Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/EF73E04C227011EFB4492AFD7CDC24C2.roa
File:                     EF73E04C227011EFB4492AFD7CDC24C2.roa (raw, json)
Hash identifier:          hr+y1d4B5OjjFaWJJFDfo0Hj/yTz1Buodj0zQu1OuoQ=
Subject key identifier:   22:A0:50:73:89:BB:ED:5C:D4:E1:82:38:63:65:12:1D:F1:BA:F6:52
Certificate issuer:       /CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
Certificate serial:       16B9
Authority key identifier: 09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/EF73E04C227011EFB4492AFD7CDC24C2.roa
Signing time:             Tue 04 Jun 2024 12:49:52 +0000
ROA not before:           Tue 04 Jun 2024 12:49:47 +0000
ROA not after:            Sat 06 Jun 2026 12:49:47 +0000
asID:                     19437
IP address blocks:        154.16.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.mft
                          rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sat 20 Jul 2024 00:05:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5817 (0x16b9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3682B65AF/serialNumber=0940E638283336DE5C8C5A40A4C23B34F3F9CA53
        Validity
            Not Before: Jun  4 12:49:47 2024 GMT
            Not After : Jun  6 12:49:47 2026 GMT
        Subject: CN=665f0d70-bfc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:be:af:e9:aa:11:66:b1:d1:f7:24:19:51:f6:
                    d9:e6:55:b1:51:23:3b:77:18:d1:5e:e3:09:db:58:
                    ee:11:79:1c:a3:4b:fd:70:4c:b2:82:d3:21:06:47:
                    eb:9e:5c:e3:de:42:6c:fa:74:73:3c:e7:43:46:36:
                    e1:c8:60:ef:f4:58:d2:b5:8a:a7:7f:a8:8b:b9:12:
                    6e:7b:81:73:1e:1e:b6:cc:7e:ac:5e:07:99:6a:46:
                    c0:0f:b6:df:2b:98:e9:f5:4e:09:7b:5a:15:fb:72:
                    32:f2:d0:d2:8f:ff:9a:a3:61:a9:4d:89:f3:1f:ac:
                    a1:55:61:8a:49:26:9c:92:80:b7:23:cc:1b:4a:8b:
                    5d:e1:4a:2e:2c:93:d9:2b:be:d4:78:3c:f9:a2:31:
                    82:33:f4:e6:d6:ad:21:bd:e3:58:e6:e3:e5:67:4f:
                    19:3d:f6:d4:cb:00:6e:5b:2d:9d:66:74:b9:7f:ea:
                    fd:99:73:86:08:0f:ce:8b:c2:46:dc:e9:bf:64:fa:
                    40:3b:18:37:c0:b2:0e:bb:3a:4c:50:e5:c2:dc:f6:
                    63:5c:2e:cc:8d:0e:7a:f3:eb:82:ca:f2:26:16:ba:
                    b7:ab:7b:77:24:5e:93:f1:94:32:6c:45:a3:d6:ce:
                    14:71:1f:29:ec:f3:e3:d8:f6:8d:e1:b7:69:05:6b:
                    31:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:A0:50:73:89:BB:ED:5C:D4:E1:82:38:63:65:12:1D:F1:BA:F6:52
            X509v3 Authority Key Identifier:
                keyid:09:40:E6:38:28:33:36:DE:5C:8C:5A:40:A4:C2:3B:34:F3:F9:CA:53

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/CUDmOCgzNt5cjFpApMI7NPP5ylM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/CUDmOCgzNt5cjFpApMI7NPP5ylM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3682B65/4E851E34DB5511E885B29951F8AEA228/EF73E04C227011EFB4492AFD7CDC24C2.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.16.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:d6:8d:ba:bd:00:1a:aa:59:30:aa:e6:3e:46:e9:d1:e9:6a:
         4c:26:b6:72:90:25:31:bb:65:1f:ee:b6:97:ae:1d:cc:a7:77:
         20:ee:82:1c:a0:b5:0e:be:82:7b:ae:e1:56:7a:01:2d:dc:c9:
         c1:85:d6:76:a9:4d:90:7e:ce:b4:80:6a:e7:a8:cd:36:ca:a3:
         b4:01:9e:d6:35:cc:76:b5:4d:83:1c:04:a5:b1:a8:c7:39:5a:
         c2:21:2e:68:bc:09:9a:03:af:b6:34:3a:6d:49:7c:8f:98:a1:
         3e:3b:21:da:b2:07:bb:95:eb:21:af:3d:56:e9:69:21:cc:0e:
         40:d6:4e:12:3e:c2:82:50:40:d2:ef:67:dc:cb:e7:fe:1d:62:
         45:02:a8:8e:7d:27:70:62:32:70:8f:d5:2a:ea:0c:9f:88:8d:
         2b:26:ba:9a:27:d7:88:b0:7d:12:c2:e6:55:dc:65:55:e7:2b:
         40:e4:f6:96:22:49:df:57:e6:d0:96:5d:89:14:b9:12:21:bf:
         1d:b6:b2:50:0a:c3:e8:36:9d:59:47:18:14:49:3c:fe:6b:79:
         f5:26:5a:9b:e8:ff:82:9f:4c:35:ab:88:f5:2e:c2:95:1c:38:
         be:fc:da:d3:6f:49:c4:6a:d4:76:df:0c:0d:e5:93:ad:58:0a:
         6f:fe:64:9e
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICFrkwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
ODJCNjVBRjExMC8GA1UEBRMoMDk0MEU2MzgyODMzMzZERTVDOEM1QTQwQTRDMjNC
MzRGM0Y5Q0E1MzAeFw0yNDA2MDQxMjQ5NDdaFw0yNjA2MDYxMjQ5NDdaMBgxFjAU
BgNVBAMTDTY2NWYwZDcwLWJmYzkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDfvq/pqhFmsdH3JBlR9tnmVbFRIzt3GNFe4wnbWO4ReRyjS/1wTLKC0yEG
R+ueXOPeQmz6dHM850NGNuHIYO/0WNK1iqd/qIu5Em57gXMeHrbMfqxeB5lqRsAP
tt8rmOn1Tgl7WhX7cjLy0NKP/5qjYalNifMfrKFVYYpJJpySgLcjzBtKi13hSi4s
k9krvtR4PPmiMYIz9ObWrSG941jm4+VnTxk99tTLAG5bLZ1mdLl/6v2Zc4YID86L
wkbc6b9k+kA7GDfAsg67OkxQ5cLc9mNcLsyNDnrz64LK8iYWurere3ckXpPxlDJs
RaPWzhRxHyns8+PY9o3ht2kFazHPAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQUIqBQ
c4m77VzU4YI4Y2USHfG69lIwHwYDVR0jBBgwFoAUCUDmOCgzNt5cjFpApMI7NPP5
ylMwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4QUVBMjI4L0NVRG1P
Q2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL0NVRG1PQ2d6TnQ1Y2pGcEFwTUk3TlBQNXlsTS5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjgyQjY1LzRFODUxRTM0REI1NTExRTg4NUIyOTk1MUY4
QUVBMjI4L0VGNzNFMDRDMjI3MDExRUZCNDQ5MkFGRDdDREMyNEMyLnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACaEH0wDQYJKoZIhvcNAQEL
BQADggEBAJrWjbq9ABqqWTCq5j5G6dHpakwmtnKQJTG7ZR/utpeuHcyndyDughyg
tQ6+gnuu4VZ6AS3cycGF1napTZB+zrSAaueozTbKo7QBntY1zHa1TYMcBKWxqMc5
WsIhLmi8CZoDr7Y0Om1JfI+YoT47IdqyB7uV6yGvPVbpaSHMDkDWThI+woJQQNLv
Z9zL5/4dYkUCqI59J3BiMnCP1SrqDJ+IjSsmupon14iwfRLC5lXcZVXnK0Dk9pYi
Sd9X5tCWXYkUuRIhvx22slAKw+g2nVlHGBRJPP5refUmWpvo/4KfTDWriPUuwpUc
OL782tNvScRq1HbfDA3lk61YCm/+ZJ4=
-----END CERTIFICATE-----
Generated at Thu Jul 18 02:13:05 2024 by rpki-client on console-fra.rpki-client.org