Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/2BD3E072FD2411EEBE9D320B017001B1.roa
File:                     2BD3E072FD2411EEBE9D320B017001B1.roa (raw, json)
Hash identifier:          TAQ2cwXn4WInhX4oP9KVDHrYbXAuwccomh8xfhrtur8=
Subject key identifier:   DE:88:D3:C1:B2:F8:B4:09:EB:89:24:F8:A2:DC:07:47:EE:54:53:9D
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       82E9
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/2BD3E072FD2411EEBE9D320B017001B1.roa
Signing time:             Thu 18 Apr 2024 01:37:09 +0000
ROA not before:           Thu 18 Apr 2024 01:37:05 +0000
ROA not after:            Mon 31 Mar 2025 01:37:05 +0000
asID:                     211392
IP address blocks:        156.239.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.mft
                          rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sat 23 Nov 2024 00:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 33513 (0x82e9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
        Validity
            Not Before: Apr 18 01:37:05 2024 GMT
            Not After : Mar 31 01:37:05 2025 GMT
        Subject: CN=66207945-9481
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:6f:9f:30:78:3a:bd:a4:a8:2b:c7:a0:4d:83:
                    4e:17:16:13:db:41:89:e0:76:2b:a6:6c:55:f3:d0:
                    e9:9d:b7:54:13:b5:d3:96:cc:bc:fb:c8:ec:3f:4a:
                    7b:3b:d1:e3:80:9e:85:ad:69:8d:53:db:88:66:b3:
                    e4:94:5d:13:b1:7f:4d:5c:33:e9:c0:1c:73:e2:67:
                    0f:e1:40:01:91:1b:d5:dc:c5:c5:62:85:9b:cc:d9:
                    a1:ce:fa:a6:69:fd:58:e8:a2:3c:88:ed:07:2d:ab:
                    40:82:a0:11:2c:59:ce:64:a2:be:b5:d9:ec:bd:fa:
                    da:e7:6e:94:94:d3:d3:1e:c3:31:fc:d2:d1:a9:3c:
                    e0:d6:ea:91:d8:fc:f5:84:93:1d:c7:31:62:ba:7f:
                    c5:5d:63:0e:8d:9e:24:36:96:7f:d7:54:7d:b2:73:
                    ee:37:47:41:88:a0:59:19:04:fc:fc:d5:e0:4f:cc:
                    7e:68:9e:d6:3d:da:4f:95:ab:80:a0:0c:68:8c:f0:
                    fb:8d:46:47:ce:09:4b:a6:63:ba:75:45:80:e3:5c:
                    63:e6:88:fd:74:0b:9f:03:9e:e6:20:20:7d:b3:5a:
                    16:c2:d8:0c:07:68:c0:3e:26:80:ec:58:68:ca:ea:
                    5d:fa:34:18:81:23:65:52:26:1c:f8:12:68:5a:6e:
                    7d:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:88:D3:C1:B2:F8:B4:09:EB:89:24:F8:A2:DC:07:47:EE:54:53:9D
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/2BD3E072FD2411EEBE9D320B017001B1.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.239.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:73:17:c3:c2:40:ae:a0:64:ad:49:c8:ef:a7:2b:56:ea:bf:
         dd:da:4f:e8:92:f3:34:c9:31:41:e1:65:cf:32:2a:70:89:49:
         70:17:a5:d3:75:6b:35:b2:a1:87:5a:4b:e0:3d:51:d3:c8:f0:
         db:1c:a5:5d:3c:8e:2a:91:53:9e:55:ea:1c:c6:47:1e:1c:fc:
         6f:d8:c9:6e:17:25:8d:75:48:88:8c:a9:ef:47:8c:11:00:fc:
         98:21:23:47:0c:41:69:0c:cb:c1:bc:78:57:36:e7:f2:3f:ac:
         d8:8a:e2:3f:31:9a:3b:da:a6:75:f0:2e:94:f2:e6:79:81:7f:
         2a:97:49:ab:43:ff:4b:e4:5a:dc:d9:5b:d3:33:f0:55:4c:ac:
         3e:21:17:8d:74:34:53:eb:9b:a2:bb:0a:ab:16:4f:c1:54:96:
         14:56:69:82:a5:06:cc:f2:8a:5f:46:11:7a:09:11:96:ff:e7:
         e7:6c:56:81:89:38:97:89:03:cb:96:59:c1:15:3b:57:46:ce:
         c2:32:51:46:f0:f4:dc:d3:55:14:07:6b:45:88:f5:c5:4d:d9:
         53:66:76:07:bb:63:79:73:d2:91:6b:c2:30:36:16:2f:3d:4c:
         fa:b6:06:fa:53:0d:6c:72:57:4c:23:88:9f:00:31:4e:3d:27:
         e3:22:9a:8d
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIDAILpMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjQwNDE4MDEzNzA1WhcNMjUwMzMxMDEzNzA1WjAYMRYw
FAYDVQQDEw02NjIwNzk0NS05NDgxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAqm+fMHg6vaSoK8egTYNOFxYT20GJ4HYrpmxV89DpnbdUE7XTlsy8+8js
P0p7O9HjgJ6FrWmNU9uIZrPklF0TsX9NXDPpwBxz4mcP4UABkRvV3MXFYoWbzNmh
zvqmaf1Y6KI8iO0HLatAgqARLFnOZKK+tdnsvfra526UlNPTHsMx/NLRqTzg1uqR
2Pz1hJMdxzFiun/FXWMOjZ4kNpZ/11R9snPuN0dBiKBZGQT8/NXgT8x+aJ7WPdpP
lauAoAxojPD7jUZHzglLpmO6dUWA41xj5oj9dAufA57mICB9s1oWwtgMB2jAPiaA
7Fhoyupd+jQYgSNlUiYc+BJoWm59cwIDAQABo4ICojCCAp4wHQYDVR0OBBYEFN6I
08Gy+LQJ64kk+KLcB0fuVFOdMB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC8yQkQzRTA3MkZEMjQxMUVFQkU5RDMyMEIwMTcwMDFCMS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnO+ZMA0GCSqGSIb3DQEBCwUA
A4IBAQACcxfDwkCuoGStScjvpytW6r/d2k/okvM0yTFB4WXPMipwiUlwF6XTdWs1
sqGHWkvgPVHTyPDbHKVdPI4qkVOeVeocxkceHPxv2MluFyWNdUiIjKnvR4wRAPyY
ISNHDEFpDMvBvHhXNufyP6zYiuI/MZo72qZ18C6U8uZ5gX8ql0mrQ/9L5Frc2VvT
M/BVTKw+IReNdDRT65uiuwqrFk/BVJYUVmmCpQbM8opfRhF6CRGW/+fnbFaBiTiX
iQPLllnBFTtXRs7CMlFG8PTc01UUB2tFiPXFTdlTZnYHu2N5c9KRa8IwNhYvPUz6
tgb6Uw1scldMI4ifADFOPSfjIpqN
-----END CERTIFICATE-----
Generated at Thu Nov 21 11:10:24 2024 by rpki-client on console-ams.rpki-client.org