Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/5B2FF60E8E8311EEA59D97DD7D84E21B.roa
File:                     5B2FF60E8E8311EEA59D97DD7D84E21B.roa (raw, json)
Hash identifier:          fPEAEtCrvHoxpOaq+Sd31NZJSvqjh8rNkCy46Q5dSkQ=
Subject key identifier:   DE:F2:42:90:72:90:21:67:D4:05:BD:31:52:D5:7C:0D:C7:9F:90:95
Certificate issuer:       /CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
Certificate serial:       13A5
Authority key identifier: 09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/5B2FF60E8E8311EEA59D97DD7D84E21B.roa
Signing time:             Wed 29 Nov 2023 06:48:52 +0000
ROA not before:           Wed 29 Nov 2023 06:48:48 +0000
ROA not after:            Sat 29 Nov 2025 06:48:48 +0000
asID:                     3356
IP address blocks:        154.16.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.mft
                          rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5029 (0x13a5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
        Validity
            Not Before: Nov 29 06:48:48 2023 GMT
            Not After : Nov 29 06:48:48 2025 GMT
        Subject: CN=6566ded4-d27e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:bc:3b:60:08:db:f0:d6:ca:1f:c2:82:a2:0f:
                    6f:5e:ce:6e:3c:65:c2:92:41:da:43:84:57:94:07:
                    41:88:77:de:21:a2:1a:c7:04:50:74:c1:8f:4c:f0:
                    99:67:6c:3c:87:0b:fb:7d:4c:7a:fe:bd:c7:ca:44:
                    67:36:b0:c6:60:02:50:8f:8d:99:22:b4:14:b4:dc:
                    ef:67:0e:48:f6:5e:37:e5:cc:14:2f:a5:71:c0:a5:
                    b2:74:2b:15:ac:2b:11:76:13:44:b2:4a:b7:ec:1f:
                    a9:23:cb:4e:11:7a:90:7a:31:09:99:16:68:27:f9:
                    15:4c:83:3f:09:f9:a6:ae:f8:01:a9:d6:d0:8f:24:
                    f4:f8:73:b8:e0:93:b8:a6:82:59:f6:6d:38:54:a8:
                    13:df:aa:90:44:38:0b:dc:86:d6:f8:fb:07:ce:2c:
                    76:00:70:ed:d0:5e:08:29:fb:3f:f6:13:0f:8d:89:
                    34:f0:86:61:4b:e3:1b:51:7c:25:ef:e7:3f:2c:e1:
                    d4:20:a4:be:89:39:b7:73:cf:10:1f:d0:d5:c5:58:
                    05:c2:b7:8c:65:ce:90:fe:cb:fb:14:18:34:ce:31:
                    ee:ff:43:0c:99:75:72:ff:cd:33:94:a4:d6:74:b8:
                    aa:68:6d:5e:27:b2:c0:41:98:7e:a4:b0:3d:83:a0:
                    c9:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:F2:42:90:72:90:21:67:D4:05:BD:31:52:D5:7C:0D:C7:9F:90:95
            X509v3 Authority Key Identifier:
                keyid:09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/5B2FF60E8E8311EEA59D97DD7D84E21B.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.16.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:64:66:40:f0:e5:7f:aa:24:d5:f4:9e:b5:7b:2c:11:b5:8a:
         87:5f:47:c9:df:bd:bb:c1:9d:61:5c:6f:1b:ca:53:d9:22:1a:
         c0:91:88:4f:a6:12:99:8c:f8:46:b5:ec:6e:af:0e:05:75:6b:
         1f:33:ed:df:d1:0c:65:4c:c2:0c:cd:63:9c:1a:cf:6b:d7:25:
         c2:ae:66:17:85:66:e6:b5:63:b3:93:b5:dc:fa:69:17:03:45:
         79:aa:5c:55:c5:1f:a5:51:c2:7f:37:37:43:b0:5d:bb:d3:e6:
         80:b7:30:0b:2a:76:47:f6:e9:47:60:bf:57:c9:26:b6:e2:86:
         bd:5a:27:ad:7c:37:06:77:93:49:40:eb:f2:a3:14:d0:e3:ea:
         8d:e4:f1:a4:a4:5a:cb:fe:54:0c:e8:1a:0f:7b:2b:42:3b:90:
         c4:f7:61:3f:2c:2b:28:e0:46:e0:06:0a:6c:39:93:98:60:65:
         1d:7b:87:6c:1c:d8:1e:84:81:f3:23:10:46:6b:45:d0:8a:9c:
         cf:70:63:67:5b:b0:80:57:33:6a:f4:61:cf:7a:5a:65:7e:fc:
         73:06:ef:88:4c:06:b4:07:57:86:40:35:3c:9c:a3:d9:f2:d1:
         a6:67:88:97:35:20:e9:9e:55:40:a0:5d:fc:03:2d:d7:a2:99:
         5b:cc:17:88
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICE6UwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAwwKRjM2
ODJCNjVBRjExMC8GA1UEBRMoMDk0MEU2MzgyODMzMzZERTVDOEM1QTQwQTRDMjNC
MzRGM0Y5Q0E1MzAeFw0yMzExMjkwNjQ4NDhaFw0yNTExMjkwNjQ4NDhaMBgxFjAU
BgNVBAMTDTY1NjZkZWQ0LWQyN2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDevDtgCNvw1sofwoKiD29ezm48ZcKSQdpDhFeUB0GId94hohrHBFB0wY9M
8JlnbDyHC/t9THr+vcfKRGc2sMZgAlCPjZkitBS03O9nDkj2XjflzBQvpXHApbJ0
KxWsKxF2E0SySrfsH6kjy04RepB6MQmZFmgn+RVMgz8J+aau+AGp1tCPJPT4c7jg
k7imgln2bThUqBPfqpBEOAvchtb4+wfOLHYAcO3QXggp+z/2Ew+NiTTwhmFL4xtR
fCXv5z8s4dQgpL6JObdzzxAf0NXFWAXCt4xlzpD+y/sUGDTOMe7/QwyZdXL/zTOU
pNZ0uKpobV4nssBBmH6ksD2DoMnnAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQU3vJC
kHKQIWfUBb0xUtV8DcefkJUwHwYDVR0jBBgwFoAUCUDmOCgzNt5cjFpApMI7NPP5
ylMwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4QUVBMjI4L0NVRG1P
Q2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL0NVRG1PQ2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4
QUVBMjI4LzVCMkZGNjBFOEU4MzExRUVBNTlEOTdERDdEODRFMjFCLnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACaEMswDQYJKoZIhvcNAQEL
BQADggEBAKNkZkDw5X+qJNX0nrV7LBG1iodfR8nfvbvBnWFcbxvKU9kiGsCRiE+m
EpmM+Ea17G6vDgV1ax8z7d/RDGVMwgzNY5waz2vXJcKuZheFZua1Y7OTtdz6aRcD
RXmqXFXFH6VRwn83N0OwXbvT5oC3MAsqdkf26Udgv1fJJrbihr1aJ618NwZ3k0lA
6/KjFNDj6o3k8aSkWsv+VAzoGg97K0I7kMT3YT8sKyjgRuAGCmw5k5hgZR17h2wc
2B6EgfMjEEZrRdCKnM9wY2dbsIBXM2r0Yc96WmV+/HMG74hMBrQHV4ZANTyco9ny
0aZniJc1IOmeVUCgXfwDLdeimVvMF4g=
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:08:55 2024 by rpki-client on console-fra.rpki-client.org