Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36D6E6D/324E8CBC814711E98C0F4E24F8AEA228/08E422B6035911EBB3240F2FF8AEA228.roa
File:                     08E422B6035911EBB3240F2FF8AEA228.roa (raw, json)
Hash identifier:          /Zi4DjYvbwyH8lralhYmtbRDBTQdUunZaejcHcESqgQ=
Subject key identifier:   5B:1C:55:D7:4F:EE:72:A2:EA:67:60:8B:B1:42:23:8F:F3:35:4C:A0
Certificate issuer:       /CN=F36D6E6DAF/serialNumber=E4C2E6BF4463C8EC342C455F3FE016E5CE53887F
Certificate serial:       01FF
Authority key identifier: E4:C2:E6:BF:44:63:C8:EC:34:2C:45:5F:3F:E0:16:E5:CE:53:88:7F
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/5MLmv0RjyOw0LEVfP-AW5c5TiH8.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36D6E6D/324E8CBC814711E98C0F4E24F8AEA228/08E422B6035911EBB3240F2FF8AEA228.roa
Signing time:             Wed 30 Sep 2020 20:10:50 +0000
ROA not before:           Wed 30 Sep 2020 20:10:46 +0000
ROA not after:            Mon 30 Sep 2030 20:10:46 +0000
asID:                     37599
IP address blocks:        2001:43f8:3e0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36D6E6D/324E8CBC814711E98C0F4E24F8AEA228/5MLmv0RjyOw0LEVfP-AW5c5TiH8.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36D6E6D/324E8CBC814711E98C0F4E24F8AEA228/5MLmv0RjyOw0LEVfP-AW5c5TiH8.mft
                          rsync://rpki.afrinic.net/repository/afrinic/5MLmv0RjyOw0LEVfP-AW5c5TiH8.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 511 (0x1ff)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36D6E6DAF/serialNumber=E4C2E6BF4463C8EC342C455F3FE016E5CE53887F
        Validity
            Not Before: Sep 30 20:10:46 2020 GMT
            Not After : Sep 30 20:10:46 2030 GMT
        Subject: CN=5f74e64a-af78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:ff:2c:41:ee:35:51:57:47:ea:d3:70:a9:7c:
                    42:78:e4:5a:fb:aa:2a:31:d8:e7:78:3e:9f:09:55:
                    0a:d6:81:ea:c5:c1:dc:1f:1f:c5:68:ba:e8:d5:c0:
                    b1:0d:65:b8:6c:69:3c:4c:3f:6e:85:ec:65:06:f1:
                    25:07:37:c1:3c:e3:dc:18:67:70:b9:71:73:2c:b9:
                    b5:73:0a:37:b6:58:36:dc:18:dd:8b:ef:75:83:c6:
                    8d:8e:3c:8d:8c:88:14:a8:05:5f:2f:5b:33:71:0d:
                    fd:34:11:1a:72:b8:02:cc:b4:ea:2a:f0:96:b3:aa:
                    14:0d:3a:e1:22:80:26:bc:69:96:aa:b8:44:6b:e5:
                    f8:98:68:2c:f4:81:3d:e9:ce:3e:c6:a4:fe:f1:05:
                    b2:94:ac:44:da:7a:30:5e:b0:f9:a8:37:f6:6c:ef:
                    3c:a6:7a:16:2c:81:6f:5d:fb:6c:45:94:4a:48:ba:
                    7e:17:b9:ef:e6:c5:0f:e2:28:a2:32:73:d1:bc:f3:
                    e9:39:a3:ee:a0:f5:60:ca:8f:b0:b4:5a:fd:56:7b:
                    3f:7e:7e:d8:25:fb:eb:db:63:9e:e7:0c:3e:32:32:
                    6b:2a:ae:69:f2:4e:74:c5:dd:fb:d9:d6:8a:30:09:
                    62:b7:e0:e1:4b:1b:ea:e2:db:e9:6f:93:68:97:9a:
                    c7:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:1C:55:D7:4F:EE:72:A2:EA:67:60:8B:B1:42:23:8F:F3:35:4C:A0
            X509v3 Authority Key Identifier:
                keyid:E4:C2:E6:BF:44:63:C8:EC:34:2C:45:5F:3F:E0:16:E5:CE:53:88:7F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36D6E6D/324E8CBC814711E98C0F4E24F8AEA228/5MLmv0RjyOw0LEVfP-AW5c5TiH8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/5MLmv0RjyOw0LEVfP-AW5c5TiH8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36D6E6D/324E8CBC814711E98C0F4E24F8AEA228/08E422B6035911EBB3240F2FF8AEA228.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:43f8:3e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         89:ba:94:bb:79:4b:5a:55:03:20:88:f9:3f:82:74:84:59:65:
         d6:47:43:69:4c:16:44:45:10:08:58:59:44:50:3b:f6:20:e4:
         9d:69:8d:e4:01:80:ae:28:61:fb:c0:9c:71:91:ea:3c:34:ea:
         33:58:14:ec:b5:7b:e7:d7:01:ef:b6:0d:ac:4a:dd:dc:57:6f:
         43:4e:1a:79:85:c8:a7:9e:a3:53:ce:10:cc:1b:e8:94:da:fc:
         14:b9:ca:d3:2a:9d:1a:d4:c6:8e:88:af:d6:98:c9:e3:94:d6:
         3f:f8:e6:93:b5:25:eb:91:7d:85:65:d8:fc:26:d2:4d:ff:01:
         72:3c:03:e6:d9:44:66:57:5b:d7:73:74:fe:23:fa:f2:26:c3:
         41:ef:70:bb:d8:7b:b1:c7:8e:f1:e3:d0:4d:d2:88:2a:74:d5:
         0c:cf:c4:9c:2c:ff:8a:56:e1:b0:56:05:61:48:07:66:30:6a:
         f7:b0:25:20:04:e4:ab:38:b2:af:c2:3c:af:dc:4d:d5:01:fd:
         f9:8c:82:cf:7b:3a:ce:8a:38:a0:9e:fc:41:6e:a9:b1:db:5d:
         10:aa:36:a5:4f:1f:3b:bd:74:2c:7c:16:a0:e9:64:3f:e9:e8:
         f7:5b:9b:f4:b2:40:54:b3:42:da:83:d6:be:2e:04:32:ab:d4:
         76:35:26:8f
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICAf8wDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
RDZFNkRBRjExMC8GA1UEBRMoRTRDMkU2QkY0NDYzQzhFQzM0MkM0NTVGM0ZFMDE2
RTVDRTUzODg3RjAeFw0yMDA5MzAyMDEwNDZaFw0zMDA5MzAyMDEwNDZaMBgxFjAU
BgNVBAMTDTVmNzRlNjRhLWFmNzgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDb/yxB7jVRV0fq03CpfEJ45Fr7qiox2Od4Pp8JVQrWgerFwdwfH8VouujV
wLENZbhsaTxMP26F7GUG8SUHN8E849wYZ3C5cXMsubVzCje2WDbcGN2L73WDxo2O
PI2MiBSoBV8vWzNxDf00ERpyuALMtOoq8JazqhQNOuEigCa8aZaquERr5fiYaCz0
gT3pzj7GpP7xBbKUrETaejBesPmoN/Zs7zymehYsgW9d+2xFlEpIun4Xue/mxQ/i
KKIyc9G88+k5o+6g9WDKj7C0Wv1Wez9+ftgl++vbY57nDD4yMmsqrmnyTnTF3fvZ
1oowCWK34OFLG+ri2+lvk2iXmsepAgMBAAGjggKoMIICpDAdBgNVHQ4EFgQUWxxV
10/ucqLqZ2CLsUIjj/M1TKAwHwYDVR0jBBgwFoAU5MLmv0RjyOw0LEVfP+AW5c5T
iH8wDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNkQ2RTZELzMyNEU4Q0JDODE0NzExRTk4QzBGNEUyNEY4QUVBMjI4LzVNTG12
MFJqeU93MExFVmZQLUFXNWM1VGlIOC5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljLzVNTG12MFJqeU93MExFVmZQLUFXNWM1VGlIOC5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNkQ2RTZELzMyNEU4Q0JDODE0NzExRTk4QzBGNEUyNEY4
QUVBMjI4LzA4RTQyMkI2MDM1OTExRUJCMzI0MEYyRkY4QUVBMjI4LnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAgAUP4A+AwDQYJKoZIhvcN
AQELBQADggEBAIm6lLt5S1pVAyCI+T+CdIRZZdZHQ2lMFkRFEAhYWURQO/Yg5J1p
jeQBgK4oYfvAnHGR6jw06jNYFOy1e+fXAe+2DaxK3dxXb0NOGnmFyKeeo1POEMwb
6JTa/BS5ytMqnRrUxo6Ir9aYyeOU1j/45pO1JeuRfYVl2Pwm0k3/AXI8A+bZRGZX
W9dzdP4j+vImw0HvcLvYe7HHjvHj0E3SiCp01QzPxJws/4pW4bBWBWFIB2Ywavew
JSAE5Ks4sq/CPK/cTdUB/fmMgs97Os6KOKCe/EFuqbHbXRCqNqVPHzu9dCx8FqDp
ZD/p6Pdbm/SyQFSzQtqD1r4uBDKr1HY1Jo8=
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:05:28 2024 by rpki-client on console-ams.rpki-client.org