Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36EF186/095B7A2A548011EE8C8F332D4AD9E6FC/35A2C592548111EEAEE811314AD9E6FC.roa
File:                     35A2C592548111EEAEE811314AD9E6FC.roa (raw, json)
Hash identifier:          1eoXmWir/ADjiH6P13xfXbD6DlCaylmbXJCS83eS52M=
Subject key identifier:   FA:0F:C6:E7:A9:74:41:BD:10:86:8A:0D:09:44:C1:05:A8:91:9F:78
Certificate issuer:       /CN=F36EF186AF/serialNumber=F377D4D428F9465B15449C6AFD4532C422446964
Certificate serial:       02
Authority key identifier: F3:77:D4:D4:28:F9:46:5B:15:44:9C:6A:FD:45:32:C4:22:44:69:64
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/83fU1Cj5RlsVRJxq_UUyxCJEaWQ.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36EF186/095B7A2A548011EE8C8F332D4AD9E6FC/35A2C592548111EEAEE811314AD9E6FC.roa
Signing time:             Sat 16 Sep 2023 11:07:22 +0000
ROA not before:           Sat 16 Sep 2023 11:07:19 +0000
ROA not after:            Fri 16 Sep 2033 11:07:19 +0000
asID:                     328611
IP address blocks:        102.23.220.0/24 maxlen: 24
                          102.23.221.0/24 maxlen: 24
                          102.23.222.0/24 maxlen: 24
                          102.23.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36EF186/095B7A2A548011EE8C8F332D4AD9E6FC/83fU1Cj5RlsVRJxq_UUyxCJEaWQ.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36EF186/095B7A2A548011EE8C8F332D4AD9E6FC/83fU1Cj5RlsVRJxq_UUyxCJEaWQ.mft
                          rsync://rpki.afrinic.net/repository/afrinic/83fU1Cj5RlsVRJxq_UUyxCJEaWQ.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Tue 18 Jun 2024 00:04:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36EF186AF/serialNumber=F377D4D428F9465B15449C6AFD4532C422446964
        Validity
            Not Before: Sep 16 11:07:19 2023 GMT
            Not After : Sep 16 11:07:19 2033 GMT
        Subject: CN=65058c6a-20ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:49:f0:a4:b2:44:70:95:ca:76:4a:88:e6:16:
                    2c:72:15:24:4d:b4:81:d3:03:e5:ca:f8:9e:6b:b8:
                    5e:49:e2:5c:6b:29:f8:06:b4:0b:7a:a9:30:66:ab:
                    c1:13:e2:39:c2:e9:66:93:e5:3a:c1:21:5b:0a:d4:
                    83:d0:cf:8c:33:88:4e:fa:42:7f:38:ef:f9:a6:76:
                    73:08:fd:44:bd:91:21:8b:58:5d:41:8a:b6:19:0d:
                    84:12:6c:f7:5a:02:6a:4a:f2:05:b8:35:63:a3:d0:
                    a9:b3:81:4f:dd:53:b3:3e:b7:47:9c:9b:f5:1b:3a:
                    51:a8:dd:94:0b:15:7c:9d:e8:d7:cc:71:92:c7:9e:
                    ac:31:17:44:de:d4:17:f6:7f:58:87:c5:63:9b:f5:
                    b0:96:3c:e6:73:f8:ce:5f:60:cc:89:39:45:1b:41:
                    9a:c2:b0:17:d8:fb:e7:7b:60:be:f9:d7:7c:26:74:
                    f0:7d:5e:05:e7:df:4e:5a:88:6c:af:6a:84:b4:06:
                    4c:b1:90:25:72:e0:69:d1:1f:f7:c3:79:a2:fd:11:
                    c9:c2:e8:4f:7d:c9:d4:1f:79:b7:67:9e:ac:a4:ca:
                    18:8a:94:43:17:08:8b:0d:5b:b3:26:32:4d:ee:59:
                    bf:e9:80:7f:00:1f:cb:21:ce:8f:2f:14:00:bf:3a:
                    e7:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:0F:C6:E7:A9:74:41:BD:10:86:8A:0D:09:44:C1:05:A8:91:9F:78
            X509v3 Authority Key Identifier:
                keyid:F3:77:D4:D4:28:F9:46:5B:15:44:9C:6A:FD:45:32:C4:22:44:69:64

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36EF186/095B7A2A548011EE8C8F332D4AD9E6FC/83fU1Cj5RlsVRJxq_UUyxCJEaWQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/83fU1Cj5RlsVRJxq_UUyxCJEaWQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36EF186/095B7A2A548011EE8C8F332D4AD9E6FC/35A2C592548111EEAEE811314AD9E6FC.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.23.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         86:8d:89:bc:3b:31:f0:23:1f:34:52:14:ad:f8:85:f0:5b:05:
         0e:b2:f3:54:8e:76:93:b2:25:ed:4e:89:10:5f:93:d6:e2:55:
         a9:ec:d1:4d:f6:f1:28:41:05:74:f3:11:bb:74:2a:d2:f9:1c:
         dc:38:c2:fd:a2:ab:28:28:14:c8:2f:74:e3:91:d3:7e:d0:de:
         c5:28:c4:1d:30:27:3c:9e:51:c3:f8:d9:69:c1:0a:35:6d:2b:
         d1:e7:04:0e:64:9a:00:2d:ff:dc:7f:92:22:44:6d:20:e9:05:
         f0:ed:9c:e5:db:8d:32:17:fb:4d:a8:9b:41:81:eb:9f:8b:c4:
         b1:e6:c8:29:90:c0:10:9d:ed:97:81:cb:08:d7:d2:93:ff:63:
         3d:c0:32:aa:25:c7:11:ba:c6:ed:f9:da:cc:6b:1a:1c:ec:53:
         82:f8:46:b9:00:3c:15:ea:ec:c8:54:48:eb:5b:d9:c2:95:8d:
         98:9d:cc:a2:6b:ec:ed:3f:be:cc:2d:9a:c0:74:7c:31:23:7d:
         62:9a:88:ba:f5:3c:b8:b3:0e:d5:ca:6e:ff:b9:12:2e:af:ab:
         53:78:7d:a7:16:9f:69:fa:d3:ec:fd:82:f4:63:6d:6c:35:a4:
         d6:4d:17:a3:6d:b9:a8:ad:73:75:66:16:c7:3b:db:00:94:7b:
         2d:76:d0:a4
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzZF
RjE4NkFGMTEwLwYDVQQFEyhGMzc3RDRENDI4Rjk0NjVCMTU0NDlDNkFGRDQ1MzJD
NDIyNDQ2OTY0MB4XDTIzMDkxNjExMDcxOVoXDTMzMDkxNjExMDcxOVowGDEWMBQG
A1UEAxMNNjUwNThjNmEtMjBjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ9J8KSyRHCVynZKiOYWLHIVJE20gdMD5cr4nmu4XkniXGsp+Aa0C3qpMGar
wRPiOcLpZpPlOsEhWwrUg9DPjDOITvpCfzjv+aZ2cwj9RL2RIYtYXUGKthkNhBJs
91oCakryBbg1Y6PQqbOBT91Tsz63R5yb9Rs6UajdlAsVfJ3o18xxkseerDEXRN7U
F/Z/WIfFY5v1sJY85nP4zl9gzIk5RRtBmsKwF9j753tgvvnXfCZ08H1eBeffTlqI
bK9qhLQGTLGQJXLgadEf98N5ov0RycLoT33J1B95t2eerKTKGIqUQxcIiw1bsyYy
Te5Zv+mAfwAfyyHOjy8UAL8659MCAwEAAaOCAqUwggKhMB0GA1UdDgQWBBT6D8bn
qXRBvRCGig0JRMEFqJGfeDAfBgNVHSMEGDAWgBTzd9TUKPlGWxVEnGr9RTLEIkRp
ZDAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2RUYxODYvMDk1QjdBMkE1NDgwMTFFRThDOEYzMzJENEFEOUU2RkMvODNmVTFD
ajVSbHNWUkp4cV9VVXl4Q0pFYVdRLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvODNmVTFDajVSbHNWUkp4cV9VVXl4Q0pFYVdRLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2RUYxODYvMDk1QjdBMkE1NDgwMTFFRThDOEYzMzJENEFE
OUU2RkMvMzVBMkM1OTI1NDgxMTFFRUFFRTgxMTMxNEFEOUU2RkMucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAmYX3DANBgkqhkiG9w0BAQsF
AAOCAQEAho2JvDsx8CMfNFIUrfiF8FsFDrLzVI52k7Il7U6JEF+T1uJVqezRTfbx
KEEFdPMRu3Qq0vkc3DjC/aKrKCgUyC9045HTftDexSjEHTAnPJ5Rw/jZacEKNW0r
0ecEDmSaAC3/3H+SIkRtIOkF8O2c5duNMhf7TaibQYHrn4vEsebIKZDAEJ3tl4HL
CNfSk/9jPcAyqiXHEbrG7fnazGsaHOxTgvhGuQA8FersyFRI61vZwpWNmJ3Momvs
7T++zC2awHR8MSN9YpqIuvU8uLMO1cpu/7kSLq+rU3h9pxafafrT7P2C9GNtbDWk
1k0Xo225qK1zdWYWxzvbAJR7LXbQpA==
-----END CERTIFICATE-----
Generated at Sun Jun 16 04:43:29 2024 by rpki-client on console-fra.rpki-client.org