Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/66A998C0D9BE11ED8615BE06306D8C1D.roa
File:                     66A998C0D9BE11ED8615BE06306D8C1D.roa (raw, json)
Hash identifier:          j6POp4fV0bfSgNPUn6Xk+P8KPcKaltNtEvUTim3Yf4U=
Subject key identifier:   D4:DD:3D:07:3A:8E:DE:FF:1D:09:45:29:E3:2C:51:9D:EC:67:FD:91
Certificate issuer:       /CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
Certificate serial:       0D4F
Authority key identifier: 09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/66A998C0D9BE11ED8615BE06306D8C1D.roa
Signing time:             Thu 13 Apr 2023 05:45:31 +0000
ROA not before:           Thu 13 Apr 2023 05:45:27 +0000
ROA not after:            Wed 16 Apr 2025 05:45:27 +0000
asID:                     206505
IP address blocks:        154.16.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.mft
                          rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sat 20 Jul 2024 00:05:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3407 (0xd4f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
        Validity
            Not Before: Apr 13 05:45:27 2023 GMT
            Not After : Apr 16 05:45:27 2025 GMT
        Subject: CN=643796fb-691d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:98:88:13:2b:62:7c:16:76:90:62:09:17:78:
                    0f:02:99:4d:4b:80:60:1b:b7:b4:dd:95:6b:55:3a:
                    8d:42:1d:a4:bd:01:01:04:a4:f5:54:83:f3:43:e1:
                    cb:ed:e7:9f:b4:c7:58:28:f5:b4:bd:19:70:48:2e:
                    a8:1b:40:ab:11:a8:28:28:8c:eb:f6:66:e6:91:80:
                    1b:fb:f3:f5:49:55:e1:e0:8b:03:42:ac:33:d3:de:
                    eb:7f:eb:e2:75:4b:cf:9a:fe:27:8f:30:88:42:ad:
                    ff:e8:83:af:22:f3:a6:34:6b:5b:c4:b2:2f:a2:a3:
                    09:f8:4d:0e:dd:ee:3a:62:c7:47:3b:36:d0:80:a9:
                    58:d7:b9:b3:7e:22:24:b4:bf:81:fe:02:74:0e:aa:
                    4e:da:0f:25:ee:84:4f:0f:d5:d8:5e:2f:41:fe:46:
                    32:f9:33:4c:c5:e4:93:86:9a:42:94:fe:b2:f6:99:
                    d0:b5:32:90:24:47:89:f5:06:9f:c3:5a:ab:8e:1c:
                    41:d6:0a:f9:fe:0e:95:2b:3e:ac:d9:38:0c:f5:83:
                    68:4a:74:1f:da:9e:80:6f:9c:15:5d:66:dc:b4:2f:
                    df:d3:31:e5:f7:71:6b:8c:f2:45:fb:d0:57:7e:db:
                    bb:fc:21:92:50:45:b2:87:c1:83:08:3a:d5:cf:56:
                    88:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:DD:3D:07:3A:8E:DE:FF:1D:09:45:29:E3:2C:51:9D:EC:67:FD:91
            X509v3 Authority Key Identifier:
                keyid:09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/66A998C0D9BE11ED8615BE06306D8C1D.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.16.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:90:cd:f1:bd:83:0e:7e:6e:c8:c7:b8:6e:bd:ec:6a:20:74:
         cc:b0:73:e0:47:17:90:5d:12:b6:af:11:6a:bc:fe:44:f2:cc:
         4b:cb:06:c7:9d:04:0c:02:7e:45:dd:21:bb:3d:6a:94:95:48:
         d7:a0:b6:f4:f1:ce:9e:86:31:a3:d6:7e:33:f3:ff:66:be:58:
         8b:12:b3:5d:ce:c6:6d:51:d3:37:69:72:1f:5c:18:23:b5:cb:
         64:5a:2d:9d:76:80:b8:8e:c8:c7:67:6f:1a:dc:08:9d:86:cf:
         40:cd:9f:a7:41:10:8c:ae:83:c3:2b:45:2f:9c:db:76:1e:fd:
         05:ae:29:09:7e:ef:15:12:7e:a4:ff:52:35:47:f9:53:a8:71:
         3c:65:d3:fa:8b:0b:9a:29:55:59:6b:aa:7a:e3:a3:1b:e8:c1:
         3d:4b:e7:f1:ad:aa:87:2b:d8:b5:74:b7:12:08:0f:79:5b:4f:
         7d:f3:e0:68:74:1b:24:21:a1:e8:92:eb:a2:28:df:79:12:14:
         fc:3b:7f:9d:6d:d2:b9:18:14:54:52:18:80:3b:bc:99:99:a3:
         a5:74:29:44:58:ab:ff:c6:6d:95:68:ea:9c:c6:bd:0e:6b:5d:
         e9:2b:92:23:39:34:dd:92:85:db:f5:64:6f:ad:07:10:b6:ad:
         1c:9e:a2:26
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICDU8wDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAwwKRjM2
ODJCNjVBRjExMC8GA1UEBRMoMDk0MEU2MzgyODMzMzZERTVDOEM1QTQwQTRDMjNC
MzRGM0Y5Q0E1MzAeFw0yMzA0MTMwNTQ1MjdaFw0yNTA0MTYwNTQ1MjdaMBgxFjAU
BgNVBAMMDTY0Mzc5NmZiLTY5MWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDEmIgTK2J8FnaQYgkXeA8CmU1LgGAbt7TdlWtVOo1CHaS9AQEEpPVUg/ND
4cvt55+0x1go9bS9GXBILqgbQKsRqCgojOv2ZuaRgBv78/VJVeHgiwNCrDPT3ut/
6+J1S8+a/iePMIhCrf/og68i86Y0a1vEsi+iown4TQ7d7jpix0c7NtCAqVjXubN+
IiS0v4H+AnQOqk7aDyXuhE8P1dheL0H+RjL5M0zF5JOGmkKU/rL2mdC1MpAkR4n1
Bp/DWquOHEHWCvn+DpUrPqzZOAz1g2hKdB/anoBvnBVdZty0L9/TMeX3cWuM8kX7
0Fd+27v8IZJQRbKHwYMIOtXPVojDAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQU1N09
BzqO3v8dCUUp4yxRnexn/ZEwHwYDVR0jBBgwFoAUCUDmOCgzNt5cjFpApMI7NPP5
ylMwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4QUVBMjI4L0NVRG1P
Q2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL0NVRG1PQ2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4
QUVBMjI4LzY2QTk5OEMwRDlCRTExRUQ4NjE1QkUwNjMwNkQ4QzFELnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACaEOQwDQYJKoZIhvcNAQEL
BQADggEBANKQzfG9gw5+bsjHuG697GogdMywc+BHF5BdEravEWq8/kTyzEvLBsed
BAwCfkXdIbs9apSVSNegtvTxzp6GMaPWfjPz/2a+WIsSs13Oxm1R0zdpch9cGCO1
y2RaLZ12gLiOyMdnbxrcCJ2Gz0DNn6dBEIyug8MrRS+c23Ye/QWuKQl+7xUSfqT/
UjVH+VOocTxl0/qLC5opVVlrqnrjoxvowT1L5/Gtqocr2LV0txIID3lbT33z4Gh0
GyQhoeiS66Io33kSFPw7f51t0rkYFFRSGIA7vJmZo6V0KURYq//GbZVo6pzGvQ5r
XekrkiM5NN2Shdv1ZG+tBxC2rRyeoiY=
-----END CERTIFICATE-----
Generated at Thu Jul 18 01:58:03 2024 by rpki-client on console-ams.rpki-client.org