Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/36D58E74C39611EFBA30A253762E951A.roa
File:                     36D58E74C39611EFBA30A253762E951A.roa (raw, json)
Hash identifier:          2IDBTpzeXZtXb/ad9K9VPU4k5Ckmj+D0W/29zzwS79Q=
Subject key identifier:   0E:B1:3F:E3:EF:3D:63:C8:33:76:4F:35:43:C9:8D:8A:B7:4B:B0:01
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       ED23
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/36D58E74C39611EFBA30A253762E951A.roa
Signing time:             Thu 26 Dec 2024 14:32:20 +0000
ROA not before:           Thu 26 Dec 2024 14:32:17 +0000
ROA not after:            Sun 12 Dec 2027 14:32:17 +0000
asID:                     17561
IP address blocks:        45.197.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.mft
                          rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Fri 07 Feb 2025 00:26:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 60707 (0xed23)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR
        Validity
            Not Before: Dec 26 14:32:17 2024 GMT
            Not After : Dec 12 14:32:17 2027 GMT
        Subject: CN=676d68f4-fc69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:1f:49:65:91:98:8d:31:ff:95:a9:40:c3:57:
                    18:2d:b8:a3:c2:b8:33:b8:2e:8c:68:77:94:0d:a3:
                    0f:fc:3b:9c:69:7b:d9:cd:a7:0a:06:2b:3e:56:7a:
                    e6:d0:fe:97:36:2d:cf:75:8f:d0:3a:ff:3f:e7:76:
                    65:65:f7:18:d4:b6:dc:22:b1:32:47:c5:e0:f8:a2:
                    c3:17:53:8f:87:b5:c2:17:4a:5e:cf:34:96:d6:23:
                    a2:c2:06:5b:07:30:c9:27:fd:7e:96:ac:2e:41:f4:
                    bf:07:cf:53:20:2e:fa:41:46:0a:29:b7:b6:e0:d8:
                    39:d4:e3:75:34:22:72:95:9f:a0:9d:fb:35:23:a9:
                    78:e0:97:8b:d1:09:3d:94:74:f2:f3:29:a8:4e:7d:
                    1f:56:e4:ed:20:93:2a:d5:65:25:c3:90:78:a2:08:
                    d0:12:90:01:73:1f:98:2e:61:31:1b:a5:33:5f:62:
                    c9:11:a4:c7:9c:08:c4:17:47:cb:76:2a:c7:00:85:
                    60:df:9b:1b:87:c4:7a:aa:a8:b1:31:aa:55:4d:b0:
                    0a:05:b4:69:3f:85:c8:5c:12:c2:bc:9b:1e:98:5d:
                    02:2d:3c:2e:0b:6c:df:a3:3e:ff:07:58:98:f2:65:
                    28:82:14:3c:a9:4f:77:d7:b5:2e:22:d5:3a:52:81:
                    0a:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:B1:3F:E3:EF:3D:63:C8:33:76:4F:35:43:C9:8D:8A:B7:4B:B0:01
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/36D58E74C39611EFBA30A253762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.197.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:69:15:e7:56:78:c8:9f:7d:00:7e:0b:89:7e:c3:54:06:b6:
         be:53:be:12:df:1e:40:60:90:b4:3a:0e:59:f1:37:69:7f:b0:
         2a:46:21:38:97:b5:b2:ef:2f:a1:6c:1f:53:36:f0:d1:b0:4b:
         46:e5:ec:43:22:04:a5:eb:dd:7e:5c:b6:02:d0:00:4a:33:49:
         6d:65:60:bd:d4:65:3d:fd:94:72:1f:93:93:68:09:7c:04:23:
         c0:86:77:fa:5f:6d:bc:cb:a0:fb:ae:b5:2f:34:f4:1d:02:a3:
         59:a7:a3:f6:da:8b:cc:cb:ae:fc:ab:f1:ed:1e:16:a9:93:5f:
         b9:c6:d8:d6:4e:92:5a:64:16:30:ca:e3:4b:f9:38:dc:aa:0f:
         b6:96:22:41:aa:53:0e:84:fc:81:da:8a:2c:3f:c1:41:99:27:
         a7:82:58:1b:ee:5e:a7:d3:cc:15:12:9b:94:9f:68:ba:35:f0:
         1b:20:47:7a:89:3a:f9:b3:63:bd:47:3c:24:56:e0:fd:21:ea:
         eb:a4:23:d5:9f:fc:92:22:e2:9a:74:d1:a0:6b:28:8c:92:1b:
         3b:31:45:f2:dc:4c:3f:4d:47:5b:18:a0:f3:68:f1:cc:8d:40:
         10:8d:ab:2b:7d:57:b8:a5:2c:c1:26:37:44:bc:34:a6:c4:91:
         1f:53:a8:47
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIDAO0jMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjQxMjI2MTQzMjE3WhcNMjcxMjEyMTQzMjE3WjAYMRYw
FAYDVQQDEw02NzZkNjhmNC1mYzY5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAzh9JZZGYjTH/lalAw1cYLbijwrgzuC6MaHeUDaMP/DucaXvZzacKBis+
Vnrm0P6XNi3PdY/QOv8/53ZlZfcY1LbcIrEyR8Xg+KLDF1OPh7XCF0pezzSW1iOi
wgZbBzDJJ/1+lqwuQfS/B89TIC76QUYKKbe24Ng51ON1NCJylZ+gnfs1I6l44JeL
0Qk9lHTy8ymoTn0fVuTtIJMq1WUlw5B4ogjQEpABcx+YLmExG6UzX2LJEaTHnAjE
F0fLdirHAIVg35sbh8R6qqixMapVTbAKBbRpP4XIXBLCvJsemF0CLTwuC2zfoz7/
B1iY8mUoghQ8qU9317UuItU6UoEKNwIDAQABo4ICojCCAp4wHQYDVR0OBBYEFA6x
P+PvPWPIM3ZPNUPJjYq3S7ABMB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC8zNkQ1OEU3NEMzOTYxMUVGQkEzMEEyNTM3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALcUUMA0GCSqGSIb3DQEBCwUA
A4IBAQB0aRXnVnjIn30AfguJfsNUBra+U74S3x5AYJC0Og5Z8Tdpf7AqRiE4l7Wy
7y+hbB9TNvDRsEtG5exDIgSl691+XLYC0ABKM0ltZWC91GU9/ZRyH5OTaAl8BCPA
hnf6X228y6D7rrUvNPQdAqNZp6P22ovMy678q/HtHhapk1+5xtjWTpJaZBYwyuNL
+Tjcqg+2liJBqlMOhPyB2oosP8FBmSenglgb7l6n08wVEpuUn2i6NfAbIEd6iTr5
s2O9RzwkVuD9IerrpCPVn/ySIuKadNGgayiMkhs7MUXy3Ew/TUdbGKDzaPHMjUAQ
jasrfVe4pSzBJjdEvDSmxJEfU6hH
-----END CERTIFICATE-----