Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3695C0A/4F556FEAAB7511ED93E656AFF1222468/CBC1D6C0BD9211EDB6D226DDF1222468.roa
File:                     CBC1D6C0BD9211EDB6D226DDF1222468.roa (raw, json)
Hash identifier:          qTwXULSySx53cW1Nc4h52dh7OSZyRV1CiS+RYF1a1tQ=
Subject key identifier:   0B:4E:0D:30:45:AC:8D:5F:11:7B:A8:C5:14:C4:FA:AD:5C:DE:A8:1F
Certificate issuer:       /CN=F3695C0AAF/serialNumber=E4817CF6E3DA05025019FFD5AABBB7838475F29B
Certificate serial:       1A
Authority key identifier: E4:81:7C:F6:E3:DA:05:02:50:19:FF:D5:AA:BB:B7:83:84:75:F2:9B
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/5IF89uPaBQJQGf_Vqru3g4R18ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3695C0A/4F556FEAAB7511ED93E656AFF1222468/CBC1D6C0BD9211EDB6D226DDF1222468.roa
Signing time:             Wed 08 Mar 2023 09:22:50 +0000
ROA not before:           Wed 08 Mar 2023 09:22:46 +0000
ROA not after:            Tue 08 Mar 2033 09:22:46 +0000
asID:                     328631
IP address blocks:        102.212.148.0/22 maxlen: 24
                          2c0f:5880::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3695C0A/4F556FEAAB7511ED93E656AFF1222468/5IF89uPaBQJQGf_Vqru3g4R18ps.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3695C0A/4F556FEAAB7511ED93E656AFF1222468/5IF89uPaBQJQGf_Vqru3g4R18ps.mft
                          rsync://rpki.afrinic.net/repository/afrinic/5IF89uPaBQJQGf_Vqru3g4R18ps.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 26 (0x1a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3695C0AAF/serialNumber=E4817CF6E3DA05025019FFD5AABBB7838475F29B
        Validity
            Not Before: Mar  8 09:22:46 2023 GMT
            Not After : Mar  8 09:22:46 2033 GMT
        Subject: CN=640853ea-667f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f4:ab:e0:bb:74:89:7b:f6:49:e7:6b:11:3d:
                    20:33:0f:b7:9d:05:72:46:a3:dd:3a:fb:01:3b:9a:
                    24:84:ce:a1:a9:72:2e:5a:91:f2:59:7e:66:fb:db:
                    c5:46:96:cc:46:3e:2b:ce:ba:80:fc:47:58:62:3b:
                    59:fd:f0:a2:0b:ab:36:74:30:68:a5:fe:77:05:fe:
                    e2:8a:14:90:52:57:03:c2:d1:d6:ae:b4:38:77:1f:
                    53:14:e7:2d:5f:ba:76:e3:03:3c:df:6d:2d:fb:de:
                    68:d2:6d:db:b3:3b:33:79:a8:7a:83:17:95:ca:66:
                    f7:8f:97:8b:c5:a6:10:f0:1d:9e:bf:da:c7:c4:53:
                    4f:b3:74:ef:1b:de:e0:0d:af:94:7d:38:2f:57:48:
                    39:b8:8c:6e:fd:7b:16:89:a1:64:44:7d:7c:0f:cf:
                    c1:f3:af:ed:19:6e:ab:24:f2:9b:83:52:ae:3e:18:
                    f3:e4:95:90:df:d4:dd:6a:41:65:45:e5:f4:9a:f2:
                    87:26:2e:7d:fb:5c:fa:4f:8e:94:9a:35:73:bc:c7:
                    84:c1:53:2d:95:39:15:48:70:83:11:9c:6c:de:cf:
                    5c:73:87:2a:16:1b:47:d3:bc:4c:69:53:1d:1f:e4:
                    d0:7b:3a:b7:61:76:2c:f4:18:4b:89:1a:04:6f:c6:
                    e3:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:4E:0D:30:45:AC:8D:5F:11:7B:A8:C5:14:C4:FA:AD:5C:DE:A8:1F
            X509v3 Authority Key Identifier:
                keyid:E4:81:7C:F6:E3:DA:05:02:50:19:FF:D5:AA:BB:B7:83:84:75:F2:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3695C0A/4F556FEAAB7511ED93E656AFF1222468/5IF89uPaBQJQGf_Vqru3g4R18ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/5IF89uPaBQJQGf_Vqru3g4R18ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3695C0A/4F556FEAAB7511ED93E656AFF1222468/CBC1D6C0BD9211EDB6D226DDF1222468.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.212.148.0/22
                IPv6:
                  2c0f:5880::/32

    Signature Algorithm: sha256WithRSAEncryption
         56:67:45:a5:9c:3b:f4:46:89:ba:41:5c:0d:bd:89:2b:8a:bf:
         df:de:a6:8e:c9:01:ff:8b:77:1f:b5:ed:3b:fc:46:a4:b5:30:
         b5:c8:21:65:95:c1:52:15:b3:5a:ee:c0:b1:2c:24:81:bf:24:
         2d:73:3b:ff:ce:21:a5:1d:02:b2:1a:da:8c:f2:8c:05:13:e7:
         60:e4:95:5e:66:0b:d3:0a:4c:ab:ad:66:99:cf:c2:0e:39:09:
         f5:d7:ca:50:8e:75:67:84:68:4e:16:c4:6b:c2:a5:40:f1:de:
         92:d0:83:ea:b3:a6:00:58:af:4b:2a:9f:04:ad:6d:7a:7e:b5:
         05:09:6e:8a:d8:3b:56:f8:2d:4e:29:5a:2c:ad:90:2a:9c:7f:
         f6:85:67:14:8f:29:8e:43:d2:51:c0:30:36:9a:e3:e5:7c:06:
         8f:ca:c5:cf:76:db:3d:29:ef:88:06:90:ed:f8:b5:4e:50:7e:
         5a:ee:a4:59:7a:3c:c7:30:4e:60:54:06:bf:12:f1:ef:cf:6c:
         d3:41:66:45:b4:bf:31:14:3b:65:ec:a4:5b:69:36:75:65:68:
         db:22:88:13:75:5b:3a:46:b2:11:ea:fe:e4:ce:35:94:03:72:
         36:62:5d:16:dc:bf:0f:6f:c6:80:dd:8f:46:d1:88:cc:9d:14:
         2c:b1:83:7b
-----BEGIN CERTIFICATE-----
MIIFkTCCBHmgAwIBAgIBGjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDDApGMzY5
NUMwQUFGMTEwLwYDVQQFEyhFNDgxN0NGNkUzREEwNTAyNTAxOUZGRDVBQUJCQjc4
Mzg0NzVGMjlCMB4XDTIzMDMwODA5MjI0NloXDTMzMDMwODA5MjI0NlowGDEWMBQG
A1UEAwwNNjQwODUzZWEtNjY3ZjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMf0q+C7dIl79knnaxE9IDMPt50Fckaj3Tr7ATuaJITOoalyLlqR8ll+Zvvb
xUaWzEY+K866gPxHWGI7Wf3wogurNnQwaKX+dwX+4ooUkFJXA8LR1q60OHcfUxTn
LV+6duMDPN9tLfveaNJt27M7M3moeoMXlcpm94+Xi8WmEPAdnr/ax8RTT7N07xve
4A2vlH04L1dIObiMbv17FomhZER9fA/PwfOv7RluqyTym4NSrj4Y8+SVkN/U3WpB
ZUXl9JryhyYufftc+k+OlJo1c7zHhMFTLZU5FUhwgxGcbN7PXHOHKhYbR9O8TGlT
HR/k0Hs6t2F2LPQYS4kaBG/G49cCAwEAAaOCArQwggKwMB0GA1UdDgQWBBQLTg0w
RayNXxF7qMUUxPqtXN6oHzAfBgNVHSMEGDAWgBTkgXz249oFAlAZ/9Wqu7eDhHXy
mzAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2OTVDMEEvNEY1NTZGRUFBQjc1MTFFRDkzRTY1NkFGRjEyMjI0NjgvNUlGODl1
UGFCUUpRR2ZfVnFydTNnNFIxOHBzLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvNUlGODl1UGFCUUpRR2ZfVnFydTNnNFIxOHBzLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2OTVDMEEvNEY1NTZGRUFBQjc1MTFFRDkzRTY1NkFGRjEy
MjI0NjgvQ0JDMUQ2QzBCRDkyMTFFREI2RDIyNkRERjEyMjI0Njgucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAmbUlDANBAIAAjAHAwUALA9Y
gDANBgkqhkiG9w0BAQsFAAOCAQEAVmdFpZw79EaJukFcDb2JK4q/396mjskB/4t3
H7XtO/xGpLUwtcghZZXBUhWzWu7AsSwkgb8kLXM7/84hpR0CshrajPKMBRPnYOSV
XmYL0wpMq61mmc/CDjkJ9dfKUI51Z4RoThbEa8KlQPHektCD6rOmAFivSyqfBK1t
en61BQluitg7VvgtTilaLK2QKpx/9oVnFI8pjkPSUcAwNprj5XwGj8rFz3bbPSnv
iAaQ7fi1TlB+Wu6kWXo8xzBOYFQGvxLx789s00FmRbS/MRQ7ZeykW2k2dWVo2yKI
E3VbOkayEer+5M41lANyNmJdFty/D2/GgN2PRtGIzJ0ULLGDew==
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:05:14 2024 by rpki-client on console-ams.rpki-client.org