Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/8D8B23848B8711EEAA5DA71E4AD9E6FC.roa
File:                     8D8B23848B8711EEAA5DA71E4AD9E6FC.roa (raw, json)
Hash identifier:          GhZwtF3innCIB8HItVemmuM0etP6JyJ4RYHNIenDkKA=
Subject key identifier:   25:B7:89:97:C8:9A:0A:40:35:51:91:1D:6C:FD:55:49:B3:B0:2F:33
Certificate issuer:       /CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
Certificate serial:       1379
Authority key identifier: 09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/8D8B23848B8711EEAA5DA71E4AD9E6FC.roa
Signing time:             Sat 25 Nov 2023 11:41:21 +0000
ROA not before:           Sat 25 Nov 2023 11:41:17 +0000
ROA not after:            Tue 25 Nov 2025 11:41:17 +0000
asID:                     212238
IP address blocks:        154.16.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.mft
                          rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4985 (0x1379)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
        Validity
            Not Before: Nov 25 11:41:17 2023 GMT
            Not After : Nov 25 11:41:17 2025 GMT
        Subject: CN=6561dd61-9f40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:86:21:bd:22:c7:35:65:07:ec:01:bf:b1:c9:
                    57:8a:de:d2:13:00:90:08:7d:57:80:84:95:80:d4:
                    b2:9f:10:99:ae:ca:7f:02:44:81:05:ea:d3:aa:3b:
                    59:f5:a7:48:f7:b2:d3:ad:1e:e7:11:16:fa:8e:2a:
                    84:d8:c5:2e:da:97:51:a5:f7:b6:f1:90:c7:6b:29:
                    1b:76:1f:55:70:1f:7f:a1:d3:a4:2d:48:d8:7d:d2:
                    a2:7f:b7:50:c6:d7:1d:af:35:dd:e3:02:58:59:ec:
                    16:e3:0c:d6:f0:2e:58:a8:41:d2:d1:15:37:50:ca:
                    02:4d:ec:31:5e:7e:6c:c8:a5:44:dc:c2:60:f9:62:
                    fc:fd:1e:08:6c:5f:29:77:48:f5:03:69:c9:2c:86:
                    d6:3c:ee:d4:5f:8d:cd:10:0b:9b:77:8b:66:3c:0d:
                    e7:48:9e:cc:b2:20:36:52:3f:9e:70:52:e3:d6:37:
                    ac:25:d9:9b:f7:0c:27:91:13:ef:fa:46:9f:45:a0:
                    fd:30:a0:24:9e:3e:21:c7:39:2c:79:63:94:4c:8e:
                    da:fa:24:cd:48:cf:1f:85:9e:48:b6:dc:d5:8a:d8:
                    2d:1e:16:ae:26:03:3c:f5:35:45:b8:9a:f4:b5:61:
                    17:b5:f3:b1:cd:52:0b:ff:89:2f:ac:0e:fa:2e:83:
                    45:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:B7:89:97:C8:9A:0A:40:35:51:91:1D:6C:FD:55:49:B3:B0:2F:33
            X509v3 Authority Key Identifier:
                keyid:09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/8D8B23848B8711EEAA5DA71E4AD9E6FC.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.16.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:2f:4b:55:f9:1d:ea:b7:43:f2:11:7c:e3:f9:23:34:32:3e:
         da:8c:7c:97:63:b1:54:de:0c:3b:a5:1b:1f:f2:09:89:ce:f0:
         ac:60:b1:ed:0e:fe:ba:50:43:3d:1d:0a:fd:8f:1f:99:21:ef:
         a0:0d:d6:55:b0:d3:c0:f1:b0:b6:ad:49:02:55:b8:30:9f:27:
         c2:ba:fa:e7:14:5d:64:ca:2c:2c:7b:a4:93:b1:e4:31:e6:e6:
         3f:1c:1f:9d:f0:f0:16:dc:9b:bf:bd:bc:92:ca:5e:b0:64:4b:
         66:49:e7:0c:29:46:bb:fc:c3:0f:44:c0:8d:67:33:9f:6d:53:
         2b:7b:d8:85:0a:ea:26:9b:7f:06:b3:2b:f8:49:7a:1a:82:f7:
         09:69:b3:58:c1:63:44:1a:96:ea:0c:08:54:2b:0f:2a:58:20:
         e9:06:d6:46:6b:4b:31:ab:23:95:c6:ba:90:38:c0:d7:81:59:
         08:24:d7:99:a0:e1:1d:e3:2c:43:43:66:70:db:e8:9f:57:f9:
         07:dc:68:8c:d2:6f:12:0b:c3:77:7e:94:a5:d7:8d:88:a5:09:
         1e:ac:d6:8e:6b:c4:0b:bc:38:f2:e0:a2:cd:ce:a0:48:b7:70:
         9b:81:30:f1:75:ce:b8:98:0b:6e:4f:a2:77:e5:5d:e9:3a:b9:
         c3:f9:9c:ed
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICE3kwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAwwKRjM2
ODJCNjVBRjExMC8GA1UEBRMoMDk0MEU2MzgyODMzMzZERTVDOEM1QTQwQTRDMjNC
MzRGM0Y5Q0E1MzAeFw0yMzExMjUxMTQxMTdaFw0yNTExMjUxMTQxMTdaMBgxFjAU
BgNVBAMTDTY1NjFkZDYxLTlmNDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDbhiG9Isc1ZQfsAb+xyVeK3tITAJAIfVeAhJWA1LKfEJmuyn8CRIEF6tOq
O1n1p0j3stOtHucRFvqOKoTYxS7al1Gl97bxkMdrKRt2H1VwH3+h06QtSNh90qJ/
t1DG1x2vNd3jAlhZ7BbjDNbwLlioQdLRFTdQygJN7DFefmzIpUTcwmD5Yvz9Hghs
Xyl3SPUDackshtY87tRfjc0QC5t3i2Y8DedInsyyIDZSP55wUuPWN6wl2Zv3DCeR
E+/6Rp9FoP0woCSePiHHOSx5Y5RMjtr6JM1Izx+Fnki23NWK2C0eFq4mAzz1NUW4
mvS1YRe187HNUgv/iS+sDvoug0XDAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQUJbeJ
l8iaCkA1UZEdbP1VSbOwLzMwHwYDVR0jBBgwFoAUCUDmOCgzNt5cjFpApMI7NPP5
ylMwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4QUVBMjI4L0NVRG1P
Q2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL0NVRG1PQ2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4
QUVBMjI4LzhEOEIyMzg0OEI4NzExRUVBQTVEQTcxRTRBRDlFNkZDLnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACaEGQwDQYJKoZIhvcNAQEL
BQADggEBAK0vS1X5Heq3Q/IRfOP5IzQyPtqMfJdjsVTeDDulGx/yCYnO8Kxgse0O
/rpQQz0dCv2PH5kh76AN1lWw08DxsLatSQJVuDCfJ8K6+ucUXWTKLCx7pJOx5DHm
5j8cH53w8Bbcm7+9vJLKXrBkS2ZJ5wwpRrv8ww9EwI1nM59tUyt72IUK6iabfwaz
K/hJehqC9wlps1jBY0QaluoMCFQrDypYIOkG1kZrSzGrI5XGupA4wNeBWQgk15mg
4R3jLENDZnDb6J9X+QfcaIzSbxILw3d+lKXXjYilCR6s1o5rxAu8OPLgos3OoEi3
cJuBMPF1zriYC25PonflXek6ucP5nO0=
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:03:46 2024 by rpki-client on console-ams.rpki-client.org