Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/D35B499ED54B11EE8A327592775412E6.roa
File:                     D35B499ED54B11EE8A327592775412E6.roa (raw, json)
Hash identifier:          QsRVp1KsVxIXMX1+t81LH0sGhU6ylNo2byiRk55QrlA=
Subject key identifier:   7E:AD:E0:2E:9A:A0:98:45:62:A3:CA:BD:A7:AE:41:AE:01:B5:C1:43
Certificate issuer:       /CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
Certificate serial:       1506
Authority key identifier: 09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/D35B499ED54B11EE8A327592775412E6.roa
Signing time:             Tue 27 Feb 2024 08:40:14 +0000
ROA not before:           Tue 27 Feb 2024 08:40:11 +0000
ROA not after:            Fri 27 Feb 2026 08:40:11 +0000
asID:                     201341
IP address blocks:        154.16.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.mft
                          rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sat 20 Jul 2024 00:05:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5382 (0x1506)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
        Validity
            Not Before: Feb 27 08:40:11 2024 GMT
            Not After : Feb 27 08:40:11 2026 GMT
        Subject: CN=65dd9fee-27a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:bf:d3:f4:a6:bc:0c:05:8f:10:f0:cf:51:f1:
                    11:3c:e9:e8:3e:e3:6e:62:7a:a3:86:bc:ac:6f:06:
                    53:80:97:42:0b:e2:40:33:37:b4:51:55:f0:23:22:
                    4a:3f:ee:9d:ee:95:7d:75:c1:b0:d9:97:f1:b7:d1:
                    5f:d5:a0:a7:9a:23:ac:c9:fd:5f:32:f8:c9:5d:c9:
                    89:4e:6a:26:9c:b1:aa:81:43:16:c4:25:93:a9:dd:
                    38:af:0f:2b:43:3c:aa:ba:77:d3:e1:a0:f9:81:be:
                    30:55:3b:b1:84:83:1c:19:f5:91:0e:9b:06:08:20:
                    ab:c3:8f:fc:d8:4d:dc:0d:8a:39:c7:81:c4:6b:21:
                    ed:04:3c:ef:43:7a:d0:74:30:f1:20:55:f0:1a:91:
                    57:52:9e:72:86:1b:b5:b5:a4:1f:9d:fc:d0:4c:7d:
                    c5:88:71:7a:dc:bf:be:39:37:a8:4d:82:46:37:8f:
                    bf:65:8e:5a:96:dc:53:5b:c5:a0:6f:13:3b:1d:75:
                    f2:5d:76:cc:4c:7c:8e:c3:7c:78:97:6d:13:34:6f:
                    71:85:2a:d1:37:2d:13:db:5e:a4:bc:bc:78:86:ba:
                    d1:a1:0f:1a:ab:68:bc:1a:44:c3:d8:8e:91:29:fa:
                    a7:54:31:c0:77:1c:81:ae:8b:05:71:a1:68:4f:02:
                    b9:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:AD:E0:2E:9A:A0:98:45:62:A3:CA:BD:A7:AE:41:AE:01:B5:C1:43
            X509v3 Authority Key Identifier:
                keyid:09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/D35B499ED54B11EE8A327592775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.16.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:5e:ce:56:40:28:85:d2:a3:2d:f4:02:66:b1:7b:c8:0f:da:
         a8:e5:13:fe:ef:70:a6:74:35:c1:92:1f:99:c0:7b:1c:92:ec:
         11:e4:28:87:c9:ff:25:05:4c:19:2c:b9:80:dc:24:76:52:3d:
         78:2b:9b:3a:6f:5a:22:fa:01:a5:2a:dd:64:bb:f9:ba:46:60:
         50:08:5a:47:04:1d:5f:15:65:b5:2f:60:72:ad:f1:6c:a7:7e:
         07:88:8e:39:06:5e:b9:2c:95:e8:be:99:6b:fe:e3:9b:26:bc:
         78:47:1f:74:5a:a7:85:21:cc:38:ae:17:bd:9b:f2:e0:b2:61:
         c8:68:bf:c6:c1:88:cf:d7:1d:81:2b:44:14:d1:be:2e:15:ca:
         fb:3f:ae:b9:f0:3a:0e:95:86:29:27:ed:cc:48:b8:5e:38:20:
         55:da:02:3b:c0:99:e7:a3:76:5a:12:7f:ed:ef:32:8a:cc:ed:
         d0:a6:17:8a:e7:08:a4:1e:7d:33:05:82:7e:1e:39:3f:60:44:
         e4:57:78:3d:ae:33:39:7d:cf:f4:65:7b:b1:86:08:bb:ca:fe:
         c3:34:ba:a1:0c:db:97:6b:48:8f:43:d0:76:47:05:29:76:06:
         98:11:ca:f1:8e:6d:49:22:7b:af:60:a9:fb:83:a0:01:75:da:
         76:88:fc:f2
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICFQYwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
ODJCNjVBRjExMC8GA1UEBRMoMDk0MEU2MzgyODMzMzZERTVDOEM1QTQwQTRDMjNC
MzRGM0Y5Q0E1MzAeFw0yNDAyMjcwODQwMTFaFw0yNjAyMjcwODQwMTFaMBgxFjAU
BgNVBAMTDTY1ZGQ5ZmVlLTI3YTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDZv9P0prwMBY8Q8M9R8RE86eg+425ieqOGvKxvBlOAl0IL4kAzN7RRVfAj
Iko/7p3ulX11wbDZl/G30V/VoKeaI6zJ/V8y+MldyYlOaiacsaqBQxbEJZOp3Tiv
DytDPKq6d9PhoPmBvjBVO7GEgxwZ9ZEOmwYIIKvDj/zYTdwNijnHgcRrIe0EPO9D
etB0MPEgVfAakVdSnnKGG7W1pB+d/NBMfcWIcXrcv745N6hNgkY3j79ljlqW3FNb
xaBvEzsddfJddsxMfI7DfHiXbRM0b3GFKtE3LRPbXqS8vHiGutGhDxqraLwaRMPY
jpEp+qdUMcB3HIGuiwVxoWhPArlfAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQUfq3g
LpqgmEVio8q9p65BrgG1wUMwHwYDVR0jBBgwFoAUCUDmOCgzNt5cjFpApMI7NPP5
ylMwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4QUVBMjI4L0NVRG1P
Q2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL0NVRG1PQ2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4
QUVBMjI4L0QzNUI0OTlFRDU0QjExRUU4QTMyNzU5Mjc3NTQxMkU2LnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACaEGowDQYJKoZIhvcNAQEL
BQADggEBAI9ezlZAKIXSoy30Amaxe8gP2qjlE/7vcKZ0NcGSH5nAexyS7BHkKIfJ
/yUFTBksuYDcJHZSPXgrmzpvWiL6AaUq3WS7+bpGYFAIWkcEHV8VZbUvYHKt8Wyn
fgeIjjkGXrkslei+mWv+45smvHhHH3Rap4UhzDiuF72b8uCyYchov8bBiM/XHYEr
RBTRvi4Vyvs/rrnwOg6Vhikn7cxIuF44IFXaAjvAmeejdloSf+3vMorM7dCmF4rn
CKQefTMFgn4eOT9gRORXeD2uMzl9z/Rle7GGCLvK/sM0uqEM25drSI9D0HZHBSl2
BpgRyvGObUkie69gqfuDoAF12naI/PI=
-----END CERTIFICATE-----
Generated at Thu Jul 18 02:13:05 2024 by rpki-client on console-fra.rpki-client.org