Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/3CF6FCDEE86811EE85D0D39A775412E6.roa
File:                     3CF6FCDEE86811EE85D0D39A775412E6.roa (raw, json)
Hash identifier:          TbOadzS49f82Z9CxB66cbcLiIe7xaKyQzykZhym485c=
Subject key identifier:   C0:D8:85:09:63:A5:49:5F:74:77:8C:BD:57:EC:B7:E1:67:01:89:01
Certificate issuer:       /CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
Certificate serial:       1569
Authority key identifier: 09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/3CF6FCDEE86811EE85D0D39A775412E6.roa
Signing time:             Fri 22 Mar 2024 16:21:29 +0000
ROA not before:           Fri 22 Mar 2024 16:21:26 +0000
ROA not after:            Sun 22 Mar 2026 16:21:26 +0000
asID:                     29802
IP address blocks:        154.16.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.mft
                          rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Tue 16 Jul 2024 00:07:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5481 (0x1569)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
        Validity
            Not Before: Mar 22 16:21:26 2024 GMT
            Not After : Mar 22 16:21:26 2026 GMT
        Subject: CN=65fdb009-e041
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:40:55:5e:50:1b:09:05:6e:36:31:9e:ea:cc:
                    9c:7b:b5:ab:40:69:2d:c1:5c:23:f0:e4:59:22:6f:
                    63:25:91:06:36:d8:8e:67:53:b1:81:d1:75:2b:fd:
                    95:12:e1:90:0e:8a:5c:89:ef:37:74:fe:a5:62:fc:
                    51:ef:86:a1:56:41:1a:60:0a:06:bd:a0:07:f8:45:
                    85:52:eb:f3:ed:11:06:2e:49:b3:81:98:80:dc:fc:
                    36:b9:5e:38:34:3a:1b:9b:a3:fc:f4:07:74:cf:a2:
                    8f:02:d0:fc:3c:68:4d:a6:92:99:7a:bd:a4:fd:25:
                    3f:02:4c:98:9e:59:21:20:38:3f:e6:af:9a:36:7a:
                    dd:0b:d2:ab:53:59:91:ed:ca:04:9f:25:2c:c5:a2:
                    18:19:63:0c:78:60:1c:39:cb:26:4c:60:d4:db:08:
                    12:88:17:4d:2e:3a:fc:87:d1:ed:0c:73:9a:a0:b4:
                    0f:34:50:44:32:a1:d1:4a:99:34:4f:d4:56:e4:a5:
                    85:73:28:1e:13:c0:92:b6:76:87:a4:29:8d:c9:eb:
                    dc:8a:d1:6f:42:29:6a:35:b3:d7:c5:bd:c7:e9:3b:
                    0a:56:23:d0:a5:05:37:60:e0:d0:61:43:d3:c1:37:
                    92:90:36:26:88:9b:67:86:ee:12:35:47:ec:f7:eb:
                    bd:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:D8:85:09:63:A5:49:5F:74:77:8C:BD:57:EC:B7:E1:67:01:89:01
            X509v3 Authority Key Identifier:
                keyid:09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/3CF6FCDEE86811EE85D0D39A775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.16.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:73:5a:c7:22:ef:f0:3f:a2:b9:81:c2:33:25:da:1f:71:cd:
         26:9b:d9:5b:de:65:03:17:bf:71:01:5c:2b:f5:dc:d5:d3:a7:
         f7:a5:94:fa:8e:96:86:cc:db:66:0b:03:57:98:d1:ba:0e:12:
         24:82:b9:c2:03:7e:31:89:6d:8a:79:48:91:51:a2:c6:a4:de:
         04:44:73:b3:66:20:c1:0c:25:76:1b:29:b3:fd:40:45:65:d8:
         69:84:b0:18:76:85:02:17:4f:06:77:1a:7d:e0:24:35:fa:b0:
         56:e7:38:44:c9:6c:c9:6e:e2:5c:f6:53:51:f6:1d:bd:7f:dc:
         8a:a2:1e:16:8a:68:2f:7c:2e:c5:05:f2:3f:ec:c1:ab:20:e8:
         a1:84:b8:c3:81:2e:c2:fd:17:b8:97:e2:4f:99:a4:c5:62:06:
         31:4a:2a:ac:81:c5:29:30:a6:d1:24:f4:93:dd:b3:d5:01:58:
         08:10:cd:9d:11:9d:cc:21:12:08:8f:c8:4f:2f:0a:cd:78:23:
         4c:ec:00:81:1e:d6:7b:46:53:da:c6:86:03:79:f4:05:7b:30:
         5a:23:c8:ed:31:ad:ba:1d:b3:60:ea:f1:05:6f:e8:34:cf:65:
         e7:fd:7c:32:b9:72:aa:bf:70:d3:b8:8e:97:77:20:c7:e1:3b:
         7a:22:0d:70
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICFWkwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
ODJCNjVBRjExMC8GA1UEBRMoMDk0MEU2MzgyODMzMzZERTVDOEM1QTQwQTRDMjNC
MzRGM0Y5Q0E1MzAeFw0yNDAzMjIxNjIxMjZaFw0yNjAzMjIxNjIxMjZaMBgxFjAU
BgNVBAMTDTY1ZmRiMDA5LWUwNDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDrQFVeUBsJBW42MZ7qzJx7tatAaS3BXCPw5Fkib2MlkQY22I5nU7GB0XUr
/ZUS4ZAOilyJ7zd0/qVi/FHvhqFWQRpgCga9oAf4RYVS6/PtEQYuSbOBmIDc/Da5
Xjg0Ohubo/z0B3TPoo8C0Pw8aE2mkpl6vaT9JT8CTJieWSEgOD/mr5o2et0L0qtT
WZHtygSfJSzFohgZYwx4YBw5yyZMYNTbCBKIF00uOvyH0e0Mc5qgtA80UEQyodFK
mTRP1FbkpYVzKB4TwJK2doekKY3J69yK0W9CKWo1s9fFvcfpOwpWI9ClBTdg4NBh
Q9PBN5KQNiaIm2eG7hI1R+z3672NAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQUwNiF
CWOlSV90d4y9V+y34WcBiQEwHwYDVR0jBBgwFoAUCUDmOCgzNt5cjFpApMI7NPP5
ylMwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4QUVBMjI4L0NVRG1P
Q2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL0NVRG1PQ2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4
QUVBMjI4LzNDRjZGQ0RFRTg2ODExRUU4NUQwRDM5QTc3NTQxMkU2LnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACaED8wDQYJKoZIhvcNAQEL
BQADggEBAAhzWsci7/A/ormBwjMl2h9xzSab2VveZQMXv3EBXCv13NXTp/ellPqO
lobM22YLA1eY0boOEiSCucIDfjGJbYp5SJFRosak3gREc7NmIMEMJXYbKbP9QEVl
2GmEsBh2hQIXTwZ3Gn3gJDX6sFbnOETJbMlu4lz2U1H2Hb1/3IqiHhaKaC98LsUF
8j/swasg6KGEuMOBLsL9F7iX4k+ZpMViBjFKKqyBxSkwptEk9JPds9UBWAgQzZ0R
ncwhEgiPyE8vCs14I0zsAIEe1ntGU9rGhgN59AV7MFojyO0xrbods2Dq8QVv6DTP
Zef9fDK5cqq/cNO4jpd3IMfhO3oiDXA=
-----END CERTIFICATE-----
Generated at Sun Jul 14 02:50:28 2024 by rpki-client on console-ams.rpki-client.org