Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/CD1A7EFE0E9B11EFAAC4AFF4007001B1.roa
File:                     CD1A7EFE0E9B11EFAAC4AFF4007001B1.roa (raw, json)
Hash identifier:          FCWTi0XXCsWGMsefG+0isjGJ0v5jjUPSewQOpKOyebk=
Subject key identifier:   1E:A4:03:36:4B:1E:1A:54:1B:22:19:21:1F:CF:EC:50:A5:71:67:9B
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       897E
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/CD1A7EFE0E9B11EFAAC4AFF4007001B1.roa
Signing time:             Fri 10 May 2024 07:06:20 +0000
ROA not before:           Fri 10 May 2024 07:06:16 +0000
ROA not after:            Fri 10 Jan 2025 07:06:16 +0000
asID:                     139057
IP address blocks:        156.225.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.mft
                          rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sat 23 Nov 2024 00:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 35198 (0x897e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
        Validity
            Not Before: May 10 07:06:16 2024 GMT
            Not After : Jan 10 07:06:16 2025 GMT
        Subject: CN=663dc76b-d321
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:65:93:8c:d9:62:90:ab:e4:59:f8:1b:f1:37:
                    92:8f:1c:a9:d1:bb:46:18:86:45:d1:1b:3e:e5:1d:
                    00:7a:ce:92:42:26:81:12:28:74:b0:12:a2:a1:ef:
                    51:31:4d:32:91:2a:07:8d:59:ab:d7:58:d9:95:0f:
                    66:64:b5:c8:c6:74:fe:2b:f5:85:e7:aa:cb:dd:a8:
                    b2:8e:72:3b:f2:d4:95:90:5b:f4:41:e3:5e:f3:8f:
                    e4:7e:0f:17:c7:42:97:b6:55:70:5b:7a:b1:ae:5b:
                    7e:21:3e:52:ba:cc:ab:a9:3f:23:f3:e2:04:c9:de:
                    cb:d6:19:07:80:37:2d:43:2b:88:5d:e8:f4:72:03:
                    8a:86:89:26:7d:d9:97:56:50:df:6e:c1:d7:79:dc:
                    4c:77:02:a7:4c:b4:1a:44:f5:6c:cc:01:b8:55:b2:
                    90:13:ac:85:9e:d2:88:2b:89:1e:cb:3b:1a:ed:8d:
                    48:e9:1d:12:b2:41:25:e5:34:41:5c:f3:8b:1b:20:
                    03:20:e1:ab:ee:09:15:f7:7a:0d:8c:61:40:d1:0d:
                    9d:6c:aa:d0:8c:82:79:03:8d:6c:de:1b:1d:30:66:
                    47:53:f4:52:31:44:37:bd:30:0e:18:ef:29:0a:05:
                    28:7a:b9:17:00:3c:49:b7:8f:64:e7:df:02:8b:ab:
                    6b:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:A4:03:36:4B:1E:1A:54:1B:22:19:21:1F:CF:EC:50:A5:71:67:9B
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/CD1A7EFE0E9B11EFAAC4AFF4007001B1.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.225.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:14:d5:ca:c0:13:b4:84:a5:c1:56:a3:ab:68:8b:2a:e5:d7:
         e6:df:64:16:28:dd:36:20:b1:20:20:fd:ad:5b:4f:0a:1a:2c:
         4a:75:1f:43:5c:86:8c:20:e0:33:94:af:90:48:61:43:b2:11:
         52:71:9a:fc:26:91:f5:e1:87:dc:79:dd:94:e3:a7:34:ec:66:
         18:45:e2:39:c2:2f:03:87:96:f1:7c:05:75:7d:3a:53:c1:0b:
         5c:96:5d:bd:61:e1:a9:fa:4b:13:87:e7:24:ef:bb:53:84:9c:
         84:f9:62:e5:e1:65:60:3d:c8:28:0f:5c:b8:61:d8:58:1e:4a:
         69:92:84:07:ac:f6:ca:57:e3:ae:ff:90:a8:f7:85:a9:79:87:
         f5:1a:cb:7f:81:19:67:b4:96:e8:b9:d8:d0:f5:9c:8a:f4:ad:
         8e:10:be:ec:12:c5:9a:6e:41:8a:40:c6:4f:d0:5f:83:a7:c8:
         1f:16:8b:86:f0:2f:50:0f:b4:b4:57:1b:f4:47:bb:f0:78:03:
         dd:3a:4f:ee:f2:b6:80:ab:56:de:11:0d:00:a4:6e:ec:0d:8b:
         0c:c8:77:df:d0:cd:60:73:80:2a:0c:1f:91:55:08:90:cd:66:
         fe:1d:04:ea:01:5e:6a:4f:ed:03:c6:c1:c2:30:d5:77:d0:dd:
         1f:db:14:ef
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIDAIl+MA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjQwNTEwMDcwNjE2WhcNMjUwMTEwMDcwNjE2WjAYMRYw
FAYDVQQDEw02NjNkYzc2Yi1kMzIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAy2WTjNlikKvkWfgb8TeSjxyp0btGGIZF0Rs+5R0Aes6SQiaBEih0sBKi
oe9RMU0ykSoHjVmr11jZlQ9mZLXIxnT+K/WF56rL3aiyjnI78tSVkFv0QeNe84/k
fg8Xx0KXtlVwW3qxrlt+IT5SusyrqT8j8+IEyd7L1hkHgDctQyuIXej0cgOKhokm
fdmXVlDfbsHXedxMdwKnTLQaRPVszAG4VbKQE6yFntKIK4keyzsa7Y1I6R0SskEl
5TRBXPOLGyADIOGr7gkV93oNjGFA0Q2dbKrQjIJ5A41s3hsdMGZHU/RSMUQ3vTAO
GO8pCgUoerkXADxJt49k598Ci6trIQIDAQABo4ICojCCAp4wHQYDVR0OBBYEFB6k
AzZLHhpUGyIZIR/P7FClcWebMB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC9DRDFBN0VGRTBFOUIxMUVGQUFDNEFGRjQwMDcwMDFCMS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnOFhMA0GCSqGSIb3DQEBCwUA
A4IBAQCZFNXKwBO0hKXBVqOraIsq5dfm32QWKN02ILEgIP2tW08KGixKdR9DXIaM
IOAzlK+QSGFDshFScZr8JpH14Yfced2U46c07GYYReI5wi8Dh5bxfAV1fTpTwQtc
ll29YeGp+ksTh+ck77tThJyE+WLl4WVgPcgoD1y4YdhYHkppkoQHrPbKV+Ou/5Co
94WpeYf1Gst/gRlntJboudjQ9ZyK9K2OEL7sEsWabkGKQMZP0F+Dp8gfFouG8C9Q
D7S0Vxv0R7vweAPdOk/u8raAq1beEQ0ApG7sDYsMyHff0M1gc4AqDB+RVQiQzWb+
HQTqAV5qT+0DxsHCMNV30N0f2xTv
-----END CERTIFICATE-----
Generated at Thu Nov 21 11:10:50 2024 by rpki-client on console-ams.rpki-client.org