Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36886B3/3535CA1AB8EF11EDA9B341DAF1222468/EA38FC82B90A11ED85FF5EAEF1222468.roa
File:                     EA38FC82B90A11ED85FF5EAEF1222468.roa (raw, json)
Hash identifier:          U/DFwFJXSPn3zdoS1fQC4dnFVphKMbL7mbtwJ9Z/d5w=
Subject key identifier:   EF:26:88:CD:36:54:06:A2:68:42:75:55:4A:3D:A9:86:4E:94:6F:C9
Certificate issuer:       /CN=F36886B3AF/serialNumber=3D6ED905037C83C573780B0CCDC70D5D8CEF038B
Certificate serial:       19
Authority key identifier: 3D:6E:D9:05:03:7C:83:C5:73:78:0B:0C:CD:C7:0D:5D:8C:EF:03:8B
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/PW7ZBQN8g8VzeAsMzccNXYzvA4s.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36886B3/3535CA1AB8EF11EDA9B341DAF1222468/EA38FC82B90A11ED85FF5EAEF1222468.roa
Signing time:             Thu 02 Mar 2023 15:00:05 +0000
ROA not before:           Thu 02 Mar 2023 15:00:01 +0000
ROA not after:            Fri 01 Mar 2030 15:00:01 +0000
asID:                     33763
IP address blocks:        196.216.32.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36886B3/3535CA1AB8EF11EDA9B341DAF1222468/PW7ZBQN8g8VzeAsMzccNXYzvA4s.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36886B3/3535CA1AB8EF11EDA9B341DAF1222468/PW7ZBQN8g8VzeAsMzccNXYzvA4s.mft
                          rsync://rpki.afrinic.net/repository/afrinic/PW7ZBQN8g8VzeAsMzccNXYzvA4s.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 25 (0x19)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36886B3AF/serialNumber=3D6ED905037C83C573780B0CCDC70D5D8CEF038B
        Validity
            Not Before: Mar  2 15:00:01 2023 GMT
            Not After : Mar  1 15:00:01 2030 GMT
        Subject: CN=6400b9f5-30d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:7f:2f:46:dc:6a:44:8f:51:67:09:e9:df:0f:
                    60:a4:62:6b:78:6e:c2:fb:67:32:6e:f7:fb:8b:1a:
                    89:75:fa:36:3d:0b:97:56:c6:86:17:15:d0:65:17:
                    1a:35:6f:ec:b3:e0:8c:f9:2e:0f:a6:b2:2e:16:bf:
                    2d:8d:cd:91:bb:a4:90:e4:e4:2e:46:37:b6:4e:b6:
                    c2:09:93:b3:49:c8:4a:78:f1:13:b2:38:7b:66:bb:
                    6b:9a:33:11:d5:8e:9f:b5:85:47:e6:5e:01:22:a0:
                    da:7c:10:61:eb:c3:fd:41:b3:03:47:61:47:d2:81:
                    79:0b:40:9d:3c:35:1d:10:df:c1:5b:c4:f0:38:5d:
                    3a:5f:03:30:ec:1f:7d:09:5a:03:4a:36:9a:6d:52:
                    00:da:29:0b:d6:69:37:be:5b:e8:78:55:66:a2:f0:
                    fd:0e:18:c6:e3:32:dc:a2:c1:f4:aa:97:b4:05:e3:
                    ac:d2:f5:fd:8a:85:c5:65:8c:4f:55:4c:ef:c2:21:
                    bb:19:fd:1b:8b:d3:53:40:fe:57:63:5f:9b:7d:f4:
                    12:24:8a:5b:e9:04:25:84:70:a7:61:be:0a:61:cd:
                    b5:f6:ef:44:19:5d:18:e7:a0:4a:63:02:e3:c5:9b:
                    11:97:66:98:ec:a2:fd:a6:3a:ae:7f:b0:10:e6:83:
                    cc:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:26:88:CD:36:54:06:A2:68:42:75:55:4A:3D:A9:86:4E:94:6F:C9
            X509v3 Authority Key Identifier:
                keyid:3D:6E:D9:05:03:7C:83:C5:73:78:0B:0C:CD:C7:0D:5D:8C:EF:03:8B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36886B3/3535CA1AB8EF11EDA9B341DAF1222468/PW7ZBQN8g8VzeAsMzccNXYzvA4s.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/PW7ZBQN8g8VzeAsMzccNXYzvA4s.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36886B3/3535CA1AB8EF11EDA9B341DAF1222468/EA38FC82B90A11ED85FF5EAEF1222468.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  196.216.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8c:b0:78:8c:d1:fe:ff:8a:37:f2:15:c0:ce:27:94:a5:bc:e8:
         f6:2d:16:ab:90:84:d8:c5:2b:ba:a9:bf:71:ab:33:fb:0f:b1:
         20:0b:a9:87:ca:c1:a3:61:9a:75:35:63:d8:01:ad:fe:a5:3d:
         0b:98:eb:ae:02:ff:62:4e:53:fd:ae:6f:97:49:fb:bd:29:b1:
         e3:1c:b1:e9:77:f1:3f:fc:ba:b2:a2:88:4d:c6:64:ef:34:12:
         4a:35:78:07:81:60:ae:04:c8:1c:80:1d:41:9a:71:92:ed:49:
         08:7d:ee:13:c7:dd:62:f8:a8:b4:1a:a2:6c:a1:52:ef:09:88:
         7f:04:f2:31:a7:26:40:58:95:d2:52:87:03:4f:8d:7f:f9:c3:
         3e:73:c9:bd:24:bb:e1:e0:95:9c:c1:3a:61:2e:7f:10:3c:3a:
         5a:fd:f6:af:10:93:00:dc:1b:d0:b3:0e:7d:c2:9f:66:6d:f4:
         b5:f2:d9:cd:7e:02:18:41:0c:c4:9c:67:ac:3e:3c:e1:12:15:
         b1:6a:0c:fd:a0:a6:78:ad:9b:95:98:29:bf:03:54:9b:79:89:
         3e:3f:6d:ac:41:2e:41:df:a5:9d:41:20:8c:7f:b1:2c:2d:2e:
         3c:96:cb:5b:0a:15:a3:ce:8a:10:f3:bf:69:da:f8:15:ec:55:
         e4:3b:8c:3c
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBGTANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDDApGMzY4
ODZCM0FGMTEwLwYDVQQFEygzRDZFRDkwNTAzN0M4M0M1NzM3ODBCMENDREM3MEQ1
RDhDRUYwMzhCMB4XDTIzMDMwMjE1MDAwMVoXDTMwMDMwMTE1MDAwMVowGDEWMBQG
A1UEAwwNNjQwMGI5ZjUtMzBkMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK5/L0bcakSPUWcJ6d8PYKRia3huwvtnMm73+4saiXX6Nj0Ll1bGhhcV0GUX
GjVv7LPgjPkuD6ayLha/LY3NkbukkOTkLkY3tk62wgmTs0nISnjxE7I4e2a7a5oz
EdWOn7WFR+ZeASKg2nwQYevD/UGzA0dhR9KBeQtAnTw1HRDfwVvE8DhdOl8DMOwf
fQlaA0o2mm1SANopC9ZpN75b6HhVZqLw/Q4YxuMy3KLB9KqXtAXjrNL1/YqFxWWM
T1VM78Ihuxn9G4vTU0D+V2Nfm330EiSKW+kEJYRwp2G+CmHNtfbvRBldGOegSmMC
48WbEZdmmOyi/aY6rn+wEOaDzPMCAwEAAaOCAqUwggKhMB0GA1UdDgQWBBTvJojN
NlQGomhCdVVKPamGTpRvyTAfBgNVHSMEGDAWgBQ9btkFA3yDxXN4CwzNxw1djO8D
izAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2ODg2QjMvMzUzNUNBMUFCOEVGMTFFREE5QjM0MURBRjEyMjI0NjgvUFc3WkJR
TjhnOFZ6ZUFzTXpjY05YWXp2QTRzLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvUFc3WkJRTjhnOFZ6ZUFzTXpjY05YWXp2QTRzLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2ODg2QjMvMzUzNUNBMUFCOEVGMTFFREE5QjM0MURBRjEy
MjI0NjgvRUEzOEZDODJCOTBBMTFFRDg1RkY1RUFFRjEyMjI0Njgucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBMTYIDANBgkqhkiG9w0BAQsF
AAOCAQEAjLB4jNH+/4o38hXAzieUpbzo9i0Wq5CE2MUruqm/casz+w+xIAuph8rB
o2GadTVj2AGt/qU9C5jrrgL/Yk5T/a5vl0n7vSmx4xyx6XfxP/y6sqKITcZk7zQS
SjV4B4FgrgTIHIAdQZpxku1JCH3uE8fdYviotBqibKFS7wmIfwTyMacmQFiV0lKH
A0+Nf/nDPnPJvSS74eCVnME6YS5/EDw6Wv32rxCTANwb0LMOfcKfZm30tfLZzX4C
GEEMxJxnrD484RIVsWoM/aCmeK2blZgpvwNUm3mJPj9trEEuQd+lnUEgjH+xLC0u
PJbLWwoVo86KEPO/adr4FexV5DuMPA==
-----END CERTIFICATE-----
Generated at Fri Nov 22 03:52:56 2024 by rpki-client on console-fra.rpki-client.org