Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368FB9C/8EA540B276EE11EF9332B99C762E951A/C2B9341076F511EFBC58BB52762E951A.roa
File:                     C2B9341076F511EFBC58BB52762E951A.roa (raw, json)
Hash identifier:          U7XlU6jSsJhlTWJeAypN+DFO1ezOxcZqSXDIIZR+kcY=
Subject key identifier:   20:3B:3D:E8:6E:A8:07:E8:58:CD:67:BA:3B:BD:0E:16:DB:FA:B3:E8
Certificate issuer:       /CN=F368FB9CAF/serialNumber=5625B02E5741491D4D3179655A32EE9F845882BD
Certificate serial:       02
Authority key identifier: 56:25:B0:2E:57:41:49:1D:4D:31:79:65:5A:32:EE:9F:84:58:82:BD
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/ViWwLldBSR1NMXllWjLun4RYgr0.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368FB9C/8EA540B276EE11EF9332B99C762E951A/C2B9341076F511EFBC58BB52762E951A.roa
Signing time:             Fri 20 Sep 2024 02:12:18 +0000
ROA not before:           Fri 20 Sep 2024 02:12:14 +0000
ROA not after:            Sun 20 Sep 2026 02:12:14 +0000
asID:                     329473
IP address blocks:        102.208.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368FB9C/8EA540B276EE11EF9332B99C762E951A/ViWwLldBSR1NMXllWjLun4RYgr0.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368FB9C/8EA540B276EE11EF9332B99C762E951A/ViWwLldBSR1NMXllWjLun4RYgr0.mft
                          rsync://rpki.afrinic.net/repository/afrinic/ViWwLldBSR1NMXllWjLun4RYgr0.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368FB9CAF/serialNumber=5625B02E5741491D4D3179655A32EE9F845882BD
        Validity
            Not Before: Sep 20 02:12:14 2024 GMT
            Not After : Sep 20 02:12:14 2026 GMT
        Subject: CN=66ecda02-7967
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:76:ae:a4:25:60:f6:9d:c1:fd:25:5d:d5:75:
                    db:ee:42:7a:8a:48:68:bc:c5:8f:06:b5:7f:3b:2e:
                    14:0a:6e:01:85:c9:c9:a2:f4:57:c3:93:bf:12:e8:
                    e3:26:2b:00:8b:3e:1f:5f:76:66:70:ef:ce:a5:ca:
                    f2:71:18:82:c8:56:22:2b:45:74:94:b7:27:cc:54:
                    d1:b7:6d:b9:38:54:90:14:ea:8f:9b:38:15:2c:d1:
                    09:40:0c:df:7c:93:43:b7:a0:38:de:05:6e:05:e8:
                    a2:26:80:d5:b1:d1:00:83:71:7f:a7:98:fa:d4:a6:
                    1a:cc:09:69:4d:9f:c8:2d:51:bd:7c:91:9d:ee:9f:
                    b7:1d:3e:e4:e0:78:86:23:a6:21:03:89:9f:57:01:
                    70:4a:da:ae:ef:cc:c3:10:93:50:44:5e:fb:2b:72:
                    9d:3d:55:1d:af:fc:b5:9e:38:7c:ec:69:17:d0:85:
                    ee:8a:ab:b0:69:b6:77:a6:5d:74:d2:2e:a1:ac:8a:
                    13:9f:61:58:cf:d2:88:e5:59:41:9f:58:fe:fc:50:
                    d9:5c:84:21:4e:3d:e4:fd:d1:49:5b:0c:aa:d5:1a:
                    3a:4b:dc:dd:e1:16:de:0d:cf:3f:f1:ed:9c:4b:5f:
                    d0:6c:a5:63:19:0d:38:45:fa:45:d3:1a:a4:30:68:
                    cf:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:3B:3D:E8:6E:A8:07:E8:58:CD:67:BA:3B:BD:0E:16:DB:FA:B3:E8
            X509v3 Authority Key Identifier:
                keyid:56:25:B0:2E:57:41:49:1D:4D:31:79:65:5A:32:EE:9F:84:58:82:BD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368FB9C/8EA540B276EE11EF9332B99C762E951A/ViWwLldBSR1NMXllWjLun4RYgr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/ViWwLldBSR1NMXllWjLun4RYgr0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368FB9C/8EA540B276EE11EF9332B99C762E951A/C2B9341076F511EFBC58BB52762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.208.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:94:42:10:97:54:95:69:a1:c7:85:17:3e:8e:1d:91:fc:3d:
         96:f6:ec:b7:b9:ce:b7:d5:26:5e:6b:ce:98:f5:81:d0:52:d0:
         12:b2:b4:12:fe:ed:d1:81:27:48:3a:24:13:a6:9c:ba:63:8c:
         26:65:76:61:60:dc:50:3f:cf:df:08:a4:7c:61:6b:2e:3d:e6:
         94:6e:19:56:5b:c7:ef:f8:06:e2:83:75:ba:4f:d5:12:ba:3c:
         cb:8b:3b:bd:fa:a8:bd:ab:14:d9:86:2c:96:58:d1:f9:71:98:
         15:d5:02:42:ac:9a:47:75:be:51:36:30:d6:7f:9f:c2:81:d9:
         7a:eb:cd:3d:44:be:3c:6d:95:72:22:89:85:dd:fa:97:7b:57:
         e4:46:ce:e9:e3:b0:43:94:dc:5e:dd:b6:6e:09:55:43:e3:db:
         f0:7a:7b:6b:a3:30:13:21:b4:2e:f6:29:8f:39:df:a9:05:33:
         49:69:1a:30:5d:00:58:2e:39:7b:8d:2e:b0:09:03:11:6d:16:
         7b:f0:bc:56:36:c2:4d:50:10:8a:d6:c9:78:7e:75:a7:af:27:
         07:9b:0b:e3:55:a2:97:78:2d:a3:5d:46:b8:38:05:14:74:ed:
         ae:6b:d3:fb:ac:50:73:2d:5f:78:3f:b9:2e:03:63:c7:31:ff:
         85:46:33:39
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzY4
RkI5Q0FGMTEwLwYDVQQFEyg1NjI1QjAyRTU3NDE0OTFENEQzMTc5NjU1QTMyRUU5
Rjg0NTg4MkJEMB4XDTI0MDkyMDAyMTIxNFoXDTI2MDkyMDAyMTIxNFowGDEWMBQG
A1UEAxMNNjZlY2RhMDItNzk2NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALJ2rqQlYPadwf0lXdV12+5CeopIaLzFjwa1fzsuFApuAYXJyaL0V8OTvxLo
4yYrAIs+H192ZnDvzqXK8nEYgshWIitFdJS3J8xU0bdtuThUkBTqj5s4FSzRCUAM
33yTQ7egON4FbgXooiaA1bHRAINxf6eY+tSmGswJaU2fyC1RvXyRne6ftx0+5OB4
hiOmIQOJn1cBcEraru/MwxCTUERe+ytynT1VHa/8tZ44fOxpF9CF7oqrsGm2d6Zd
dNIuoayKE59hWM/SiOVZQZ9Y/vxQ2VyEIU495P3RSVsMqtUaOkvc3eEW3g3PP/Ht
nEtf0GylYxkNOEX6RdMapDBoz+cCAwEAAaOCAqUwggKhMB0GA1UdDgQWBBQgOz3o
bqgH6FjNZ7o7vQ4W2/qz6DAfBgNVHSMEGDAWgBRWJbAuV0FJHU0xeWVaMu6fhFiC
vTAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2OEZCOUMvOEVBNTQwQjI3NkVFMTFFRjkzMzJCOTlDNzYyRTk1MUEvVmlXd0xs
ZEJTUjFOTVhsbFdqTHVuNFJZZ3IwLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvVmlXd0xsZEJTUjFOTVhsbFdqTHVuNFJZZ3IwLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2OEZCOUMvOEVBNTQwQjI3NkVFMTFFRjkzMzJCOTlDNzYy
RTk1MUEvQzJCOTM0MTA3NkY1MTFFRkJDNThCQjUyNzYyRTk1MUEucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAGbQIDANBgkqhkiG9w0BAQsF
AAOCAQEAF5RCEJdUlWmhx4UXPo4dkfw9lvbst7nOt9UmXmvOmPWB0FLQErK0Ev7t
0YEnSDokE6acumOMJmV2YWDcUD/P3wikfGFrLj3mlG4ZVlvH7/gG4oN1uk/VEro8
y4s7vfqovasU2YYslljR+XGYFdUCQqyaR3W+UTYw1n+fwoHZeuvNPUS+PG2VciKJ
hd36l3tX5EbO6eOwQ5TcXt22bglVQ+Pb8Hp7a6MwEyG0LvYpjznfqQUzSWkaMF0A
WC45e40usAkDEW0We/C8VjbCTVAQitbJeH51p68nB5sL41Wil3gto11GuDgFFHTt
rmvT+6xQcy1feD+5LgNjxzH/hUYzOQ==
-----END CERTIFICATE-----