Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36A7FC6/6C0765F6EE3911EDB951826A4AD9E6FC/A486AA4E42D411F0B4F8DBDEDAE4EC9C.roa
File:                     A486AA4E42D411F0B4F8DBDEDAE4EC9C.roa (raw, json)
Hash identifier:          4xKKYuuFJh/zKzeLBQTXL6axi1L1p5+TaD3uqW3PPwQ=
Subject key identifier:   2A:43:82:C0:F2:DB:92:7B:03:89:29:E0:1B:59:07:87:B1:FB:BD:AF
Certificate issuer:       /CN=F36A7FC6AR/serialNumber=B102D328DA3A4C5B416C27A83D5487902D0638FD
Certificate serial:       0311
Authority key identifier: B1:02:D3:28:DA:3A:4C:5B:41:6C:27:A8:3D:54:87:90:2D:06:38:FD
Authority info access:    rsync://rpki.afrinic.net/repository/arin/sQLTKNo6TFtBbCeoPVSHkC0GOP0.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36A7FC6/6C0765F6EE3911EDB951826A4AD9E6FC/A486AA4E42D411F0B4F8DBDEDAE4EC9C.roa
Signing time:             Fri 06 Jun 2025 12:49:11 +0000
ROA not before:           Fri 06 Jun 2025 12:49:06 +0000
ROA not after:            Sun 06 Jun 2027 12:49:06 +0000
asID:                     36864
IP address blocks:        165.90.208.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36A7FC6/6C0765F6EE3911EDB951826A4AD9E6FC/sQLTKNo6TFtBbCeoPVSHkC0GOP0.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36A7FC6/6C0765F6EE3911EDB951826A4AD9E6FC/sQLTKNo6TFtBbCeoPVSHkC0GOP0.mft
                          rsync://rpki.afrinic.net/repository/arin/sQLTKNo6TFtBbCeoPVSHkC0GOP0.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Wed 11 Jun 2025 00:26:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 785 (0x311)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36A7FC6AR, serialNumber=B102D328DA3A4C5B416C27A83D5487902D0638FD
        Validity
            Not Before: Jun  6 12:49:06 2025 GMT
            Not After : Jun  6 12:49:06 2027 GMT
        Subject: CN=6842e3c7-f0fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b0:ca:36:fc:05:e3:e0:54:9c:9a:6f:b4:f6:
                    e4:60:0c:39:b7:ee:10:3a:83:cc:21:de:13:6d:19:
                    57:ef:7e:2f:2d:1f:0a:04:71:3c:fa:27:0d:a0:7c:
                    58:49:c3:d9:0f:42:c4:40:b8:5c:0d:9e:f0:ff:ee:
                    80:50:04:f9:73:e6:66:c8:79:fd:6f:a7:3a:77:08:
                    47:bb:c8:93:58:e4:69:ea:a7:47:fb:e6:51:b7:75:
                    2e:60:9a:de:54:60:f5:04:c9:d4:c8:04:4f:51:8f:
                    be:e8:80:38:5b:54:bf:0b:2b:57:e9:8d:bd:20:79:
                    9e:7f:27:d3:8f:db:9f:5f:5e:60:9a:93:dc:f0:b3:
                    dd:ea:57:8a:b6:93:c6:d9:cb:ff:15:3d:d5:24:59:
                    f5:53:ff:05:8b:4f:b0:d4:f7:c1:ce:3a:74:d2:fe:
                    a6:ae:c3:cd:4a:f0:14:13:5a:5b:c0:b6:46:a1:e5:
                    39:e7:6f:5c:20:5b:40:40:3c:f3:e5:c1:2f:03:f7:
                    cd:29:91:df:9c:04:2e:e2:f3:74:8e:9d:52:c4:41:
                    7a:46:51:ff:83:da:55:4d:b2:d8:f1:f5:6f:56:eb:
                    5f:8f:f4:59:c6:8b:c0:66:34:4f:54:e0:c0:14:6a:
                    2d:ea:ee:fa:fd:a2:06:4d:46:22:3c:a2:0c:f8:08:
                    09:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:43:82:C0:F2:DB:92:7B:03:89:29:E0:1B:59:07:87:B1:FB:BD:AF
            X509v3 Authority Key Identifier:
                keyid:B1:02:D3:28:DA:3A:4C:5B:41:6C:27:A8:3D:54:87:90:2D:06:38:FD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36A7FC6/6C0765F6EE3911EDB951826A4AD9E6FC/sQLTKNo6TFtBbCeoPVSHkC0GOP0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/sQLTKNo6TFtBbCeoPVSHkC0GOP0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36A7FC6/6C0765F6EE3911EDB951826A4AD9E6FC/A486AA4E42D411F0B4F8DBDEDAE4EC9C.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.90.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         18:be:94:91:d3:70:4b:ac:76:1d:74:55:41:f2:39:e7:93:e5:
         48:dc:d9:6b:9a:32:88:4c:c8:c9:0e:40:31:4d:98:b2:a7:ca:
         a2:88:3e:77:ab:db:a5:28:9e:d3:16:ef:62:75:f8:c1:52:00:
         05:9e:93:b1:2e:a0:fb:7d:f0:88:b6:b7:41:14:7e:91:70:90:
         22:a8:d6:17:a7:c7:6b:e7:00:31:bb:b9:96:60:7d:26:e2:b6:
         a8:aa:3b:eb:bb:2a:5b:04:db:44:ef:20:fd:2e:1f:d5:f2:fd:
         a9:57:88:d5:e0:a2:4e:a1:c4:b8:fe:da:a5:55:22:8e:5a:ad:
         78:aa:8e:bc:1f:52:a0:29:03:6b:e2:b4:ca:de:45:c8:ad:d0:
         de:b6:10:c4:7b:59:af:90:93:b3:7d:48:3a:f2:c7:7c:c7:44:
         70:38:a5:b6:3d:33:88:c5:64:77:dc:5f:88:53:38:fe:32:a8:
         33:38:5b:6d:fd:fc:f2:f6:69:20:35:21:ba:94:3b:14:83:c1:
         17:6b:f1:28:97:61:b4:21:de:40:7a:db:c2:98:4e:9d:4e:16:
         0b:1d:4f:1d:41:f4:07:44:45:a0:83:88:87:4e:8c:4a:40:f1:
         b4:d7:5e:7e:cb:59:95:99:ef:79:63:9f:a3:d9:a8:7b:01:6c:
         4e:54:41:d5
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICAxEwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
QTdGQzZBUjExMC8GA1UEBRMoQjEwMkQzMjhEQTNBNEM1QjQxNkMyN0E4M0Q1NDg3
OTAyRDA2MzhGRDAeFw0yNTA2MDYxMjQ5MDZaFw0yNzA2MDYxMjQ5MDZaMBgxFjAU
BgNVBAMTDTY4NDJlM2M3LWYwZmQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDPsMo2/AXj4FScmm+09uRgDDm37hA6g8wh3hNtGVfvfi8tHwoEcTz6Jw2g
fFhJw9kPQsRAuFwNnvD/7oBQBPlz5mbIef1vpzp3CEe7yJNY5Gnqp0f75lG3dS5g
mt5UYPUEydTIBE9Rj77ogDhbVL8LK1fpjb0geZ5/J9OP259fXmCak9zws93qV4q2
k8bZy/8VPdUkWfVT/wWLT7DU98HOOnTS/qauw81K8BQTWlvAtkah5Tnnb1wgW0BA
PPPlwS8D980pkd+cBC7i83SOnVLEQXpGUf+D2lVNstjx9W9W61+P9FnGi8BmNE9U
4MAUai3q7vr9ogZNRiI8ogz4CAkVAgMBAAGjggKiMIICnjAdBgNVHQ4EFgQUKkOC
wPLbknsDiSngG1kHh7H7va8wHwYDVR0jBBgwFoAUsQLTKNo6TFtBbCeoPVSHkC0G
OP0wDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNkE3RkM2LzZDMDc2NUY2RUUzOTExRURCOTUxODI2QTRBRDlFNkZDL3NRTFRL
Tm82VEZ0QmJDZW9QVlNIa0MwR09QMC5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hcmlu
L3NRTFRLTm82VEZ0QmJDZW9QVlNIa0MwR09QMC5jZXIwTwYDVR0gAQH/BEUwQzBB
BggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5pYy5u
ZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEFBQcw
C4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9y
ZXBvc2l0b3J5L0YzNkE3RkM2LzZDMDc2NUY2RUUzOTExRURCOTUxODI2QTRBRDlF
NkZDL0E0ODZBQTRFNDJENDExRjBCNEY4REJERURBRTRFQzlDLnJvYTA1BggrBgEF
BQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54bWww
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBASlWtAwDQYJKoZIhvcNAQELBQAD
ggEBABi+lJHTcEusdh10VUHyOeeT5Ujc2WuaMohMyMkOQDFNmLKnyqKIPner26Uo
ntMW72J1+MFSAAWek7EuoPt98Ii2t0EUfpFwkCKo1henx2vnADG7uZZgfSbitqiq
O+u7KlsE20TvIP0uH9Xy/alXiNXgok6hxLj+2qVVIo5arXiqjrwfUqApA2vitMre
Rcit0N62EMR7Wa+Qk7N9SDryx3zHRHA4pbY9M4jFZHfcX4hTOP4yqDM4W239/PL2
aSA1IbqUOxSDwRdr8SiXYbQh3kB628KYTp1OFgsdTx1B9AdERaCDiIdOjEpA8bTX
Xn7LWZWZ73ljn6PZqHsBbE5UQdU=
-----END CERTIFICATE-----
Generated at Mon Jun 9 12:45:03 2025 by rpki-client