Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36A2303/78CB6F96594311EA8E2E6161F8AEA228/443B4FD0B6A911EA8BB19A30F8AEA228.roa
File:                     443B4FD0B6A911EA8BB19A30F8AEA228.roa (raw, json)
Hash identifier:          DtlptNQu9HFFByv5u/iYfT6/AVvlDXCMfH1RWr1fnig=
Subject key identifier:   AB:15:F7:D2:98:21:C0:28:06:74:42:9B:8F:6C:4E:57:3B:25:12:0C
Certificate issuer:       /CN=F36A2303AR/serialNumber=AF035FC490695DAFB796F9C7375F738A3112FC3B
Certificate serial:       8C
Authority key identifier: AF:03:5F:C4:90:69:5D:AF:B7:96:F9:C7:37:5F:73:8A:31:12:FC:3B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/rwNfxJBpXa-3lvnHN19zijES_Ds.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36A2303/78CB6F96594311EA8E2E6161F8AEA228/443B4FD0B6A911EA8BB19A30F8AEA228.roa
Signing time:             Thu 25 Jun 2020 06:01:10 +0000
ROA not before:           Thu 25 Jun 2020 06:01:06 +0000
ROA not after:            Sat 01 Jun 2030 06:01:06 +0000
asID:                     328631
IP address blocks:        156.0.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36A2303/78CB6F96594311EA8E2E6161F8AEA228/rwNfxJBpXa-3lvnHN19zijES_Ds.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36A2303/78CB6F96594311EA8E2E6161F8AEA228/rwNfxJBpXa-3lvnHN19zijES_Ds.mft
                          rsync://rpki.afrinic.net/repository/arin/rwNfxJBpXa-3lvnHN19zijES_Ds.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:21:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 140 (0x8c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36A2303AR/serialNumber=AF035FC490695DAFB796F9C7375F738A3112FC3B
        Validity
            Not Before: Jun 25 06:01:06 2020 GMT
            Not After : Jun  1 06:01:06 2030 GMT
        Subject: CN=5ef43da6-f3f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:36:01:51:55:5e:00:17:43:cc:5f:9e:db:e0:
                    55:54:19:95:7a:d2:fc:98:51:40:85:d6:94:f5:50:
                    fd:c3:91:be:38:be:4e:ff:36:4d:d0:b6:f1:4c:82:
                    27:53:ab:2d:6f:e1:3a:4d:42:56:5e:6b:97:e8:10:
                    d7:e0:32:a2:eb:98:3a:5a:12:e4:f5:31:1f:08:f2:
                    bd:cf:39:d9:b1:df:aa:69:58:ac:e2:8d:96:95:b1:
                    98:9e:5c:83:af:22:21:f6:11:4b:20:9e:f5:2a:07:
                    ed:b2:ad:10:eb:f7:09:a1:7d:7d:f2:87:ec:7b:d1:
                    d5:55:db:65:76:75:91:26:5a:8d:4a:1d:72:1c:d3:
                    f1:68:33:98:b3:79:96:1b:33:a6:6e:5c:e3:a1:81:
                    95:dd:1c:0e:7e:e5:bf:57:33:34:94:21:0b:79:7d:
                    46:5e:d0:d1:c9:ca:35:95:0b:72:fa:db:97:df:91:
                    76:ce:2b:19:7b:7f:33:68:35:bc:0c:54:26:c2:79:
                    75:3d:e2:91:30:a0:da:49:52:87:58:51:6f:e3:9f:
                    84:1b:4c:81:d8:64:c4:d5:62:4c:7f:b1:e3:20:8b:
                    93:d5:7c:1e:46:5f:e4:90:39:e9:8e:58:f2:d4:73:
                    15:f1:d8:62:0a:fa:11:ec:c8:3c:77:41:3b:3e:58:
                    d8:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:15:F7:D2:98:21:C0:28:06:74:42:9B:8F:6C:4E:57:3B:25:12:0C
            X509v3 Authority Key Identifier:
                keyid:AF:03:5F:C4:90:69:5D:AF:B7:96:F9:C7:37:5F:73:8A:31:12:FC:3B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36A2303/78CB6F96594311EA8E2E6161F8AEA228/rwNfxJBpXa-3lvnHN19zijES_Ds.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/rwNfxJBpXa-3lvnHN19zijES_Ds.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36A2303/78CB6F96594311EA8E2E6161F8AEA228/443B4FD0B6A911EA8BB19A30F8AEA228.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.0.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:81:d0:22:e7:f8:f5:dd:49:cd:68:8a:69:ca:ad:56:30:64:
         31:3a:bd:b0:6b:aa:ce:89:4c:e6:c3:81:f4:52:6b:19:a4:35:
         c8:ee:79:b1:cb:19:3f:9b:5d:f9:77:d9:6f:93:e8:9a:8c:dd:
         fb:c8:a6:7b:5f:65:7e:0b:4b:f8:db:1c:07:83:77:59:61:aa:
         6d:2b:4e:a8:91:ff:39:10:2b:3e:83:7b:c7:a0:35:68:24:65:
         06:fc:60:26:45:0a:c4:9d:35:03:32:85:ab:a8:00:d1:86:10:
         b5:6f:54:2f:4f:b2:55:66:ae:ad:7f:07:ae:24:22:a9:d5:fd:
         d0:2a:6f:3c:e0:b2:47:54:5f:d9:ec:f3:f3:92:5a:09:5f:57:
         71:92:ca:cb:dc:c0:2b:6e:50:3b:69:c8:9f:24:cd:96:80:69:
         00:93:a1:98:16:ef:44:59:d4:5d:28:59:92:b6:e4:1c:25:ce:
         4e:65:a1:e4:5c:69:c1:09:c2:05:63:27:e5:fd:81:ce:71:41:
         86:ea:a4:b2:44:0a:07:3d:a2:af:c4:9b:c4:d7:fe:29:14:cc:
         b4:d6:1c:57:03:9c:7c:22:6b:66:3c:a2:89:be:a2:11:2d:32:
         2f:53:74:81:04:6a:c7:af:a2:53:50:69:61:5e:52:81:18:5e:
         5a:b7:6d:5d
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICAIwwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
QTIzMDNBUjExMC8GA1UEBRMoQUYwMzVGQzQ5MDY5NURBRkI3OTZGOUM3Mzc1Rjcz
OEEzMTEyRkMzQjAeFw0yMDA2MjUwNjAxMDZaFw0zMDA2MDEwNjAxMDZaMBgxFjAU
BgNVBAMTDTVlZjQzZGE2LWYzZjgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDMNgFRVV4AF0PMX57b4FVUGZV60vyYUUCF1pT1UP3Dkb44vk7/Nk3QtvFM
gidTqy1v4TpNQlZea5foENfgMqLrmDpaEuT1MR8I8r3POdmx36ppWKzijZaVsZie
XIOvIiH2EUsgnvUqB+2yrRDr9wmhfX3yh+x70dVV22V2dZEmWo1KHXIc0/FoM5iz
eZYbM6ZuXOOhgZXdHA5+5b9XMzSUIQt5fUZe0NHJyjWVC3L625ffkXbOKxl7fzNo
NbwMVCbCeXU94pEwoNpJUodYUW/jn4QbTIHYZMTVYkx/seMgi5PVfB5GX+SQOemO
WPLUcxXx2GIK+hHsyDx3QTs+WNhhAgMBAAGjggKiMIICnjAdBgNVHQ4EFgQUqxX3
0pghwCgGdEKbj2xOVzslEgwwHwYDVR0jBBgwFoAUrwNfxJBpXa+3lvnHN19zijES
/DswDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNkEyMzAzLzc4Q0I2Rjk2NTk0MzExRUE4RTJFNjE2MUY4QUVBMjI4L3J3TmZ4
SkJwWGEtM2x2bkhOMTl6aWpFU19Ecy5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hcmlu
L3J3TmZ4SkJwWGEtM2x2bkhOMTl6aWpFU19Ecy5jZXIwTwYDVR0gAQH/BEUwQzBB
BggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5pYy5u
ZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEFBQcw
C4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9y
ZXBvc2l0b3J5L0YzNkEyMzAzLzc4Q0I2Rjk2NTk0MzExRUE4RTJFNjE2MUY4QUVB
MjI4LzQ0M0I0RkQwQjZBOTExRUE4QkIxOUEzMEY4QUVBMjI4LnJvYTA1BggrBgEF
BQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54bWww
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACcAO4wDQYJKoZIhvcNAQELBQAD
ggEBAIiB0CLn+PXdSc1oimnKrVYwZDE6vbBrqs6JTObDgfRSaxmkNcjuebHLGT+b
Xfl32W+T6JqM3fvIpntfZX4LS/jbHAeDd1lhqm0rTqiR/zkQKz6De8egNWgkZQb8
YCZFCsSdNQMyhauoANGGELVvVC9PslVmrq1/B64kIqnV/dAqbzzgskdUX9ns8/OS
WglfV3GSysvcwCtuUDtpyJ8kzZaAaQCToZgW70RZ1F0oWZK25Bwlzk5loeRcacEJ
wgVjJ+X9gc5xQYbqpLJECgc9oq/Em8TX/ikUzLTWHFcDnHwia2Y8oom+ohEtMi9T
dIEEasevolNQaWFeUoEYXlq3bV0=
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:10:14 2024 by rpki-client on console-fra.rpki-client.org