Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36886B3/5A411F9EB8EF11EDA5B09DDAF1222468/725FFABAB90711EDB1D81DA4F1222468.roa
File:                     725FFABAB90711EDB1D81DA4F1222468.roa (raw, json)
Hash identifier:          hA3fXTJjixJwU74ELVWAzBoVh5Eq9yEcbw2wYbLFpug=
Subject key identifier:   8D:E0:31:1C:DB:BC:B8:95:13:83:A2:02:16:32:4E:D7:04:C4:6D:ED
Certificate issuer:       /CN=F36886B3AR/serialNumber=D9C0B233ACB063543574D3F5F327BEB8B2B99118
Certificate serial:       0F
Authority key identifier: D9:C0:B2:33:AC:B0:63:54:35:74:D3:F5:F3:27:BE:B8:B2:B9:91:18
Authority info access:    rsync://rpki.afrinic.net/repository/arin/2cCyM6ywY1Q1dNP18ye-uLK5kRg.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36886B3/5A411F9EB8EF11EDA5B09DDAF1222468/725FFABAB90711EDB1D81DA4F1222468.roa
Signing time:             Thu 02 Mar 2023 14:35:15 +0000
ROA not before:           Thu 02 Mar 2023 14:35:12 +0000
ROA not after:            Mon 02 Mar 2026 14:35:12 +0000
asID:                     33763
IP address blocks:        160.242.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36886B3/5A411F9EB8EF11EDA5B09DDAF1222468/2cCyM6ywY1Q1dNP18ye-uLK5kRg.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36886B3/5A411F9EB8EF11EDA5B09DDAF1222468/2cCyM6ywY1Q1dNP18ye-uLK5kRg.mft
                          rsync://rpki.afrinic.net/repository/arin/2cCyM6ywY1Q1dNP18ye-uLK5kRg.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:21:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 15 (0xf)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36886B3AR/serialNumber=D9C0B233ACB063543574D3F5F327BEB8B2B99118
        Validity
            Not Before: Mar  2 14:35:12 2023 GMT
            Not After : Mar  2 14:35:12 2026 GMT
        Subject: CN=6400b423-3e67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:50:c5:8e:6b:6c:0c:cf:72:9c:5d:5c:4f:cc:
                    18:34:cb:ff:80:ca:f1:74:a9:94:91:c8:ae:61:6a:
                    ac:fd:45:3c:c9:24:b4:09:72:9b:c5:15:9e:56:df:
                    0b:d4:71:40:57:e2:27:a6:ee:f9:19:e4:1c:50:32:
                    d5:90:0c:d2:c8:30:3e:09:dd:f4:eb:35:69:23:b2:
                    a1:71:8e:93:4a:f0:ae:f4:d7:28:cb:55:95:5c:64:
                    59:b4:c8:ad:c4:04:33:32:3a:7e:ff:42:bb:aa:cb:
                    04:93:31:79:bc:7b:10:2a:8b:ac:da:27:29:a8:be:
                    86:c8:24:5c:1a:0e:bb:d5:e3:b3:17:62:96:2b:61:
                    ae:ba:a8:fd:5e:fc:70:f6:b2:64:13:1a:25:45:73:
                    05:14:29:81:25:96:93:13:a4:84:eb:de:6a:30:42:
                    d8:ac:18:8c:63:90:9b:45:7f:7a:36:b2:0b:ba:a0:
                    2c:2b:a7:8d:27:78:79:9b:6d:02:0d:1f:f4:70:61:
                    68:e9:d1:02:55:14:37:29:ab:69:be:b5:39:47:82:
                    b6:dd:74:30:40:6e:e4:59:f1:66:cc:3f:1f:56:fa:
                    c9:6f:5f:c3:b4:00:1f:a3:a7:9f:4a:aa:76:9c:df:
                    3f:da:a5:1a:8f:76:e3:db:54:2f:78:c2:bd:70:45:
                    81:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:E0:31:1C:DB:BC:B8:95:13:83:A2:02:16:32:4E:D7:04:C4:6D:ED
            X509v3 Authority Key Identifier:
                keyid:D9:C0:B2:33:AC:B0:63:54:35:74:D3:F5:F3:27:BE:B8:B2:B9:91:18

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36886B3/5A411F9EB8EF11EDA5B09DDAF1222468/2cCyM6ywY1Q1dNP18ye-uLK5kRg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/2cCyM6ywY1Q1dNP18ye-uLK5kRg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36886B3/5A411F9EB8EF11EDA5B09DDAF1222468/725FFABAB90711EDB1D81DA4F1222468.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.242.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:0f:2a:4d:18:6a:4f:17:e9:13:5a:8f:5f:9f:fd:f3:92:c2:
         cb:ef:c8:18:f0:0e:8c:f7:d4:43:6e:b6:99:12:22:38:4a:88:
         88:55:d3:72:a1:e9:0a:76:c3:dc:12:19:2a:cd:1c:d1:28:ba:
         39:ea:58:78:f4:2f:48:b4:0f:53:1d:e1:b5:09:59:2b:16:47:
         34:c1:a5:15:18:32:47:65:eb:fc:34:37:4b:01:10:a7:80:3f:
         1e:a7:88:62:9e:11:fd:a5:84:ee:d0:84:27:9a:f8:d4:a7:55:
         29:1b:be:a9:d5:20:62:9b:42:b6:aa:44:5b:a6:89:ea:9f:94:
         bb:d4:d1:15:93:c8:86:c6:40:c9:0f:c8:f4:ec:e8:3e:ec:98:
         5d:7e:07:63:8a:b1:b8:14:2e:e2:b0:bb:6b:f6:c7:cb:86:9c:
         b6:63:79:f3:81:54:c0:7f:d2:63:1b:92:5f:8f:62:25:73:50:
         b3:13:53:d1:54:b8:f8:b1:4e:07:20:46:03:ad:b1:fc:c6:24:
         34:34:e9:6f:de:77:47:93:b0:f5:d5:4e:80:34:cd:3c:ec:9e:
         b7:f0:6a:ba:f9:b2:a4:34:3d:05:bf:be:59:12:7a:83:20:22:
         90:b8:ba:38:ca:07:3e:ba:15:7f:dc:18:38:57:c9:96:e2:49:
         78:2a:cd:76
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgIBDzANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDDApGMzY4
ODZCM0FSMTEwLwYDVQQFEyhEOUMwQjIzM0FDQjA2MzU0MzU3NEQzRjVGMzI3QkVC
OEIyQjk5MTE4MB4XDTIzMDMwMjE0MzUxMloXDTI2MDMwMjE0MzUxMlowGDEWMBQG
A1UEAwwNNjQwMGI0MjMtM2U2NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANJQxY5rbAzPcpxdXE/MGDTL/4DK8XSplJHIrmFqrP1FPMkktAlym8UVnlbf
C9RxQFfiJ6bu+RnkHFAy1ZAM0sgwPgnd9Os1aSOyoXGOk0rwrvTXKMtVlVxkWbTI
rcQEMzI6fv9Cu6rLBJMxebx7ECqLrNonKai+hsgkXBoOu9Xjsxdilithrrqo/V78
cPayZBMaJUVzBRQpgSWWkxOkhOveajBC2KwYjGOQm0V/ejayC7qgLCunjSd4eZtt
Ag0f9HBhaOnRAlUUNymrab61OUeCtt10MEBu5FnxZsw/H1b6yW9fw7QAH6Onn0qq
dpzfP9qlGo9249tUL3jCvXBFgVUCAwEAAaOCAqIwggKeMB0GA1UdDgQWBBSN4DEc
27y4lRODogIWMk7XBMRt7TAfBgNVHSMEGDAWgBTZwLIzrLBjVDV00/XzJ764srmR
GDAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2ODg2QjMvNUE0MTFGOUVCOEVGMTFFREE1QjA5RERBRjEyMjI0NjgvMmNDeU02
eXdZMVExZE5QMTh5ZS11TEs1a1JnLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2FyaW4v
MmNDeU02eXdZMVExZE5QMTh5ZS11TEs1a1JnLmNlcjBPBgNVHSABAf8ERTBDMEEG
CCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmljLm5l
dC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUFBzAL
hoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3Jl
cG9zaXRvcnkvRjM2ODg2QjMvNUE0MTFGOUVCOEVGMTFFREE1QjA5RERBRjEyMjI0
NjgvNzI1RkZBQkFCOTA3MTFFREIxRDgxREE0RjEyMjI0Njgucm9hMDUGCCsGAQUF
BzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAKDyHTANBgkqhkiG9w0BAQsFAAOC
AQEATw8qTRhqTxfpE1qPX5/985LCy+/IGPAOjPfUQ262mRIiOEqIiFXTcqHpCnbD
3BIZKs0c0Si6OepYePQvSLQPUx3htQlZKxZHNMGlFRgyR2Xr/DQ3SwEQp4A/HqeI
Yp4R/aWE7tCEJ5r41KdVKRu+qdUgYptCtqpEW6aJ6p+Uu9TRFZPIhsZAyQ/I9Ozo
PuyYXX4HY4qxuBQu4rC7a/bHy4actmN584FUwH/SYxuSX49iJXNQsxNT0VS4+LFO
ByBGA62x/MYkNDTpb953R5Ow9dVOgDTNPOyet/BquvmypDQ9Bb++WRJ6gyAikLi6
OMoHProVf9wYOFfJluJJeCrNdg==
-----END CERTIFICATE-----
Generated at Fri Nov 22 03:52:56 2024 by rpki-client on console-fra.rpki-client.org