Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/7B245862DF7611EEB21C195B775412E6.roa
File:                     7B245862DF7611EEB21C195B775412E6.roa (raw, json)
Hash identifier:          MBxJ3J/16JoUupdFTmtoSPT215pIuJntMPGFs8o2pXs=
Subject key identifier:   5B:E6:1E:3C:34:70:90:68:B3:A1:F6:DB:C9:7C:C3:EC:12:DE:6E:B6
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       A07A
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/7B245862DF7611EEB21C195B775412E6.roa
Signing time:             Mon 11 Mar 2024 07:10:46 +0000
ROA not before:           Mon 11 Mar 2024 07:10:43 +0000
ROA not after:            Mon 10 Mar 2025 07:10:43 +0000
asID:                     138456
IP address blocks:        154.213.2.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 41082 (0xa07a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: Mar 11 07:10:43 2024 GMT
            Not After : Mar 10 07:10:43 2025 GMT
        Subject: CN=65eeae76-77f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:f3:ef:69:e7:04:08:15:0a:d6:43:a4:75:1b:
                    4d:9c:94:fa:4a:92:d0:06:62:5d:01:af:10:ea:72:
                    97:56:1a:cb:1e:20:5c:1d:fa:c9:90:a3:50:03:3b:
                    de:ff:8e:d7:0d:68:40:43:c5:c7:93:98:ec:8a:bf:
                    8c:eb:28:6d:a1:5d:ec:a7:5a:5c:55:32:89:20:a0:
                    f4:58:28:d5:cb:92:2e:f5:03:38:c8:68:c9:b1:f5:
                    9e:1f:cd:14:a9:de:6f:ba:e6:16:f1:df:cc:b0:ad:
                    e0:33:2c:8c:82:82:42:b6:d6:60:b6:d5:2b:e9:00:
                    5d:81:de:f2:98:96:ec:48:3c:3e:2d:d9:e8:3b:b3:
                    b6:c4:ef:03:c2:7d:31:61:61:de:98:86:81:fd:08:
                    df:0e:c8:19:f7:68:67:17:78:39:3b:ee:93:bf:6a:
                    ef:e1:79:9b:bd:1e:54:ea:95:cd:69:6e:03:16:17:
                    4a:99:64:e1:0f:bd:f5:8f:78:5f:be:67:c4:ff:ea:
                    fd:c1:43:10:ba:90:b8:fd:2f:b7:9e:3b:67:26:82:
                    c1:81:e9:71:e9:b8:be:a4:70:66:8a:bf:42:df:f2:
                    19:ad:b6:76:2f:ed:bc:12:bd:58:04:dd:a7:bf:c1:
                    ff:5c:96:40:31:3e:03:45:d8:10:e2:63:aa:5e:3c:
                    05:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:E6:1E:3C:34:70:90:68:B3:A1:F6:DB:C9:7C:C3:EC:12:DE:6E:B6
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/7B245862DF7611EEB21C195B775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.213.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d5:9b:6c:9f:fb:87:2e:84:4b:9a:0a:02:a4:a6:34:9b:79:4f:
         b9:69:f2:f1:15:9d:ce:f7:52:b6:98:7e:3d:61:82:97:98:4e:
         bd:3c:1b:3d:be:83:49:32:f5:33:45:eb:84:65:8e:00:c5:4a:
         52:b1:ce:88:21:0e:2b:10:b1:21:28:b0:9c:5b:cb:69:cb:96:
         cc:f0:bc:ae:23:5a:2b:f9:40:f1:7d:6e:73:23:45:49:32:fd:
         f9:7f:88:3c:0a:9f:c8:91:82:d2:3b:70:cb:51:74:9d:48:42:
         3d:72:91:93:7f:5b:42:8b:ff:13:d6:ad:81:fb:4e:98:c7:c7:
         37:f5:d2:c5:a8:d7:9f:da:b9:b1:95:cd:d3:18:11:57:7f:c3:
         92:29:81:0b:e9:53:06:b6:88:60:37:2a:75:c9:ff:d0:a0:8b:
         93:9a:17:78:11:3f:4d:88:10:15:2c:5a:0b:22:ed:f4:6d:63:
         ea:ed:76:21:20:e6:7d:c6:43:10:bd:57:3f:d7:88:aa:eb:2e:
         25:61:e1:83:35:7b:70:78:8f:b7:b1:57:fa:35:85:4f:d3:66:
         df:38:c8:d0:08:b6:c7:54:43:f4:2e:af:d3:eb:eb:78:a4:57:
         02:e2:21:82:a4:39:6f:f6:f8:d2:82:57:b6:88:69:4e:91:86:
         30:54:1e:43
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDAKB6MA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjQwMzExMDcxMDQzWhcNMjUwMzEwMDcxMDQzWjAYMRYw
FAYDVQQDEw02NWVlYWU3Ni03N2YzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAufPvaecECBUK1kOkdRtNnJT6SpLQBmJdAa8Q6nKXVhrLHiBcHfrJkKNQ
Azve/47XDWhAQ8XHk5jsir+M6yhtoV3sp1pcVTKJIKD0WCjVy5Iu9QM4yGjJsfWe
H80Uqd5vuuYW8d/MsK3gMyyMgoJCttZgttUr6QBdgd7ymJbsSDw+LdnoO7O2xO8D
wn0xYWHemIaB/QjfDsgZ92hnF3g5O+6Tv2rv4XmbvR5U6pXNaW4DFhdKmWThD731
j3hfvmfE/+r9wUMQupC4/S+3njtnJoLBgelx6bi+pHBmir9C3/IZrbZ2L+28Er1Y
BN2nv8H/XJZAMT4DRdgQ4mOqXjwFVwIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFFvm
Hjw0cJBos6H228l8w+wS3m62MB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC83QjI0NTg2MkRGNzYxMUVFQjIxQzE5NUI3NzU0MTJFNi5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBmtUCMA0GCSqGSIb3DQEB
CwUAA4IBAQDVm2yf+4cuhEuaCgKkpjSbeU+5afLxFZ3O91K2mH49YYKXmE69PBs9
voNJMvUzReuEZY4AxUpSsc6IIQ4rELEhKLCcW8tpy5bM8LyuI1or+UDxfW5zI0VJ
Mv35f4g8Cp/IkYLSO3DLUXSdSEI9cpGTf1tCi/8T1q2B+06Yx8c39dLFqNef2rmx
lc3TGBFXf8OSKYEL6VMGtohgNyp1yf/QoIuTmhd4ET9NiBAVLFoLIu30bWPq7XYh
IOZ9xkMQvVc/14iq6y4lYeGDNXtweI+3sVf6NYVP02bfOMjQCLbHVEP0Lq/T6+t4
pFcC4iGCpDlv9vjSgle2iGlOkYYwVB5D
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:04:10 2024 by rpki-client on console-ams.rpki-client.org