jul 18 01:58:02 2024 by rpki-client on console-ams.rpki-client.org