Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/C7B652B2E86711EEBFD66399775412E6.roa
File:                     C7B652B2E86711EEBFD66399775412E6.roa (raw, json)
Hash identifier:          GUikajzDN0xvhdQjzOHTMTIQKdDzDhW0tMDhk2C0gJc=
Subject key identifier:   E1:52:26:2F:5B:9C:5A:DB:DA:1D:15:06:AA:1B:22:0E:B8:64:03:14
Certificate issuer:       /CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
Certificate serial:       1565
Authority key identifier: 09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/C7B652B2E86711EEBFD66399775412E6.roa
Signing time:             Fri 22 Mar 2024 16:18:13 +0000
ROA not before:           Fri 22 Mar 2024 16:18:09 +0000
ROA not after:            Sun 22 Mar 2026 16:18:09 +0000
asID:                     29802
IP address blocks:        154.127.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.mft
                          rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5477 (0x1565)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
        Validity
            Not Before: Mar 22 16:18:09 2024 GMT
            Not After : Mar 22 16:18:09 2026 GMT
        Subject: CN=65fdaf45-62fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:79:e3:84:d9:94:5a:02:95:70:00:0e:66:d5:
                    f0:d3:aa:f5:e3:3d:c1:57:1d:16:b6:aa:8c:f7:b6:
                    7d:d9:1e:93:5f:ca:2f:f6:87:14:92:13:49:07:7b:
                    43:3a:4f:3b:21:c6:dd:8b:69:01:a2:84:33:20:1a:
                    f9:f7:87:15:1d:28:3d:c9:da:6b:3d:c2:b4:27:eb:
                    c7:12:f4:06:bd:6f:d4:98:da:a8:98:11:07:35:48:
                    7c:87:00:ca:1d:c7:6c:54:0b:d4:bd:cd:f1:41:32:
                    3a:a7:43:fe:17:6d:7f:82:d4:22:3c:95:eb:ca:d1:
                    52:89:06:f7:00:40:fb:db:26:96:76:8d:3a:85:5e:
                    33:24:14:3b:92:b0:a3:fe:54:43:68:96:99:99:89:
                    ab:95:68:f0:d6:87:93:af:dc:02:ae:ac:e1:7a:de:
                    b5:5a:6b:17:2a:4c:08:f5:80:0a:88:85:dd:02:c0:
                    db:02:d3:30:97:02:57:f8:04:40:24:02:d4:55:bd:
                    dd:ed:62:89:c0:e7:ed:6c:a8:bb:93:22:13:eb:f8:
                    c3:89:37:38:c8:f4:6a:02:d4:a5:1d:5c:de:1b:6f:
                    2d:27:84:28:74:9d:b3:dc:60:36:04:ad:88:ae:69:
                    98:92:e9:80:41:bf:ed:8b:63:b3:ee:fa:de:38:5f:
                    4e:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:52:26:2F:5B:9C:5A:DB:DA:1D:15:06:AA:1B:22:0E:B8:64:03:14
            X509v3 Authority Key Identifier:
                keyid:09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/C7B652B2E86711EEBFD66399775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.127.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:40:19:b3:8f:d6:de:d8:3d:97:4b:08:fd:8d:c3:09:4b:c7:
         bc:01:f0:e3:e1:cb:93:36:f2:45:af:0a:70:53:35:98:d9:d7:
         68:63:12:9e:73:83:7d:e3:7c:ed:e8:fc:62:9f:b8:0b:1a:e6:
         55:3c:5b:ee:78:6a:1f:85:39:a2:7d:b5:c1:19:60:ce:c2:8a:
         17:fa:35:b0:2b:92:e2:7e:94:0c:8a:75:51:5a:39:6d:2f:b3:
         de:fa:a4:21:4c:a5:9a:b6:9f:5b:7f:51:3c:67:5d:fd:fd:4c:
         28:8e:cd:b3:79:e7:32:69:b0:03:25:d2:9e:ef:af:47:15:69:
         69:2d:4f:19:db:c9:b3:43:4c:42:4d:ff:31:1e:51:b3:f7:ae:
         80:44:ff:6d:25:7e:6d:38:ff:c9:75:18:e1:36:5c:d8:8b:db:
         ed:05:4a:e0:36:a8:70:d3:9b:18:e8:c5:42:c6:46:a8:a9:35:
         f2:be:4c:ee:89:c1:ce:b5:bd:43:65:de:89:3e:4a:e6:d9:2d:
         23:f7:57:a4:ba:27:cb:af:d6:da:c5:b6:3b:5e:7f:c9:5f:db:
         f2:40:bd:d6:05:87:e9:fe:08:9e:a3:b7:57:d0:da:21:da:b7:
         d4:22:d1:d4:e9:e3:91:26:c7:16:24:de:bc:5a:a9:8b:7f:4d:
         82:22:75:04
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICFWUwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
ODJCNjVBRjExMC8GA1UEBRMoMDk0MEU2MzgyODMzMzZERTVDOEM1QTQwQTRDMjNC
MzRGM0Y5Q0E1MzAeFw0yNDAzMjIxNjE4MDlaFw0yNjAzMjIxNjE4MDlaMBgxFjAU
BgNVBAMTDTY1ZmRhZjQ1LTYyZmQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCveeOE2ZRaApVwAA5m1fDTqvXjPcFXHRa2qoz3tn3ZHpNfyi/2hxSSE0kH
e0M6Tzshxt2LaQGihDMgGvn3hxUdKD3J2ms9wrQn68cS9Aa9b9SY2qiYEQc1SHyH
AModx2xUC9S9zfFBMjqnQ/4XbX+C1CI8levK0VKJBvcAQPvbJpZ2jTqFXjMkFDuS
sKP+VENolpmZiauVaPDWh5Ov3AKurOF63rVaaxcqTAj1gAqIhd0CwNsC0zCXAlf4
BEAkAtRVvd3tYonA5+1sqLuTIhPr+MOJNzjI9GoC1KUdXN4bby0nhCh0nbPcYDYE
rYiuaZiS6YBBv+2LY7Pu+t44X04HAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQU4VIm
L1ucWtvaHRUGqhsiDrhkAxQwHwYDVR0jBBgwFoAUCUDmOCgzNt5cjFpApMI7NPP5
ylMwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4QUVBMjI4L0NVRG1P
Q2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL0NVRG1PQ2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4
QUVBMjI4L0M3QjY1MkIyRTg2NzExRUVCRkQ2NjM5OTc3NTQxMkU2LnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACafzkwDQYJKoZIhvcNAQEL
BQADggEBABdAGbOP1t7YPZdLCP2NwwlLx7wB8OPhy5M28kWvCnBTNZjZ12hjEp5z
g33jfO3o/GKfuAsa5lU8W+54ah+FOaJ9tcEZYM7Cihf6NbArkuJ+lAyKdVFaOW0v
s976pCFMpZq2n1t/UTxnXf39TCiOzbN55zJpsAMl0p7vr0cVaWktTxnbybNDTEJN
/zEeUbP3roBE/20lfm04/8l1GOE2XNiL2+0FSuA2qHDTmxjoxULGRqipNfK+TO6J
wc61vUNl3ok+SubZLSP3V6S6J8uv1trFtjtef8lf2/JAvdYFh+n+CJ6jt1fQ2iHa
t9Qi0dTp45EmxxYk3rxaqYt/TYIidQQ=
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:08:56 2024 by rpki-client on console-fra.rpki-client.org