Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36A2303/78CB6F96594311EA8E2E6161F8AEA228/21886F0EB6A911EA91807C30F8AEA228.roa
File:                     21886F0EB6A911EA91807C30F8AEA228.roa (raw, json)
Hash identifier:          TV2ABY5r46tKbY4VJ67UTwENeFi5pRfNFMuvJZMh1Ig=
Subject key identifier:   B2:01:7A:D1:53:41:E9:8B:1F:D2:14:CC:CC:3A:17:71:6E:5D:8C:79
Certificate issuer:       /CN=F36A2303AR/serialNumber=AF035FC490695DAFB796F9C7375F738A3112FC3B
Certificate serial:       8A
Authority key identifier: AF:03:5F:C4:90:69:5D:AF:B7:96:F9:C7:37:5F:73:8A:31:12:FC:3B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/rwNfxJBpXa-3lvnHN19zijES_Ds.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36A2303/78CB6F96594311EA8E2E6161F8AEA228/21886F0EB6A911EA91807C30F8AEA228.roa
Signing time:             Thu 25 Jun 2020 06:00:12 +0000
ROA not before:           Thu 25 Jun 2020 06:00:07 +0000
ROA not after:            Sat 01 Jun 2030 06:00:07 +0000
asID:                     328631
IP address blocks:        156.0.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36A2303/78CB6F96594311EA8E2E6161F8AEA228/rwNfxJBpXa-3lvnHN19zijES_Ds.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36A2303/78CB6F96594311EA8E2E6161F8AEA228/rwNfxJBpXa-3lvnHN19zijES_Ds.mft
                          rsync://rpki.afrinic.net/repository/arin/rwNfxJBpXa-3lvnHN19zijES_Ds.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sat 30 Mar 2024 00:16:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 138 (0x8a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36A2303AR/serialNumber=AF035FC490695DAFB796F9C7375F738A3112FC3B
        Validity
            Not Before: Jun 25 06:00:07 2020 GMT
            Not After : Jun  1 06:00:07 2030 GMT
        Subject: CN=5ef43d6c-ffa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:5a:a8:e3:a0:de:e1:7f:e1:84:8d:8c:93:90:
                    76:62:5d:2f:e1:f5:9d:0d:ac:48:b8:ce:0b:bc:4b:
                    a5:54:df:7a:d5:02:be:1a:0f:31:b4:c1:84:9e:11:
                    46:a1:75:33:75:42:5b:79:95:1d:64:ce:ce:0f:26:
                    b6:73:45:8c:2d:d3:ba:68:6a:57:6c:c9:22:be:56:
                    63:12:aa:6c:47:5f:e7:95:e5:29:75:1e:60:c8:61:
                    2c:7a:c5:fa:d9:c1:87:0b:60:9b:71:dd:2e:61:0a:
                    5f:0e:6d:79:a7:b2:e1:17:08:98:6f:cf:39:b3:ed:
                    c9:74:b9:6c:34:95:ad:69:46:b9:17:15:2f:21:98:
                    de:cc:1b:52:14:fa:13:1b:3b:3a:75:ff:99:2f:ef:
                    2c:18:f0:c3:90:62:4d:14:bc:d4:1f:45:db:84:9f:
                    4c:c5:c4:5d:ad:12:cb:93:a8:85:db:61:45:d7:25:
                    c0:5a:da:67:60:72:86:2b:30:d2:19:bd:f3:45:85:
                    89:a3:6b:64:0e:f6:b4:95:02:9b:f4:55:17:3d:c6:
                    02:34:13:c5:66:d8:a1:09:2a:3e:5d:a5:4c:e9:fc:
                    10:47:e9:6c:8c:5b:77:5e:79:85:38:76:89:9f:f0:
                    1f:ef:09:0f:70:9c:8b:55:6b:3e:f2:15:df:57:2d:
                    1d:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:01:7A:D1:53:41:E9:8B:1F:D2:14:CC:CC:3A:17:71:6E:5D:8C:79
            X509v3 Authority Key Identifier:
                keyid:AF:03:5F:C4:90:69:5D:AF:B7:96:F9:C7:37:5F:73:8A:31:12:FC:3B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36A2303/78CB6F96594311EA8E2E6161F8AEA228/rwNfxJBpXa-3lvnHN19zijES_Ds.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/rwNfxJBpXa-3lvnHN19zijES_Ds.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36A2303/78CB6F96594311EA8E2E6161F8AEA228/21886F0EB6A911EA91807C30F8AEA228.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.0.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:d4:22:ca:54:51:72:5a:e9:f5:60:73:5f:33:00:e4:78:e4:
         85:37:05:12:7d:2b:8f:b6:51:99:86:09:98:3e:85:d9:76:6d:
         46:72:fa:0e:f8:46:92:fb:4b:19:86:14:c1:24:5a:a4:c3:c8:
         42:6a:30:49:57:fb:48:4a:72:c2:11:9f:46:39:16:df:23:7b:
         dc:09:b0:04:a4:b5:f9:60:76:8f:54:f2:a7:e9:61:87:3d:37:
         73:da:10:df:58:70:72:01:9b:02:a8:9c:09:f9:d3:7f:5f:06:
         2d:26:d6:52:fa:18:71:b1:4a:d7:14:36:29:40:1c:66:4d:6f:
         69:13:4a:01:ef:2e:4c:01:7b:cb:3d:f8:d8:16:0d:af:a1:95:
         1f:b1:10:ac:60:a6:94:89:2a:26:50:da:06:b4:2e:4b:13:0a:
         76:7a:77:6d:09:e3:bf:32:56:49:a3:d2:9f:d0:ca:8b:fe:e8:
         ac:df:3b:6b:38:28:3a:6c:e5:33:67:50:7c:ed:f2:26:7b:db:
         f4:d7:33:79:5f:1f:91:80:bc:4a:23:c0:33:cc:e3:d9:7d:30:
         9f:9d:10:d3:c8:ce:c3:60:ec:5f:8f:b2:d9:0f:16:f0:d5:94:
         cc:e5:0d:4f:36:76:6b:af:47:9d:22:ba:01:8b:5d:f0:a0:65:
         ad:53:9d:9a
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICAIowDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
QTIzMDNBUjExMC8GA1UEBRMoQUYwMzVGQzQ5MDY5NURBRkI3OTZGOUM3Mzc1Rjcz
OEEzMTEyRkMzQjAeFw0yMDA2MjUwNjAwMDdaFw0zMDA2MDEwNjAwMDdaMBgxFjAU
BgNVBAMTDTVlZjQzZDZjLWZmYTkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7WqjjoN7hf+GEjYyTkHZiXS/h9Z0NrEi4zgu8S6VU33rVAr4aDzG0wYSe
EUahdTN1Qlt5lR1kzs4PJrZzRYwt07poaldsySK+VmMSqmxHX+eV5Sl1HmDIYSx6
xfrZwYcLYJtx3S5hCl8ObXmnsuEXCJhvzzmz7cl0uWw0la1pRrkXFS8hmN7MG1IU
+hMbOzp1/5kv7ywY8MOQYk0UvNQfRduEn0zFxF2tEsuTqIXbYUXXJcBa2mdgcoYr
MNIZvfNFhYmja2QO9rSVApv0VRc9xgI0E8Vm2KEJKj5dpUzp/BBH6WyMW3deeYU4
domf8B/vCQ9wnItVaz7yFd9XLR3bAgMBAAGjggKiMIICnjAdBgNVHQ4EFgQUsgF6
0VNB6Ysf0hTMzDoXcW5djHkwHwYDVR0jBBgwFoAUrwNfxJBpXa+3lvnHN19zijES
/DswDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNkEyMzAzLzc4Q0I2Rjk2NTk0MzExRUE4RTJFNjE2MUY4QUVBMjI4L3J3TmZ4
SkJwWGEtM2x2bkhOMTl6aWpFU19Ecy5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hcmlu
L3J3TmZ4SkJwWGEtM2x2bkhOMTl6aWpFU19Ecy5jZXIwTwYDVR0gAQH/BEUwQzBB
BggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5pYy5u
ZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEFBQcw
C4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9y
ZXBvc2l0b3J5L0YzNkEyMzAzLzc4Q0I2Rjk2NTk0MzExRUE4RTJFNjE2MUY4QUVB
MjI4LzIxODg2RjBFQjZBOTExRUE5MTgwN0MzMEY4QUVBMjI4LnJvYTA1BggrBgEF
BQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54bWww
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACcAO0wDQYJKoZIhvcNAQELBQAD
ggEBAMDUIspUUXJa6fVgc18zAOR45IU3BRJ9K4+2UZmGCZg+hdl2bUZy+g74RpL7
SxmGFMEkWqTDyEJqMElX+0hKcsIRn0Y5Ft8je9wJsASktflgdo9U8qfpYYc9N3Pa
EN9YcHIBmwKonAn5039fBi0m1lL6GHGxStcUNilAHGZNb2kTSgHvLkwBe8s9+NgW
Da+hlR+xEKxgppSJKiZQ2ga0LksTCnZ6d20J478yVkmj0p/Qyov+6KzfO2s4KDps
5TNnUHzt8iZ72/TXM3lfH5GAvEojwDPM49l9MJ+dENPIzsNg7F+PstkPFvDVlMzl
DU82dmuvR50iugGLXfCgZa1TnZo=
-----END CERTIFICATE-----
Generated at Thu Mar 28 01:52:53 2024 by rpki-client on console-fra.rpki-client.org