Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36B95DE/1138F8B2CA5E11EA93FAF884F8AEA228/D0C0ABF8CA5E11EAB567CE85F8AEA228.roa
File:                     D0C0ABF8CA5E11EAB567CE85F8AEA228.roa (raw, json)
Hash identifier:          ynXcFOQd3R7EbSd50GZihRiiSJvK2sTmwunIuzMYoks=
Subject key identifier:   32:E0:3F:F2:4B:55:A6:A9:74:33:26:69:F1:6D:B7:B8:98:9B:7E:BA
Certificate issuer:       /CN=F36B95DEAR/serialNumber=3EE1A342951BC120226271F30B850A877E7AA19B
Certificate serial:       02
Authority key identifier: 3E:E1:A3:42:95:1B:C1:20:22:62:71:F3:0B:85:0A:87:7E:7A:A1:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/PuGjQpUbwSAiYnHzC4UKh356oZs.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36B95DE/1138F8B2CA5E11EA93FAF884F8AEA228/D0C0ABF8CA5E11EAB567CE85F8AEA228.roa
Signing time:             Mon 20 Jul 2020 07:58:37 +0000
ROA not before:           Mon 20 Jul 2020 07:58:32 +0000
ROA not after:            Sat 20 Jul 2030 07:58:32 +0000
asID:                     327849
IP address blocks:        45.222.0.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36B95DE/1138F8B2CA5E11EA93FAF884F8AEA228/PuGjQpUbwSAiYnHzC4UKh356oZs.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36B95DE/1138F8B2CA5E11EA93FAF884F8AEA228/PuGjQpUbwSAiYnHzC4UKh356oZs.mft
                          rsync://rpki.afrinic.net/repository/arin/PuGjQpUbwSAiYnHzC4UKh356oZs.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Mon 17 Jun 2024 00:16:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36B95DEAR/serialNumber=3EE1A342951BC120226271F30B850A877E7AA19B
        Validity
            Not Before: Jul 20 07:58:32 2020 GMT
            Not After : Jul 20 07:58:32 2030 GMT
        Subject: CN=5f154ead-ebbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:40:74:39:c2:fa:3d:c8:64:59:28:13:ad:ec:
                    91:7f:57:b6:8d:f5:aa:17:d1:d4:ad:ec:aa:fb:2a:
                    b5:63:a9:76:fa:25:4c:5f:27:28:45:2b:8b:41:9d:
                    81:26:7a:36:d9:10:da:51:13:74:a4:3a:e0:dd:da:
                    d9:c4:30:3a:ee:45:e0:f4:83:30:91:9e:f8:14:af:
                    d2:00:4d:49:83:5a:c1:65:86:de:d8:30:06:0e:21:
                    8b:6b:0a:df:07:51:35:a5:36:25:a9:7f:c8:85:1a:
                    c0:97:a4:67:a7:9a:07:f5:f6:88:bd:24:a3:32:70:
                    42:44:85:37:3e:29:5e:ab:1c:34:05:c0:53:41:47:
                    15:bd:35:fd:c8:c2:64:f9:d3:a6:6c:a8:74:3c:d4:
                    06:57:ab:15:79:5a:86:ab:d1:c0:6b:c3:d4:7f:47:
                    2d:e6:0b:a7:e9:c9:d8:33:d3:9d:32:0b:1b:7a:18:
                    34:aa:de:de:c0:f0:2b:eb:e2:2e:cb:00:2b:a6:aa:
                    90:46:a5:ed:30:b3:6c:94:89:b7:83:c6:aa:31:6a:
                    b0:94:4d:36:36:79:5c:19:dc:f1:65:cd:1d:3f:e7:
                    cc:33:86:da:ff:0d:f7:b5:c1:73:1d:b0:48:27:80:
                    11:37:1b:a9:f0:92:2d:1c:41:b0:74:f6:b1:c7:77:
                    ef:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:E0:3F:F2:4B:55:A6:A9:74:33:26:69:F1:6D:B7:B8:98:9B:7E:BA
            X509v3 Authority Key Identifier:
                keyid:3E:E1:A3:42:95:1B:C1:20:22:62:71:F3:0B:85:0A:87:7E:7A:A1:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36B95DE/1138F8B2CA5E11EA93FAF884F8AEA228/PuGjQpUbwSAiYnHzC4UKh356oZs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/PuGjQpUbwSAiYnHzC4UKh356oZs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36B95DE/1138F8B2CA5E11EA93FAF884F8AEA228/D0C0ABF8CA5E11EAB567CE85F8AEA228.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.222.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         a0:1e:f6:39:36:de:9a:e6:5e:76:b3:ef:f7:4d:8b:79:3b:5b:
         de:34:5a:e4:1b:5d:7c:55:e0:df:2a:3d:33:88:bf:71:a0:f4:
         bb:55:1d:71:f2:9d:07:bb:3a:6a:a6:c3:b2:e6:b7:26:cd:72:
         11:33:aa:52:66:4e:69:98:8c:01:99:ec:95:c2:18:aa:21:ef:
         60:ff:a8:c9:e0:73:84:f6:ce:e5:86:7c:49:68:e9:58:b8:cd:
         e7:ee:d4:8f:f1:7b:6d:fe:62:8f:3e:ec:31:17:30:08:05:9e:
         55:ea:49:11:84:6a:2a:3f:79:3f:e3:e2:25:26:04:1b:27:39:
         16:c3:59:bc:6a:75:7c:75:ee:89:28:0d:a8:a2:70:c7:c9:da:
         3a:92:38:d0:52:a6:d9:44:a5:78:c9:c8:7c:f2:ea:c4:a1:6b:
         92:4b:97:24:0c:ba:21:b1:58:16:88:c1:c8:bb:e8:f7:96:7c:
         bb:34:62:c5:78:e0:32:d4:21:f0:07:37:88:d4:94:23:f6:6d:
         2c:26:86:d2:92:41:7a:78:32:93:e9:d6:9e:2a:af:4e:1e:af:
         f0:84:dd:cf:27:e4:68:c9:72:d8:29:fc:1c:1b:e4:ba:5e:0f:
         b6:5b:c4:18:51:5e:4e:42:07:d9:f0:cf:68:bf:30:1b:f5:cd:
         04:1e:1d:c4
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzZC
OTVERUFSMTEwLwYDVQQFEygzRUUxQTM0Mjk1MUJDMTIwMjI2MjcxRjMwQjg1MEE4
NzdFN0FBMTlCMB4XDTIwMDcyMDA3NTgzMloXDTMwMDcyMDA3NTgzMlowGDEWMBQG
A1UEAxMNNWYxNTRlYWQtZWJiYzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALxAdDnC+j3IZFkoE63skX9Xto31qhfR1K3sqvsqtWOpdvolTF8nKEUri0Gd
gSZ6NtkQ2lETdKQ64N3a2cQwOu5F4PSDMJGe+BSv0gBNSYNawWWG3tgwBg4hi2sK
3wdRNaU2Jal/yIUawJekZ6eaB/X2iL0kozJwQkSFNz4pXqscNAXAU0FHFb01/cjC
ZPnTpmyodDzUBlerFXlahqvRwGvD1H9HLeYLp+nJ2DPTnTILG3oYNKre3sDwK+vi
LssAK6aqkEal7TCzbJSJt4PGqjFqsJRNNjZ5XBnc8WXNHT/nzDOG2v8N97XBcx2w
SCeAETcbqfCSLRxBsHT2scd37/kCAwEAAaOCAqIwggKeMB0GA1UdDgQWBBQy4D/y
S1WmqXQzJmnxbbe4mJt+ujAfBgNVHSMEGDAWgBQ+4aNClRvBICJicfMLhQqHfnqh
mzAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2Qjk1REUvMTEzOEY4QjJDQTVFMTFFQTkzRkFGODg0RjhBRUEyMjgvUHVHalFw
VWJ3U0FpWW5IekM0VUtoMzU2b1pzLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2FyaW4v
UHVHalFwVWJ3U0FpWW5IekM0VUtoMzU2b1pzLmNlcjBPBgNVHSABAf8ERTBDMEEG
CCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmljLm5l
dC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUFBzAL
hoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3Jl
cG9zaXRvcnkvRjM2Qjk1REUvMTEzOEY4QjJDQTVFMTFFQTkzRkFGODg0RjhBRUEy
MjgvRDBDMEFCRjhDQTVFMTFFQUI1NjdDRTg1RjhBRUEyMjgucm9hMDUGCCsGAQUF
BzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBS3eADANBgkqhkiG9w0BAQsFAAOC
AQEAoB72OTbemuZedrPv902LeTtb3jRa5BtdfFXg3yo9M4i/caD0u1UdcfKdB7s6
aqbDsua3Js1yETOqUmZOaZiMAZnslcIYqiHvYP+oyeBzhPbO5YZ8SWjpWLjN5+7U
j/F7bf5ijz7sMRcwCAWeVepJEYRqKj95P+PiJSYEGyc5FsNZvGp1fHXuiSgNqKJw
x8naOpI40FKm2USleMnIfPLqxKFrkkuXJAy6IbFYFojByLvo95Z8uzRixXjgMtQh
8Ac3iNSUI/ZtLCaG0pJBengyk+nWniqvTh6v8ITdzyfkaMly2Cn8HBvkul4PtlvE
GFFeTkIH2fDPaL8wG/XNBB4dxA==
-----END CERTIFICATE-----
Generated at Sat Jun 15 02:44:19 2024 by rpki-client on console-ams.rpki-client.org