Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36CA351/D8E6C5EAC2E611EE8B90697B775412E6/6DE452F6C2ED11EE8F238486775412E6.roa
File:                     6DE452F6C2ED11EE8F238486775412E6.roa (raw, json)
Hash identifier:          YytuzeKP/+B1T18/BxDlgrgQyAcKFXhMfpeLbXFDqLc=
Subject key identifier:   5E:24:8E:80:90:A1:BA:10:07:82:C9:AB:6B:57:D3:5A:55:62:1A:C9
Certificate issuer:       /CN=F36CA351AF/serialNumber=58DA3BE331A612AAAE4F6A30637704063AC3DD42
Certificate serial:       09
Authority key identifier: 58:DA:3B:E3:31:A6:12:AA:AE:4F:6A:30:63:77:04:06:3A:C3:DD:42
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/WNo74zGmEqquT2owY3cEBjrD3UI.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36CA351/D8E6C5EAC2E611EE8B90697B775412E6/6DE452F6C2ED11EE8F238486775412E6.roa
Signing time:             Sat 03 Feb 2024 23:39:10 +0000
ROA not before:           Sun 04 Feb 2024 23:39:07 +0000
ROA not after:            Tue 31 Dec 2024 23:39:07 +0000
asID:                     328988
IP address blocks:        102.213.68.0/22 maxlen: 22
                          102.213.68.0/24 maxlen: 24
                          102.213.69.0/24 maxlen: 24
                          102.213.70.0/24 maxlen: 24
                          102.213.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36CA351/D8E6C5EAC2E611EE8B90697B775412E6/WNo74zGmEqquT2owY3cEBjrD3UI.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36CA351/D8E6C5EAC2E611EE8B90697B775412E6/WNo74zGmEqquT2owY3cEBjrD3UI.mft
                          rsync://rpki.afrinic.net/repository/afrinic/WNo74zGmEqquT2owY3cEBjrD3UI.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9 (0x9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36CA351AF/serialNumber=58DA3BE331A612AAAE4F6A30637704063AC3DD42
        Validity
            Not Before: Feb  4 23:39:07 2024 GMT
            Not After : Dec 31 23:39:07 2024 GMT
        Subject: CN=65bece9e-e218
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:4a:ba:99:fd:d8:00:59:0d:31:6c:8b:c9:6d:
                    be:d0:fc:43:b9:0a:a1:a3:1c:58:de:75:5b:96:c5:
                    aa:48:17:54:99:c5:d9:e6:c6:fb:9c:94:e2:c5:ba:
                    79:98:68:f1:b6:45:f2:50:5e:3e:d3:e4:89:0f:10:
                    78:ff:75:7a:f6:cf:33:1b:4f:88:74:30:16:7a:e8:
                    02:8f:1a:9e:8b:27:4c:40:4d:02:22:9a:46:15:fa:
                    1f:8d:13:9c:58:64:1d:97:1f:4a:4d:68:cd:f3:c1:
                    07:a1:86:66:c6:5f:c0:4b:4c:bb:92:73:be:36:9c:
                    bd:73:ad:33:87:eb:6d:fc:89:ec:21:95:fb:4e:6c:
                    a3:23:b4:15:db:14:de:be:64:56:2a:b9:ef:fc:4a:
                    24:a6:86:79:46:d4:8f:1f:20:5f:6f:4f:0a:16:92:
                    75:53:87:47:a1:2f:2f:fd:34:9a:f5:dc:4a:76:2e:
                    55:81:22:c5:3e:b9:b2:df:c0:b5:c2:ec:60:24:e7:
                    69:46:df:c2:1f:a8:da:55:6d:a9:70:bf:9f:c4:6d:
                    72:5f:9b:bd:fa:5c:7c:0e:af:0b:74:92:7c:0d:77:
                    07:6a:ed:b8:60:68:79:f1:bd:34:24:3f:89:74:cd:
                    5d:83:18:d6:0b:cb:96:bb:14:73:33:21:0f:73:e9:
                    27:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:24:8E:80:90:A1:BA:10:07:82:C9:AB:6B:57:D3:5A:55:62:1A:C9
            X509v3 Authority Key Identifier:
                keyid:58:DA:3B:E3:31:A6:12:AA:AE:4F:6A:30:63:77:04:06:3A:C3:DD:42

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36CA351/D8E6C5EAC2E611EE8B90697B775412E6/WNo74zGmEqquT2owY3cEBjrD3UI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/WNo74zGmEqquT2owY3cEBjrD3UI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36CA351/D8E6C5EAC2E611EE8B90697B775412E6/6DE452F6C2ED11EE8F238486775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.213.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         91:a4:22:d1:39:46:ba:db:e1:66:e3:ad:d3:39:2a:44:4e:db:
         6a:61:e4:21:3d:0f:fc:5d:29:06:8c:68:3e:7d:dd:83:be:9d:
         bf:e0:ac:85:77:a4:ae:a8:80:98:cd:2d:57:6a:b0:4e:5b:07:
         46:ec:93:23:bc:ce:21:cb:6f:eb:60:3d:e5:ce:fc:25:42:21:
         f1:29:38:39:9b:95:b3:c7:4a:67:1a:e0:11:d1:a8:a1:b9:2f:
         5b:fb:78:be:f4:00:6f:26:67:84:e2:c5:95:c1:92:6b:49:2b:
         37:70:63:be:ef:81:e5:d0:61:5f:2b:41:e1:bc:4d:8e:75:9d:
         3b:36:1d:f6:e1:0a:41:78:19:03:a8:e9:c2:65:56:a2:c4:c8:
         0f:da:ba:90:4b:e1:23:66:3b:ad:c4:73:c6:48:b9:bd:c1:86:
         7c:56:7e:24:e6:96:2a:74:67:cf:8a:be:d9:c5:e7:39:59:57:
         8c:1d:a9:2a:8a:70:bc:57:a2:26:84:04:80:8b:14:41:75:75:
         c7:11:89:81:61:6c:9d:09:6e:d8:81:a2:70:9d:95:ff:7b:2f:
         b8:cc:90:b0:45:32:51:56:7d:0d:41:31:c2:fa:a4:e5:ea:e5:
         8b:76:a8:a7:c0:7e:85:e2:4c:0b:a1:c2:ec:d1:4c:b9:aa:b3:
         6e:bf:1e:fe
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBCTANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzZD
QTM1MUFGMTEwLwYDVQQFEyg1OERBM0JFMzMxQTYxMkFBQUU0RjZBMzA2Mzc3MDQw
NjNBQzNERDQyMB4XDTI0MDIwNDIzMzkwN1oXDTI0MTIzMTIzMzkwN1owGDEWMBQG
A1UEAxMNNjViZWNlOWUtZTIxODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJtKupn92ABZDTFsi8ltvtD8Q7kKoaMcWN51W5bFqkgXVJnF2ebG+5yU4sW6
eZho8bZF8lBePtPkiQ8QeP91evbPMxtPiHQwFnroAo8anosnTEBNAiKaRhX6H40T
nFhkHZcfSk1ozfPBB6GGZsZfwEtMu5JzvjacvXOtM4frbfyJ7CGV+05soyO0FdsU
3r5kViq57/xKJKaGeUbUjx8gX29PChaSdVOHR6EvL/00mvXcSnYuVYEixT65st/A
tcLsYCTnaUbfwh+o2lVtqXC/n8Rtcl+bvfpcfA6vC3SSfA13B2rtuGBoefG9NCQ/
iXTNXYMY1gvLlrsUczMhD3PpJ2MCAwEAAaOCAqUwggKhMB0GA1UdDgQWBBReJI6A
kKG6EAeCyatrV9NaVWIayTAfBgNVHSMEGDAWgBRY2jvjMaYSqq5PajBjdwQGOsPd
QjAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2Q0EzNTEvRDhFNkM1RUFDMkU2MTFFRThCOTA2OTdCNzc1NDEyRTYvV05vNzR6
R21FcXF1VDJvd1kzY0VCanJEM1VJLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvV05vNzR6R21FcXF1VDJvd1kzY0VCanJEM1VJLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2Q0EzNTEvRDhFNkM1RUFDMkU2MTFFRThCOTA2OTdCNzc1
NDEyRTYvNkRFNDUyRjZDMkVEMTFFRThGMjM4NDg2Nzc1NDEyRTYucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAmbVRDANBgkqhkiG9w0BAQsF
AAOCAQEAkaQi0TlGutvhZuOt0zkqRE7bamHkIT0P/F0pBoxoPn3dg76dv+CshXek
rqiAmM0tV2qwTlsHRuyTI7zOIctv62A95c78JUIh8Sk4OZuVs8dKZxrgEdGoobkv
W/t4vvQAbyZnhOLFlcGSa0krN3Bjvu+B5dBhXytB4bxNjnWdOzYd9uEKQXgZA6jp
wmVWosTID9q6kEvhI2Y7rcRzxki5vcGGfFZ+JOaWKnRnz4q+2cXnOVlXjB2pKopw
vFeiJoQEgIsUQXV1xxGJgWFsnQlu2IGicJ2V/3svuMyQsEUyUVZ9DUExwvqk5erl
i3aop8B+heJMC6HC7NFMuaqzbr8e/g==
-----END CERTIFICATE-----
Generated at Fri Nov 22 03:52:59 2024 by rpki-client on console-fra.rpki-client.org