Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3620C16/9DD0C388052311EE98AFF3354AD9E6FC/4D8C769C052811EEBB5063434AD9E6FC.roa
File:                     4D8C769C052811EEBB5063434AD9E6FC.roa (raw, json)
Hash identifier:          +ald1IrOKEDJIpnH8GJ339pcPb9f/o5ZbGptPfyh5AU=
Subject key identifier:   02:60:FC:06:E4:DF:15:5B:C6:72:12:F2:05:10:7E:39:52:1F:4B:77
Certificate issuer:       /CN=F3620C16AR/serialNumber=AE51293627F1BD7A9F53788E2A65EA041346A702
Certificate serial:       12
Authority key identifier: AE:51:29:36:27:F1:BD:7A:9F:53:78:8E:2A:65:EA:04:13:46:A7:02
Authority info access:    rsync://rpki.afrinic.net/repository/arin/rlEpNifxvXqfU3iOKmXqBBNGpwI.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3620C16/9DD0C388052311EE98AFF3354AD9E6FC/4D8C769C052811EEBB5063434AD9E6FC.roa
Signing time:             Wed 07 Jun 2023 11:41:55 +0000
ROA not before:           Wed 07 Jun 2023 11:41:52 +0000
ROA not after:            Mon 30 Jun 2025 11:41:52 +0000
asID:                     37463
IP address blocks:        160.113.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3620C16/9DD0C388052311EE98AFF3354AD9E6FC/rlEpNifxvXqfU3iOKmXqBBNGpwI.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3620C16/9DD0C388052311EE98AFF3354AD9E6FC/rlEpNifxvXqfU3iOKmXqBBNGpwI.mft
                          rsync://rpki.afrinic.net/repository/arin/rlEpNifxvXqfU3iOKmXqBBNGpwI.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Tue 18 Jun 2024 00:16:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 18 (0x12)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3620C16AR/serialNumber=AE51293627F1BD7A9F53788E2A65EA041346A702
        Validity
            Not Before: Jun  7 11:41:52 2023 GMT
            Not After : Jun 30 11:41:52 2025 GMT
        Subject: CN=64806d03-19b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:83:e8:e6:5b:df:bd:7e:70:10:3b:d2:f0:12:
                    ff:53:ed:a8:6a:1b:2d:7d:dc:46:70:f0:8e:03:c1:
                    e9:11:9c:4a:cf:ec:b5:0e:5d:95:8c:78:e3:df:19:
                    a8:87:79:54:44:7d:3f:49:6b:05:a6:9f:57:ac:cd:
                    99:dd:dc:c0:65:21:77:a3:5f:5a:40:9d:79:67:cc:
                    ef:64:1f:5b:47:04:e9:68:51:41:12:09:8b:ac:65:
                    35:90:29:fd:39:8f:08:2a:f0:cd:de:9a:85:af:02:
                    f2:31:79:59:f9:50:4c:d2:99:73:24:75:31:bf:ba:
                    b7:3d:f6:af:f0:e4:ac:a9:af:df:a3:f2:8e:57:96:
                    1d:3e:a8:57:96:11:3f:4b:ce:44:21:4b:67:42:76:
                    59:25:a8:c9:ab:c2:40:4d:4b:fb:bb:91:a9:14:b7:
                    bd:8c:06:b1:ed:14:5f:fa:86:3e:0a:80:11:79:34:
                    64:16:ad:e3:8d:de:c5:6e:39:d5:66:18:73:f7:f6:
                    b9:90:0b:bc:af:f8:28:28:37:6b:9f:fa:39:a9:75:
                    5f:0c:8a:0a:71:28:bd:c4:76:67:1d:b9:ed:66:f4:
                    2f:c2:c5:85:fe:e6:dd:0b:0b:11:a4:94:d4:78:6b:
                    d0:37:9a:56:94:fe:23:d1:0a:6f:0a:fe:ee:78:ef:
                    7d:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:60:FC:06:E4:DF:15:5B:C6:72:12:F2:05:10:7E:39:52:1F:4B:77
            X509v3 Authority Key Identifier:
                keyid:AE:51:29:36:27:F1:BD:7A:9F:53:78:8E:2A:65:EA:04:13:46:A7:02

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3620C16/9DD0C388052311EE98AFF3354AD9E6FC/rlEpNifxvXqfU3iOKmXqBBNGpwI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/rlEpNifxvXqfU3iOKmXqBBNGpwI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3620C16/9DD0C388052311EE98AFF3354AD9E6FC/4D8C769C052811EEBB5063434AD9E6FC.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.113.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:f1:05:ff:d1:d2:2b:8c:9a:f2:e6:95:d0:b7:df:4d:75:2e:
         37:0f:d6:5d:62:40:e0:82:d6:df:6a:5b:2a:51:eb:a2:e6:78:
         09:a7:b9:56:32:82:32:7d:9c:f8:bb:ff:6e:d1:45:85:30:da:
         21:e7:bd:8b:ce:94:73:43:14:33:47:e3:8f:ba:5b:16:15:46:
         e6:a5:f6:6c:d7:77:53:90:f7:64:de:6f:bf:10:40:a0:3d:41:
         c2:e9:e1:e1:b7:3d:45:2e:5e:94:98:e0:27:23:e2:3b:9d:a2:
         0a:62:37:7d:e0:ba:01:3a:04:59:18:d8:77:90:ae:11:75:bc:
         1c:e8:4a:68:5d:36:11:a5:3d:8f:83:92:97:07:32:dc:c3:40:
         69:51:af:ff:25:4e:2d:6f:f7:82:29:c8:c4:56:96:12:c9:39:
         5b:c8:15:c0:6b:ce:5c:58:df:d6:9f:aa:55:3c:3d:a6:00:30:
         25:68:b2:0c:40:2f:9e:bb:29:71:9e:74:1e:a8:f2:a5:ed:36:
         be:51:45:eb:f2:8e:7c:ab:98:ad:19:18:dc:ca:ab:a0:b3:79:
         c0:61:7e:c2:82:9d:78:d2:73:1c:99:ab:12:50:e1:0b:e0:97:
         4c:e7:75:20:b3:70:5a:b0:34:ff:65:33:a8:f1:72:0c:d5:1b:
         d6:b3:e7:53
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgIBEjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzYy
MEMxNkFSMTEwLwYDVQQFEyhBRTUxMjkzNjI3RjFCRDdBOUY1Mzc4OEUyQTY1RUEw
NDEzNDZBNzAyMB4XDTIzMDYwNzExNDE1MloXDTI1MDYzMDExNDE1MlowGDEWMBQG
A1UEAxMNNjQ4MDZkMDMtMTliNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPGD6OZb371+cBA70vAS/1PtqGobLX3cRnDwjgPB6RGcSs/stQ5dlYx4498Z
qId5VER9P0lrBaafV6zNmd3cwGUhd6NfWkCdeWfM72QfW0cE6WhRQRIJi6xlNZAp
/TmPCCrwzd6aha8C8jF5WflQTNKZcyR1Mb+6tz32r/DkrKmv36PyjleWHT6oV5YR
P0vORCFLZ0J2WSWoyavCQE1L+7uRqRS3vYwGse0UX/qGPgqAEXk0ZBat443exW45
1WYYc/f2uZALvK/4KCg3a5/6Oal1XwyKCnEovcR2Zx257Wb0L8LFhf7m3QsLEaSU
1Hhr0DeaVpT+I9EKbwr+7njvfVsCAwEAAaOCAqIwggKeMB0GA1UdDgQWBBQCYPwG
5N8VW8ZyEvIFEH45Uh9LdzAfBgNVHSMEGDAWgBSuUSk2J/G9ep9TeI4qZeoEE0an
AjAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2MjBDMTYvOUREMEMzODgwNTIzMTFFRTk4QUZGMzM1NEFEOUU2RkMvcmxFcE5p
Znh2WHFmVTNpT0ttWHFCQk5HcHdJLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2FyaW4v
cmxFcE5pZnh2WHFmVTNpT0ttWHFCQk5HcHdJLmNlcjBPBgNVHSABAf8ERTBDMEEG
CCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmljLm5l
dC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUFBzAL
hoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3Jl
cG9zaXRvcnkvRjM2MjBDMTYvOUREMEMzODgwNTIzMTFFRTk4QUZGMzM1NEFEOUU2
RkMvNEQ4Qzc2OUMwNTI4MTFFRUJCNTA2MzQzNEFEOUU2RkMucm9hMDUGCCsGAQUF
BzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAKBxAzANBgkqhkiG9w0BAQsFAAOC
AQEADPEF/9HSK4ya8uaV0LffTXUuNw/WXWJA4ILW32pbKlHrouZ4Cae5VjKCMn2c
+Lv/btFFhTDaIee9i86Uc0MUM0fjj7pbFhVG5qX2bNd3U5D3ZN5vvxBAoD1Bwunh
4bc9RS5elJjgJyPiO52iCmI3feC6AToEWRjYd5CuEXW8HOhKaF02EaU9j4OSlwcy
3MNAaVGv/yVOLW/3ginIxFaWEsk5W8gVwGvOXFjf1p+qVTw9pgAwJWiyDEAvnrsp
cZ50Hqjype02vlFF6/KOfKuYrRkY3MqroLN5wGF+woKdeNJzHJmrElDhC+CXTOd1
ILNwWrA0/2UzqPFyDNUb1rPnUw==
-----END CERTIFICATE-----
Generated at Sun Jun 16 03:31:01 2024 by rpki-client on console-ams.rpki-client.org