Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3670C40/E07F1110864411E989CEFB56F8AEA228/A57BAB36864511E9B11DB357F8AEA228.roa
File:                     A57BAB36864511E9B11DB357F8AEA228.roa (raw, json)
Hash identifier:          UZHeW38R1/Nd92sqBo1918z/ZA9yifdIrMDF+uNRLVM=
Subject key identifier:   EE:12:99:A6:F5:84:98:27:EC:B1:33:2E:11:C5:77:EE:87:CE:B9:8D
Certificate issuer:       /CN=F3670C40AR/serialNumber=B4716F3BC7BD1DB447CC730FEE7A2BB632AB1903
Certificate serial:       02
Authority key identifier: B4:71:6F:3B:C7:BD:1D:B4:47:CC:73:0F:EE:7A:2B:B6:32:AB:19:03
Authority info access:    rsync://rpki.afrinic.net/repository/arin/tHFvO8e9HbRHzHMP7nortjKrGQM.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3670C40/E07F1110864411E989CEFB56F8AEA228/A57BAB36864511E9B11DB357F8AEA228.roa
Signing time:             Mon 03 Jun 2019 21:22:10 +0000
ROA not before:           Mon 03 Jun 2019 21:21:50 +0000
ROA not after:            Mon 30 Jun 2025 21:21:50 +0000
asID:                     37353
IP address blocks:        129.205.128.0/18 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3670C40/E07F1110864411E989CEFB56F8AEA228/tHFvO8e9HbRHzHMP7nortjKrGQM.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3670C40/E07F1110864411E989CEFB56F8AEA228/tHFvO8e9HbRHzHMP7nortjKrGQM.mft
                          rsync://rpki.afrinic.net/repository/arin/tHFvO8e9HbRHzHMP7nortjKrGQM.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 12 May 2024 00:16:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3670C40AR/serialNumber=B4716F3BC7BD1DB447CC730FEE7A2BB632AB1903
        Validity
            Not Before: Jun  3 21:21:50 2019 GMT
            Not After : Jun 30 21:21:50 2025 GMT
        Subject: CN=5cf58f82-36cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:5d:e9:43:91:4e:5d:39:c2:28:b1:50:0e:19:
                    b8:89:10:24:bd:bf:e4:b6:ad:65:1c:d2:eb:4d:e6:
                    d8:a5:4c:ff:88:d6:76:33:bc:8e:0c:1c:33:06:be:
                    7c:20:2e:75:f6:37:14:c8:8b:92:a8:0d:01:44:0d:
                    2e:ce:02:ea:c7:01:48:b6:4b:07:61:92:22:97:a7:
                    c5:d4:20:1a:31:46:a6:a1:41:8e:38:63:66:5a:1d:
                    a8:ba:93:b0:92:56:cb:52:5c:8e:48:8e:70:ed:6b:
                    4b:16:f0:9b:85:eb:6e:6c:20:22:0b:d3:03:51:6c:
                    30:98:3c:cf:20:c0:8b:b1:b6:59:3e:bd:13:9f:89:
                    43:92:30:6b:ad:4a:c5:79:b6:5e:fc:8b:d3:c4:28:
                    a9:39:8d:d0:74:10:74:20:57:0f:cf:40:df:0c:8f:
                    f0:1f:64:d0:3c:b6:a9:28:bc:23:6a:05:59:0e:4e:
                    44:e9:19:66:5f:43:7a:79:7f:2b:44:bc:aa:31:3b:
                    fb:f9:b2:04:35:23:7b:3e:92:a4:ee:d2:6d:6b:6e:
                    c3:7d:1a:4f:f1:d3:4d:2f:56:e5:39:36:86:3f:4c:
                    8b:28:17:fa:f5:f1:f9:2b:a0:5b:c5:28:ea:12:2e:
                    fa:a6:57:a5:99:d3:12:f2:ab:ae:92:0f:87:fe:67:
                    a0:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:12:99:A6:F5:84:98:27:EC:B1:33:2E:11:C5:77:EE:87:CE:B9:8D
            X509v3 Authority Key Identifier:
                keyid:B4:71:6F:3B:C7:BD:1D:B4:47:CC:73:0F:EE:7A:2B:B6:32:AB:19:03

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3670C40/E07F1110864411E989CEFB56F8AEA228/tHFvO8e9HbRHzHMP7nortjKrGQM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/tHFvO8e9HbRHzHMP7nortjKrGQM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3670C40/E07F1110864411E989CEFB56F8AEA228/A57BAB36864511E9B11DB357F8AEA228.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.205.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         a3:f3:9a:10:63:cc:1e:91:ca:b3:da:22:7a:63:d6:04:2d:ff:
         b5:aa:70:c3:9d:b6:4a:07:d4:4d:49:a8:09:06:49:26:d8:30:
         95:4e:5f:81:bc:d8:70:80:23:9e:c1:a7:e3:20:30:cf:aa:d2:
         a0:29:f2:f6:16:36:30:b5:65:ae:7b:4d:7d:ff:92:dc:9b:5b:
         a6:86:65:88:01:f9:0c:c6:ab:dd:3d:b8:44:b3:1e:29:c5:27:
         af:78:83:30:ae:33:ca:32:e2:9d:80:ce:21:1b:cb:4d:dd:35:
         e1:d7:e2:0f:09:ed:50:16:c0:b8:a7:e2:9a:99:58:58:03:d8:
         92:15:63:95:30:33:49:cf:88:b8:8c:f3:0c:f1:95:4a:c3:cf:
         35:18:c5:4d:3c:c0:4c:9b:98:88:3a:b4:79:78:d3:26:e3:2e:
         45:29:c0:c1:6b:a3:6a:21:7e:87:23:42:93:e8:e8:7b:dc:37:
         b4:0a:b2:9e:d3:b4:ec:4b:dc:3d:73:f0:43:9c:33:8b:75:fd:
         33:da:53:cd:78:3b:a7:7b:f6:64:4f:d7:03:f6:4f:fe:d2:58:
         63:12:ba:a0:35:0b:80:2b:d2:3d:1f:d7:64:34:63:53:13:97:
         3d:ef:73:78:6a:b3:a8:39:3d:c4:5d:19:e7:6a:9f:5d:ab:ee:
         68:23:2d:8a
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzY3
MEM0MEFSMTEwLwYDVQQFEyhCNDcxNkYzQkM3QkQxREI0NDdDQzczMEZFRTdBMkJC
NjMyQUIxOTAzMB4XDTE5MDYwMzIxMjE1MFoXDTI1MDYzMDIxMjE1MFowGDEWMBQG
A1UEAxMNNWNmNThmODItMzZjZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMdd6UORTl05wiixUA4ZuIkQJL2/5LatZRzS603m2KVM/4jWdjO8jgwcMwa+
fCAudfY3FMiLkqgNAUQNLs4C6scBSLZLB2GSIpenxdQgGjFGpqFBjjhjZlodqLqT
sJJWy1JcjkiOcO1rSxbwm4XrbmwgIgvTA1FsMJg8zyDAi7G2WT69E5+JQ5Iwa61K
xXm2XvyL08QoqTmN0HQQdCBXD89A3wyP8B9k0Dy2qSi8I2oFWQ5OROkZZl9Denl/
K0S8qjE7+/myBDUjez6SpO7SbWtuw30aT/HTTS9W5Tk2hj9MiygX+vXx+SugW8Uo
6hIu+qZXpZnTEvKrrpIPh/5noMsCAwEAAaOCAmswggJnMB0GA1UdDgQWBBTuEpmm
9YSYJ+yxMy4RxXfuh865jTAfBgNVHSMEGDAWgBS0cW87x70dtEfMcw/ueiu2MqsZ
AzAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2NzBDNDAvRTA3RjExMTA4NjQ0MTFFOTg5Q0VGQjU2RjhBRUEyMjgvdEhGdk84
ZTlIYlJIekhNUDdub3J0aktyR1FNLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2FyaW4v
dEhGdk84ZTlIYlJIekhNUDdub3J0aktyR1FNLmNlcjBPBgNVHSABAf8ERTBDMEEG
CCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmljLm5l
dC9wb2xpY3kvQ1BTLnBkZjCBpAYIKwYBBQUHAQsEgZcwgZQwgZEGCCsGAQUFBzAL
hoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3Jl
cG9zaXRvcnkvRjM2NzBDNDAvRTA3RjExMTA4NjQ0MTFFOTg5Q0VGQjU2RjhBRUEy
MjgvQTU3QkFCMzY4NjQ1MTFFOUIxMURCMzU3RjhBRUEyMjgucm9hMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQGgc2AMA0GCSqGSIb3DQEBCwUAA4IBAQCj85oQ
Y8wekcqz2iJ6Y9YELf+1qnDDnbZKB9RNSagJBkkm2DCVTl+BvNhwgCOewafjIDDP
qtKgKfL2FjYwtWWue019/5Lcm1umhmWIAfkMxqvdPbhEsx4pxSeveIMwrjPKMuKd
gM4hG8tN3TXh1+IPCe1QFsC4p+KamVhYA9iSFWOVMDNJz4i4jPMM8ZVKw881GMVN
PMBMm5iIOrR5eNMm4y5FKcDBa6NqIX6HI0KT6Oh73De0CrKe07TsS9w9c/BDnDOL
df0z2lPNeDune/ZkT9cD9k/+0lhjErqgNQuAK9I9H9dkNGNTE5c973N4arOoOT3E
XRnnap9dq+5oIy2K
-----END CERTIFICATE-----