Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36EBDD7/67F004C6BE1D11EB8576B942F8AEA228/FCF2744EE4DD11ED83CFE7E95C736454.roa
File:                     FCF2744EE4DD11ED83CFE7E95C736454.roa (raw, json)
Hash identifier:          7tfnNvaHIqZ7VHDcLuyEzEdaFsax5cOARy6FVza2SjE=
Subject key identifier:   99:EC:D1:63:CD:EA:6B:00:15:F7:D8:E7:F3:83:AF:17:8A:33:9B:52
Certificate issuer:       /CN=F36EBDD7RI/serialNumber=972CFDAEEB126F6FCD4696A590F7018837AA5FF2
Certificate serial:       02D1
Authority key identifier: 97:2C:FD:AE:EB:12:6F:6F:CD:46:96:A5:90:F7:01:88:37:AA:5F:F2
Authority info access:    rsync://rpki.afrinic.net/repository/ripe/lyz9rusSb2_NRpalkPcBiDeqX_I.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36EBDD7/67F004C6BE1D11EB8576B942F8AEA228/FCF2744EE4DD11ED83CFE7E95C736454.roa
Signing time:             Thu 27 Apr 2023 09:29:20 +0000
ROA not before:           Thu 27 Apr 2023 09:29:17 +0000
ROA not after:            Sat 01 May 2032 09:29:17 +0000
asID:                     37349
IP address blocks:        217.29.128.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36EBDD7/67F004C6BE1D11EB8576B942F8AEA228/lyz9rusSb2_NRpalkPcBiDeqX_I.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36EBDD7/67F004C6BE1D11EB8576B942F8AEA228/lyz9rusSb2_NRpalkPcBiDeqX_I.mft
                          rsync://rpki.afrinic.net/repository/ripe/lyz9rusSb2_NRpalkPcBiDeqX_I.cer
                          rsync://rpki.afrinic.net/repository/ripe/f3rBgIl5g-Kek3wKGHgDwHJ1VUU.crl
                          rsync://rpki.afrinic.net/repository/ripe/f3rBgIl5g-Kek3wKGHgDwHJ1VUU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:30:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 721 (0x2d1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36EBDD7RI/serialNumber=972CFDAEEB126F6FCD4696A590F7018837AA5FF2
        Validity
            Not Before: Apr 27 09:29:17 2023 GMT
            Not After : May  1 09:29:17 2032 GMT
        Subject: CN=644a4070-2e1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:85:fc:3b:98:73:db:6c:b6:99:18:7c:95:55:
                    94:71:5a:75:6a:91:81:aa:be:98:8a:27:81:63:f4:
                    5e:8b:1d:00:81:de:76:10:f9:51:5b:10:aa:2b:7e:
                    01:32:06:2e:ab:9e:7f:17:cd:6c:93:7b:d6:49:11:
                    64:26:13:cf:14:08:6a:a1:91:8b:65:77:2a:b9:1a:
                    cb:45:57:f5:7d:11:25:0e:48:e3:a1:0e:75:34:86:
                    5c:be:3d:a5:21:cd:fc:32:4f:87:fe:c7:f3:4c:37:
                    ee:ee:f9:ea:a3:dc:01:13:e0:da:01:02:fb:6f:38:
                    de:a8:82:af:8a:37:b4:f7:14:5e:cc:c4:97:eb:26:
                    ac:36:d5:e5:68:8a:df:12:24:af:be:d1:a0:ea:44:
                    9c:a3:70:fd:96:f7:81:dd:4f:71:6d:d1:86:e3:c3:
                    ed:cd:f6:7c:27:56:8b:ab:5b:18:85:76:e9:d7:82:
                    86:0a:40:d0:b6:7e:2a:45:a5:fe:60:92:d1:be:2f:
                    07:73:df:4d:1b:c2:6a:e5:14:4c:89:01:27:d2:f8:
                    ff:b7:27:82:a5:bd:21:25:03:b3:8a:f5:ef:d7:8c:
                    05:cc:b8:61:e4:f0:aa:b5:7e:9a:49:77:ab:6e:06:
                    ec:b8:f9:68:1c:a1:a5:84:25:03:aa:c8:c8:2d:bc:
                    9f:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:EC:D1:63:CD:EA:6B:00:15:F7:D8:E7:F3:83:AF:17:8A:33:9B:52
            X509v3 Authority Key Identifier:
                keyid:97:2C:FD:AE:EB:12:6F:6F:CD:46:96:A5:90:F7:01:88:37:AA:5F:F2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36EBDD7/67F004C6BE1D11EB8576B942F8AEA228/lyz9rusSb2_NRpalkPcBiDeqX_I.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/ripe/lyz9rusSb2_NRpalkPcBiDeqX_I.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36EBDD7/67F004C6BE1D11EB8576B942F8AEA228/FCF2744EE4DD11ED83CFE7E95C736454.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.29.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         b9:27:75:d8:15:14:ff:cf:b9:8b:10:0f:c5:fd:f9:90:a3:a1:
         60:d3:54:55:6f:48:4d:91:6e:2f:9f:22:65:68:75:ee:16:65:
         6b:c7:57:3e:79:60:d7:85:ae:f5:84:a4:85:48:d2:74:66:cc:
         31:a1:f9:bc:36:79:6b:dc:e2:a7:02:59:ce:5f:b2:d3:98:5f:
         2a:2c:a2:ff:2f:c5:b3:2a:fc:82:a6:e4:6d:6c:0b:8b:6e:f4:
         ec:97:92:2c:2a:d5:ac:bd:8e:35:ad:87:30:0b:c3:7f:ac:6d:
         4e:ed:14:3b:37:cd:0a:11:2e:72:3c:ff:e4:a3:80:bd:1e:6a:
         c9:2e:ba:89:c8:68:c9:f4:f0:95:77:a4:fe:62:ae:ce:ff:77:
         d0:bf:26:7d:39:a0:66:e6:60:42:7e:49:84:0e:d8:33:33:74:
         6f:32:4e:53:46:86:3a:bb:62:4f:ad:b7:41:fd:83:6d:a8:e4:
         9c:6e:a4:b8:0a:88:74:7a:d3:28:06:4d:7c:50:db:48:a2:86:
         a9:bb:0e:a9:27:35:8d:88:be:87:c5:54:92:fa:d0:0d:ea:4b:
         db:b8:05:6c:a6:5a:d4:9a:2b:69:72:03:5a:ea:63:0e:59:0a:
         6e:e4:67:9b:8f:03:98:c5:ae:fa:79:5e:88:b1:80:5d:d8:dc:
         ba:92:c3:ce
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICAtEwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAwwKRjM2
RUJERDdSSTExMC8GA1UEBRMoOTcyQ0ZEQUVFQjEyNkY2RkNENDY5NkE1OTBGNzAx
ODgzN0FBNUZGMjAeFw0yMzA0MjcwOTI5MTdaFw0zMjA1MDEwOTI5MTdaMBgxFjAU
BgNVBAMTDTY0NGE0MDcwLTJlMWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC3hfw7mHPbbLaZGHyVVZRxWnVqkYGqvpiKJ4Fj9F6LHQCB3nYQ+VFbEKor
fgEyBi6rnn8XzWyTe9ZJEWQmE88UCGqhkYtldyq5GstFV/V9ESUOSOOhDnU0hly+
PaUhzfwyT4f+x/NMN+7u+eqj3AET4NoBAvtvON6ogq+KN7T3FF7MxJfrJqw21eVo
it8SJK++0aDqRJyjcP2W94HdT3Ft0Ybjw+3N9nwnVourWxiFdunXgoYKQNC2fipF
pf5gktG+Lwdz300bwmrlFEyJASfS+P+3J4KlvSElA7OK9e/XjAXMuGHk8Kq1fppJ
d6tuBuy4+WgcoaWEJQOqyMgtvJ/5AgMBAAGjggKiMIICnjAdBgNVHQ4EFgQUmezR
Y83qawAV99jn84OvF4ozm1IwHwYDVR0jBBgwFoAUlyz9rusSb2/NRpalkPcBiDeq
X/IwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNkVCREQ3LzY3RjAwNEM2QkUxRDExRUI4NTc2Qjk0MkY4QUVBMjI4L2x5ejly
dXNTYjJfTlJwYWxrUGNCaURlcVhfSS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9yaXBl
L2x5ejlydXNTYjJfTlJwYWxrUGNCaURlcVhfSS5jZXIwTwYDVR0gAQH/BEUwQzBB
BggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5pYy5u
ZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEFBQcw
C4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9y
ZXBvc2l0b3J5L0YzNkVCREQ3LzY3RjAwNEM2QkUxRDExRUI4NTc2Qjk0MkY4QUVB
MjI4L0ZDRjI3NDRFRTRERDExRUQ4M0NGRTdFOTVDNzM2NDU0LnJvYTA1BggrBgEF
BQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54bWww
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBATZHYAwDQYJKoZIhvcNAQELBQAD
ggEBALknddgVFP/PuYsQD8X9+ZCjoWDTVFVvSE2Rbi+fImVode4WZWvHVz55YNeF
rvWEpIVI0nRmzDGh+bw2eWvc4qcCWc5fstOYXyosov8vxbMq/IKm5G1sC4tu9OyX
kiwq1ay9jjWthzALw3+sbU7tFDs3zQoRLnI8/+SjgL0easkuuonIaMn08JV3pP5i
rs7/d9C/Jn05oGbmYEJ+SYQO2DMzdG8yTlNGhjq7Yk+tt0H9g22o5JxupLgKiHR6
0ygGTXxQ20iihqm7DqknNY2IvofFVJL60A3qS9u4BWymWtSaK2lyA1rqYw5ZCm7k
Z5uPA5jFrvp5XoixgF3Y3LqSw84=
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:05:31 2024 by rpki-client on console-ams.rpki-client.org