Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36B583C/5DF79C7C971511ED99F847B8F1222468/72E7E8FEC8B911EEB89ACB78775412E6.roa
File:                     72E7E8FEC8B911EEB89ACB78775412E6.roa (raw, json)
Hash identifier:          Pvc4b/7NdS42QY2a3R0WX4U0kcVQNihp6t9Dz0zhwVA=
Subject key identifier:   63:77:6D:7B:AD:52:6C:D5:62:93:3D:DE:0F:51:1E:0A:E5:12:73:49
Certificate issuer:       /CN=F36B583CAF/serialNumber=293E5CFF530308B7F0F6B89E13F70C64F5E1099A
Certificate serial:       01AF
Authority key identifier: 29:3E:5C:FF:53:03:08:B7:F0:F6:B8:9E:13:F7:0C:64:F5:E1:09:9A
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/KT5c_1MDCLfw9rieE_cMZPXhCZo.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36B583C/5DF79C7C971511ED99F847B8F1222468/72E7E8FEC8B911EEB89ACB78775412E6.roa
Signing time:             Sun 11 Feb 2024 08:42:12 +0000
ROA not before:           Sun 11 Feb 2024 08:42:08 +0000
ROA not after:            Tue 31 Dec 2024 08:42:08 +0000
asID:                     328615
IP address blocks:        2c0f:3200::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36B583C/5DF79C7C971511ED99F847B8F1222468/KT5c_1MDCLfw9rieE_cMZPXhCZo.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36B583C/5DF79C7C971511ED99F847B8F1222468/KT5c_1MDCLfw9rieE_cMZPXhCZo.mft
                          rsync://rpki.afrinic.net/repository/afrinic/KT5c_1MDCLfw9rieE_cMZPXhCZo.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Tue 18 Jun 2024 00:04:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 431 (0x1af)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36B583CAF/serialNumber=293E5CFF530308B7F0F6B89E13F70C64F5E1099A
        Validity
            Not Before: Feb 11 08:42:08 2024 GMT
            Not After : Dec 31 08:42:08 2024 GMT
        Subject: CN=65c88863-1797
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:5b:07:f8:1f:82:eb:50:94:e7:6a:bb:17:2e:
                    97:03:61:cb:5d:17:1d:14:24:0b:83:e3:55:8c:34:
                    0c:0d:07:9a:ca:83:9e:91:02:f8:da:70:22:53:57:
                    7d:db:e3:88:4b:09:81:b6:e4:7c:40:21:70:9c:12:
                    ab:c1:7b:58:01:0d:1d:03:b4:0b:65:09:c7:ec:30:
                    5a:77:71:6a:4c:02:0a:84:5b:53:e3:84:eb:bd:bf:
                    9d:bb:f8:f3:ad:be:f8:ee:c7:82:28:16:ca:7f:58:
                    83:c3:ee:75:8b:87:28:4d:fb:50:88:8f:6b:e8:77:
                    33:e9:6d:2b:f8:15:2a:ac:41:1b:bc:c5:49:20:37:
                    9f:cf:9f:56:f9:ec:ff:e8:ef:ce:7b:9d:59:29:ca:
                    1b:30:c0:d3:ad:ad:2a:f9:14:bd:54:a5:16:55:45:
                    31:f8:9c:d5:42:b5:48:9a:70:61:8b:49:47:1c:3e:
                    b6:46:ee:b7:29:8a:7e:84:7b:87:f7:5c:29:4c:56:
                    14:6c:e5:8a:48:07:58:be:c7:65:0b:0a:c7:56:c3:
                    a1:ff:18:a4:f7:dc:78:85:2e:69:f3:71:29:b9:8b:
                    68:00:93:d2:12:58:b5:bc:dc:8b:25:8c:c6:6f:74:
                    3d:10:ed:87:dd:a2:34:e3:32:81:b0:b3:a6:e1:0d:
                    36:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:77:6D:7B:AD:52:6C:D5:62:93:3D:DE:0F:51:1E:0A:E5:12:73:49
            X509v3 Authority Key Identifier:
                keyid:29:3E:5C:FF:53:03:08:B7:F0:F6:B8:9E:13:F7:0C:64:F5:E1:09:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36B583C/5DF79C7C971511ED99F847B8F1222468/KT5c_1MDCLfw9rieE_cMZPXhCZo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/KT5c_1MDCLfw9rieE_cMZPXhCZo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36B583C/5DF79C7C971511ED99F847B8F1222468/72E7E8FEC8B911EEB89ACB78775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2c0f:3200::/36

    Signature Algorithm: sha256WithRSAEncryption
         9f:b5:5a:19:b3:c2:4b:92:00:9d:c0:8a:e9:82:f5:de:17:dd:
         78:b7:6e:e1:e2:e7:24:49:72:4c:03:20:97:78:be:3f:70:97:
         40:1f:89:83:e5:12:48:32:18:05:c9:34:fc:b3:51:ae:74:cf:
         e0:73:d2:32:c2:7d:47:44:83:51:d5:29:0e:b7:0f:d6:79:42:
         89:61:b8:31:01:b0:23:1e:f0:7f:41:7e:01:a9:de:ab:c1:e9:
         70:c9:3c:f3:0d:b5:63:c4:9c:e7:12:3d:b2:12:10:f9:07:a0:
         da:d6:3d:89:25:05:07:e3:6f:d4:fa:3f:6b:3e:de:9a:53:55:
         96:74:84:c8:56:56:9f:0b:14:72:2c:3f:a8:90:00:4f:fe:fb:
         d7:d9:6f:b0:17:d5:84:47:ad:e1:35:69:4e:58:f1:53:77:6c:
         74:7d:82:1c:10:3a:80:ee:7a:6c:87:bf:7a:7a:c4:d9:8d:e0:
         15:b9:74:5a:5a:99:7e:ae:ee:a9:4e:b1:42:83:94:6d:15:10:
         1b:b3:65:90:4a:40:5d:6d:8f:1e:8c:75:f9:3a:e4:8e:c6:7f:
         35:58:69:be:e5:6c:f7:9b:fb:28:10:d8:78:f8:0e:a9:15:3f:
         da:bf:81:5e:5b:44:e5:14:3e:ae:6d:39:de:be:14:d4:42:c3:
         e2:b9:76:c6
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgICAa8wDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
QjU4M0NBRjExMC8GA1UEBRMoMjkzRTVDRkY1MzAzMDhCN0YwRjZCODlFMTNGNzBD
NjRGNUUxMDk5QTAeFw0yNDAyMTEwODQyMDhaFw0yNDEyMzEwODQyMDhaMBgxFjAU
BgNVBAMTDTY1Yzg4ODYzLTE3OTcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC4Wwf4H4LrUJTnarsXLpcDYctdFx0UJAuD41WMNAwNB5rKg56RAvjacCJT
V33b44hLCYG25HxAIXCcEqvBe1gBDR0DtAtlCcfsMFp3cWpMAgqEW1PjhOu9v527
+POtvvjux4IoFsp/WIPD7nWLhyhN+1CIj2vodzPpbSv4FSqsQRu8xUkgN5/Pn1b5
7P/o7857nVkpyhswwNOtrSr5FL1UpRZVRTH4nNVCtUiacGGLSUccPrZG7rcpin6E
e4f3XClMVhRs5YpIB1i+x2ULCsdWw6H/GKT33HiFLmnzcSm5i2gAk9ISWLW83Isl
jMZvdD0Q7YfdojTjMoGws6bhDTbNAgMBAAGjggKnMIICozAdBgNVHQ4EFgQUY3dt
e61SbNVikz3eD1EeCuUSc0kwHwYDVR0jBBgwFoAUKT5c/1MDCLfw9rieE/cMZPXh
CZowDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNkI1ODNDLzVERjc5QzdDOTcxNTExRUQ5OUY4NDdCOEYxMjIyNDY4L0tUNWNf
MU1EQ0xmdzlyaWVFX2NNWlBYaENaby5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL0tUNWNfMU1EQ0xmdzlyaWVFX2NNWlBYaENaby5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNkI1ODNDLzVERjc5QzdDOTcxNTExRUQ5OUY4NDdCOEYx
MjIyNDY4LzcyRTdFOEZFQzhCOTExRUVCODlBQ0I3ODc3NTQxMkU2LnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgQsDzIAADANBgkqhkiG9w0B
AQsFAAOCAQEAn7VaGbPCS5IAncCK6YL13hfdeLdu4eLnJElyTAMgl3i+P3CXQB+J
g+USSDIYBck0/LNRrnTP4HPSMsJ9R0SDUdUpDrcP1nlCiWG4MQGwIx7wf0F+Aane
q8HpcMk88w21Y8Sc5xI9shIQ+Qeg2tY9iSUFB+Nv1Po/az7emlNVlnSEyFZWnwsU
ciw/qJAAT/7719lvsBfVhEet4TVpTljxU3dsdH2CHBA6gO56bIe/enrE2Y3gFbl0
WlqZfq7uqU6xQoOUbRUQG7NlkEpAXW2PHox1+TrkjsZ/NVhpvuVs95v7KBDYePgO
qRU/2r+BXltE5RQ+rm053r4U1ELD4rl2xg==
-----END CERTIFICATE-----
Generated at Sun Jun 16 02:45:11 2024 by rpki-client on console-fra.rpki-client.org