Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/704DF7E827DF11EF955DD8EE7CDC24C2.roa
File:                     704DF7E827DF11EF955DD8EE7CDC24C2.roa (raw, json)
Hash identifier:          WIjcau/PsWxkTHt5xl0QPD90q4gd8a68bD6ggx0vi3w=
Subject key identifier:   F0:A4:6F:BA:FE:D2:42:D7:BB:05:0F:6B:05:FE:11:FF:39:E7:B8:48
Certificate issuer:       /CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
Certificate serial:       16D9
Authority key identifier: 09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/704DF7E827DF11EF955DD8EE7CDC24C2.roa
Signing time:             Tue 11 Jun 2024 10:43:29 +0000
ROA not before:           Tue 11 Jun 2024 10:43:25 +0000
ROA not after:            Thu 11 Jun 2026 10:43:25 +0000
asID:                     13213
IP address blocks:        154.16.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.mft
                          rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Wed 11 Dec 2024 00:05:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5849 (0x16d9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
        Validity
            Not Before: Jun 11 10:43:25 2024 GMT
            Not After : Jun 11 10:43:25 2026 GMT
        Subject: CN=66682a51-dcfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:63:1b:11:5e:cc:d6:84:fa:ad:9c:84:f6:52:
                    d4:3d:4d:53:c5:b6:ca:cc:a4:59:cc:01:26:a5:bd:
                    f9:d7:e8:85:2f:6e:04:55:71:b1:d7:6e:36:67:6d:
                    27:0d:14:fb:27:ca:95:0f:d7:b6:93:43:a9:20:62:
                    5c:2f:0f:e2:d4:98:f5:87:24:3b:9d:43:4a:af:a5:
                    6a:bd:5f:a5:42:7f:65:20:64:99:ad:3e:d8:c5:b3:
                    9b:23:3f:2f:0c:8f:d3:2a:04:fe:ff:ca:7a:f4:80:
                    1a:2e:55:11:23:de:f9:3a:55:8b:7b:28:33:2a:b8:
                    0c:07:39:29:a1:9a:14:e0:2d:11:a2:76:fb:ac:9c:
                    7e:33:04:4b:1c:5f:57:b4:b2:a8:ce:b8:5c:25:10:
                    eb:6b:e7:67:8c:5a:f6:fb:5d:dc:e7:e4:0b:4a:a3:
                    9b:97:a6:ff:72:27:ef:85:e0:f1:dc:03:3c:9a:73:
                    2f:30:0f:f9:4d:19:5a:50:d0:d4:7a:bc:dd:0f:7c:
                    e1:10:a0:24:b8:16:9d:94:a1:4a:e3:50:94:28:f1:
                    14:57:27:d9:14:b7:42:10:7a:02:a7:af:15:34:5d:
                    18:73:ad:b9:c9:82:0c:60:5b:55:a5:e7:40:c9:e2:
                    bf:79:46:ee:78:38:ee:09:7f:bb:08:1e:32:08:01:
                    6a:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:A4:6F:BA:FE:D2:42:D7:BB:05:0F:6B:05:FE:11:FF:39:E7:B8:48
            X509v3 Authority Key Identifier:
                keyid:09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/704DF7E827DF11EF955DD8EE7CDC24C2.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.16.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:e0:39:ab:64:a7:24:fb:46:82:8b:c4:68:f2:11:56:7e:f2:
         06:07:36:cd:d6:df:71:e2:85:30:cd:b5:1a:8a:3c:8b:fb:b8:
         26:ef:e9:5a:f8:54:81:5b:d7:aa:df:5b:01:84:bd:5b:9a:81:
         4d:66:c2:35:cc:1f:f1:a7:1b:54:09:03:ce:03:58:5e:11:33:
         92:f0:a8:e4:44:f8:61:64:ec:86:c5:7b:d5:4d:0d:b7:c4:3c:
         42:bd:b0:0f:61:3d:65:7d:f0:b3:dc:8d:01:2f:d6:20:12:74:
         ac:92:fd:db:f1:a2:3d:67:6e:bd:74:13:4a:3f:60:e7:a5:19:
         64:54:03:bc:96:55:4b:0c:47:cf:f3:25:75:42:ec:db:98:82:
         cf:0b:c5:5c:70:7c:3e:b5:c9:e5:53:dc:4b:33:24:87:7b:eb:
         11:d1:f3:f2:25:54:76:87:e2:d2:86:32:87:1c:2b:b6:67:92:
         41:4c:10:20:17:de:27:4f:65:fb:8b:12:50:ff:92:42:73:bd:
         7f:da:24:7e:9c:57:83:e3:aa:c5:4a:e9:24:1c:e5:0a:fa:5f:
         1f:4d:f2:50:54:b9:42:df:aa:ef:4b:5a:d5:36:b0:fe:9e:da:
         b4:40:a0:72:01:41:9d:14:ee:a3:d0:2f:9e:76:21:55:8a:4f:
         1e:1a:1b:86
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICFtkwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
ODJCNjVBRjExMC8GA1UEBRMoMDk0MEU2MzgyODMzMzZERTVDOEM1QTQwQTRDMjNC
MzRGM0Y5Q0E1MzAeFw0yNDA2MTExMDQzMjVaFw0yNjA2MTExMDQzMjVaMBgxFjAU
BgNVBAMTDTY2NjgyYTUxLWRjZmMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQD5YxsRXszWhPqtnIT2UtQ9TVPFtsrMpFnMASalvfnX6IUvbgRVcbHXbjZn
bScNFPsnypUP17aTQ6kgYlwvD+LUmPWHJDudQ0qvpWq9X6VCf2UgZJmtPtjFs5sj
Py8Mj9MqBP7/ynr0gBouVREj3vk6VYt7KDMquAwHOSmhmhTgLRGidvusnH4zBEsc
X1e0sqjOuFwlEOtr52eMWvb7Xdzn5AtKo5uXpv9yJ++F4PHcAzyacy8wD/lNGVpQ
0NR6vN0PfOEQoCS4Fp2UoUrjUJQo8RRXJ9kUt0IQegKnrxU0XRhzrbnJggxgW1Wl
50DJ4r95Ru54OO4Jf7sIHjIIAWrXAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQU8KRv
uv7SQte7BQ9rBf4R/znnuEgwHwYDVR0jBBgwFoAUCUDmOCgzNt5cjFpApMI7NPP5
ylMwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4QUVBMjI4L0NVRG1P
Q2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL0NVRG1PQ2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4
QUVBMjI4LzcwNERGN0U4MjdERjExRUY5NTVERDhFRTdDREMyNEMyLnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACaEPYwDQYJKoZIhvcNAQEL
BQADggEBAK7gOatkpyT7RoKLxGjyEVZ+8gYHNs3W33HihTDNtRqKPIv7uCbv6Vr4
VIFb16rfWwGEvVuagU1mwjXMH/GnG1QJA84DWF4RM5LwqORE+GFk7IbFe9VNDbfE
PEK9sA9hPWV98LPcjQEv1iASdKyS/dvxoj1nbr10E0o/YOelGWRUA7yWVUsMR8/z
JXVC7NuYgs8LxVxwfD61yeVT3EszJId76xHR8/IlVHaH4tKGMoccK7ZnkkFMECAX
3idPZfuLElD/kkJzvX/aJH6cV4PjqsVK6SQc5Qr6Xx9N8lBUuULfqu9LWtU2sP6e
2rRAoHIBQZ0U7qPQL552IVWKTx4aG4Y=
-----END CERTIFICATE-----
Generated at Mon Dec 9 04:11:14 2024 by rpki-client on console-ams.rpki-client.org