Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36A34E4/CC8FC36CDA3011EE9E6C98AA775412E6/8CB4BB16DC8911EE96E72C91775412E6.roa
File:                     8CB4BB16DC8911EE96E72C91775412E6.roa (raw, json)
Hash identifier:          jjvGFLq56kIKKGmS1SZkzqZcQpXvKdb9amlgWLnyYAE=
Subject key identifier:   FD:7C:56:0A:0C:65:93:46:67:18:F3:9D:9B:F7:36:0D:F3:38:EE:2E
Certificate issuer:       /CN=F36A34E4AR/serialNumber=2C671F4259707027237540BF62265A2D97EB95CB
Certificate serial:       0A
Authority key identifier: 2C:67:1F:42:59:70:70:27:23:75:40:BF:62:26:5A:2D:97:EB:95:CB
Authority info access:    rsync://rpki.afrinic.net/repository/arin/LGcfQllwcCcjdUC_YiZaLZfrlcs.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36A34E4/CC8FC36CDA3011EE9E6C98AA775412E6/8CB4BB16DC8911EE96E72C91775412E6.roa
Signing time:             Thu 07 Mar 2024 13:49:42 +0000
ROA not before:           Thu 07 Mar 2024 13:49:39 +0000
ROA not after:            Fri 07 Mar 2025 13:49:39 +0000
asID:                     37613
IP address blocks:        169.239.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36A34E4/CC8FC36CDA3011EE9E6C98AA775412E6/LGcfQllwcCcjdUC_YiZaLZfrlcs.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36A34E4/CC8FC36CDA3011EE9E6C98AA775412E6/LGcfQllwcCcjdUC_YiZaLZfrlcs.mft
                          rsync://rpki.afrinic.net/repository/arin/LGcfQllwcCcjdUC_YiZaLZfrlcs.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:21:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10 (0xa)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36A34E4AR/serialNumber=2C671F4259707027237540BF62265A2D97EB95CB
        Validity
            Not Before: Mar  7 13:49:39 2024 GMT
            Not After : Mar  7 13:49:39 2025 GMT
        Subject: CN=65e9c5f6-71c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:69:bd:b4:44:cf:b3:3b:e2:f8:7b:cb:66:e2:
                    89:01:03:20:92:10:56:29:cc:f3:72:8c:c6:b6:0d:
                    a6:7f:89:51:b2:48:bb:65:2a:9f:99:5a:19:83:9a:
                    0a:74:db:f9:31:89:98:09:b0:22:67:d2:fa:9e:a1:
                    2d:5c:e2:37:6b:84:0b:69:00:fc:f0:d1:99:29:b2:
                    dc:1d:45:dd:45:29:a9:44:bb:05:e4:a5:73:32:8f:
                    fc:8d:c0:cf:f3:47:1e:ee:c7:8e:1e:39:9e:29:61:
                    fa:c4:19:41:da:6c:7f:35:5d:9d:53:ab:e8:f7:80:
                    32:e5:01:e3:89:0d:39:85:6c:72:e3:b0:cf:ff:87:
                    4a:0c:c2:b5:f0:9a:ea:b2:56:f2:f9:96:6e:4a:dd:
                    1d:98:b9:38:0e:93:fb:b8:fe:d3:a3:78:38:f1:16:
                    e7:ef:72:7e:6d:27:48:1e:b9:57:80:9a:4e:88:df:
                    a5:7a:3a:d2:f7:16:dd:55:1a:a5:e4:9f:4f:9e:71:
                    17:79:92:25:fe:12:da:04:d2:5e:42:85:fc:53:e7:
                    1a:e6:f3:b7:cd:36:c2:e4:29:24:75:5f:7d:a0:83:
                    9d:0a:72:4d:fd:ee:16:3c:de:90:ea:3c:b0:e0:b2:
                    67:07:09:bb:ea:1d:77:db:46:5a:b6:c1:d4:28:3f:
                    bf:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:7C:56:0A:0C:65:93:46:67:18:F3:9D:9B:F7:36:0D:F3:38:EE:2E
            X509v3 Authority Key Identifier:
                keyid:2C:67:1F:42:59:70:70:27:23:75:40:BF:62:26:5A:2D:97:EB:95:CB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36A34E4/CC8FC36CDA3011EE9E6C98AA775412E6/LGcfQllwcCcjdUC_YiZaLZfrlcs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/LGcfQllwcCcjdUC_YiZaLZfrlcs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36A34E4/CC8FC36CDA3011EE9E6C98AA775412E6/8CB4BB16DC8911EE96E72C91775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  169.239.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:95:fc:9b:fb:f7:27:ee:a1:6f:65:ea:1a:12:51:12:0a:bf:
         5c:5b:39:71:81:a2:d6:50:22:2e:5a:b5:e2:6d:55:76:81:7b:
         6d:c8:b6:3e:2f:a0:81:3e:85:ee:cf:b2:8e:c7:36:c1:ee:35:
         7c:7c:97:a5:1d:64:63:8f:f3:77:83:84:85:1e:cd:9c:1f:5d:
         69:e4:8e:2c:a6:b0:34:71:dd:96:8c:94:c4:b4:97:27:75:a7:
         56:49:10:59:d8:37:44:30:fc:17:96:3c:98:fe:bb:49:a1:43:
         da:3a:44:d9:65:5b:fb:7f:22:5b:89:19:8f:67:27:81:ae:81:
         cf:5a:28:a8:f8:5c:3d:7a:df:8b:d0:cd:a8:1c:31:75:f9:1b:
         a0:c6:45:d3:a9:f5:7e:07:d4:08:83:23:3e:6c:2d:f1:cb:e5:
         16:36:db:55:e4:c1:c7:af:f6:2d:74:de:2a:f5:3d:44:9a:5e:
         50:34:dc:8a:83:e8:a6:5a:11:94:02:19:bd:c6:1b:08:fe:6f:
         06:e6:12:2b:00:be:48:c3:7e:73:99:b9:ec:90:c5:fe:07:79:
         1a:f1:f0:7b:83:08:0f:68:b2:fc:5d:08:67:91:41:26:98:5e:
         07:56:89:22:f7:46:21:88:ae:92:b7:30:2b:d6:19:ac:c3:35:
         01:69:32:b0
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgIBCjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzZB
MzRFNEFSMTEwLwYDVQQFEygyQzY3MUY0MjU5NzA3MDI3MjM3NTQwQkY2MjI2NUEy
RDk3RUI5NUNCMB4XDTI0MDMwNzEzNDkzOVoXDTI1MDMwNzEzNDkzOVowGDEWMBQG
A1UEAxMNNjVlOWM1ZjYtNzFjMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALhpvbREz7M74vh7y2biiQEDIJIQVinM83KMxrYNpn+JUbJIu2Uqn5laGYOa
CnTb+TGJmAmwImfS+p6hLVziN2uEC2kA/PDRmSmy3B1F3UUpqUS7BeSlczKP/I3A
z/NHHu7Hjh45nilh+sQZQdpsfzVdnVOr6PeAMuUB44kNOYVscuOwz/+HSgzCtfCa
6rJW8vmWbkrdHZi5OA6T+7j+06N4OPEW5+9yfm0nSB65V4CaTojfpXo60vcW3VUa
peSfT55xF3mSJf4S2gTSXkKF/FPnGubzt802wuQpJHVffaCDnQpyTf3uFjzekOo8
sOCyZwcJu+odd9tGWrbB1Cg/v5MCAwEAAaOCAqIwggKeMB0GA1UdDgQWBBT9fFYK
DGWTRmcY852b9zYN8zjuLjAfBgNVHSMEGDAWgBQsZx9CWXBwJyN1QL9iJlotl+uV
yzAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2QTM0RTQvQ0M4RkMzNkNEQTMwMTFFRTlFNkM5OEFBNzc1NDEyRTYvTEdjZlFs
bHdjQ2NqZFVDX1lpWmFMWmZybGNzLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2FyaW4v
TEdjZlFsbHdjQ2NqZFVDX1lpWmFMWmZybGNzLmNlcjBPBgNVHSABAf8ERTBDMEEG
CCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmljLm5l
dC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUFBzAL
hoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3Jl
cG9zaXRvcnkvRjM2QTM0RTQvQ0M4RkMzNkNEQTMwMTFFRTlFNkM5OEFBNzc1NDEy
RTYvOENCNEJCMTZEQzg5MTFFRTk2RTcyQzkxNzc1NDEyRTYucm9hMDUGCCsGAQUF
BzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAKnvvjANBgkqhkiG9w0BAQsFAAOC
AQEAkZX8m/v3J+6hb2XqGhJREgq/XFs5cYGi1lAiLlq14m1VdoF7bci2Pi+ggT6F
7s+yjsc2we41fHyXpR1kY4/zd4OEhR7NnB9daeSOLKawNHHdloyUxLSXJ3WnVkkQ
Wdg3RDD8F5Y8mP67SaFD2jpE2WVb+38iW4kZj2cnga6Bz1ooqPhcPXrfi9DNqBwx
dfkboMZF06n1fgfUCIMjPmwt8cvlFjbbVeTBx6/2LXTeKvU9RJpeUDTcioPoploR
lAIZvcYbCP5vBuYSKwC+SMN+c5m57JDF/gd5GvHwe4MID2iy/F0IZ5FBJpheB1aJ
IvdGIYiukrcwK9YZrMM1AWkysA==
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:05:19 2024 by rpki-client on console-ams.rpki-client.org