Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36AA888/4B72B378886111E9A00E0863F8AEA228/58B26BA4886211E99B31DD63F8AEA228.roa
File:                     58B26BA4886211E99B31DD63F8AEA228.roa (raw, json)
Hash identifier:          nvT/Y3DEz1TX+5D/zLT7HQfvvtuHBy4pd0aYSFdPAvg=
Subject key identifier:   34:6F:1F:62:4D:CD:96:E3:10:7D:25:50:8E:3C:25:1E:C6:D9:63:6D
Certificate issuer:       /CN=F36AA888AR/serialNumber=E48DDA12F7DB403594178CA4B8ED46E662AF8ECC
Certificate serial:       02
Authority key identifier: E4:8D:DA:12:F7:DB:40:35:94:17:8C:A4:B8:ED:46:E6:62:AF:8E:CC
Authority info access:    rsync://rpki.afrinic.net/repository/arin/5I3aEvfbQDWUF4ykuO1G5mKvjsw.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36AA888/4B72B378886111E9A00E0863F8AEA228/58B26BA4886211E99B31DD63F8AEA228.roa
Signing time:             Thu 06 Jun 2019 13:52:48 +0000
ROA not before:           Thu 06 Jun 2019 13:52:34 +0000
ROA not after:            Wed 06 Jun 2029 13:52:34 +0000
asID:                     327824
IP address blocks:        169.159.224.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36AA888/4B72B378886111E9A00E0863F8AEA228/5I3aEvfbQDWUF4ykuO1G5mKvjsw.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36AA888/4B72B378886111E9A00E0863F8AEA228/5I3aEvfbQDWUF4ykuO1G5mKvjsw.mft
                          rsync://rpki.afrinic.net/repository/arin/5I3aEvfbQDWUF4ykuO1G5mKvjsw.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:21:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36AA888AR/serialNumber=E48DDA12F7DB403594178CA4B8ED46E662AF8ECC
        Validity
            Not Before: Jun  6 13:52:34 2019 GMT
            Not After : Jun  6 13:52:34 2029 GMT
        Subject: CN=5cf91ab0-e546
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:a4:a9:3e:be:a5:62:41:29:f9:40:a3:f8:6b:
                    cf:ef:d0:d2:c8:71:4f:99:05:37:05:96:21:3f:41:
                    ef:ad:3e:6d:18:f7:69:6c:6a:b3:77:fb:14:33:60:
                    51:d5:a9:9c:6e:22:16:f9:b2:c8:1f:c5:7c:a7:84:
                    e3:f4:b6:e4:a8:d9:53:2d:36:45:8e:37:ed:97:85:
                    1b:de:34:8a:4a:7e:cb:1d:5b:d6:73:a8:80:5c:dd:
                    b5:a4:d8:e3:c3:fb:2b:54:75:c9:ad:f8:d3:43:ff:
                    07:db:fe:97:8b:62:0b:86:39:43:d0:4f:87:a6:db:
                    e0:53:21:d3:39:c4:57:7d:06:ce:a4:4f:47:21:68:
                    fd:d7:c5:01:9a:f9:86:9d:c8:ab:d8:17:54:aa:1e:
                    cf:d1:29:e1:f3:98:ab:59:11:69:af:de:76:5c:83:
                    1a:64:58:0e:4c:49:96:5b:92:09:2a:de:c6:45:db:
                    52:b9:44:c5:48:c2:65:d3:bf:7c:5f:10:4a:9a:fa:
                    65:73:49:c7:e0:0c:d1:bc:9c:ac:d4:a7:c6:01:c6:
                    26:b3:a1:60:90:70:d2:14:ad:38:08:f9:44:8c:b6:
                    6c:b2:8a:ac:a7:73:80:c4:ce:34:ab:e4:00:52:d0:
                    5d:6e:04:0f:07:16:35:71:c7:1e:ec:7f:7d:ae:57:
                    ee:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:6F:1F:62:4D:CD:96:E3:10:7D:25:50:8E:3C:25:1E:C6:D9:63:6D
            X509v3 Authority Key Identifier:
                keyid:E4:8D:DA:12:F7:DB:40:35:94:17:8C:A4:B8:ED:46:E6:62:AF:8E:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36AA888/4B72B378886111E9A00E0863F8AEA228/5I3aEvfbQDWUF4ykuO1G5mKvjsw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/5I3aEvfbQDWUF4ykuO1G5mKvjsw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36AA888/4B72B378886111E9A00E0863F8AEA228/58B26BA4886211E99B31DD63F8AEA228.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  169.159.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         8c:bd:37:06:06:b8:8a:76:86:b4:51:d3:a1:9b:de:54:c9:c5:
         c9:90:79:fa:22:04:a5:16:60:c1:77:1d:c1:ac:a8:8c:18:dd:
         91:63:d9:3d:d2:7e:78:ad:05:a0:ec:43:bb:99:e3:d0:ea:1a:
         93:e8:22:7c:cf:d3:57:48:96:ad:cd:89:0f:db:51:77:46:3b:
         44:a0:ec:e1:de:e7:c5:1a:59:fd:55:f9:ec:e3:da:fd:b6:86:
         37:b6:92:12:a3:8b:75:bc:e9:cd:55:a9:98:00:23:e9:c2:aa:
         2d:af:eb:88:53:d0:15:d6:53:af:11:67:dd:a2:f6:7c:f3:e9:
         5b:5b:86:45:ab:47:ce:56:da:67:f5:5f:17:ad:8d:f9:96:0e:
         04:5d:de:64:3b:62:23:8a:64:d0:b2:af:52:f8:d2:44:5f:d6:
         82:f0:4c:cc:62:f1:80:31:b8:f1:f6:a5:5b:c5:67:35:58:4b:
         24:63:5d:f6:26:77:97:60:58:01:e3:cb:18:b8:2f:3b:f6:1a:
         aa:bd:54:26:dc:22:f5:9d:2b:47:68:43:69:7a:02:ac:9f:34:
         6b:9c:4f:a5:a8:2a:73:8c:55:3e:e5:90:af:f2:60:aa:ca:ec:
         c7:ad:06:2c:37:55:ef:04:66:cd:f6:27:e2:50:76:f9:20:ca:
         f4:86:06:40
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzZB
QTg4OEFSMTEwLwYDVQQFEyhFNDhEREExMkY3REI0MDM1OTQxNzhDQTRCOEVENDZF
NjYyQUY4RUNDMB4XDTE5MDYwNjEzNTIzNFoXDTI5MDYwNjEzNTIzNFowGDEWMBQG
A1UEAxMNNWNmOTFhYjAtZTU0NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN2kqT6+pWJBKflAo/hrz+/Q0shxT5kFNwWWIT9B760+bRj3aWxqs3f7FDNg
UdWpnG4iFvmyyB/FfKeE4/S25KjZUy02RY437ZeFG940ikp+yx1b1nOogFzdtaTY
48P7K1R1ya3400P/B9v+l4tiC4Y5Q9BPh6bb4FMh0znEV30GzqRPRyFo/dfFAZr5
hp3Iq9gXVKoez9Ep4fOYq1kRaa/edlyDGmRYDkxJlluSCSrexkXbUrlExUjCZdO/
fF8QSpr6ZXNJx+AM0bycrNSnxgHGJrOhYJBw0hStOAj5RIy2bLKKrKdzgMTONKvk
AFLQXW4EDwcWNXHHHux/fa5X7vsCAwEAAaOCAmswggJnMB0GA1UdDgQWBBQ0bx9i
Tc2W4xB9JVCOPCUextljbTAfBgNVHSMEGDAWgBTkjdoS99tANZQXjKS47UbmYq+O
zDAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2QUE4ODgvNEI3MkIzNzg4ODYxMTFFOUEwMEUwODYzRjhBRUEyMjgvNUkzYUV2
ZmJRRFdVRjR5a3VPMUc1bUt2anN3LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2FyaW4v
NUkzYUV2ZmJRRFdVRjR5a3VPMUc1bUt2anN3LmNlcjBPBgNVHSABAf8ERTBDMEEG
CCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmljLm5l
dC9wb2xpY3kvQ1BTLnBkZjCBpAYIKwYBBQUHAQsEgZcwgZQwgZEGCCsGAQUFBzAL
hoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3Jl
cG9zaXRvcnkvRjM2QUE4ODgvNEI3MkIzNzg4ODYxMTFFOUEwMEUwODYzRjhBRUEy
MjgvNThCMjZCQTQ4ODYyMTFFOTlCMzFERDYzRjhBRUEyMjgucm9hMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQFqZ/gMA0GCSqGSIb3DQEBCwUAA4IBAQCMvTcG
BriKdoa0UdOhm95UycXJkHn6IgSlFmDBdx3BrKiMGN2RY9k90n54rQWg7EO7mePQ
6hqT6CJ8z9NXSJatzYkP21F3RjtEoOzh3ufFGln9Vfns49r9toY3tpISo4t1vOnN
VamYACPpwqotr+uIU9AV1lOvEWfdovZ88+lbW4ZFq0fOVtpn9V8XrY35lg4EXd5k
O2IjimTQsq9S+NJEX9aC8EzMYvGAMbjx9qVbxWc1WEskY132JneXYFgB48sYuC87
9hqqvVQm3CL1nStHaENpegKsnzRrnE+lqCpzjFU+5ZCv8mCqyuzHrQYsN1XvBGbN
9ifiUHb5IMr0hgZA
-----END CERTIFICATE-----