Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36A34E4/CC8FC36CDA3011EE9E6C98AA775412E6/567F89D6DC8911EEBB78BD90775412E6.roa
File:                     567F89D6DC8911EEBB78BD90775412E6.roa (raw, json)
Hash identifier:          pBig2owUfZyIkr3uW9+APtz3PdsIrgpES5Xh8kFsNWg=
Subject key identifier:   77:12:A5:6F:81:9D:D1:CA:83:1C:C8:5B:85:4A:97:C4:B0:F4:B0:BD
Certificate issuer:       /CN=F36A34E4AR/serialNumber=2C671F4259707027237540BF62265A2D97EB95CB
Certificate serial:       08
Authority key identifier: 2C:67:1F:42:59:70:70:27:23:75:40:BF:62:26:5A:2D:97:EB:95:CB
Authority info access:    rsync://rpki.afrinic.net/repository/arin/LGcfQllwcCcjdUC_YiZaLZfrlcs.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36A34E4/CC8FC36CDA3011EE9E6C98AA775412E6/567F89D6DC8911EEBB78BD90775412E6.roa
Signing time:             Thu 07 Mar 2024 13:48:12 +0000
ROA not before:           Thu 07 Mar 2024 13:48:08 +0000
ROA not after:            Fri 07 Mar 2025 13:48:08 +0000
asID:                     37613
IP address blocks:        169.239.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36A34E4/CC8FC36CDA3011EE9E6C98AA775412E6/LGcfQllwcCcjdUC_YiZaLZfrlcs.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36A34E4/CC8FC36CDA3011EE9E6C98AA775412E6/LGcfQllwcCcjdUC_YiZaLZfrlcs.mft
                          rsync://rpki.afrinic.net/repository/arin/LGcfQllwcCcjdUC_YiZaLZfrlcs.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:21:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8 (0x8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36A34E4AR/serialNumber=2C671F4259707027237540BF62265A2D97EB95CB
        Validity
            Not Before: Mar  7 13:48:08 2024 GMT
            Not After : Mar  7 13:48:08 2025 GMT
        Subject: CN=65e9c59b-6be7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:2f:07:eb:42:2a:ad:a7:63:e0:c8:ad:45:b4:
                    02:18:87:93:18:54:58:3d:c3:98:5c:70:ab:09:d6:
                    b7:c4:75:06:6a:12:ec:e3:b0:4f:4a:63:6f:10:6c:
                    30:4f:c3:e1:28:37:72:0d:c6:ac:16:80:d5:df:3d:
                    27:28:4b:2b:a6:5c:b3:53:21:38:1a:53:8f:59:bf:
                    7f:9a:2e:c5:64:4e:24:cf:ef:ad:1b:91:8b:81:65:
                    53:d8:80:6f:39:8f:5b:fa:b3:c5:87:e7:c9:4a:8a:
                    9a:fb:af:02:dc:a3:1b:19:a5:01:c4:ce:75:08:7e:
                    34:2a:1e:e5:5e:c6:4e:25:e6:b0:e2:b2:13:d6:4f:
                    32:48:52:f5:ea:ab:9e:16:29:fe:ca:fa:6a:75:8e:
                    dd:42:52:4c:8a:5a:d6:de:d1:fe:89:37:74:84:e1:
                    c6:a1:d0:ce:f5:03:11:fc:f8:44:b0:37:5e:02:c1:
                    3b:fc:c0:c2:1b:ab:9a:ce:a6:f9:a0:2a:cf:56:e0:
                    c8:8d:41:06:5d:8b:4c:11:17:49:34:65:8a:76:64:
                    8e:49:17:70:9d:77:77:50:cb:24:73:97:17:9f:cd:
                    0b:0f:b9:54:a2:78:23:c6:69:7a:46:a7:b2:d6:e8:
                    e0:3a:e9:ec:95:21:f0:ec:69:ed:9c:e3:a4:b1:96:
                    40:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:12:A5:6F:81:9D:D1:CA:83:1C:C8:5B:85:4A:97:C4:B0:F4:B0:BD
            X509v3 Authority Key Identifier:
                keyid:2C:67:1F:42:59:70:70:27:23:75:40:BF:62:26:5A:2D:97:EB:95:CB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36A34E4/CC8FC36CDA3011EE9E6C98AA775412E6/LGcfQllwcCcjdUC_YiZaLZfrlcs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/LGcfQllwcCcjdUC_YiZaLZfrlcs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36A34E4/CC8FC36CDA3011EE9E6C98AA775412E6/567F89D6DC8911EEBB78BD90775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  169.239.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:97:96:25:a9:2e:a6:55:1f:7c:f5:32:76:66:cd:ae:43:8a:
         1f:7c:62:44:25:bf:14:d8:11:57:f5:3a:0c:a4:b0:0e:26:59:
         c0:12:02:7c:4a:a9:7c:96:72:e0:3a:60:f0:c9:f7:6b:bf:e8:
         e6:cc:0d:1c:8d:05:e1:aa:3c:4e:ce:98:a9:48:19:f1:6b:df:
         18:13:dd:f3:ba:94:33:59:e6:8e:bf:0b:cd:ec:06:a7:67:c2:
         64:c6:fb:06:5d:ac:f2:ce:78:38:14:8f:df:b5:6f:67:ed:e9:
         59:04:65:99:45:68:f4:be:12:ad:0e:9e:4c:aa:5a:6a:a6:64:
         48:2f:2f:d1:cf:99:34:f9:42:98:fd:4f:e8:ca:65:b8:51:77:
         6f:3b:85:6e:86:f2:b8:5c:41:30:63:56:99:84:bc:0b:aa:8d:
         39:81:cb:b6:8a:5d:c0:dd:9a:2c:f1:5e:58:f6:45:d5:61:12:
         57:85:e7:17:2c:82:b1:79:f6:65:31:c6:bf:92:fe:c2:9e:1d:
         a8:12:44:31:7e:cd:b1:0c:ae:b9:a1:19:68:5d:d8:23:7b:5e:
         1f:d0:eb:03:f4:e3:b6:99:ad:d2:ad:15:db:a7:9b:27:dc:c2:
         e3:a6:d3:db:07:64:a4:47:53:e2:89:be:96:42:61:a5:38:ff:
         3b:5c:5c:73
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgIBCDANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzZB
MzRFNEFSMTEwLwYDVQQFEygyQzY3MUY0MjU5NzA3MDI3MjM3NTQwQkY2MjI2NUEy
RDk3RUI5NUNCMB4XDTI0MDMwNzEzNDgwOFoXDTI1MDMwNzEzNDgwOFowGDEWMBQG
A1UEAxMNNjVlOWM1OWItNmJlNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMAvB+tCKq2nY+DIrUW0AhiHkxhUWD3DmFxwqwnWt8R1BmoS7OOwT0pjbxBs
ME/D4Sg3cg3GrBaA1d89JyhLK6Zcs1MhOBpTj1m/f5ouxWROJM/vrRuRi4FlU9iA
bzmPW/qzxYfnyUqKmvuvAtyjGxmlAcTOdQh+NCoe5V7GTiXmsOKyE9ZPMkhS9eqr
nhYp/sr6anWO3UJSTIpa1t7R/ok3dIThxqHQzvUDEfz4RLA3XgLBO/zAwhurms6m
+aAqz1bgyI1BBl2LTBEXSTRlinZkjkkXcJ13d1DLJHOXF5/NCw+5VKJ4I8Zpekan
stbo4Drp7JUh8Oxp7ZzjpLGWQI8CAwEAAaOCAqIwggKeMB0GA1UdDgQWBBR3EqVv
gZ3RyoMcyFuFSpfEsPSwvTAfBgNVHSMEGDAWgBQsZx9CWXBwJyN1QL9iJlotl+uV
yzAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2QTM0RTQvQ0M4RkMzNkNEQTMwMTFFRTlFNkM5OEFBNzc1NDEyRTYvTEdjZlFs
bHdjQ2NqZFVDX1lpWmFMWmZybGNzLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2FyaW4v
TEdjZlFsbHdjQ2NqZFVDX1lpWmFMWmZybGNzLmNlcjBPBgNVHSABAf8ERTBDMEEG
CCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmljLm5l
dC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUFBzAL
hoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3Jl
cG9zaXRvcnkvRjM2QTM0RTQvQ0M4RkMzNkNEQTMwMTFFRTlFNkM5OEFBNzc1NDEy
RTYvNTY3Rjg5RDZEQzg5MTFFRUJCNzhCRDkwNzc1NDEyRTYucm9hMDUGCCsGAQUF
BzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAKnvvTANBgkqhkiG9w0BAQsFAAOC
AQEANJeWJakuplUffPUydmbNrkOKH3xiRCW/FNgRV/U6DKSwDiZZwBICfEqpfJZy
4Dpg8Mn3a7/o5swNHI0F4ao8Ts6YqUgZ8WvfGBPd87qUM1nmjr8LzewGp2fCZMb7
Bl2s8s54OBSP37VvZ+3pWQRlmUVo9L4SrQ6eTKpaaqZkSC8v0c+ZNPlCmP1P6Mpl
uFF3bzuFbobyuFxBMGNWmYS8C6qNOYHLtopdwN2aLPFeWPZF1WESV4XnFyyCsXn2
ZTHGv5L+wp4dqBJEMX7NsQyuuaEZaF3YI3teH9DrA/Tjtpmt0q0V26ebJ9zC46bT
2wdkpEdT4om+lkJhpTj/O1xccw==
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:05:19 2024 by rpki-client on console-ams.rpki-client.org