Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/3949C146259111EFAE4F13487DDC24C2.roa
File:                     3949C146259111EFAE4F13487DDC24C2.roa (raw, json)
Hash identifier:          9vrqCykidJ3Rl5Unah8UUZr85aems0g8ZzP5TpMSsIQ=
Subject key identifier:   4C:0B:23:77:57:A0:D2:2F:3A:49:38:42:20:99:D4:6E:27:FF:95:CA
Certificate issuer:       /CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
Certificate serial:       16CC
Authority key identifier: 09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/3949C146259111EFAE4F13487DDC24C2.roa
Signing time:             Sat 08 Jun 2024 12:18:33 +0000
ROA not before:           Sat 08 Jun 2024 12:18:29 +0000
ROA not after:            Sat 06 Jun 2026 12:18:29 +0000
asID:                     396356
IP address blocks:        154.16.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.mft
                          rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sat 20 Jul 2024 00:05:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5836 (0x16cc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
        Validity
            Not Before: Jun  8 12:18:29 2024 GMT
            Not After : Jun  6 12:18:29 2026 GMT
        Subject: CN=66644c19-6c7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:a3:20:ea:ca:ee:2a:11:02:c8:65:10:bb:d0:
                    de:f5:19:80:9e:94:ea:44:13:cd:5e:67:f5:3d:fd:
                    0d:06:69:98:b1:27:b7:05:42:e3:9d:12:60:79:3d:
                    fe:42:32:69:84:89:04:a5:d7:2f:ad:9a:01:19:05:
                    79:7b:9e:19:3b:24:f3:8f:24:27:d4:e7:d7:17:c2:
                    15:04:dc:b4:dc:48:31:0b:8c:07:e4:93:88:d3:58:
                    1f:f4:57:51:74:58:06:63:e9:e9:cf:26:5c:fc:fe:
                    f3:14:f2:23:d3:45:2a:be:c9:4c:54:42:53:54:1b:
                    d4:6c:11:ce:6d:c0:1c:df:bd:6a:13:f9:7c:54:90:
                    57:29:81:a1:db:6a:7c:89:9d:00:dc:c9:de:44:16:
                    29:c7:6a:75:13:a7:ba:f7:21:e3:8e:1b:01:d2:90:
                    7e:e9:f8:ef:b1:40:73:d6:54:a8:f3:fc:a2:19:28:
                    a7:2d:ad:c5:07:3a:20:fa:be:c9:09:20:e6:39:8d:
                    51:09:7f:c6:83:06:a0:e7:3c:a7:66:b7:d8:ae:87:
                    63:c8:e7:a1:b1:a3:14:9f:d4:eb:e5:db:df:c2:3c:
                    6f:03:e7:58:23:fd:1d:ec:7f:21:a3:e1:11:bc:ea:
                    f1:e0:b7:2b:5b:b9:fa:a6:40:81:01:a6:63:0f:ba:
                    f6:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:0B:23:77:57:A0:D2:2F:3A:49:38:42:20:99:D4:6E:27:FF:95:CA
            X509v3 Authority Key Identifier:
                keyid:09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/3949C146259111EFAE4F13487DDC24C2.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.16.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:ac:be:8f:f6:01:5e:cd:50:32:4f:fb:f8:85:c4:a6:ed:a5:
         82:16:47:00:7c:18:63:47:b6:c5:87:7b:88:6a:85:38:c4:b0:
         9f:77:9d:e2:5f:82:2f:cd:a8:39:02:fc:85:6a:1d:e3:e3:2f:
         f5:e5:d7:17:05:97:f0:c8:64:7a:a6:80:8a:0b:46:8d:60:cb:
         a9:71:12:1c:7b:d0:74:fc:f2:22:72:21:3a:bf:67:14:34:3e:
         31:0e:fc:9a:05:e0:6a:90:84:ae:b7:1e:ec:b7:1f:05:b7:61:
         17:2c:f9:b6:6b:5c:8d:bd:1f:dc:15:f0:ab:e7:1e:20:41:0b:
         a1:e1:04:67:15:f4:d9:ca:88:d6:45:52:80:16:a9:ce:13:73:
         a8:1c:3d:c0:89:9a:45:f2:6b:89:4b:91:32:4a:5b:d6:da:7d:
         ec:42:8e:6c:d3:6a:4c:37:a0:0d:20:1e:66:92:83:4e:e4:6c:
         cd:c8:3c:78:07:99:14:a8:b7:c9:76:d2:76:91:0e:2e:e0:28:
         ca:63:fd:9c:cf:23:bf:eb:36:88:d1:e4:2e:65:e7:ae:aa:a6:
         2d:09:42:7d:75:26:9d:65:c2:91:31:7c:49:f2:f1:8f:12:7c:
         0d:38:ca:b1:33:7f:7a:8f:97:7b:79:cf:f4:c9:10:23:e7:6f:
         9f:ac:e4:4d
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICFswwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
ODJCNjVBRjExMC8GA1UEBRMoMDk0MEU2MzgyODMzMzZERTVDOEM1QTQwQTRDMjNC
MzRGM0Y5Q0E1MzAeFw0yNDA2MDgxMjE4MjlaFw0yNjA2MDYxMjE4MjlaMBgxFjAU
BgNVBAMTDTY2NjQ0YzE5LTZjN2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDEoyDqyu4qEQLIZRC70N71GYCelOpEE81eZ/U9/Q0GaZixJ7cFQuOdEmB5
Pf5CMmmEiQSl1y+tmgEZBXl7nhk7JPOPJCfU59cXwhUE3LTcSDELjAfkk4jTWB/0
V1F0WAZj6enPJlz8/vMU8iPTRSq+yUxUQlNUG9RsEc5twBzfvWoT+XxUkFcpgaHb
anyJnQDcyd5EFinHanUTp7r3IeOOGwHSkH7p+O+xQHPWVKjz/KIZKKctrcUHOiD6
vskJIOY5jVEJf8aDBqDnPKdmt9iuh2PI56GxoxSf1Ovl29/CPG8D51gj/R3sfyGj
4RG86vHgtytbufqmQIEBpmMPuvZxAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQUTAsj
d1eg0i86SThCIJnUbif/lcowHwYDVR0jBBgwFoAUCUDmOCgzNt5cjFpApMI7NPP5
ylMwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4QUVBMjI4L0NVRG1P
Q2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL0NVRG1PQ2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4
QUVBMjI4LzM5NDlDMTQ2MjU5MTExRUZBRTRGMTM0ODdEREMyNEMyLnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACaENkwDQYJKoZIhvcNAQEL
BQADggEBACisvo/2AV7NUDJP+/iFxKbtpYIWRwB8GGNHtsWHe4hqhTjEsJ93neJf
gi/NqDkC/IVqHePjL/Xl1xcFl/DIZHqmgIoLRo1gy6lxEhx70HT88iJyITq/ZxQ0
PjEO/JoF4GqQhK63Huy3HwW3YRcs+bZrXI29H9wV8KvnHiBBC6HhBGcV9NnKiNZF
UoAWqc4Tc6gcPcCJmkXya4lLkTJKW9bafexCjmzTakw3oA0gHmaSg07kbM3IPHgH
mRSot8l20naRDi7gKMpj/ZzPI7/rNojR5C5l566qpi0JQn11Jp1lwpExfEny8Y8S
fA04yrEzf3qPl3t5z/TJECPnb5+s5E0=
-----END CERTIFICATE-----
Generated at Thu Jul 18 01:58:02 2024 by rpki-client on console-ams.rpki-client.org