Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3687682/ECCB3E1C009211EF94AE900D017001B1/4348CF92009411EF9CFF8618017001B1.roa
File:                     4348CF92009411EF9CFF8618017001B1.roa (raw, json)
Hash identifier:          kE7Wa2CuajfImbklB2Ig5E0X9bA3vR+6n/vZhq2Lzac=
Subject key identifier:   3D:A1:D5:C5:96:58:34:2C:61:75:6B:34:40:4F:76:06:1F:E8:EC:37
Certificate issuer:       /CN=F3687682AR/serialNumber=668007A9FE962F47D4DF7737DE175060AC5ABCEC
Certificate serial:       05
Authority key identifier: 66:80:07:A9:FE:96:2F:47:D4:DF:77:37:DE:17:50:60:AC:5A:BC:EC
Authority info access:    rsync://rpki.afrinic.net/repository/arin/ZoAHqf6WL0fU33c33hdQYKxavOw.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3687682/ECCB3E1C009211EF94AE900D017001B1/4348CF92009411EF9CFF8618017001B1.roa
Signing time:             Mon 22 Apr 2024 10:37:06 +0000
ROA not before:           Mon 22 Apr 2024 10:37:02 +0000
ROA not after:            Tue 30 Apr 2030 10:37:02 +0000
asID:                     206283
IP address blocks:        168.253.44.0/22 maxlen: 22
                          168.253.48.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3687682/ECCB3E1C009211EF94AE900D017001B1/ZoAHqf6WL0fU33c33hdQYKxavOw.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3687682/ECCB3E1C009211EF94AE900D017001B1/ZoAHqf6WL0fU33c33hdQYKxavOw.mft
                          rsync://rpki.afrinic.net/repository/arin/ZoAHqf6WL0fU33c33hdQYKxavOw.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Wed 19 Jun 2024 00:16:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5 (0x5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3687682AR/serialNumber=668007A9FE962F47D4DF7737DE175060AC5ABCEC
        Validity
            Not Before: Apr 22 10:37:02 2024 GMT
            Not After : Apr 30 10:37:02 2030 GMT
        Subject: CN=66263dd1-c491
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:18:8a:55:8d:00:d1:61:19:10:b2:9f:24:a9:
                    08:f3:a9:b4:2c:bd:76:56:75:a5:80:53:21:99:c8:
                    0a:46:0a:e1:21:5e:d1:36:69:e3:bc:54:cf:52:0b:
                    9b:fe:d4:42:80:6b:ae:6b:99:d1:d9:db:a5:9b:b7:
                    e0:98:68:71:eb:ba:a3:a9:84:13:66:5b:72:4c:0e:
                    85:9d:b6:b7:7a:31:dc:66:0e:bb:e7:e5:10:c2:ea:
                    c2:af:3c:cd:1c:3c:02:b0:dd:b1:7b:74:89:40:eb:
                    3f:a3:8d:c3:af:0c:3d:b2:27:7c:1d:b5:af:b1:6c:
                    45:90:5e:19:85:ed:6f:56:15:9d:72:e0:00:54:38:
                    fc:57:d0:ef:9e:d7:d2:d5:dd:80:81:b3:31:8e:59:
                    30:ce:a7:02:22:a1:bd:0e:b0:45:11:65:f9:c6:44:
                    30:08:e7:f6:b0:1f:fd:27:1c:cc:45:9c:c7:1b:d0:
                    2b:53:e7:37:7b:ce:a0:13:39:c7:37:51:77:a9:50:
                    98:80:23:dc:f7:dd:32:06:a8:c3:27:37:d0:eb:6a:
                    fe:06:2f:83:39:0b:1f:a8:7d:c5:18:a1:52:88:38:
                    3b:63:08:bf:90:33:b0:58:15:2b:02:5d:4c:20:66:
                    2f:7f:19:75:2d:b2:ad:2b:16:bf:87:18:13:b4:f0:
                    fc:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:A1:D5:C5:96:58:34:2C:61:75:6B:34:40:4F:76:06:1F:E8:EC:37
            X509v3 Authority Key Identifier:
                keyid:66:80:07:A9:FE:96:2F:47:D4:DF:77:37:DE:17:50:60:AC:5A:BC:EC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3687682/ECCB3E1C009211EF94AE900D017001B1/ZoAHqf6WL0fU33c33hdQYKxavOw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/ZoAHqf6WL0fU33c33hdQYKxavOw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3687682/ECCB3E1C009211EF94AE900D017001B1/4348CF92009411EF9CFF8618017001B1.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.253.44.0-168.253.48.255

    Signature Algorithm: sha256WithRSAEncryption
         47:e6:b6:67:1d:e1:00:8b:fc:66:48:06:b9:c4:fb:2d:53:10:
         90:d7:6b:6e:da:18:3a:01:72:ef:ba:e0:df:60:6a:35:18:35:
         ff:75:ce:7d:d3:40:dd:f1:1d:e9:0a:5c:a2:98:1a:a2:60:f6:
         eb:49:c8:bf:9b:5f:9d:b0:2d:31:f6:e8:38:e5:66:f6:cd:67:
         26:29:b9:d5:14:bf:e5:8f:81:09:59:6a:1b:76:b8:1c:39:a1:
         3d:8f:2d:55:27:0d:67:8b:ab:98:df:18:64:63:09:4c:49:a9:
         ce:6e:12:47:6b:20:8b:02:0a:94:6e:37:18:8e:bd:0c:db:8f:
         ea:7b:c0:4d:65:7d:52:58:93:dd:c2:6b:03:8b:d0:d6:33:8d:
         49:6a:ba:aa:53:4c:32:2d:84:1a:f7:7b:8f:ea:60:b3:7f:e4:
         d9:0d:df:51:a7:b7:f4:18:ab:9f:8d:c9:6f:19:01:4a:53:f2:
         6d:65:a8:e2:ad:68:56:b2:f3:df:6c:3f:57:59:8a:56:cd:a9:
         88:d7:eb:49:53:6b:3b:bd:8d:22:7c:ff:0c:89:13:96:1b:35:
         9a:96:58:4c:d0:17:fa:14:7e:4f:18:2c:32:cb:9a:51:37:bc:
         c9:c7:47:e6:39:49:f7:7b:fc:d2:f9:37:bc:f5:f9:a7:76:36:
         81:0a:51:4b
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgIBBTANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzY4
NzY4MkFSMTEwLwYDVQQFEyg2NjgwMDdBOUZFOTYyRjQ3RDRERjc3MzdERTE3NTA2
MEFDNUFCQ0VDMB4XDTI0MDQyMjEwMzcwMloXDTMwMDQzMDEwMzcwMlowGDEWMBQG
A1UEAxMNNjYyNjNkZDEtYzQ5MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJwYilWNANFhGRCynySpCPOptCy9dlZ1pYBTIZnICkYK4SFe0TZp47xUz1IL
m/7UQoBrrmuZ0dnbpZu34Jhoceu6o6mEE2ZbckwOhZ22t3ox3GYOu+flEMLqwq88
zRw8ArDdsXt0iUDrP6ONw68MPbInfB21r7FsRZBeGYXtb1YVnXLgAFQ4/FfQ757X
0tXdgIGzMY5ZMM6nAiKhvQ6wRRFl+cZEMAjn9rAf/ScczEWcxxvQK1PnN3vOoBM5
xzdRd6lQmIAj3PfdMgaowyc30Otq/gYvgzkLH6h9xRihUog4O2MIv5AzsFgVKwJd
TCBmL38ZdS2yrSsWv4cYE7Tw/PkCAwEAAaOCAqowggKmMB0GA1UdDgQWBBQ9odXF
llg0LGF1azRAT3YGH+jsNzAfBgNVHSMEGDAWgBRmgAep/pYvR9TfdzfeF1BgrFq8
7DAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2ODc2ODIvRUNDQjNFMUMwMDkyMTFFRjk0QUU5MDBEMDE3MDAxQjEvWm9BSHFm
NldMMGZVMzNjMzNoZFFZS3hhdk93LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2FyaW4v
Wm9BSHFmNldMMGZVMzNjMzNoZFFZS3hhdk93LmNlcjBPBgNVHSABAf8ERTBDMEEG
CCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmljLm5l
dC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUFBzAL
hoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3Jl
cG9zaXRvcnkvRjM2ODc2ODIvRUNDQjNFMUMwMDkyMTFFRjk0QUU5MDBEMDE3MDAx
QjEvNDM0OENGOTIwMDk0MTFFRjlDRkY4NjE4MDE3MDAxQjEucm9hMDUGCCsGAQUF
BzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAn
BggrBgEFBQcBBwEB/wQYMBYwFAQCAAEwDjAMAwQCqP0sAwQAqP0wMA0GCSqGSIb3
DQEBCwUAA4IBAQBH5rZnHeEAi/xmSAa5xPstUxCQ12tu2hg6AXLvuuDfYGo1GDX/
dc5900Dd8R3pClyimBqiYPbrSci/m1+dsC0x9ug45Wb2zWcmKbnVFL/lj4EJWWob
drgcOaE9jy1VJw1ni6uY3xhkYwlMSanObhJHayCLAgqUbjcYjr0M24/qe8BNZX1S
WJPdwmsDi9DWM41JarqqU0wyLYQa93uP6mCzf+TZDd9Rp7f0GKufjclvGQFKU/Jt
ZajirWhWsvPfbD9XWYpWzamI1+tJU2s7vY0ifP8MiROWGzWallhM0Bf6FH5PGCwy
y5pRN7zJx0fmOUn3e/zS+Te89fmndjaBClFL
-----END CERTIFICATE-----
Generated at Mon Jun 17 03:47:42 2024 by rpki-client on console-ams.rpki-client.org