Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36D03D3/3A3857B2B05111EEAFF4F09B775412E6/11714A5EB05211EEB8B0949D775412E6.roa
File:                     11714A5EB05211EEB8B0949D775412E6.roa (raw, json)
Hash identifier:          Y74sDhVPh3sDwTRwkCR1rG2U0+ospQWmyyWML+k0YKo=
Subject key identifier:   64:5D:4B:F0:77:B0:A7:10:F3:10:4C:31:8D:A5:7A:FC:5A:4C:38:FB
Certificate issuer:       /CN=F36D03D3AF/serialNumber=7DF0D964712396999C17CFEE04BA4C2C1DFD1AA1
Certificate serial:       02
Authority key identifier: 7D:F0:D9:64:71:23:96:99:9C:17:CF:EE:04:BA:4C:2C:1D:FD:1A:A1
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/ffDZZHEjlpmcF8_uBLpMLB39GqE.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36D03D3/3A3857B2B05111EEAFF4F09B775412E6/11714A5EB05211EEB8B0949D775412E6.roa
Signing time:             Thu 11 Jan 2024 07:21:42 +0000
ROA not before:           Thu 11 Jan 2024 07:21:39 +0000
ROA not after:            Mon 11 Jan 2027 07:21:39 +0000
asID:                     29286
IP address blocks:        41.87.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36D03D3/3A3857B2B05111EEAFF4F09B775412E6/ffDZZHEjlpmcF8_uBLpMLB39GqE.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36D03D3/3A3857B2B05111EEAFF4F09B775412E6/ffDZZHEjlpmcF8_uBLpMLB39GqE.mft
                          rsync://rpki.afrinic.net/repository/afrinic/ffDZZHEjlpmcF8_uBLpMLB39GqE.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36D03D3AF/serialNumber=7DF0D964712396999C17CFEE04BA4C2C1DFD1AA1
        Validity
            Not Before: Jan 11 07:21:39 2024 GMT
            Not After : Jan 11 07:21:39 2027 GMT
        Subject: CN=659f9706-a6f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:c2:f6:65:e6:5e:4c:62:f2:38:c4:62:db:d1:
                    e9:3b:ad:4f:14:20:fe:90:ce:6a:62:35:03:ac:22:
                    b4:cf:f1:f9:c2:b6:3b:08:c1:0b:dc:a5:86:15:9d:
                    2c:38:e7:0b:fe:c4:68:66:9f:b1:8c:98:14:56:6a:
                    77:e3:82:a8:c1:76:3e:95:30:37:2e:07:f3:49:3d:
                    9e:5c:49:43:08:a7:c1:7b:a4:9c:7d:6c:d7:3e:70:
                    0a:59:e4:a5:12:b6:0f:c5:dd:89:25:9b:9f:04:6b:
                    c9:f6:78:1a:e8:1c:a6:6a:be:8c:ac:93:da:d6:13:
                    d1:83:29:d4:7c:0d:af:99:b1:b0:58:b5:9b:e3:6c:
                    55:d3:12:3d:30:15:e6:2f:55:22:28:f2:ef:b5:46:
                    49:b7:9a:89:27:ef:88:b1:9f:96:5a:31:58:06:32:
                    6b:f6:4a:fc:fa:82:b0:c0:4a:83:0a:12:74:e6:2e:
                    40:e4:9b:b6:59:f7:9d:0e:54:34:ae:75:39:3a:b7:
                    af:70:a8:df:39:54:40:0e:fb:4a:8b:02:0d:f4:2d:
                    6b:39:68:88:f1:1c:5c:d4:aa:b8:fe:06:db:60:af:
                    eb:52:62:fc:39:20:17:d1:b3:3e:a9:fa:3c:01:41:
                    c9:3e:9b:9b:be:56:82:09:cf:9e:6e:04:b7:eb:cd:
                    28:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:5D:4B:F0:77:B0:A7:10:F3:10:4C:31:8D:A5:7A:FC:5A:4C:38:FB
            X509v3 Authority Key Identifier:
                keyid:7D:F0:D9:64:71:23:96:99:9C:17:CF:EE:04:BA:4C:2C:1D:FD:1A:A1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36D03D3/3A3857B2B05111EEAFF4F09B775412E6/ffDZZHEjlpmcF8_uBLpMLB39GqE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/ffDZZHEjlpmcF8_uBLpMLB39GqE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36D03D3/3A3857B2B05111EEAFF4F09B775412E6/11714A5EB05211EEB8B0949D775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  41.87.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:19:d8:93:8d:d5:ec:2c:ae:73:e5:a1:ea:d7:fc:1d:98:de:
         6c:c5:13:45:78:60:9e:2e:1f:9b:cb:d8:97:64:5a:1b:9e:43:
         32:11:05:f5:f9:74:ec:f8:d8:8e:e5:be:05:ef:75:22:d7:72:
         2d:e5:6c:6b:43:c9:35:da:d4:c0:a8:4a:89:90:a1:3f:10:f1:
         2c:dd:b9:90:9b:ce:94:14:99:16:b4:51:da:57:68:ef:4b:e9:
         58:e2:bd:6c:6d:56:d9:6d:d3:88:21:18:28:94:5d:aa:8f:57:
         35:3e:8e:62:f2:9e:e0:16:4a:dc:8e:83:eb:fb:e4:05:ea:d0:
         4c:a4:d2:87:fd:4e:01:12:f1:ad:ac:ea:65:4f:c6:02:7b:90:
         8d:19:f7:7e:b6:67:9f:05:f3:c7:76:5c:8e:a7:9c:90:f8:49:
         b7:fa:98:05:08:56:49:d5:8a:10:f7:fc:83:6f:a8:9e:85:82:
         55:47:8c:29:ad:43:5c:08:00:0f:24:00:3c:1f:19:aa:5e:25:
         49:04:b6:42:79:5e:2c:c8:47:7e:48:52:9d:de:74:10:24:1b:
         48:2c:30:15:07:78:a1:9b:e5:4a:2d:03:5b:87:43:f4:f8:3c:
         05:b3:c8:f9:da:02:b9:e6:c4:12:66:78:3b:d2:dc:b7:c9:b7:
         bc:9f:54:c2
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzZE
MDNEM0FGMTEwLwYDVQQFEyg3REYwRDk2NDcxMjM5Njk5OUMxN0NGRUUwNEJBNEMy
QzFERkQxQUExMB4XDTI0MDExMTA3MjEzOVoXDTI3MDExMTA3MjEzOVowGDEWMBQG
A1UEAxMNNjU5Zjk3MDYtYTZmODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANHC9mXmXkxi8jjEYtvR6TutTxQg/pDOamI1A6witM/x+cK2OwjBC9ylhhWd
LDjnC/7EaGafsYyYFFZqd+OCqMF2PpUwNy4H80k9nlxJQwinwXuknH1s1z5wClnk
pRK2D8XdiSWbnwRryfZ4Gugcpmq+jKyT2tYT0YMp1HwNr5mxsFi1m+NsVdMSPTAV
5i9VIijy77VGSbeaiSfviLGflloxWAYya/ZK/PqCsMBKgwoSdOYuQOSbtln3nQ5U
NK51OTq3r3Co3zlUQA77SosCDfQtazloiPEcXNSquP4G22Cv61Ji/DkgF9GzPqn6
PAFByT6bm75WggnPnm4Et+vNKA8CAwEAAaOCAqUwggKhMB0GA1UdDgQWBBRkXUvw
d7CnEPMQTDGNpXr8Wkw4+zAfBgNVHSMEGDAWgBR98NlkcSOWmZwXz+4EukwsHf0a
oTAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2RDAzRDMvM0EzODU3QjJCMDUxMTFFRUFGRjRGMDlCNzc1NDEyRTYvZmZEWlpI
RWpscG1jRjhfdUJMcE1MQjM5R3FFLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvZmZEWlpIRWpscG1jRjhfdUJMcE1MQjM5R3FFLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2RDAzRDMvM0EzODU3QjJCMDUxMTFFRUFGRjRGMDlCNzc1
NDEyRTYvMTE3MTRBNUVCMDUyMTFFRUI4QjA5NDlENzc1NDEyRTYucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAClXtTANBgkqhkiG9w0BAQsF
AAOCAQEAYhnYk43V7Cyuc+Wh6tf8HZjebMUTRXhgni4fm8vYl2RaG55DMhEF9fl0
7PjYjuW+Be91ItdyLeVsa0PJNdrUwKhKiZChPxDxLN25kJvOlBSZFrRR2ldo70vp
WOK9bG1W2W3TiCEYKJRdqo9XNT6OYvKe4BZK3I6D6/vkBerQTKTSh/1OARLxrazq
ZU/GAnuQjRn3frZnnwXzx3ZcjqeckPhJt/qYBQhWSdWKEPf8g2+onoWCVUeMKa1D
XAgADyQAPB8Zql4lSQS2QnleLMhHfkhSnd50ECQbSCwwFQd4oZvlSi0DW4dD9Pg8
BbPI+doCuebEEmZ4O9Lct8m3vJ9Uwg==
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:05:27 2024 by rpki-client on console-ams.rpki-client.org