Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/BA239A028B8711EE874B1D1F4AD9E6FC.roa
File:                     BA239A028B8711EE874B1D1F4AD9E6FC.roa (raw, json)
Hash identifier:          8m2u6+dZpfue3J5AfIBCTJjY96O2GeF3rPMnH+zJ7e0=
Subject key identifier:   A5:41:F8:82:C4:78:AA:E8:5B:1F:61:74:E1:83:90:2D:9B:6B:A1:9C
Certificate issuer:       /CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
Certificate serial:       137B
Authority key identifier: 09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/BA239A028B8711EE874B1D1F4AD9E6FC.roa
Signing time:             Sat 25 Nov 2023 11:42:35 +0000
ROA not before:           Sat 25 Nov 2023 11:42:32 +0000
ROA not after:            Tue 25 Nov 2025 11:42:32 +0000
asID:                     212238
IP address blocks:        154.16.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.mft
                          rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4987 (0x137b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
        Validity
            Not Before: Nov 25 11:42:32 2023 GMT
            Not After : Nov 25 11:42:32 2025 GMT
        Subject: CN=6561ddab-c0df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:bf:12:e1:8c:87:67:31:9c:70:48:14:4b:10:
                    e7:86:6b:14:60:9e:67:d8:1c:25:12:0c:26:64:f2:
                    c0:59:4d:c0:09:5c:cc:5b:32:7e:62:3d:30:cb:af:
                    38:fa:f4:03:b4:fb:b6:97:c1:85:26:f6:12:0a:9d:
                    f7:ba:d0:fb:60:35:ff:2c:3f:cd:25:ec:0d:02:d1:
                    e8:90:f7:38:27:3a:83:d4:22:4e:97:21:2b:90:3a:
                    20:4c:4a:43:90:93:95:6b:74:d5:e3:c0:11:69:0a:
                    93:b0:f8:c8:eb:ba:ab:01:60:c0:38:a5:0b:d9:69:
                    79:18:b7:64:17:e7:bc:e7:89:6b:47:cb:a4:03:78:
                    d5:5d:07:07:c6:b8:43:f2:3e:64:ed:5a:96:8c:8c:
                    b4:0d:5c:f1:29:e4:03:69:4d:95:b6:be:5e:11:e0:
                    cc:72:52:f5:3c:d0:1d:d3:49:e5:fd:29:a3:0e:37:
                    7f:c0:25:c8:fa:af:9f:0d:db:8e:63:ec:93:e6:f0:
                    3f:10:33:27:0b:6c:13:b1:3f:d3:33:21:4d:90:5b:
                    2a:b3:12:05:c1:fc:4c:95:a5:9a:d6:f2:82:26:16:
                    46:74:08:09:0a:70:af:2e:c8:c8:d3:d4:6e:41:30:
                    45:09:57:8b:93:90:c4:f7:00:d9:7f:e6:73:eb:51:
                    3d:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:41:F8:82:C4:78:AA:E8:5B:1F:61:74:E1:83:90:2D:9B:6B:A1:9C
            X509v3 Authority Key Identifier:
                keyid:09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/BA239A028B8711EE874B1D1F4AD9E6FC.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.16.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:32:70:24:a9:82:2a:6b:8a:c4:13:c7:19:b3:a7:74:41:d8:
         a3:19:81:a7:71:24:7c:ee:16:75:7c:24:e9:93:29:f1:31:4e:
         90:40:d6:c4:68:f9:fc:2b:12:94:9a:a9:d2:c9:68:49:24:e3:
         8f:88:d0:06:06:bb:05:bb:b2:aa:1d:74:7d:a9:a3:64:e3:1c:
         d3:12:f0:38:dd:0b:a3:93:44:14:b1:0f:82:54:b2:26:65:88:
         25:62:e4:81:b5:7b:7c:08:b7:eb:ea:ea:ff:32:95:94:f9:9d:
         37:91:c7:75:be:15:6d:4e:da:15:f8:2b:89:7f:82:91:29:60:
         46:67:6a:6b:39:89:17:a0:8b:2f:9f:a1:de:f2:72:57:2c:78:
         df:11:af:64:59:0f:ce:64:63:12:50:ba:02:e9:1e:43:90:9b:
         00:b0:15:9a:41:59:e8:4a:73:d4:b3:04:dd:67:73:51:54:1e:
         23:35:25:e8:19:03:ef:3e:f1:b9:eb:59:50:aa:f3:22:4a:d4:
         1a:c7:83:4a:1f:1f:78:60:61:46:14:e8:0f:d3:4d:4f:0a:64:
         43:26:51:7a:e1:6f:e2:02:94:ed:47:6b:cb:85:0f:01:29:b1:
         15:be:88:3f:d3:53:78:9a:25:4a:ea:d7:38:18:d8:44:a7:64:
         21:a2:e6:06
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICE3swDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAwwKRjM2
ODJCNjVBRjExMC8GA1UEBRMoMDk0MEU2MzgyODMzMzZERTVDOEM1QTQwQTRDMjNC
MzRGM0Y5Q0E1MzAeFw0yMzExMjUxMTQyMzJaFw0yNTExMjUxMTQyMzJaMBgxFjAU
BgNVBAMTDTY1NjFkZGFiLWMwZGYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC1vxLhjIdnMZxwSBRLEOeGaxRgnmfYHCUSDCZk8sBZTcAJXMxbMn5iPTDL
rzj69AO0+7aXwYUm9hIKnfe60PtgNf8sP80l7A0C0eiQ9zgnOoPUIk6XISuQOiBM
SkOQk5VrdNXjwBFpCpOw+MjruqsBYMA4pQvZaXkYt2QX57zniWtHy6QDeNVdBwfG
uEPyPmTtWpaMjLQNXPEp5ANpTZW2vl4R4MxyUvU80B3TSeX9KaMON3/AJcj6r58N
245j7JPm8D8QMycLbBOxP9MzIU2QWyqzEgXB/EyVpZrW8oImFkZ0CAkKcK8uyMjT
1G5BMEUJV4uTkMT3ANl/5nPrUT1/AgMBAAGjggKlMIICoTAdBgNVHQ4EFgQUpUH4
gsR4quhbH2F04YOQLZtroZwwHwYDVR0jBBgwFoAUCUDmOCgzNt5cjFpApMI7NPP5
ylMwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4QUVBMjI4L0NVRG1P
Q2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL0NVRG1PQ2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4
QUVBMjI4L0JBMjM5QTAyOEI4NzExRUU4NzRCMUQxRjRBRDlFNkZDLnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACaEGUwDQYJKoZIhvcNAQEL
BQADggEBAIYycCSpgiprisQTxxmzp3RB2KMZgadxJHzuFnV8JOmTKfExTpBA1sRo
+fwrEpSaqdLJaEkk44+I0AYGuwW7sqoddH2po2TjHNMS8DjdC6OTRBSxD4JUsiZl
iCVi5IG1e3wIt+vq6v8ylZT5nTeRx3W+FW1O2hX4K4l/gpEpYEZnams5iRegiy+f
od7yclcseN8Rr2RZD85kYxJQugLpHkOQmwCwFZpBWehKc9SzBN1nc1FUHiM1JegZ
A+8+8bnrWVCq8yJK1BrHg0ofH3hgYUYU6A/TTU8KZEMmUXrhb+IClO1Ha8uFDwEp
sRW+iD/TU3iaJUrq1zgY2ESnZCGi5gY=
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:03:46 2024 by rpki-client on console-ams.rpki-client.org