Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36886B3/5A411F9EB8EF11EDA5B09DDAF1222468/7DA334A6B90611ED9F8335A1F1222468.roa
File:                     7DA334A6B90611ED9F8335A1F1222468.roa (raw, json)
Hash identifier:          vI2mWrJeCXdlck7gnjH32CU1uLtmyntFBr7jkV0U+3w=
Subject key identifier:   A2:D1:31:4B:3A:3A:09:E5:4F:F1:F9:1C:DB:83:0C:C9:DB:D9:AE:7D
Certificate issuer:       /CN=F36886B3AR/serialNumber=D9C0B233ACB063543574D3F5F327BEB8B2B99118
Certificate serial:       07
Authority key identifier: D9:C0:B2:33:AC:B0:63:54:35:74:D3:F5:F3:27:BE:B8:B2:B9:91:18
Authority info access:    rsync://rpki.afrinic.net/repository/arin/2cCyM6ywY1Q1dNP18ye-uLK5kRg.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36886B3/5A411F9EB8EF11EDA5B09DDAF1222468/7DA334A6B90611ED9F8335A1F1222468.roa
Signing time:             Thu 02 Mar 2023 14:28:25 +0000
ROA not before:           Thu 02 Mar 2023 14:28:21 +0000
ROA not after:            Mon 02 Mar 2026 14:28:21 +0000
asID:                     33763
IP address blocks:        160.242.0.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36886B3/5A411F9EB8EF11EDA5B09DDAF1222468/2cCyM6ywY1Q1dNP18ye-uLK5kRg.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36886B3/5A411F9EB8EF11EDA5B09DDAF1222468/2cCyM6ywY1Q1dNP18ye-uLK5kRg.mft
                          rsync://rpki.afrinic.net/repository/arin/2cCyM6ywY1Q1dNP18ye-uLK5kRg.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:21:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7 (0x7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36886B3AR/serialNumber=D9C0B233ACB063543574D3F5F327BEB8B2B99118
        Validity
            Not Before: Mar  2 14:28:21 2023 GMT
            Not After : Mar  2 14:28:21 2026 GMT
        Subject: CN=6400b289-da21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:40:ed:12:ff:db:2b:28:58:8a:ea:0c:a7:d6:
                    2f:38:64:0b:d2:16:b6:3e:87:a3:3d:cd:c7:09:ea:
                    4c:14:4f:af:28:76:f2:2f:1c:e9:e5:d0:cf:fd:f7:
                    5a:38:6f:7e:ed:20:d6:e6:21:68:e5:e5:e4:23:da:
                    dd:ba:c7:78:21:f2:93:11:a2:48:83:b7:20:7c:39:
                    e2:3b:9a:6e:bd:32:a0:93:b1:a7:13:d3:20:cd:5e:
                    ed:3a:23:20:97:f7:d6:40:95:b3:fe:23:dd:96:77:
                    a5:fd:06:11:f9:e5:2e:29:f3:d0:11:ee:39:14:5d:
                    3a:91:9e:61:0c:e8:fd:31:d2:f1:57:1c:de:1c:2a:
                    9d:a8:89:b1:eb:09:c8:c9:0a:bc:6c:9f:15:9f:cd:
                    d5:5a:c8:15:3c:26:4d:b2:d6:0c:ff:63:58:2b:b9:
                    4b:b0:f0:08:50:66:9c:60:44:f4:60:cb:81:33:96:
                    cc:a2:80:84:72:a4:6a:79:05:96:7f:93:7b:93:c7:
                    9c:37:46:ec:87:82:9c:01:9f:f2:3d:fb:44:5b:69:
                    15:e5:74:ed:2d:87:8e:e8:f7:06:08:bd:80:75:b7:
                    83:db:4e:2c:ff:b2:98:04:28:4b:60:7a:9e:28:7c:
                    5c:11:d2:1c:7f:27:22:d0:c5:6c:fd:7f:78:11:08:
                    1b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:D1:31:4B:3A:3A:09:E5:4F:F1:F9:1C:DB:83:0C:C9:DB:D9:AE:7D
            X509v3 Authority Key Identifier:
                keyid:D9:C0:B2:33:AC:B0:63:54:35:74:D3:F5:F3:27:BE:B8:B2:B9:91:18

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36886B3/5A411F9EB8EF11EDA5B09DDAF1222468/2cCyM6ywY1Q1dNP18ye-uLK5kRg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/2cCyM6ywY1Q1dNP18ye-uLK5kRg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36886B3/5A411F9EB8EF11EDA5B09DDAF1222468/7DA334A6B90611ED9F8335A1F1222468.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.242.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         9d:53:68:96:91:1c:52:22:43:da:5a:5c:dc:ad:67:48:d6:2b:
         96:47:2d:f5:72:8e:dd:4c:e3:00:25:62:7f:e3:8f:95:2b:28:
         83:c3:04:5e:74:bf:d1:94:45:a5:f7:c0:0d:7e:fb:e1:0d:31:
         c8:2d:07:07:0c:78:52:51:fe:1e:d4:23:35:e8:ac:84:55:e4:
         55:1e:d7:0e:a5:fe:55:af:02:94:6b:6f:2d:1a:0d:cf:d7:17:
         c4:60:e9:89:ba:40:0b:cf:48:e0:9d:ad:59:f1:6e:15:97:a0:
         a7:e7:92:e7:f5:f7:d6:bc:36:a9:0e:51:1d:89:e4:20:c8:40:
         ec:92:8a:96:45:c1:23:e1:fa:44:51:df:5e:6e:a4:61:03:70:
         0f:2a:71:5b:59:d5:96:c1:be:04:58:d3:19:89:74:53:2a:67:
         73:38:96:2d:1b:f9:71:31:3a:27:42:f8:05:f0:e7:93:70:9f:
         78:a5:0a:5b:b3:24:09:3e:85:f6:e7:dc:a7:2e:a8:6a:16:64:
         98:33:7a:0a:76:0f:dd:4c:1f:ac:24:bb:df:96:dc:9a:12:09:
         fa:48:1b:98:7a:2d:72:90:e1:d4:5e:8a:9c:5d:1e:88:58:e7:
         a1:ce:04:23:84:5f:e1:64:57:6e:15:76:33:19:22:47:4c:aa:
         ee:99:87:e6
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgIBBzANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDDApGMzY4
ODZCM0FSMTEwLwYDVQQFEyhEOUMwQjIzM0FDQjA2MzU0MzU3NEQzRjVGMzI3QkVC
OEIyQjk5MTE4MB4XDTIzMDMwMjE0MjgyMVoXDTI2MDMwMjE0MjgyMVowGDEWMBQG
A1UEAwwNNjQwMGIyODktZGEyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOJA7RL/2ysoWIrqDKfWLzhkC9IWtj6Hoz3NxwnqTBRPryh28i8c6eXQz/33
Wjhvfu0g1uYhaOXl5CPa3brHeCHykxGiSIO3IHw54juabr0yoJOxpxPTIM1e7Toj
IJf31kCVs/4j3ZZ3pf0GEfnlLinz0BHuORRdOpGeYQzo/THS8Vcc3hwqnaiJsesJ
yMkKvGyfFZ/N1VrIFTwmTbLWDP9jWCu5S7DwCFBmnGBE9GDLgTOWzKKAhHKkankF
ln+Te5PHnDdG7IeCnAGf8j37RFtpFeV07S2Hjuj3Bgi9gHW3g9tOLP+ymAQoS2B6
nih8XBHSHH8nItDFbP1/eBEIG9sCAwEAAaOCAqIwggKeMB0GA1UdDgQWBBSi0TFL
OjoJ5U/x+RzbgwzJ29mufTAfBgNVHSMEGDAWgBTZwLIzrLBjVDV00/XzJ764srmR
GDAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2ODg2QjMvNUE0MTFGOUVCOEVGMTFFREE1QjA5RERBRjEyMjI0NjgvMmNDeU02
eXdZMVExZE5QMTh5ZS11TEs1a1JnLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2FyaW4v
MmNDeU02eXdZMVExZE5QMTh5ZS11TEs1a1JnLmNlcjBPBgNVHSABAf8ERTBDMEEG
CCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmljLm5l
dC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUFBzAL
hoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3Jl
cG9zaXRvcnkvRjM2ODg2QjMvNUE0MTFGOUVCOEVGMTFFREE1QjA5RERBRjEyMjI0
NjgvN0RBMzM0QTZCOTA2MTFFRDlGODMzNUExRjEyMjI0Njgucm9hMDUGCCsGAQUF
BzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBKDyADANBgkqhkiG9w0BAQsFAAOC
AQEAnVNolpEcUiJD2lpc3K1nSNYrlkct9XKO3UzjACVif+OPlSsog8MEXnS/0ZRF
pffADX774Q0xyC0HBwx4UlH+HtQjNeishFXkVR7XDqX+Va8ClGtvLRoNz9cXxGDp
ibpAC89I4J2tWfFuFZegp+eS5/X31rw2qQ5RHYnkIMhA7JKKlkXBI+H6RFHfXm6k
YQNwDypxW1nVlsG+BFjTGYl0UypncziWLRv5cTE6J0L4BfDnk3CfeKUKW7MkCT6F
9ufcpy6oahZkmDN6CnYP3UwfrCS735bcmhIJ+kgbmHotcpDh1F6KnF0eiFjnoc4E
I4Rf4WRXbhV2MxkiR0yq7pmH5g==
-----END CERTIFICATE-----
Generated at Fri Nov 22 03:52:56 2024 by rpki-client on console-fra.rpki-client.org