Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36FBB68/EEBD11DE767311EB92548A6DF8AEA228/8EB8874C767711EB81CF8371F8AEA228.roa
File:                     8EB8874C767711EB81CF8371F8AEA228.roa (raw, json)
Hash identifier:          a5Ya8AZMPcr4yo5onV+OXArWF7aJzeoyFelL2j6STfo=
Subject key identifier:   5E:42:17:42:FA:FF:62:E3:02:D6:DC:F2:A9:BF:51:F8:14:3D:52:63
Certificate issuer:       /CN=F36FBB68AR/serialNumber=DDEF51C8A0FF85505D9E0E6FFA02276C2A55AEE8
Certificate serial:       06
Authority key identifier: DD:EF:51:C8:A0:FF:85:50:5D:9E:0E:6F:FA:02:27:6C:2A:55:AE:E8
Authority info access:    rsync://rpki.afrinic.net/repository/arin/3e9RyKD_hVBdng5v-gInbCpVrug.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36FBB68/EEBD11DE767311EB92548A6DF8AEA228/8EB8874C767711EB81CF8371F8AEA228.roa
Signing time:             Wed 24 Feb 2021 08:09:04 +0000
ROA not before:           Wed 24 Feb 2021 08:08:50 +0000
ROA not after:            Mon 24 Feb 2031 08:08:50 +0000
asID:                     37575
IP address blocks:        169.239.12.0/22 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36FBB68/EEBD11DE767311EB92548A6DF8AEA228/3e9RyKD_hVBdng5v-gInbCpVrug.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36FBB68/EEBD11DE767311EB92548A6DF8AEA228/3e9RyKD_hVBdng5v-gInbCpVrug.mft
                          rsync://rpki.afrinic.net/repository/arin/3e9RyKD_hVBdng5v-gInbCpVrug.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:21:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6 (0x6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36FBB68AR/serialNumber=DDEF51C8A0FF85505D9E0E6FFA02276C2A55AEE8
        Validity
            Not Before: Feb 24 08:08:50 2021 GMT
            Not After : Feb 24 08:08:50 2031 GMT
        Subject: CN=6036099f-7722
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:29:65:32:77:f9:2f:19:67:01:88:aa:c3:96:
                    27:0b:f7:30:1b:a5:42:5b:dc:8a:7f:5c:3e:d8:57:
                    1b:f5:30:a0:ba:8b:5c:25:07:de:39:b8:63:1b:b8:
                    34:a2:c3:eb:ff:67:bb:71:ad:ef:55:c0:cf:fb:f7:
                    00:6c:d1:2e:a3:7f:fd:29:3f:d6:bb:ba:86:0c:24:
                    4c:b2:54:4f:97:92:b4:d2:4d:3b:be:45:00:26:6f:
                    ba:0c:71:d4:85:d6:95:94:d1:02:de:77:c0:5e:48:
                    54:db:eb:0d:73:92:28:8b:32:e6:cf:c5:05:2f:f9:
                    96:e9:e7:0a:92:5e:03:9e:1f:c1:54:b8:c0:14:73:
                    11:f7:e8:39:ed:45:90:1e:7b:6f:46:0d:8e:3b:6d:
                    a0:3f:c7:8f:83:c0:cf:e9:b2:ff:87:7a:7e:b3:42:
                    5d:a5:ad:a9:01:9c:ae:ab:0c:bc:ed:ea:8d:dd:07:
                    b5:9d:a7:e5:0e:22:8b:96:d4:3c:b4:32:fb:3b:00:
                    14:fa:8d:e4:9c:86:e8:be:12:3f:9f:bc:1e:35:2c:
                    ba:70:67:02:4a:f7:e4:62:e1:95:14:75:e8:38:1e:
                    25:1a:0e:4a:92:ad:e0:0d:e5:e5:ff:d8:f2:6d:b2:
                    a4:9c:14:11:79:df:fd:c7:7a:c0:4f:bd:68:ea:cb:
                    b8:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:42:17:42:FA:FF:62:E3:02:D6:DC:F2:A9:BF:51:F8:14:3D:52:63
            X509v3 Authority Key Identifier:
                keyid:DD:EF:51:C8:A0:FF:85:50:5D:9E:0E:6F:FA:02:27:6C:2A:55:AE:E8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36FBB68/EEBD11DE767311EB92548A6DF8AEA228/3e9RyKD_hVBdng5v-gInbCpVrug.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/3e9RyKD_hVBdng5v-gInbCpVrug.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36FBB68/EEBD11DE767311EB92548A6DF8AEA228/8EB8874C767711EB81CF8371F8AEA228.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  169.239.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:b3:f0:4b:fc:29:89:85:31:52:44:de:99:59:3f:c5:5e:ab:
         57:c0:40:0a:92:74:7b:c2:0b:9b:a8:d0:15:b4:29:59:59:64:
         12:0c:59:22:fd:c2:19:f8:83:fe:3c:e9:5d:3f:4e:09:11:db:
         3a:78:b8:13:df:89:ef:7f:58:b3:b3:86:71:5a:82:55:df:d1:
         bc:c5:b0:8c:eb:9f:87:ac:16:15:07:f9:da:65:22:7a:5f:b7:
         40:19:62:a8:9c:83:4c:7c:4b:3d:02:a1:b9:3e:b3:46:04:fe:
         8b:cb:c6:77:da:af:99:89:fd:63:6d:d8:1e:1e:4a:47:46:12:
         35:58:3b:45:0b:9a:64:95:71:9a:44:b3:98:41:3c:a9:c4:67:
         16:21:5b:e1:0e:42:2b:12:06:1a:13:37:8b:24:e3:1b:2f:dc:
         70:f5:c5:e9:ce:69:dc:30:0f:aa:3e:60:72:16:46:6f:34:b7:
         52:91:8c:dd:18:07:66:25:b4:e8:45:64:3f:c7:6b:aa:05:45:
         4b:fa:5b:60:a8:28:e3:8c:a7:fb:79:63:6a:5d:50:48:1c:01:
         57:be:b4:03:d3:ab:e2:ab:1c:64:0c:a4:4d:53:2a:63:ce:85:
         7d:56:7a:75:f5:af:8f:ca:57:03:ef:f3:e4:0f:41:a8:37:ac:
         82:6f:c7:5e
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgIBBjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzZG
QkI2OEFSMTEwLwYDVQQFEyhEREVGNTFDOEEwRkY4NTUwNUQ5RTBFNkZGQTAyMjc2
QzJBNTVBRUU4MB4XDTIxMDIyNDA4MDg1MFoXDTMxMDIyNDA4MDg1MFowGDEWMBQG
A1UEAxMNNjAzNjA5OWYtNzcyMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMwpZTJ3+S8ZZwGIqsOWJwv3MBulQlvcin9cPthXG/UwoLqLXCUH3jm4Yxu4
NKLD6/9nu3Gt71XAz/v3AGzRLqN//Sk/1ru6hgwkTLJUT5eStNJNO75FACZvugxx
1IXWlZTRAt53wF5IVNvrDXOSKIsy5s/FBS/5lunnCpJeA54fwVS4wBRzEffoOe1F
kB57b0YNjjttoD/Hj4PAz+my/4d6frNCXaWtqQGcrqsMvO3qjd0HtZ2n5Q4ii5bU
PLQy+zsAFPqN5JyG6L4SP5+8HjUsunBnAkr35GLhlRR16DgeJRoOSpKt4A3l5f/Y
8m2ypJwUEXnf/cd6wE+9aOrLuD8CAwEAAaOCAqIwggKeMB0GA1UdDgQWBBReQhdC
+v9i4wLW3PKpv1H4FD1SYzAfBgNVHSMEGDAWgBTd71HIoP+FUF2eDm/6AidsKlWu
6DAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2RkJCNjgvRUVCRDExREU3NjczMTFFQjkyNTQ4QTZERjhBRUEyMjgvM2U5UnlL
RF9oVkJkbmc1di1nSW5iQ3BWcnVnLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2FyaW4v
M2U5UnlLRF9oVkJkbmc1di1nSW5iQ3BWcnVnLmNlcjBPBgNVHSABAf8ERTBDMEEG
CCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmljLm5l
dC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUFBzAL
hoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3Jl
cG9zaXRvcnkvRjM2RkJCNjgvRUVCRDExREU3NjczMTFFQjkyNTQ4QTZERjhBRUEy
MjgvOEVCODg3NEM3Njc3MTFFQjgxQ0Y4MzcxRjhBRUEyMjgucm9hMDUGCCsGAQUF
BzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAqnvDDANBgkqhkiG9w0BAQsFAAOC
AQEAJ7PwS/wpiYUxUkTemVk/xV6rV8BACpJ0e8ILm6jQFbQpWVlkEgxZIv3CGfiD
/jzpXT9OCRHbOni4E9+J739Ys7OGcVqCVd/RvMWwjOufh6wWFQf52mUiel+3QBli
qJyDTHxLPQKhuT6zRgT+i8vGd9qvmYn9Y23YHh5KR0YSNVg7RQuaZJVxmkSzmEE8
qcRnFiFb4Q5CKxIGGhM3iyTjGy/ccPXF6c5p3DAPqj5gchZGbzS3UpGM3RgHZiW0
6EVkP8drqgVFS/pbYKgo44yn+3ljal1QSBwBV760A9Or4qscZAykTVMqY86FfVZ6
dfWvj8pXA+/z5A9BqDesgm/HXg==
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:10:20 2024 by rpki-client on console-fra.rpki-client.org