Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3620C16/9DD0C388052311EE98AFF3354AD9E6FC/0DFD9136052911EEA012AC454AD9E6FC.roa
File:                     0DFD9136052911EEA012AC454AD9E6FC.roa (raw, json)
Hash identifier:          5OeBbRJHEVwQHYMsMh21oaZGcRQ6CIkyxW4B3TZM+Y0=
Subject key identifier:   FB:11:11:96:2A:3B:9A:6D:1F:06:A9:6E:A6:56:D2:0B:87:47:70:1F
Certificate issuer:       /CN=F3620C16AR/serialNumber=AE51293627F1BD7A9F53788E2A65EA041346A702
Certificate serial:       18
Authority key identifier: AE:51:29:36:27:F1:BD:7A:9F:53:78:8E:2A:65:EA:04:13:46:A7:02
Authority info access:    rsync://rpki.afrinic.net/repository/arin/rlEpNifxvXqfU3iOKmXqBBNGpwI.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3620C16/9DD0C388052311EE98AFF3354AD9E6FC/0DFD9136052911EEA012AC454AD9E6FC.roa
Signing time:             Wed 07 Jun 2023 11:47:18 +0000
ROA not before:           Wed 07 Jun 2023 11:47:14 +0000
ROA not after:            Mon 30 Jun 2025 11:47:14 +0000
asID:                     37463
IP address blocks:        160.113.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3620C16/9DD0C388052311EE98AFF3354AD9E6FC/rlEpNifxvXqfU3iOKmXqBBNGpwI.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3620C16/9DD0C388052311EE98AFF3354AD9E6FC/rlEpNifxvXqfU3iOKmXqBBNGpwI.mft
                          rsync://rpki.afrinic.net/repository/arin/rlEpNifxvXqfU3iOKmXqBBNGpwI.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Tue 18 Jun 2024 00:16:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 24 (0x18)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3620C16AR/serialNumber=AE51293627F1BD7A9F53788E2A65EA041346A702
        Validity
            Not Before: Jun  7 11:47:14 2023 GMT
            Not After : Jun 30 11:47:14 2025 GMT
        Subject: CN=64806e46-d382
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:88:a8:94:65:a5:a7:3f:a6:c6:fd:9d:d7:de:
                    1e:e7:da:51:b1:4b:62:d7:aa:c6:b7:67:2f:88:b5:
                    ae:6f:1f:60:14:68:52:b1:fc:88:ba:79:6d:da:79:
                    46:9d:20:25:3b:40:7e:8b:45:52:8f:e9:1c:59:79:
                    bc:2c:6b:fb:29:7b:63:eb:e1:06:a6:e8:e1:ae:fb:
                    57:da:e2:4e:db:20:84:c7:d1:3c:34:db:c6:d6:85:
                    1e:2e:93:46:53:fc:b6:73:52:a1:c3:86:6e:3a:70:
                    18:17:5e:6c:bb:ee:af:7d:99:e3:dc:14:f1:02:d9:
                    f7:f5:39:b8:e1:fd:d4:4c:d6:9c:fc:0a:4d:91:10:
                    a7:b3:00:e8:f1:1b:97:54:64:ef:1d:e2:23:a0:9f:
                    c1:f6:61:45:2c:17:fa:fd:dd:df:74:ee:7f:b6:25:
                    4b:3f:a3:76:81:0d:2f:cf:dc:eb:5d:e6:28:e7:5f:
                    26:30:a4:7a:1e:54:43:ad:24:07:9f:f1:6b:3f:27:
                    fb:7e:02:10:c5:ee:97:6c:0c:64:93:37:98:85:95:
                    b6:1f:9d:4a:7f:c4:c8:d8:96:15:63:4c:a3:d9:77:
                    22:b3:13:ee:22:0f:1c:0b:16:05:50:c2:f8:d4:1b:
                    f9:28:83:74:d5:8b:5d:9d:4f:a0:b2:af:ab:19:f7:
                    af:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:11:11:96:2A:3B:9A:6D:1F:06:A9:6E:A6:56:D2:0B:87:47:70:1F
            X509v3 Authority Key Identifier:
                keyid:AE:51:29:36:27:F1:BD:7A:9F:53:78:8E:2A:65:EA:04:13:46:A7:02

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3620C16/9DD0C388052311EE98AFF3354AD9E6FC/rlEpNifxvXqfU3iOKmXqBBNGpwI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/rlEpNifxvXqfU3iOKmXqBBNGpwI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3620C16/9DD0C388052311EE98AFF3354AD9E6FC/0DFD9136052911EEA012AC454AD9E6FC.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.113.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:56:53:cf:5e:da:a5:cf:30:b8:2a:cf:84:1b:26:d0:0d:f8:
         a7:0f:ea:29:f3:98:58:98:33:a1:40:b7:4b:a9:75:26:33:cc:
         6a:36:21:f1:0c:ae:9e:0f:16:53:32:88:d6:0e:85:09:2e:72:
         8b:ff:19:63:b3:42:6d:b6:a6:61:f4:03:88:06:1a:83:20:cd:
         ed:05:44:c7:ab:bb:99:64:e3:1d:c9:23:41:74:11:23:1d:87:
         ac:be:19:4f:cb:37:90:81:65:8b:2b:c5:b1:b3:99:fe:84:43:
         fa:be:5d:68:b8:41:6a:2c:69:b4:0f:6a:d4:f8:a8:d5:93:a3:
         cd:a9:6c:dc:75:30:06:1a:b0:76:f6:8d:23:a9:ac:63:af:26:
         59:6d:8d:49:05:fc:83:cc:21:5b:bb:c6:6e:4a:9c:51:05:61:
         e6:65:c4:10:ae:73:7b:97:e8:f2:a8:67:d8:cc:8d:49:a6:56:
         fd:e4:05:98:d4:58:d9:9e:22:83:ad:cb:69:42:9c:de:64:c8:
         86:a3:24:57:fd:ca:6a:2f:33:25:eb:68:46:2e:a5:13:db:5a:
         9f:c1:ff:51:a4:db:4e:07:4e:e2:0c:17:5f:3f:c8:ee:31:a1:
         a0:7e:c3:21:0c:49:34:53:25:a3:cb:60:b7:e5:0a:24:4c:58:
         49:9f:f9:4a
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgIBGDANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzYy
MEMxNkFSMTEwLwYDVQQFEyhBRTUxMjkzNjI3RjFCRDdBOUY1Mzc4OEUyQTY1RUEw
NDEzNDZBNzAyMB4XDTIzMDYwNzExNDcxNFoXDTI1MDYzMDExNDcxNFowGDEWMBQG
A1UEAxMNNjQ4MDZlNDYtZDM4MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM2IqJRlpac/psb9ndfeHufaUbFLYteqxrdnL4i1rm8fYBRoUrH8iLp5bdp5
Rp0gJTtAfotFUo/pHFl5vCxr+yl7Y+vhBqbo4a77V9riTtsghMfRPDTbxtaFHi6T
RlP8tnNSocOGbjpwGBdebLvur32Z49wU8QLZ9/U5uOH91EzWnPwKTZEQp7MA6PEb
l1Rk7x3iI6CfwfZhRSwX+v3d33Tuf7YlSz+jdoENL8/c613mKOdfJjCkeh5UQ60k
B5/xaz8n+34CEMXul2wMZJM3mIWVth+dSn/EyNiWFWNMo9l3IrMT7iIPHAsWBVDC
+NQb+SiDdNWLXZ1PoLKvqxn3r5cCAwEAAaOCAqIwggKeMB0GA1UdDgQWBBT7ERGW
KjuabR8GqW6mVtILh0dwHzAfBgNVHSMEGDAWgBSuUSk2J/G9ep9TeI4qZeoEE0an
AjAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2MjBDMTYvOUREMEMzODgwNTIzMTFFRTk4QUZGMzM1NEFEOUU2RkMvcmxFcE5p
Znh2WHFmVTNpT0ttWHFCQk5HcHdJLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2FyaW4v
cmxFcE5pZnh2WHFmVTNpT0ttWHFCQk5HcHdJLmNlcjBPBgNVHSABAf8ERTBDMEEG
CCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmljLm5l
dC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUFBzAL
hoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3Jl
cG9zaXRvcnkvRjM2MjBDMTYvOUREMEMzODgwNTIzMTFFRTk4QUZGMzM1NEFEOUU2
RkMvMERGRDkxMzYwNTI5MTFFRUEwMTJBQzQ1NEFEOUU2RkMucm9hMDUGCCsGAQUF
BzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAKBxFDANBgkqhkiG9w0BAQsFAAOC
AQEAe1ZTz17apc8wuCrPhBsm0A34pw/qKfOYWJgzoUC3S6l1JjPMajYh8Qyung8W
UzKI1g6FCS5yi/8ZY7NCbbamYfQDiAYagyDN7QVEx6u7mWTjHckjQXQRIx2HrL4Z
T8s3kIFliyvFsbOZ/oRD+r5daLhBaixptA9q1Pio1ZOjzals3HUwBhqwdvaNI6ms
Y68mWW2NSQX8g8whW7vGbkqcUQVh5mXEEK5ze5fo8qhn2MyNSaZW/eQFmNRY2Z4i
g63LaUKc3mTIhqMkV/3Kai8zJetoRi6lE9tan8H/UaTbTgdO4gwXXz/I7jGhoH7D
IQxJNFMlo8tgt+UKJExYSZ/5Sg==
-----END CERTIFICATE-----
Generated at Sun Jun 16 02:45:07 2024 by rpki-client on console-fra.rpki-client.org