Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36C58D6/D69A4DFE731611E99133037CF8AEA228/94D497C23EC611EF82B4CE80762E951A.roa
File:                     94D497C23EC611EF82B4CE80762E951A.roa (raw, json)
Hash identifier:          3AshTUdVzOlMsXhA+VWu1dW3d5/3KwYYzbsvImtD/xk=
Subject key identifier:   55:DF:21:92:07:84:0F:1E:E7:93:A6:97:B7:3E:12:DC:D9:FA:44:DF
Certificate issuer:       /CN=F36C58D6AF/serialNumber=48A2F2C4AA4AEA39BE46BFE5F99C92629BBED8FC
Certificate serial:       1151
Authority key identifier: 48:A2:F2:C4:AA:4A:EA:39:BE:46:BF:E5:F9:9C:92:62:9B:BE:D8:FC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/SKLyxKpK6jm-Rr_l-ZySYpu-2Pw.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36C58D6/D69A4DFE731611E99133037CF8AEA228/94D497C23EC611EF82B4CE80762E951A.roa
Signing time:             Wed 10 Jul 2024 14:13:29 +0000
ROA not before:           Wed 10 Jul 2024 14:13:26 +0000
ROA not after:            Fri 10 Jul 2026 14:13:26 +0000
asID:                     174
IP address blocks:        102.129.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36C58D6/D69A4DFE731611E99133037CF8AEA228/SKLyxKpK6jm-Rr_l-ZySYpu-2Pw.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36C58D6/D69A4DFE731611E99133037CF8AEA228/SKLyxKpK6jm-Rr_l-ZySYpu-2Pw.mft
                          rsync://rpki.afrinic.net/repository/afrinic/SKLyxKpK6jm-Rr_l-ZySYpu-2Pw.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Thu 24 Oct 2024 00:19:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4433 (0x1151)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36C58D6AF/serialNumber=48A2F2C4AA4AEA39BE46BFE5F99C92629BBED8FC
        Validity
            Not Before: Jul 10 14:13:26 2024 GMT
            Not After : Jul 10 14:13:26 2026 GMT
        Subject: CN=668e9709-ebc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:34:79:32:5d:10:f0:79:ef:cd:63:85:a0:b1:
                    fd:75:7d:72:d5:fb:c9:e4:2d:c4:32:6b:88:fe:a2:
                    79:8b:00:5a:1f:e1:92:8d:c7:55:50:e8:6c:ef:ad:
                    d1:b7:99:81:39:19:77:b1:66:95:d3:d9:ae:df:ad:
                    8b:3a:e5:7d:4b:0e:16:70:6c:74:a2:87:05:46:db:
                    71:58:64:15:9e:78:b9:74:a0:6d:a9:70:0a:b7:ae:
                    84:eb:6e:eb:53:90:db:2e:de:c6:9d:7a:7d:bd:1c:
                    de:22:fd:58:64:93:a6:34:57:58:53:fa:99:a3:2c:
                    ae:dd:c5:5c:f2:eb:3f:09:b0:b8:bd:58:d6:70:73:
                    82:e5:84:c8:36:0d:a5:7f:87:34:8f:36:7c:cb:29:
                    e1:9d:39:a7:03:fc:1a:e9:64:f4:e4:70:30:52:6a:
                    de:3d:1a:df:5b:df:8e:07:fc:71:d5:14:52:8b:11:
                    8d:e5:bc:2d:2d:5e:13:ef:64:64:fe:d9:c4:7d:f3:
                    d1:39:df:03:97:d9:d5:38:5f:b1:c7:b2:8b:d8:45:
                    e8:67:c1:94:96:e0:0a:8a:9e:1b:17:1b:d3:48:a5:
                    7f:9b:ec:d0:6f:4c:f7:ea:7c:90:ec:38:4a:69:75:
                    69:e7:5f:9b:6e:2c:4c:42:b3:84:0d:9e:89:dd:68:
                    cd:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:DF:21:92:07:84:0F:1E:E7:93:A6:97:B7:3E:12:DC:D9:FA:44:DF
            X509v3 Authority Key Identifier:
                keyid:48:A2:F2:C4:AA:4A:EA:39:BE:46:BF:E5:F9:9C:92:62:9B:BE:D8:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36C58D6/D69A4DFE731611E99133037CF8AEA228/SKLyxKpK6jm-Rr_l-ZySYpu-2Pw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/SKLyxKpK6jm-Rr_l-ZySYpu-2Pw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36C58D6/D69A4DFE731611E99133037CF8AEA228/94D497C23EC611EF82B4CE80762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.129.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:be:7b:4b:c7:70:52:d6:ae:3f:78:fc:54:86:92:33:25:aa:
         10:e7:bd:69:33:cf:9e:83:bd:c4:19:9f:40:4a:4d:29:0f:47:
         ad:97:c1:67:dc:25:ca:61:e5:92:91:2e:c2:02:03:8c:29:3f:
         f1:3b:e6:2e:f3:5a:d5:b3:2d:8b:33:bb:f2:a5:e1:96:8a:94:
         62:db:e0:a9:9e:eb:f9:ed:eb:0b:1c:79:01:ad:7b:25:a7:32:
         37:29:5a:73:b3:74:d4:ee:52:8d:d7:76:cd:6c:87:e2:8a:cf:
         c8:fe:d9:8b:57:ef:27:ad:c1:b0:10:99:56:92:be:c0:0d:74:
         1c:eb:f0:99:16:e9:14:68:2c:60:f4:09:73:96:40:6d:ed:58:
         04:f1:b3:69:26:11:aa:22:17:57:fa:9e:e2:58:1d:28:6a:47:
         3c:45:fd:e6:0c:3d:17:a3:68:cb:1d:ba:57:a7:f5:5f:70:0d:
         8c:a9:25:6d:02:15:eb:60:3b:ad:62:bb:2d:0d:87:f8:d5:d1:
         ab:05:5a:f1:52:75:a2:67:0e:dc:6b:23:0e:3c:42:ce:d4:e0:
         ac:e1:33:33:8f:3e:bc:85:54:a3:de:1a:05:d6:b9:b5:25:90:
         68:9c:8c:ed:da:d4:0b:62:fb:47:ab:4d:9b:e3:de:d5:c2:0b:
         9b:b9:2f:da
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICEVEwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
QzU4RDZBRjExMC8GA1UEBRMoNDhBMkYyQzRBQTRBRUEzOUJFNDZCRkU1Rjk5Qzky
NjI5QkJFRDhGQzAeFw0yNDA3MTAxNDEzMjZaFw0yNjA3MTAxNDEzMjZaMBgxFjAU
BgNVBAMTDTY2OGU5NzA5LWViYzkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDTNHkyXRDwee/NY4Wgsf11fXLV+8nkLcQya4j+onmLAFof4ZKNx1VQ6Gzv
rdG3mYE5GXexZpXT2a7frYs65X1LDhZwbHSihwVG23FYZBWeeLl0oG2pcAq3roTr
butTkNsu3saden29HN4i/Vhkk6Y0V1hT+pmjLK7dxVzy6z8JsLi9WNZwc4LlhMg2
DaV/hzSPNnzLKeGdOacD/BrpZPTkcDBSat49Gt9b344H/HHVFFKLEY3lvC0tXhPv
ZGT+2cR989E53wOX2dU4X7HHsovYRehnwZSW4AqKnhsXG9NIpX+b7NBvTPfqfJDs
OEppdWnnX5tuLExCs4QNnondaM0jAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQUVd8h
kgeEDx7nk6aXtz4S3Nn6RN8wHwYDVR0jBBgwFoAUSKLyxKpK6jm+Rr/l+ZySYpu+
2PwwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNkM1OEQ2L0Q2OUE0REZFNzMxNjExRTk5MTMzMDM3Q0Y4QUVBMjI4L1NLTHl4
S3BLNmptLVJyX2wtWnlTWXB1LTJQdy5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL1NLTHl4S3BLNmptLVJyX2wtWnlTWXB1LTJQdy5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNkM1OEQ2L0Q2OUE0REZFNzMxNjExRTk5MTMzMDM3Q0Y4
QUVBMjI4Lzk0RDQ5N0MyM0VDNjExRUY4MkI0Q0U4MDc2MkU5NTFBLnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABmgYIwDQYJKoZIhvcNAQEL
BQADggEBAC++e0vHcFLWrj94/FSGkjMlqhDnvWkzz56DvcQZn0BKTSkPR62XwWfc
Jcph5ZKRLsICA4wpP/E75i7zWtWzLYszu/Kl4ZaKlGLb4Kme6/nt6wsceQGteyWn
MjcpWnOzdNTuUo3Xds1sh+KKz8j+2YtX7yetwbAQmVaSvsANdBzr8JkW6RRoLGD0
CXOWQG3tWATxs2kmEaoiF1f6nuJYHShqRzxF/eYMPRejaMsdulen9V9wDYypJW0C
FetgO61iuy0Nh/jV0asFWvFSdaJnDtxrIw48Qs7U4KzhMzOPPryFVKPeGgXWubUl
kGicjO3a1Ati+0erTZvj3tXCC5u5L9o=
-----END CERTIFICATE-----