Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3644574/37DB92B2778011EFA6D72EB2762E951A/AA0B58347DA411EFB8CC7D67762E951A.roa
File:                     AA0B58347DA411EFB8CC7D67762E951A.roa (raw, json)
Hash identifier:          5YDNgf0+VLyh6+ND2QqrN6n6jYygpFUHbynpQVD+h+c=
Subject key identifier:   2D:D8:55:ED:60:2A:2E:C1:49:65:1F:8C:7C:C1:5B:4A:D1:70:63:32
Certificate issuer:       /CN=F3644574AR/serialNumber=F608628A4682F553804AF3AB2E58A19C30A8ADD2
Certificate serial:       25
Authority key identifier: F6:08:62:8A:46:82:F5:53:80:4A:F3:AB:2E:58:A1:9C:30:A8:AD:D2
Authority info access:    rsync://rpki.afrinic.net/repository/arin/9ghiikaC9VOASvOrLlihnDCordI.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3644574/37DB92B2778011EFA6D72EB2762E951A/AA0B58347DA411EFB8CC7D67762E951A.roa
Signing time:             Sat 28 Sep 2024 14:19:25 +0000
ROA not before:           Sat 28 Sep 2024 14:19:22 +0000
ROA not after:            Thu 24 Sep 2026 14:19:22 +0000
asID:                     6134
IP address blocks:        45.221.120.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3644574/37DB92B2778011EFA6D72EB2762E951A/9ghiikaC9VOASvOrLlihnDCordI.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3644574/37DB92B2778011EFA6D72EB2762E951A/9ghiikaC9VOASvOrLlihnDCordI.mft
                          rsync://rpki.afrinic.net/repository/arin/9ghiikaC9VOASvOrLlihnDCordI.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:21:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 37 (0x25)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3644574AR/serialNumber=F608628A4682F553804AF3AB2E58A19C30A8ADD2
        Validity
            Not Before: Sep 28 14:19:22 2024 GMT
            Not After : Sep 24 14:19:22 2026 GMT
        Subject: CN=66f8106d-87b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:aa:9f:9d:0d:fe:7f:ec:f9:dc:48:ac:f3:de:
                    f5:24:12:a7:5f:2c:94:2d:7a:bb:96:c2:fe:fa:09:
                    ee:cb:3f:37:30:6f:b0:d4:9e:a9:3f:33:3e:e4:1c:
                    e8:4a:09:07:19:da:41:d0:e3:84:7a:62:83:cb:dc:
                    32:c2:b7:2f:fc:e0:65:e8:85:a7:ad:4d:54:a0:31:
                    65:fe:45:ce:a8:39:9f:60:1b:5a:ec:2e:ac:99:b9:
                    1c:db:7f:88:6c:d1:58:eb:02:f7:36:97:5c:09:8f:
                    cc:57:3f:a0:ce:b0:b7:87:a6:50:ec:da:29:cd:0e:
                    aa:af:cb:0e:50:a2:aa:5c:29:94:95:5b:c0:8b:2b:
                    c0:86:74:a2:22:57:9e:5d:23:a4:2c:de:1f:e1:dc:
                    d3:3f:32:88:08:53:59:b1:f6:68:45:f1:38:aa:5f:
                    2a:85:13:7b:24:17:5b:4d:2d:b2:7c:62:dd:a5:9d:
                    7d:1f:18:34:54:d7:df:31:7a:79:82:5c:84:82:2f:
                    d3:86:77:ba:e2:e0:c1:fe:a9:24:84:42:82:87:6b:
                    97:2e:fc:a2:c1:ae:e5:a3:25:26:d3:d8:f4:3c:48:
                    57:05:7c:18:c9:1e:45:18:3f:85:6d:d1:b4:68:dc:
                    00:ce:20:e8:90:df:6d:11:a2:ac:8d:f7:ce:b2:db:
                    73:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:D8:55:ED:60:2A:2E:C1:49:65:1F:8C:7C:C1:5B:4A:D1:70:63:32
            X509v3 Authority Key Identifier:
                keyid:F6:08:62:8A:46:82:F5:53:80:4A:F3:AB:2E:58:A1:9C:30:A8:AD:D2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3644574/37DB92B2778011EFA6D72EB2762E951A/9ghiikaC9VOASvOrLlihnDCordI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/9ghiikaC9VOASvOrLlihnDCordI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3644574/37DB92B2778011EFA6D72EB2762E951A/AA0B58347DA411EFB8CC7D67762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.221.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         a3:32:94:10:0f:81:a5:51:89:a4:47:23:0e:ff:f3:3f:ec:85:
         87:b6:fa:53:51:58:b0:e6:4b:22:0c:f4:65:4e:e5:25:61:98:
         b4:4d:ac:fd:6c:be:1c:97:9c:93:0e:85:73:fb:6d:70:0e:28:
         df:7a:29:31:92:e8:9b:1b:72:1b:0a:fb:38:2a:df:49:c6:19:
         ba:d3:28:e9:e8:7d:cb:46:18:70:f9:c8:34:19:b5:db:ec:2a:
         a3:1c:3c:8f:1b:5d:e3:ac:9d:7d:39:03:2e:f1:80:7d:d5:fd:
         cb:79:59:fe:d4:a7:4f:7c:52:31:c6:6f:25:a2:88:35:da:2f:
         4f:9e:23:b7:ca:92:4d:27:ca:39:39:72:0d:b8:3b:fe:40:4c:
         7b:62:ef:85:2d:17:7e:75:96:5e:8f:99:0f:61:bb:fa:b6:1d:
         eb:bf:1e:fd:25:e4:54:45:e8:a0:98:f1:10:4b:2a:4f:6e:a8:
         9d:c5:a2:b5:c8:dd:10:3d:80:82:52:b9:56:0f:23:29:41:50:
         e8:20:e8:8a:71:fe:f4:91:9a:ce:1c:95:0a:20:3b:01:c7:55:
         7b:f7:f5:04:36:1d:d7:87:72:3e:06:5b:31:4b:fa:7c:82:af:
         84:a2:d0:85:3e:08:37:58:b1:ed:55:62:8f:1a:73:c7:43:90:
         79:e5:6e:17
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgIBJTANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzY0
NDU3NEFSMTEwLwYDVQQFEyhGNjA4NjI4QTQ2ODJGNTUzODA0QUYzQUIyRTU4QTE5
QzMwQThBREQyMB4XDTI0MDkyODE0MTkyMloXDTI2MDkyNDE0MTkyMlowGDEWMBQG
A1UEAxMNNjZmODEwNmQtODdiMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMiqn50N/n/s+dxIrPPe9SQSp18slC16u5bC/voJ7ss/NzBvsNSeqT8zPuQc
6EoJBxnaQdDjhHpig8vcMsK3L/zgZeiFp61NVKAxZf5Fzqg5n2AbWuwurJm5HNt/
iGzRWOsC9zaXXAmPzFc/oM6wt4emUOzaKc0Oqq/LDlCiqlwplJVbwIsrwIZ0oiJX
nl0jpCzeH+Hc0z8yiAhTWbH2aEXxOKpfKoUTeyQXW00tsnxi3aWdfR8YNFTX3zF6
eYJchIIv04Z3uuLgwf6pJIRCgodrly78osGu5aMlJtPY9DxIVwV8GMkeRRg/hW3R
tGjcAM4g6JDfbRGirI33zrLbc4cCAwEAAaOCAqIwggKeMB0GA1UdDgQWBBQt2FXt
YCouwUllH4x8wVtK0XBjMjAfBgNVHSMEGDAWgBT2CGKKRoL1U4BK86suWKGcMKit
0jAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2NDQ1NzQvMzdEQjkyQjI3NzgwMTFFRkE2RDcyRUIyNzYyRTk1MUEvOWdoaWlr
YUM5Vk9BU3ZPckxsaWhuRENvcmRJLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2FyaW4v
OWdoaWlrYUM5Vk9BU3ZPckxsaWhuRENvcmRJLmNlcjBPBgNVHSABAf8ERTBDMEEG
CCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmljLm5l
dC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUFBzAL
hoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3Jl
cG9zaXRvcnkvRjM2NDQ1NzQvMzdEQjkyQjI3NzgwMTFFRkE2RDcyRUIyNzYyRTk1
MUEvQUEwQjU4MzQ3REE0MTFFRkI4Q0M3RDY3NzYyRTk1MUEucm9hMDUGCCsGAQUF
BzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAy3deDANBgkqhkiG9w0BAQsFAAOC
AQEAozKUEA+BpVGJpEcjDv/zP+yFh7b6U1FYsOZLIgz0ZU7lJWGYtE2s/Wy+HJec
kw6Fc/ttcA4o33opMZLomxtyGwr7OCrfScYZutMo6eh9y0YYcPnINBm12+wqoxw8
jxtd46ydfTkDLvGAfdX9y3lZ/tSnT3xSMcZvJaKINdovT54jt8qSTSfKOTlyDbg7
/kBMe2LvhS0XfnWWXo+ZD2G7+rYd678e/SXkVEXooJjxEEsqT26oncWitcjdED2A
glK5Vg8jKUFQ6CDoinH+9JGazhyVCiA7AcdVe/f1BDYd14dyPgZbMUv6fIKvhKLQ
hT4IN1ix7VVijxpzx0OQeeVuFw==
-----END CERTIFICATE-----