Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3697B99/11FE3600376011EEA28A212C4AD9E6FC/820A44FA376711EEA243283E4AD9E6FC.roa
File:                     820A44FA376711EEA243283E4AD9E6FC.roa (raw, json)
Hash identifier:          ZttSXdlWsN452hajpfHfL317dPsyGT14Z854aNGNFHs=
Subject key identifier:   9D:F5:9A:EE:C2:97:A5:4E:6E:C7:11:B9:D3:9E:69:47:DD:2C:D3:E3
Certificate issuer:       /CN=F3697B99AF/serialNumber=B4109BEDC4778727E24E9A377CC617BC07C0A735
Certificate serial:       09
Authority key identifier: B4:10:9B:ED:C4:77:87:27:E2:4E:9A:37:7C:C6:17:BC:07:C0:A7:35
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/tBCb7cR3hyfiTpo3fMYXvAfApzU.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3697B99/11FE3600376011EEA28A212C4AD9E6FC/820A44FA376711EEA243283E4AD9E6FC.roa
Signing time:             Thu 10 Aug 2023 10:20:20 +0000
ROA not before:           Thu 10 Aug 2023 10:20:16 +0000
ROA not after:            Wed 10 Aug 2033 10:20:16 +0000
asID:                     328792
IP address blocks:        102.221.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3697B99/11FE3600376011EEA28A212C4AD9E6FC/tBCb7cR3hyfiTpo3fMYXvAfApzU.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3697B99/11FE3600376011EEA28A212C4AD9E6FC/tBCb7cR3hyfiTpo3fMYXvAfApzU.mft
                          rsync://rpki.afrinic.net/repository/afrinic/tBCb7cR3hyfiTpo3fMYXvAfApzU.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9 (0x9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3697B99AF/serialNumber=B4109BEDC4778727E24E9A377CC617BC07C0A735
        Validity
            Not Before: Aug 10 10:20:16 2023 GMT
            Not After : Aug 10 10:20:16 2033 GMT
        Subject: CN=64d4b9e4-a758
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:82:f5:eb:a2:fe:f8:53:68:22:3f:02:53:7c:
                    ce:a1:53:46:26:bc:28:b1:c5:d9:23:18:d0:64:c2:
                    0d:2d:6b:19:d4:c2:53:a3:12:f3:20:d5:94:fd:46:
                    06:e1:61:f4:22:49:3f:15:6a:70:93:a0:b8:be:a8:
                    48:5d:89:70:e8:ba:a6:0c:05:07:fc:f6:ee:2e:79:
                    64:81:19:51:e1:93:13:c1:74:ac:87:49:a0:18:d3:
                    8f:c9:bf:5f:be:2f:4c:68:81:f1:9e:6e:e6:9b:4d:
                    6d:ea:4b:51:91:52:e5:3b:22:d1:01:49:42:f3:a7:
                    38:a3:9f:9f:05:d6:a2:a9:b9:69:7a:71:dd:d2:b8:
                    af:65:37:1f:1d:85:96:96:95:75:84:7d:ca:ed:86:
                    10:e8:d3:62:0c:50:d2:0a:19:23:f0:55:0e:10:87:
                    bf:b8:5a:3b:3c:45:e6:03:98:87:cb:9e:79:a2:26:
                    8d:d7:35:cf:ce:5e:0f:de:bd:63:ba:7f:b0:39:ef:
                    d3:92:40:b6:8d:0e:53:60:67:ae:36:dc:8f:c6:11:
                    60:61:16:7e:1f:c0:2f:85:3a:b1:56:d5:f9:c0:3e:
                    c1:8f:11:f7:52:2f:bb:1c:35:b6:e5:b2:8e:4d:d2:
                    89:8b:c5:73:c4:20:45:14:06:0d:f7:1d:31:de:99:
                    1b:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:F5:9A:EE:C2:97:A5:4E:6E:C7:11:B9:D3:9E:69:47:DD:2C:D3:E3
            X509v3 Authority Key Identifier:
                keyid:B4:10:9B:ED:C4:77:87:27:E2:4E:9A:37:7C:C6:17:BC:07:C0:A7:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3697B99/11FE3600376011EEA28A212C4AD9E6FC/tBCb7cR3hyfiTpo3fMYXvAfApzU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/tBCb7cR3hyfiTpo3fMYXvAfApzU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3697B99/11FE3600376011EEA28A212C4AD9E6FC/820A44FA376711EEA243283E4AD9E6FC.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.221.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:45:26:f5:99:04:a0:b0:04:e4:be:e3:2d:99:a9:7f:d7:bf:
         30:87:0d:58:9b:b2:b2:e9:27:f3:6a:ca:bc:e1:d1:c7:d2:c7:
         41:ba:5c:58:1b:c5:9a:68:2b:af:6e:1e:2a:7e:33:dd:a9:15:
         19:e3:fe:ee:76:e5:e2:91:c4:93:19:5f:73:ed:3d:58:ab:2e:
         9f:47:c9:5d:91:59:ba:a3:88:68:48:27:42:38:6c:fe:bc:17:
         44:5c:0c:49:d0:a0:c9:ec:10:1e:53:62:db:69:5f:65:b7:2e:
         70:32:91:06:91:e8:34:9c:50:44:1a:58:b0:e8:d7:72:44:38:
         fb:57:8e:2d:d2:60:2f:57:da:3c:38:4f:e5:90:d2:0b:e1:f4:
         fd:2d:98:d0:42:c4:18:46:1b:1d:44:a1:35:e9:33:a9:33:8b:
         ae:fc:b3:8a:f5:d3:36:9c:78:81:b4:16:4d:8d:5b:b7:ec:ea:
         2f:68:90:5e:86:c5:22:f5:79:21:bf:8b:81:b2:39:96:5c:25:
         c5:7a:04:59:d1:35:fc:b5:6b:a9:8a:25:28:a6:85:f3:09:65:
         50:8d:48:78:92:91:82:69:ad:ac:02:5b:b5:77:83:f7:e1:d7:
         31:b6:a7:2d:4a:81:b0:be:3d:44:30:7f:e1:6a:7a:3f:d0:07:
         57:f6:a3:52
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBCTANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzY5
N0I5OUFGMTEwLwYDVQQFEyhCNDEwOUJFREM0Nzc4NzI3RTI0RTlBMzc3Q0M2MTdC
QzA3QzBBNzM1MB4XDTIzMDgxMDEwMjAxNloXDTMzMDgxMDEwMjAxNlowGDEWMBQG
A1UEAxMNNjRkNGI5ZTQtYTc1ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK+C9eui/vhTaCI/AlN8zqFTRia8KLHF2SMY0GTCDS1rGdTCU6MS8yDVlP1G
BuFh9CJJPxVqcJOguL6oSF2JcOi6pgwFB/z27i55ZIEZUeGTE8F0rIdJoBjTj8m/
X74vTGiB8Z5u5ptNbepLUZFS5Tsi0QFJQvOnOKOfnwXWoqm5aXpx3dK4r2U3Hx2F
lpaVdYR9yu2GEOjTYgxQ0goZI/BVDhCHv7haOzxF5gOYh8ueeaImjdc1z85eD969
Y7p/sDnv05JAto0OU2Bnrjbcj8YRYGEWfh/AL4U6sVbV+cA+wY8R91Ivuxw1tuWy
jk3SiYvFc8QgRRQGDfcdMd6ZG8kCAwEAAaOCAqUwggKhMB0GA1UdDgQWBBSd9Zru
wpelTm7HEbnTnmlH3SzT4zAfBgNVHSMEGDAWgBS0EJvtxHeHJ+JOmjd8xhe8B8Cn
NTAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2OTdCOTkvMTFGRTM2MDAzNzYwMTFFRUEyOEEyMTJDNEFEOUU2RkMvdEJDYjdj
UjNoeWZpVHBvM2ZNWVh2QWZBcHpVLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvdEJDYjdjUjNoeWZpVHBvM2ZNWVh2QWZBcHpVLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2OTdCOTkvMTFGRTM2MDAzNzYwMTFFRUEyOEEyMTJDNEFE
OUU2RkMvODIwQTQ0RkEzNzY3MTFFRUEyNDMyODNFNEFEOUU2RkMucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAGbdNDANBgkqhkiG9w0BAQsF
AAOCAQEAS0Um9ZkEoLAE5L7jLZmpf9e/MIcNWJuysukn82rKvOHRx9LHQbpcWBvF
mmgrr24eKn4z3akVGeP+7nbl4pHEkxlfc+09WKsun0fJXZFZuqOIaEgnQjhs/rwX
RFwMSdCgyewQHlNi22lfZbcucDKRBpHoNJxQRBpYsOjXckQ4+1eOLdJgL1faPDhP
5ZDSC+H0/S2Y0ELEGEYbHUShNekzqTOLrvyzivXTNpx4gbQWTY1bt+zqL2iQXobF
IvV5Ib+LgbI5llwlxXoEWdE1/LVrqYolKKaF8wllUI1IeJKRgmmtrAJbtXeD9+HX
MbanLUqBsL49RDB/4Wp6P9AHV/ajUg==
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:05:15 2024 by rpki-client on console-ams.rpki-client.org