Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36DBC4B/358103AEF8A911EE96D1BF0F017001B1/5A1C572CF8AE11EE85EDAC3B017001B1.roa
File:                     5A1C572CF8AE11EE85EDAC3B017001B1.roa (raw, json)
Hash identifier:          Nhi/kAnQFZgp/t5smGUgjSQeAv2V3l/PSJmDi9Vk5T0=
Subject key identifier:   C7:53:C8:2B:12:6D:F1:96:B2:B2:7C:27:23:AB:F7:64:61:F8:99:3C
Certificate issuer:       /CN=F36DBC4BAR/serialNumber=E131B6D4F9C341AB5C9106FA78A69C9B88092B0F
Certificate serial:       05
Authority key identifier: E1:31:B6:D4:F9:C3:41:AB:5C:91:06:FA:78:A6:9C:9B:88:09:2B:0F
Authority info access:    rsync://rpki.afrinic.net/repository/arin/4TG21PnDQatckQb6eKacm4gJKw8.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36DBC4B/358103AEF8A911EE96D1BF0F017001B1/5A1C572CF8AE11EE85EDAC3B017001B1.roa
Signing time:             Fri 12 Apr 2024 09:23:42 +0000
ROA not before:           Fri 12 Apr 2024 09:23:38 +0000
ROA not after:            Mon 31 Mar 2025 09:23:38 +0000
asID:                     33567
IP address blocks:        129.232.0.0/17 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36DBC4B/358103AEF8A911EE96D1BF0F017001B1/4TG21PnDQatckQb6eKacm4gJKw8.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36DBC4B/358103AEF8A911EE96D1BF0F017001B1/4TG21PnDQatckQb6eKacm4gJKw8.mft
                          rsync://rpki.afrinic.net/repository/arin/4TG21PnDQatckQb6eKacm4gJKw8.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Tue 18 Jun 2024 00:16:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5 (0x5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36DBC4BAR/serialNumber=E131B6D4F9C341AB5C9106FA78A69C9B88092B0F
        Validity
            Not Before: Apr 12 09:23:38 2024 GMT
            Not After : Mar 31 09:23:38 2025 GMT
        Subject: CN=6618fd9d-0d40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:04:04:45:ad:9c:6a:6d:7f:c1:b5:28:63:84:
                    9a:a2:68:0a:fa:7f:9f:4b:d9:6c:77:04:b9:56:e0:
                    18:29:58:0c:03:e6:f5:f3:61:6f:9a:58:e1:f9:09:
                    71:3e:b8:23:85:3f:7a:6f:7d:58:62:e3:84:7b:d4:
                    c6:fe:7c:05:b5:a7:9f:8b:97:d2:98:9c:64:a4:40:
                    18:76:6e:c3:a0:a3:f0:6a:05:5b:e9:a7:e7:7e:ee:
                    24:a4:51:df:04:48:23:cc:41:c0:e3:89:52:f1:c3:
                    12:6e:73:d1:c7:ee:00:85:50:91:c6:0b:bd:a2:2f:
                    ef:60:75:42:87:44:73:a7:16:78:91:cb:36:91:91:
                    e7:af:99:0b:9a:7a:96:b5:71:1c:fa:dd:87:1e:99:
                    48:c2:20:36:05:59:1b:56:21:d0:35:f7:96:18:30:
                    d2:07:c9:fa:1b:9a:82:57:78:dd:1a:8a:06:8f:b6:
                    2f:be:b6:10:2e:09:1a:1b:6f:01:5a:ca:66:69:aa:
                    98:6e:4f:77:9b:2c:f9:1c:87:63:8b:9e:aa:13:54:
                    bf:5d:8e:7c:83:6d:72:ed:bc:40:a7:32:c8:a1:3d:
                    52:52:22:9f:86:15:aa:5a:c6:a6:f1:bd:1e:a0:63:
                    0f:37:a1:ae:61:29:20:cf:57:b8:f6:be:2f:31:b1:
                    97:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:53:C8:2B:12:6D:F1:96:B2:B2:7C:27:23:AB:F7:64:61:F8:99:3C
            X509v3 Authority Key Identifier:
                keyid:E1:31:B6:D4:F9:C3:41:AB:5C:91:06:FA:78:A6:9C:9B:88:09:2B:0F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36DBC4B/358103AEF8A911EE96D1BF0F017001B1/4TG21PnDQatckQb6eKacm4gJKw8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/4TG21PnDQatckQb6eKacm4gJKw8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36DBC4B/358103AEF8A911EE96D1BF0F017001B1/5A1C572CF8AE11EE85EDAC3B017001B1.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.232.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         5d:75:7c:ad:5d:cc:cb:0f:d0:3d:8a:a8:14:fb:60:e6:96:5c:
         d0:31:a7:97:61:10:08:c6:fc:51:2a:b8:9a:5a:b1:8d:94:5c:
         88:95:e3:46:38:30:05:88:ad:45:2b:07:c5:36:b7:ef:94:fc:
         23:e1:95:1f:08:ae:e4:25:27:0b:12:9e:5d:82:95:61:bc:89:
         e5:04:17:6c:d6:bd:02:32:76:34:17:64:97:ec:f3:04:46:a6:
         6f:01:61:9c:32:9a:00:f1:5b:3c:3c:13:f6:09:34:c8:9c:59:
         cc:ff:0e:6c:e7:34:4c:d7:2c:e4:db:be:5a:da:e3:9b:4a:64:
         b7:77:66:6c:03:62:88:d0:1d:02:2f:d2:b0:68:37:0b:75:87:
         5f:b6:3b:44:ae:92:06:92:1d:84:35:18:a6:8b:03:96:fb:25:
         21:69:07:61:a1:6c:99:85:e3:fe:e6:55:d6:91:2e:45:d6:e7:
         44:2c:e0:30:1d:e1:f6:52:a2:0c:1c:96:55:b1:d0:e4:72:21:
         c2:6d:5e:b7:72:ad:9d:f7:23:51:dc:3c:64:e5:76:c1:32:3c:
         f6:68:77:2d:ec:2f:bc:72:f6:6e:df:fb:01:70:f1:a6:6b:0a:
         e0:bd:e8:19:be:97:4b:53:80:46:7a:2f:ba:a6:5f:fc:7f:6a:
         43:05:30:d9
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgIBBTANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzZE
QkM0QkFSMTEwLwYDVQQFEyhFMTMxQjZENEY5QzM0MUFCNUM5MTA2RkE3OEE2OUM5
Qjg4MDkyQjBGMB4XDTI0MDQxMjA5MjMzOFoXDTI1MDMzMTA5MjMzOFowGDEWMBQG
A1UEAxMNNjYxOGZkOWQtMGQ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMkEBEWtnGptf8G1KGOEmqJoCvp/n0vZbHcEuVbgGClYDAPm9fNhb5pY4fkJ
cT64I4U/em99WGLjhHvUxv58BbWnn4uX0picZKRAGHZuw6Cj8GoFW+mn537uJKRR
3wRII8xBwOOJUvHDEm5z0cfuAIVQkcYLvaIv72B1QodEc6cWeJHLNpGR56+ZC5p6
lrVxHPrdhx6ZSMIgNgVZG1Yh0DX3lhgw0gfJ+huagld43RqKBo+2L762EC4JGhtv
AVrKZmmqmG5Pd5ss+RyHY4ueqhNUv12OfINtcu28QKcyyKE9UlIin4YVqlrGpvG9
HqBjDzehrmEpIM9XuPa+LzGxl3kCAwEAAaOCAqIwggKeMB0GA1UdDgQWBBTHU8gr
Em3xlrKyfCcjq/dkYfiZPDAfBgNVHSMEGDAWgBThMbbU+cNBq1yRBvp4ppybiAkr
DzAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2REJDNEIvMzU4MTAzQUVGOEE5MTFFRTk2RDFCRjBGMDE3MDAxQjEvNFRHMjFQ
bkRRYXRja1FiNmVLYWNtNGdKS3c4LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2FyaW4v
NFRHMjFQbkRRYXRja1FiNmVLYWNtNGdKS3c4LmNlcjBPBgNVHSABAf8ERTBDMEEG
CCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmljLm5l
dC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUFBzAL
hoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3Jl
cG9zaXRvcnkvRjM2REJDNEIvMzU4MTAzQUVGOEE5MTFFRTk2RDFCRjBGMDE3MDAx
QjEvNUExQzU3MkNGOEFFMTFFRTg1RURBQzNCMDE3MDAxQjEucm9hMDUGCCsGAQUF
BzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEB4HoADANBgkqhkiG9w0BAQsFAAOC
AQEAXXV8rV3Myw/QPYqoFPtg5pZc0DGnl2EQCMb8USq4mlqxjZRciJXjRjgwBYit
RSsHxTa375T8I+GVHwiu5CUnCxKeXYKVYbyJ5QQXbNa9AjJ2NBdkl+zzBEambwFh
nDKaAPFbPDwT9gk0yJxZzP8ObOc0TNcs5Nu+Wtrjm0pkt3dmbANiiNAdAi/SsGg3
C3WHX7Y7RK6SBpIdhDUYposDlvslIWkHYaFsmYXj/uZV1pEuRdbnRCzgMB3h9lKi
DByWVbHQ5HIhwm1et3KtnfcjUdw8ZOV2wTI89mh3LewvvHL2bt/7AXDxpmsK4L3o
Gb6XS1OARnovuqZf/H9qQwUw2Q==
-----END CERTIFICATE-----
Generated at Sun Jun 16 04:43:29 2024 by rpki-client on console-fra.rpki-client.org