Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F369942E/D5A8905CFF0011E8B496012AF8AEA228/234EC302FF0211E8A910092BF8AEA228.roa
File:                     234EC302FF0211E8A910092BF8AEA228.roa (raw, json)
Hash identifier:          NOa5khrVmkhCUl9lhv8WYW52PgfD6O4eOvTJHt2DcIk=
Subject key identifier:   E5:7B:74:C5:65:FA:09:4D:0C:89:66:9A:4C:55:1F:25:36:89:28:73
Certificate issuer:       /CN=F369942EAF/serialNumber=4E2650E2ABA365B39CFE158ECA4DB48D642CDB65
Certificate serial:       02
Authority key identifier: 4E:26:50:E2:AB:A3:65:B3:9C:FE:15:8E:CA:4D:B4:8D:64:2C:DB:65
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/TiZQ4qujZbOc_hWOyk20jWQs22U.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F369942E/D5A8905CFF0011E8B496012AF8AEA228/234EC302FF0211E8A910092BF8AEA228.roa
Signing time:             Thu 13 Dec 2018 18:08:48 +0000
ROA not before:           Thu 13 Dec 2018 18:08:44 +0000
ROA not after:            Wed 31 Jan 2029 18:08:44 +0000
asID:                     2635
IP address blocks:        196.41.85.0/24 maxlen: 24
                          2001:43f8:bf0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F369942E/D5A8905CFF0011E8B496012AF8AEA228/TiZQ4qujZbOc_hWOyk20jWQs22U.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F369942E/D5A8905CFF0011E8B496012AF8AEA228/TiZQ4qujZbOc_hWOyk20jWQs22U.mft
                          rsync://rpki.afrinic.net/repository/afrinic/TiZQ4qujZbOc_hWOyk20jWQs22U.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Wed 27 Nov 2024 00:05:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F369942EAF/serialNumber=4E2650E2ABA365B39CFE158ECA4DB48D642CDB65
        Validity
            Not Before: Dec 13 18:08:44 2018 GMT
            Not After : Jan 31 18:08:44 2029 GMT
        Subject: CN=5c12a030-b17b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b0:75:a3:57:9b:8a:42:5d:fa:c4:0d:5c:a7:
                    50:81:a8:06:7c:d2:50:09:8a:c2:a4:67:a3:3d:9a:
                    47:c3:d0:d8:95:46:45:42:35:9f:e6:96:04:a2:04:
                    af:5b:f8:75:b7:0a:a3:26:72:21:38:55:c5:23:3c:
                    a4:c2:78:00:47:dc:1b:d1:2f:87:f0:47:97:a2:4d:
                    8b:fe:c0:c4:49:6c:15:91:44:ba:74:ef:8f:69:e2:
                    a6:79:a4:4a:af:e8:92:cb:08:11:61:8a:99:64:45:
                    10:b5:16:7b:25:09:63:df:07:36:a0:1b:11:30:87:
                    4c:17:90:70:8b:11:b4:5a:ee:1c:f6:f4:7b:f5:3d:
                    de:b1:5e:4d:d1:d6:1d:3c:20:e5:4a:2e:00:da:e2:
                    81:1b:4d:33:23:40:58:b0:b5:e8:4c:63:82:ef:6a:
                    c5:d0:ed:4a:82:87:d3:8a:da:c9:49:db:09:b2:08:
                    a5:b5:14:cc:17:09:52:d6:40:9d:47:d4:51:5a:59:
                    33:e9:d7:27:5d:c7:15:b3:b8:53:a3:03:6a:2f:ce:
                    6e:c2:89:8c:d3:bb:f1:69:15:b9:51:ac:3d:ef:7e:
                    71:e4:12:24:e8:c0:b7:bf:61:14:b0:93:c7:ce:17:
                    b2:db:61:52:fd:19:c1:a4:85:55:ef:9f:0c:c3:32:
                    5c:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:7B:74:C5:65:FA:09:4D:0C:89:66:9A:4C:55:1F:25:36:89:28:73
            X509v3 Authority Key Identifier:
                keyid:4E:26:50:E2:AB:A3:65:B3:9C:FE:15:8E:CA:4D:B4:8D:64:2C:DB:65

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F369942E/D5A8905CFF0011E8B496012AF8AEA228/TiZQ4qujZbOc_hWOyk20jWQs22U.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/TiZQ4qujZbOc_hWOyk20jWQs22U.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F369942E/D5A8905CFF0011E8B496012AF8AEA228/234EC302FF0211E8A910092BF8AEA228.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  196.41.85.0/24
                IPv6:
                  2001:43f8:bf0::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:29:53:3c:17:19:0a:c0:6e:46:61:2f:14:a3:d2:02:84:ca:
         45:6c:04:2f:4b:da:89:8e:9c:6f:8a:2a:b6:09:ad:6a:b2:0c:
         06:23:01:fc:0c:0a:3f:85:ab:a6:8d:33:0b:ce:55:a2:0e:59:
         68:95:c8:c4:b3:4c:59:44:12:ce:b2:5c:42:bc:10:40:07:57:
         3a:72:d7:37:70:0d:ee:aa:0f:2b:1d:ab:77:ea:61:b1:63:a9:
         03:c2:b8:77:f1:bb:b5:f8:82:e1:f5:c1:14:e2:00:b9:80:00:
         98:bd:31:de:09:2e:fb:4a:68:31:d4:1f:4e:03:85:32:7a:3a:
         a6:91:a4:1c:c5:a6:3f:2c:a9:03:cc:ff:1a:0f:7b:7f:34:4d:
         e3:2a:8c:ee:d4:6d:d0:e3:fe:ac:99:41:73:fa:f5:6d:a6:e3:
         60:3f:6f:29:b3:53:c0:17:c5:08:6b:c5:dd:03:d6:f8:8c:c4:
         eb:cb:51:e1:68:56:d0:ca:a0:97:87:82:81:73:59:7a:58:5e:
         8c:ce:2f:bb:80:bb:e5:3a:0d:81:8a:bb:05:7e:fb:f9:5e:4f:
         13:7a:7b:b6:fd:fb:c6:46:c3:98:42:db:dd:a9:3f:11:36:b7:
         10:be:76:97:21:6b:6c:ee:e0:81:59:c8:6f:c3:df:38:ac:1b:
         33:20:f8:48
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzY5
OTQyRUFGMTEwLwYDVQQFEyg0RTI2NTBFMkFCQTM2NUIzOUNGRTE1OEVDQTREQjQ4
RDY0MkNEQjY1MB4XDTE4MTIxMzE4MDg0NFoXDTI5MDEzMTE4MDg0NFowGDEWMBQG
A1UEAxMNNWMxMmEwMzAtYjE3YjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKqwdaNXm4pCXfrEDVynUIGoBnzSUAmKwqRnoz2aR8PQ2JVGRUI1n+aWBKIE
r1v4dbcKoyZyIThVxSM8pMJ4AEfcG9Evh/BHl6JNi/7AxElsFZFEunTvj2nipnmk
Sq/okssIEWGKmWRFELUWeyUJY98HNqAbETCHTBeQcIsRtFruHPb0e/U93rFeTdHW
HTwg5UouANrigRtNMyNAWLC16Exjgu9qxdDtSoKH04rayUnbCbIIpbUUzBcJUtZA
nUfUUVpZM+nXJ13HFbO4U6MDai/ObsKJjNO78WkVuVGsPe9+ceQSJOjAt79hFLCT
x84XstthUv0ZwaSFVe+fDMMyXPcCAwEAAaOCAn8wggJ7MB0GA1UdDgQWBBTle3TF
ZfoJTQyJZppMVR8lNokoczAfBgNVHSMEGDAWgBROJlDiq6Nls5z+FY7KTbSNZCzb
ZTAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2OTk0MkUvRDVBODkwNUNGRjAwMTFFOEI0OTYwMTJBRjhBRUEyMjgvVGlaUTRx
dWpaYk9jX2hXT3lrMjBqV1FzMjJVLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvVGlaUTRxdWpaYk9jX2hXT3lrMjBqV1FzMjJVLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCBpAYIKwYBBQUHAQsEgZcwgZQwgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2OTk0MkUvRDVBODkwNUNGRjAwMTFFOEI0OTYwMTJBRjhB
RUEyMjgvMjM0RUMzMDJGRjAyMTFFOEE5MTAwOTJCRjhBRUEyMjgucm9hMDAGCCsG
AQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAxClVMA8EAgACMAkDBwAgAUP4C/AwDQYJ
KoZIhvcNAQELBQADggEBAGApUzwXGQrAbkZhLxSj0gKEykVsBC9L2omOnG+KKrYJ
rWqyDAYjAfwMCj+Fq6aNMwvOVaIOWWiVyMSzTFlEEs6yXEK8EEAHVzpy1zdwDe6q
Dysdq3fqYbFjqQPCuHfxu7X4guH1wRTiALmAAJi9Md4JLvtKaDHUH04DhTJ6OqaR
pBzFpj8sqQPM/xoPe380TeMqjO7UbdDj/qyZQXP69W2m42A/bymzU8AXxQhrxd0D
1viMxOvLUeFoVtDKoJeHgoFzWXpYXozOL7uAu+U6DYGKuwV++/leTxN6e7b9+8ZG
w5hC292pPxE2txC+dpcha2zu4IFZyG/D3zisGzMg+Eg=
-----END CERTIFICATE-----
Generated at Mon Nov 25 02:48:39 2024 by rpki-client on console-ams.rpki-client.org