Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F362B8A8/B5C94E4C9C2511EBAD78FF53F8AEA228/A3EC97C49EAA11EB9431AE42F8AEA228.roa
File:                     A3EC97C49EAA11EB9431AE42F8AEA228.roa (raw, json)
Hash identifier:          ITdou6CBdoyIdGztCF0641fr0nfnRn3rDhTSbOWklSg=
Subject key identifier:   E5:29:8F:56:DB:E3:65:46:B0:FF:9E:9E:05:43:59:E7:FB:38:B5:60
Certificate issuer:       /CN=F362B8A8AF/serialNumber=DF376480DCF07A1B7AD164DE64A3EA215F247541
Certificate serial:       14
Authority key identifier: DF:37:64:80:DC:F0:7A:1B:7A:D1:64:DE:64:A3:EA:21:5F:24:75:41
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/3zdkgNzweht60WTeZKPqIV8kdUE.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F362B8A8/B5C94E4C9C2511EBAD78FF53F8AEA228/A3EC97C49EAA11EB9431AE42F8AEA228.roa
Signing time:             Fri 16 Apr 2021 11:55:30 +0000
ROA not before:           Fri 16 Apr 2021 11:55:26 +0000
ROA not after:            Wed 16 Apr 2031 11:55:26 +0000
asID:                     37053
IP address blocks:        41.223.32.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F362B8A8/B5C94E4C9C2511EBAD78FF53F8AEA228/3zdkgNzweht60WTeZKPqIV8kdUE.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F362B8A8/B5C94E4C9C2511EBAD78FF53F8AEA228/3zdkgNzweht60WTeZKPqIV8kdUE.mft
                          rsync://rpki.afrinic.net/repository/afrinic/3zdkgNzweht60WTeZKPqIV8kdUE.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sat 30 Mar 2024 00:04:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 20 (0x14)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F362B8A8AF/serialNumber=DF376480DCF07A1B7AD164DE64A3EA215F247541
        Validity
            Not Before: Apr 16 11:55:26 2021 GMT
            Not After : Apr 16 11:55:26 2031 GMT
        Subject: CN=60797b32-57cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:53:f8:63:dc:79:c3:87:70:a2:9e:ea:3c:a1:
                    bb:3d:d0:29:54:52:0b:19:09:97:11:25:64:be:f5:
                    d6:1c:9a:e9:19:b3:d3:9a:53:0a:e5:9e:0e:4c:72:
                    e5:e1:59:7a:9c:48:0b:c7:d3:47:fb:ff:9b:1a:1c:
                    97:5f:3b:5c:16:99:29:f4:91:aa:8b:53:58:9c:a5:
                    9c:16:5f:65:9f:43:02:34:d2:53:74:be:97:93:e8:
                    f8:f8:0c:9f:6a:79:45:e4:30:08:ca:7a:a8:c5:13:
                    f2:93:d7:ef:ad:c5:60:50:20:6c:43:ff:b2:5c:69:
                    c9:51:06:d0:e4:84:40:11:79:e2:55:94:fe:f4:46:
                    9d:4e:5a:ed:f1:3b:db:ca:6d:6e:58:ee:f9:92:50:
                    e5:e2:66:ac:54:68:9f:9b:fd:54:8f:ab:36:cc:57:
                    49:da:e4:e1:fa:7d:d1:25:d7:69:45:d4:d9:62:49:
                    74:50:4d:d9:14:e6:dc:7c:d3:65:aa:a0:8d:17:d3:
                    64:c3:b1:e1:91:eb:0a:24:2b:eb:d1:06:8d:af:14:
                    ce:61:37:78:35:c9:33:82:98:8a:be:83:9c:09:d7:
                    b8:f0:8c:1f:ee:58:ca:28:a7:44:22:fe:6d:bb:d0:
                    5a:45:35:98:a5:52:e8:88:36:d4:e3:33:ae:4e:a3:
                    41:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:29:8F:56:DB:E3:65:46:B0:FF:9E:9E:05:43:59:E7:FB:38:B5:60
            X509v3 Authority Key Identifier:
                keyid:DF:37:64:80:DC:F0:7A:1B:7A:D1:64:DE:64:A3:EA:21:5F:24:75:41

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F362B8A8/B5C94E4C9C2511EBAD78FF53F8AEA228/3zdkgNzweht60WTeZKPqIV8kdUE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/3zdkgNzweht60WTeZKPqIV8kdUE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F362B8A8/B5C94E4C9C2511EBAD78FF53F8AEA228/A3EC97C49EAA11EB9431AE42F8AEA228.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  41.223.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         90:a0:0b:f2:15:c2:89:a6:96:7d:f0:4f:3e:55:0b:b1:40:59:
         b9:34:7e:b4:33:47:10:18:71:88:45:2a:14:ca:68:c8:e9:8b:
         e9:08:86:61:c5:ce:69:c9:73:3b:79:66:18:58:d3:b1:c5:b4:
         c8:6b:77:4a:aa:42:3d:ca:6b:e5:75:f2:ea:02:52:e1:fb:f4:
         9e:c9:2d:cd:b3:bb:31:c9:c1:ae:b0:22:af:b2:84:99:f3:c8:
         42:8a:51:ae:c0:6b:71:91:15:90:40:60:d9:21:b4:d7:0d:2b:
         f6:aa:4b:31:d8:39:8e:c6:eb:68:a5:e2:82:3c:3d:51:79:11:
         48:8e:7a:f2:73:d1:d1:e0:0b:7c:fe:f3:30:24:3b:d7:8f:0e:
         35:f9:7d:29:c8:1d:c6:2e:43:33:70:57:fa:43:57:c3:04:6c:
         b2:66:df:e4:ad:b0:61:d6:db:59:3f:d2:cd:69:3d:d9:41:7a:
         43:90:a0:9a:d8:d2:84:d2:de:9d:20:7c:a7:37:ec:ca:6e:31:
         f9:7f:b5:72:2d:2d:91:a6:f7:26:b0:c1:e2:5f:80:0c:09:19:
         cc:54:26:5b:aa:56:ff:29:df:0a:71:7e:65:b4:5c:5c:88:4c:
         0e:43:e4:e4:d0:cb:4b:de:a2:27:99:65:6c:3e:df:f9:b1:ce:
         c4:d6:c6:ea
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBFDANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzYy
QjhBOEFGMTEwLwYDVQQFEyhERjM3NjQ4MERDRjA3QTFCN0FEMTY0REU2NEEzRUEy
MTVGMjQ3NTQxMB4XDTIxMDQxNjExNTUyNloXDTMxMDQxNjExNTUyNlowGDEWMBQG
A1UEAxMNNjA3OTdiMzItNTdjYzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJT+GPcecOHcKKe6jyhuz3QKVRSCxkJlxElZL711hya6Rmz05pTCuWeDkxy
5eFZepxIC8fTR/v/mxocl187XBaZKfSRqotTWJylnBZfZZ9DAjTSU3S+l5Po+PgM
n2p5ReQwCMp6qMUT8pPX763FYFAgbEP/slxpyVEG0OSEQBF54lWU/vRGnU5a7fE7
28ptblju+ZJQ5eJmrFRon5v9VI+rNsxXSdrk4fp90SXXaUXU2WJJdFBN2RTm3HzT
ZaqgjRfTZMOx4ZHrCiQr69EGja8UzmE3eDXJM4KYir6DnAnXuPCMH+5YyiinRCL+
bbvQWkU1mKVS6Ig21OMzrk6jQecCAwEAAaOCAqUwggKhMB0GA1UdDgQWBBTlKY9W
2+NlRrD/np4FQ1nn+zi1YDAfBgNVHSMEGDAWgBTfN2SA3PB6G3rRZN5ko+ohXyR1
QTAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2MkI4QTgvQjVDOTRFNEM5QzI1MTFFQkFENzhGRjUzRjhBRUEyMjgvM3pka2dO
endlaHQ2MFdUZVpLUHFJVjhrZFVFLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvM3pka2dOendlaHQ2MFdUZVpLUHFJVjhrZFVFLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2MkI4QTgvQjVDOTRFNEM5QzI1MTFFQkFENzhGRjUzRjhB
RUEyMjgvQTNFQzk3QzQ5RUFBMTFFQjk0MzFBRTQyRjhBRUEyMjgucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAinfIDANBgkqhkiG9w0BAQsF
AAOCAQEAkKAL8hXCiaaWffBPPlULsUBZuTR+tDNHEBhxiEUqFMpoyOmL6QiGYcXO
aclzO3lmGFjTscW0yGt3SqpCPcpr5XXy6gJS4fv0nsktzbO7McnBrrAir7KEmfPI
QopRrsBrcZEVkEBg2SG01w0r9qpLMdg5jsbraKXigjw9UXkRSI568nPR0eALfP7z
MCQ7148ONfl9Kcgdxi5DM3BX+kNXwwRssmbf5K2wYdbbWT/SzWk92UF6Q5CgmtjS
hNLenSB8pzfsym4x+X+1ci0tkab3JrDB4l+ADAkZzFQmW6pW/ynfCnF+ZbRcXIhM
DkPk5NDLS96iJ5llbD7f+bHOxNbG6g==
-----END CERTIFICATE-----
Generated at Thu Mar 28 02:06:58 2024 by rpki-client on console-ams.rpki-client.org