Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/4255B710DD8311EDA1FBD6FE2F6D8C1D.roa
File:                     4255B710DD8311EDA1FBD6FE2F6D8C1D.roa (raw, json)
Hash identifier:          yovy30OOqnLORKu+qiy/OjkkaH0SjRw0uequcUKy+O0=
Subject key identifier:   2E:A0:A7:87:AE:47:C8:58:57:B0:D2:30:48:AE:D9:11:85:54:79:30
Certificate issuer:       /CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
Certificate serial:       0D69
Authority key identifier: 09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/4255B710DD8311EDA1FBD6FE2F6D8C1D.roa
Signing time:             Tue 18 Apr 2023 00:52:14 +0000
ROA not before:           Tue 18 Apr 2023 00:00:09 +0000
ROA not after:            Sat 19 Apr 2025 00:00:09 +0000
asID:                     147176
IP address blocks:        154.16.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.mft
                          rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sat 30 Mar 2024 00:04:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3433 (0xd69)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
        Validity
            Not Before: Apr 18 00:00:09 2023 GMT
            Not After : Apr 19 00:00:09 2025 GMT
        Subject: CN=643de9be-2924
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:11:2d:24:95:68:ea:20:5e:1a:a5:90:a6:a9:
                    fb:5c:c7:62:3c:0a:4e:55:98:3a:cd:24:70:85:ff:
                    be:30:62:0a:35:74:b7:56:63:43:b7:9c:56:ad:87:
                    d2:22:fe:a6:cd:a9:6f:7e:28:bd:b7:a6:54:bd:1c:
                    7e:64:b1:67:52:c5:b7:33:bb:24:90:03:a0:bf:4d:
                    54:e0:78:28:27:6d:8b:92:0a:39:3a:b7:14:d3:7d:
                    07:15:ca:45:5f:ff:17:d8:1f:16:dd:7a:80:e2:37:
                    dc:60:50:34:a6:41:a1:b8:16:8a:c9:b7:84:4f:ec:
                    a6:d9:1d:06:c6:c2:02:2e:1e:7a:6d:7f:2f:d3:37:
                    d5:91:c7:0d:ac:91:86:7b:bc:4d:09:19:18:8a:12:
                    02:2d:ab:39:2f:e1:1b:93:8b:3e:f8:82:be:69:13:
                    28:1f:3a:81:4d:fe:5d:51:13:26:70:43:50:ca:1f:
                    f2:fb:df:8a:1d:e2:b1:51:82:36:86:49:8b:ed:3c:
                    11:3e:e6:a7:d3:d2:6e:6a:36:81:d2:7b:6e:a1:d6:
                    df:db:56:8a:6e:ec:ec:d9:22:2e:e8:95:12:00:c3:
                    6e:57:99:97:39:cd:a3:3b:23:90:ec:55:eb:f9:35:
                    97:8c:48:20:49:3c:c9:19:16:57:6d:9a:6c:33:38:
                    28:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:A0:A7:87:AE:47:C8:58:57:B0:D2:30:48:AE:D9:11:85:54:79:30
            X509v3 Authority Key Identifier:
                keyid:09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/4255B710DD8311EDA1FBD6FE2F6D8C1D.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.16.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:05:dd:39:fc:c4:aa:bc:28:6b:14:ff:d6:1a:64:63:a6:61:
         7d:de:35:42:bd:f5:8e:d7:f2:6c:11:f7:b7:91:c5:ee:cd:c7:
         03:9e:1d:e9:7a:d6:af:91:12:97:87:6f:fc:61:df:d5:51:58:
         3d:1a:2f:a2:60:1b:8f:9d:d1:dd:a3:f1:78:be:d6:a3:2a:a6:
         49:4e:bc:39:25:b9:a9:4c:04:89:4c:f4:8e:28:10:c2:ea:06:
         41:de:2e:f0:c6:5f:1b:26:3c:46:8a:4b:e2:0d:cd:f5:e1:97:
         d0:34:d1:53:e6:6f:d9:89:11:32:04:31:fe:a5:a7:2b:18:0b:
         13:f7:06:ee:b3:21:f8:02:43:05:3a:1e:53:d6:cc:4f:a6:a0:
         e9:68:fb:7b:a8:8f:2e:74:5e:ed:ce:9f:11:18:f2:22:62:01:
         c4:9c:82:46:c4:99:08:3d:50:78:e2:62:dc:bd:1b:0b:81:5a:
         22:d1:e0:21:b4:98:3a:3f:73:32:6a:79:1f:22:46:c2:83:24:
         eb:0f:41:b4:31:e3:cb:64:b8:5b:af:8b:8b:d3:73:7c:74:c6:
         6d:3c:18:c9:12:c2:76:8c:31:fb:68:71:be:87:2b:f2:57:79:
         bd:52:6c:f3:f9:4d:55:fd:d5:7f:6e:89:53:74:e1:fb:d4:57:
         21:a6:c0:83
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICDWkwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAwwKRjM2
ODJCNjVBRjExMC8GA1UEBRMoMDk0MEU2MzgyODMzMzZERTVDOEM1QTQwQTRDMjNC
MzRGM0Y5Q0E1MzAeFw0yMzA0MTgwMDAwMDlaFw0yNTA0MTkwMDAwMDlaMBgxFjAU
BgNVBAMMDTY0M2RlOWJlLTI5MjQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC+ES0klWjqIF4apZCmqftcx2I8Ck5VmDrNJHCF/74wYgo1dLdWY0O3nFat
h9Ii/qbNqW9+KL23plS9HH5ksWdSxbczuySQA6C/TVTgeCgnbYuSCjk6txTTfQcV
ykVf/xfYHxbdeoDiN9xgUDSmQaG4ForJt4RP7KbZHQbGwgIuHnptfy/TN9WRxw2s
kYZ7vE0JGRiKEgItqzkv4RuTiz74gr5pEygfOoFN/l1REyZwQ1DKH/L734od4rFR
gjaGSYvtPBE+5qfT0m5qNoHSe26h1t/bVopu7OzZIi7olRIAw25XmZc5zaM7I5Ds
Vev5NZeMSCBJPMkZFldtmmwzOChFAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQULqCn
h65HyFhXsNIwSK7ZEYVUeTAwHwYDVR0jBBgwFoAUCUDmOCgzNt5cjFpApMI7NPP5
ylMwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4QUVBMjI4L0NVRG1P
Q2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL0NVRG1PQ2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4
QUVBMjI4LzQyNTVCNzEwREQ4MzExRURBMUZCRDZGRTJGNkQ4QzFELnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACaEJwwDQYJKoZIhvcNAQEL
BQADggEBAFMF3Tn8xKq8KGsU/9YaZGOmYX3eNUK99Y7X8mwR97eRxe7NxwOeHel6
1q+REpeHb/xh39VRWD0aL6JgG4+d0d2j8Xi+1qMqpklOvDklualMBIlM9I4oEMLq
BkHeLvDGXxsmPEaKS+INzfXhl9A00VPmb9mJETIEMf6lpysYCxP3Bu6zIfgCQwU6
HlPWzE+moOlo+3uojy50Xu3OnxEY8iJiAcScgkbEmQg9UHjiYty9GwuBWiLR4CG0
mDo/czJqeR8iRsKDJOsPQbQx48tkuFuvi4vTc3x0xm08GMkSwnaMMftocb6HK/JX
eb1SbPP5TVX91X9uiVN04fvUVyGmwIM=
-----END CERTIFICATE-----
Generated at Thu Mar 28 02:07:05 2024 by rpki-client on console-ams.rpki-client.org