Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3620C16/9DD0C388052311EE98AFF3354AD9E6FC/1355F0F8052711EE9C48F53F4AD9E6FC.roa
File:                     1355F0F8052711EE9C48F53F4AD9E6FC.roa (raw, json)
Hash identifier:          +k0mWmLYyCX4EjclC1Jufwdf8RxOZOcxkgggFlIPFyA=
Subject key identifier:   19:1C:83:4E:97:D3:C9:51:13:95:FE:E2:38:86:CA:46:70:14:A6:7D
Certificate issuer:       /CN=F3620C16AR/serialNumber=AE51293627F1BD7A9F53788E2A65EA041346A702
Certificate serial:       08
Authority key identifier: AE:51:29:36:27:F1:BD:7A:9F:53:78:8E:2A:65:EA:04:13:46:A7:02
Authority info access:    rsync://rpki.afrinic.net/repository/arin/rlEpNifxvXqfU3iOKmXqBBNGpwI.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3620C16/9DD0C388052311EE98AFF3354AD9E6FC/1355F0F8052711EE9C48F53F4AD9E6FC.roa
Signing time:             Wed 07 Jun 2023 11:33:09 +0000
ROA not before:           Wed 07 Jun 2023 11:33:04 +0000
ROA not after:            Mon 30 Jun 2025 11:33:04 +0000
asID:                     37463
IP address blocks:        160.113.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3620C16/9DD0C388052311EE98AFF3354AD9E6FC/rlEpNifxvXqfU3iOKmXqBBNGpwI.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3620C16/9DD0C388052311EE98AFF3354AD9E6FC/rlEpNifxvXqfU3iOKmXqBBNGpwI.mft
                          rsync://rpki.afrinic.net/repository/arin/rlEpNifxvXqfU3iOKmXqBBNGpwI.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Tue 18 Jun 2024 00:16:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8 (0x8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3620C16AR/serialNumber=AE51293627F1BD7A9F53788E2A65EA041346A702
        Validity
            Not Before: Jun  7 11:33:04 2023 GMT
            Not After : Jun 30 11:33:04 2025 GMT
        Subject: CN=64806af5-238e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:3a:d1:ec:64:3b:3d:47:3f:75:e8:d8:19:58:
                    c7:63:eb:96:b2:fd:18:33:77:6a:d3:f0:d0:13:82:
                    9f:e5:12:29:a0:08:4b:c6:62:bf:5e:28:5f:73:f4:
                    d9:f8:44:cc:6a:78:9f:ce:79:79:e9:52:7f:58:1b:
                    da:4e:3c:eb:dd:cf:3f:c4:fa:e2:3f:f8:a8:bb:89:
                    27:1f:41:6e:9c:9c:9f:3b:b3:36:95:67:71:fd:d7:
                    47:05:f2:2a:61:09:a7:8a:46:bb:ea:ca:ce:f0:e5:
                    9c:08:51:15:2b:a3:e8:3c:5a:ba:50:8a:62:7d:7b:
                    c3:af:03:12:16:c7:83:fe:2f:fb:40:e7:b0:3d:48:
                    96:c9:98:48:ba:31:22:b5:60:b1:49:f0:2e:72:20:
                    23:15:ff:d3:e7:10:c8:81:a3:c8:93:27:a5:65:30:
                    f2:cc:b8:ae:e0:84:62:10:68:44:98:73:b1:ef:54:
                    6c:6a:90:6d:7d:73:12:75:a3:26:bd:89:3d:7c:45:
                    ce:dd:20:4c:cf:70:ab:d1:fd:c7:4b:9a:87:b3:5f:
                    f3:50:6e:2c:a5:56:4c:41:2b:9e:1e:fe:4c:1b:f9:
                    cd:04:3f:0c:bc:4e:62:be:53:8e:c6:78:4a:3f:50:
                    b9:8c:d2:d0:2b:12:a5:ed:70:0d:e5:6d:1b:5a:cd:
                    31:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:1C:83:4E:97:D3:C9:51:13:95:FE:E2:38:86:CA:46:70:14:A6:7D
            X509v3 Authority Key Identifier:
                keyid:AE:51:29:36:27:F1:BD:7A:9F:53:78:8E:2A:65:EA:04:13:46:A7:02

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3620C16/9DD0C388052311EE98AFF3354AD9E6FC/rlEpNifxvXqfU3iOKmXqBBNGpwI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/rlEpNifxvXqfU3iOKmXqBBNGpwI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3620C16/9DD0C388052311EE98AFF3354AD9E6FC/1355F0F8052711EE9C48F53F4AD9E6FC.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.113.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:b7:86:1a:87:e1:d3:d1:95:12:4b:5e:bb:33:ec:74:6e:27:
         20:51:98:de:7f:87:66:3f:ee:ca:cf:16:15:4e:f3:7c:a5:fb:
         a9:f7:be:1a:47:5d:8f:5c:0d:26:bd:32:6c:9e:98:05:b1:77:
         7f:47:71:e8:4d:63:e6:bb:e2:2f:da:1f:93:11:35:54:84:00:
         51:1c:41:20:d8:00:a8:52:c9:1e:59:ec:15:03:bb:44:18:5e:
         ec:7a:c3:ed:73:3f:3d:55:ea:1d:95:eb:19:5b:af:a8:56:40:
         ab:88:23:22:18:6d:a6:e2:a4:d0:38:ba:88:21:47:21:17:1b:
         98:68:b4:ba:d9:68:b2:ba:74:a5:e8:3e:b0:82:8d:ca:6b:70:
         52:4b:20:06:d3:33:cd:b7:3d:61:b9:23:0e:6e:50:ab:98:d3:
         78:0e:9b:92:f3:0c:67:04:a1:b9:19:3a:82:6f:df:df:65:0b:
         0f:fe:a0:cf:27:55:1e:79:36:8f:c9:58:29:9c:93:47:71:99:
         6f:e9:00:00:12:67:ed:59:33:20:26:7a:ac:31:cd:78:cf:4f:
         34:5b:e1:e5:97:40:80:02:3b:66:79:fe:67:f5:74:ff:53:d8:
         18:c7:4e:8c:19:f1:33:c5:ac:73:47:c0:cf:89:3e:1d:2d:0e:
         5b:dc:ea:e7
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgIBCDANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzYy
MEMxNkFSMTEwLwYDVQQFEyhBRTUxMjkzNjI3RjFCRDdBOUY1Mzc4OEUyQTY1RUEw
NDEzNDZBNzAyMB4XDTIzMDYwNzExMzMwNFoXDTI1MDYzMDExMzMwNFowGDEWMBQG
A1UEAxMNNjQ4MDZhZjUtMjM4ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANE60exkOz1HP3Xo2BlYx2PrlrL9GDN3atPw0BOCn+USKaAIS8Ziv14oX3P0
2fhEzGp4n855eelSf1gb2k48693PP8T64j/4qLuJJx9BbpycnzuzNpVncf3XRwXy
KmEJp4pGu+rKzvDlnAhRFSuj6DxaulCKYn17w68DEhbHg/4v+0DnsD1IlsmYSLox
IrVgsUnwLnIgIxX/0+cQyIGjyJMnpWUw8sy4ruCEYhBoRJhzse9UbGqQbX1zEnWj
Jr2JPXxFzt0gTM9wq9H9x0uah7Nf81BuLKVWTEErnh7+TBv5zQQ/DLxOYr5TjsZ4
Sj9QuYzS0CsSpe1wDeVtG1rNMRsCAwEAAaOCAqIwggKeMB0GA1UdDgQWBBQZHINO
l9PJUROV/uI4hspGcBSmfTAfBgNVHSMEGDAWgBSuUSk2J/G9ep9TeI4qZeoEE0an
AjAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2MjBDMTYvOUREMEMzODgwNTIzMTFFRTk4QUZGMzM1NEFEOUU2RkMvcmxFcE5p
Znh2WHFmVTNpT0ttWHFCQk5HcHdJLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2FyaW4v
cmxFcE5pZnh2WHFmVTNpT0ttWHFCQk5HcHdJLmNlcjBPBgNVHSABAf8ERTBDMEEG
CCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmljLm5l
dC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUFBzAL
hoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3Jl
cG9zaXRvcnkvRjM2MjBDMTYvOUREMEMzODgwNTIzMTFFRTk4QUZGMzM1NEFEOUU2
RkMvMTM1NUYwRjgwNTI3MTFFRTlDNDhGNTNGNEFEOUU2RkMucm9hMDUGCCsGAQUF
BzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAKBxDjANBgkqhkiG9w0BAQsFAAOC
AQEAfbeGGofh09GVEkteuzPsdG4nIFGY3n+HZj/uys8WFU7zfKX7qfe+Gkddj1wN
Jr0ybJ6YBbF3f0dx6E1j5rviL9ofkxE1VIQAURxBINgAqFLJHlnsFQO7RBhe7HrD
7XM/PVXqHZXrGVuvqFZAq4gjIhhtpuKk0Di6iCFHIRcbmGi0utlosrp0peg+sIKN
ymtwUksgBtMzzbc9YbkjDm5Qq5jTeA6bkvMMZwShuRk6gm/f32ULD/6gzydVHnk2
j8lYKZyTR3GZb+kAABJn7VkzICZ6rDHNeM9PNFvh5ZdAgAI7Znn+Z/V0/1PYGMdO
jBnxM8Wsc0fAz4k+HS0OW9zq5w==
-----END CERTIFICATE-----
Generated at Sun Jun 16 03:31:01 2024 by rpki-client on console-ams.rpki-client.org