Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/8E52606232BB11EF9088C0B1762E951A.roa
File:                     8E52606232BB11EF9088C0B1762E951A.roa (raw, json)
Hash identifier:          CJid9Q5lFfymDr7Z5PqFv47llqaMHs7Jl9O1nzheKjM=
Subject key identifier:   9E:D1:96:14:7D:6A:5A:0C:0F:AD:7F:0B:CC:BA:5F:1E:B2:7E:F7:C4
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       9484
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/8E52606232BB11EF9088C0B1762E951A.roa
Signing time:             Tue 25 Jun 2024 06:24:20 +0000
ROA not before:           Tue 25 Jun 2024 06:24:17 +0000
ROA not after:            Fri 03 Jan 2025 06:24:17 +0000
asID:                     40065
IP address blocks:        156.235.4.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.mft
                          rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sat 23 Nov 2024 00:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 38020 (0x9484)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
        Validity
            Not Before: Jun 25 06:24:17 2024 GMT
            Not After : Jan  3 06:24:17 2025 GMT
        Subject: CN=667a6294-6972
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:d8:3a:ff:d9:48:80:3e:49:54:08:00:35:d9:
                    51:57:ce:65:32:72:e9:b1:0a:96:74:da:2a:6f:6a:
                    f2:16:8c:dc:10:c1:cd:ec:fa:34:95:e0:99:32:56:
                    2f:f8:8d:ec:31:c9:c0:a5:40:83:4c:68:dd:d2:16:
                    b9:c0:23:41:f6:9c:bb:22:86:a9:25:14:57:2d:f6:
                    21:e2:1d:61:66:2b:50:0a:db:44:85:38:39:af:52:
                    8e:09:6e:df:b1:a3:81:86:83:d0:fa:76:60:10:2b:
                    59:15:e9:f9:31:f5:63:cf:35:21:2d:5d:ac:2d:c8:
                    6d:fb:c3:70:f5:d7:c4:6c:8a:1c:18:ee:40:11:07:
                    d4:b5:8c:52:22:f9:1c:3e:19:86:b5:91:8e:8f:ad:
                    c6:f6:83:ee:12:e1:92:f0:6b:01:3f:c7:df:6c:34:
                    eb:c2:50:2c:e3:a3:9c:68:2f:4b:28:49:e5:df:86:
                    a1:a4:55:4a:b2:b7:3d:32:37:2a:31:dc:8a:23:1c:
                    a3:59:8e:86:11:45:b5:c9:40:79:7b:47:7a:02:24:
                    db:bf:86:7d:7f:2e:fb:24:f4:82:7b:9a:ea:1d:5b:
                    fe:3c:58:ef:38:b6:f2:a0:c6:91:f1:13:1d:e9:63:
                    2f:d5:34:03:a0:42:e2:1a:21:9a:90:60:4c:e0:94:
                    86:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:D1:96:14:7D:6A:5A:0C:0F:AD:7F:0B:CC:BA:5F:1E:B2:7E:F7:C4
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/8E52606232BB11EF9088C0B1762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.235.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:c1:f9:11:8a:93:5e:9b:05:2f:31:9e:8a:63:99:2b:65:62:
         c6:3f:dd:51:1c:fd:bf:36:d8:ac:88:ca:ec:25:1f:e9:9d:04:
         88:c3:9d:3a:e1:df:96:ac:e7:de:d6:bd:60:d0:54:f8:6b:56:
         27:57:f0:62:b5:d9:1d:2a:8a:55:cc:1e:27:37:7a:94:7b:97:
         f6:3c:51:16:e1:ee:cb:d3:a8:af:bd:0f:ea:66:b9:74:bc:7b:
         97:1c:84:40:1e:08:76:e7:80:61:99:e3:ff:39:eb:ea:e9:fb:
         1f:53:46:3c:bd:68:09:20:01:c6:d3:49:c7:9f:1f:43:9d:fa:
         6c:d7:3c:ec:d0:e1:b7:41:e3:23:39:a8:79:cd:8e:40:c7:91:
         b5:63:2b:00:f6:b8:85:91:f9:7c:14:ca:bb:b4:2a:1a:61:5b:
         f0:53:8b:c1:15:ef:ed:f0:ba:4b:4d:c1:13:98:88:4e:1b:b6:
         59:82:e6:f2:96:1e:eb:5c:66:14:21:96:bb:2b:fb:d8:a2:1f:
         c1:7c:52:40:53:e0:76:bd:b3:ae:5a:b8:e6:83:3f:9a:c6:55:
         14:03:d6:af:bd:37:8b:1c:db:d0:16:bb:b9:9b:a2:60:43:81:
         b8:d1:46:72:d1:0f:ae:ef:d8:71:36:9d:4f:21:fd:57:db:00:
         16:7a:c5:73
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIDAJSEMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjQwNjI1MDYyNDE3WhcNMjUwMTAzMDYyNDE3WjAYMRYw
FAYDVQQDEw02NjdhNjI5NC02OTcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA39g6/9lIgD5JVAgANdlRV85lMnLpsQqWdNoqb2ryFozcEMHN7Po0leCZ
MlYv+I3sMcnApUCDTGjd0ha5wCNB9py7IoapJRRXLfYh4h1hZitQCttEhTg5r1KO
CW7fsaOBhoPQ+nZgECtZFen5MfVjzzUhLV2sLcht+8Nw9dfEbIocGO5AEQfUtYxS
IvkcPhmGtZGOj63G9oPuEuGS8GsBP8ffbDTrwlAs46OcaC9LKEnl34ahpFVKsrc9
MjcqMdyKIxyjWY6GEUW1yUB5e0d6AiTbv4Z9fy77JPSCe5rqHVv+PFjvOLbyoMaR
8RMd6WMv1TQDoELiGiGakGBM4JSG8wIDAQABo4ICojCCAp4wHQYDVR0OBBYEFJ7R
lhR9aloMD61/C8y6Xx6yfvfEMB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC84RTUyNjA2MjMyQkIxMUVGOTA4OEMwQjE3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCnOsEMA0GCSqGSIb3DQEBCwUA
A4IBAQAKwfkRipNemwUvMZ6KY5krZWLGP91RHP2/NtisiMrsJR/pnQSIw5064d+W
rOfe1r1g0FT4a1YnV/BitdkdKopVzB4nN3qUe5f2PFEW4e7L06ivvQ/qZrl0vHuX
HIRAHgh254BhmeP/Oevq6fsfU0Y8vWgJIAHG00nHnx9Dnfps1zzs0OG3QeMjOah5
zY5Ax5G1YysA9riFkfl8FMq7tCoaYVvwU4vBFe/t8LpLTcETmIhOG7ZZgubylh7r
XGYUIZa7K/vYoh/BfFJAU+B2vbOuWrjmgz+axlUUA9avvTeLHNvQFru5m6JgQ4G4
0UZy0Q+u79hxNp1PIf1X2wAWesVz
-----END CERTIFICATE-----
Generated at Thu Nov 21 11:10:40 2024 by rpki-client on console-ams.rpki-client.org