Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36FBB68/EEBD11DE767311EB92548A6DF8AEA228/A8B2187C767511EBB8015C6FF8AEA228.roa
File:                     A8B2187C767511EBB8015C6FF8AEA228.roa (raw, json)
Hash identifier:          +55ryPzqgEQMEpzdUbqmX7lkwQdExVhKk9NqHf4i0Lk=
Subject key identifier:   FB:51:E2:71:7F:73:48:7B:22:FB:40:4B:97:E1:9C:23:55:92:6D:B8
Certificate issuer:       /CN=F36FBB68AR/serialNumber=DDEF51C8A0FF85505D9E0E6FFA02276C2A55AEE8
Certificate serial:       02
Authority key identifier: DD:EF:51:C8:A0:FF:85:50:5D:9E:0E:6F:FA:02:27:6C:2A:55:AE:E8
Authority info access:    rsync://rpki.afrinic.net/repository/arin/3e9RyKD_hVBdng5v-gInbCpVrug.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36FBB68/EEBD11DE767311EB92548A6DF8AEA228/A8B2187C767511EBB8015C6FF8AEA228.roa
Signing time:             Wed 24 Feb 2021 07:55:29 +0000
ROA not before:           Wed 24 Feb 2021 07:55:13 +0000
ROA not after:            Mon 24 Feb 2031 07:55:13 +0000
asID:                     37575
IP address blocks:        169.239.12.0/22 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36FBB68/EEBD11DE767311EB92548A6DF8AEA228/3e9RyKD_hVBdng5v-gInbCpVrug.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36FBB68/EEBD11DE767311EB92548A6DF8AEA228/3e9RyKD_hVBdng5v-gInbCpVrug.mft
                          rsync://rpki.afrinic.net/repository/arin/3e9RyKD_hVBdng5v-gInbCpVrug.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:21:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36FBB68AR/serialNumber=DDEF51C8A0FF85505D9E0E6FFA02276C2A55AEE8
        Validity
            Not Before: Feb 24 07:55:13 2021 GMT
            Not After : Feb 24 07:55:13 2031 GMT
        Subject: CN=60360670-eb24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:1b:d5:7e:d9:98:dc:90:3c:bf:da:bb:cc:ff:
                    d7:ca:eb:f7:33:92:21:69:f0:a5:f5:7f:e8:a7:6a:
                    bf:59:bc:ac:d1:07:53:ab:f1:73:d0:d8:5f:a7:c5:
                    25:af:3b:a9:44:c8:ed:ed:1c:5f:f4:51:52:21:3b:
                    a0:18:13:a8:73:21:19:cc:73:e1:c0:5b:c2:ef:cb:
                    8c:9e:34:69:16:7f:e8:c2:47:98:93:2c:2f:e8:ad:
                    7b:07:5c:9c:f4:62:85:6f:d0:66:da:0b:03:2d:b4:
                    1b:e9:5f:be:52:cd:8d:1d:e8:3e:95:da:42:7b:6c:
                    d6:66:d8:34:5e:37:62:20:f1:3c:f8:b8:ad:70:86:
                    ae:ca:f5:83:f6:84:32:e5:b7:f5:c3:51:a9:0f:90:
                    1b:c1:b9:1f:74:6a:ed:9e:4a:b0:01:fa:05:92:3a:
                    2d:30:04:c8:f2:d0:d0:3c:0e:74:ee:52:df:cd:cb:
                    f4:72:cb:90:dd:b9:01:4d:68:84:28:11:6f:3e:39:
                    3a:2f:df:6e:bd:cc:62:a1:e1:77:ef:2c:7f:81:48:
                    d0:d0:95:f3:0a:36:3a:8a:5d:a6:92:f7:69:c4:ae:
                    e2:50:93:d6:23:55:7a:50:97:4a:9d:86:7a:78:29:
                    8d:b3:d3:53:77:80:18:97:d4:12:6b:12:84:ab:b9:
                    1f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:51:E2:71:7F:73:48:7B:22:FB:40:4B:97:E1:9C:23:55:92:6D:B8
            X509v3 Authority Key Identifier:
                keyid:DD:EF:51:C8:A0:FF:85:50:5D:9E:0E:6F:FA:02:27:6C:2A:55:AE:E8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36FBB68/EEBD11DE767311EB92548A6DF8AEA228/3e9RyKD_hVBdng5v-gInbCpVrug.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/3e9RyKD_hVBdng5v-gInbCpVrug.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36FBB68/EEBD11DE767311EB92548A6DF8AEA228/A8B2187C767511EBB8015C6FF8AEA228.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  169.239.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:ec:d3:21:ef:59:16:f5:3d:f7:f7:c0:e5:9a:22:ac:61:3f:
         04:f6:1c:9d:dd:8a:8b:48:b5:32:0e:0d:b8:40:52:85:29:10:
         42:a2:30:55:b8:94:a9:38:b5:8c:a5:76:52:1f:dc:13:93:31:
         9d:91:4c:09:e1:d7:c0:fb:1f:7f:19:4a:01:ee:38:f3:ad:48:
         ff:45:38:6e:89:67:84:d1:62:46:f1:ef:a1:42:d1:48:be:08:
         07:c5:96:4b:c3:ca:95:4e:3d:1f:16:f8:7c:96:6f:80:28:2c:
         73:0f:b9:fb:90:46:23:24:fb:31:04:bc:38:00:75:80:93:b9:
         e0:0e:7e:73:c7:99:7b:2d:ee:d9:e8:7a:38:59:a5:da:d2:e4:
         11:03:6e:d7:99:8c:fa:d0:54:92:d3:a8:26:55:94:40:3d:75:
         c0:88:d3:8c:e7:75:3e:52:9f:65:44:8a:30:61:d4:d4:7a:dd:
         f6:71:3b:54:b1:fd:71:7c:c3:a9:79:30:c1:4d:97:63:a2:1c:
         60:cf:fe:15:94:f1:93:d8:bf:5e:48:87:58:de:cd:c5:28:66:
         73:5e:48:eb:86:2c:4f:54:8f:f1:83:e1:3d:cb:71:54:09:f8:
         b1:9c:94:67:19:10:2f:43:ee:ea:79:37:84:e8:12:6a:9c:1f:
         63:41:e9:b1
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzZG
QkI2OEFSMTEwLwYDVQQFEyhEREVGNTFDOEEwRkY4NTUwNUQ5RTBFNkZGQTAyMjc2
QzJBNTVBRUU4MB4XDTIxMDIyNDA3NTUxM1oXDTMxMDIyNDA3NTUxM1owGDEWMBQG
A1UEAxMNNjAzNjA2NzAtZWIyNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKEb1X7ZmNyQPL/au8z/18rr9zOSIWnwpfV/6Kdqv1m8rNEHU6vxc9DYX6fF
Ja87qUTI7e0cX/RRUiE7oBgTqHMhGcxz4cBbwu/LjJ40aRZ/6MJHmJMsL+itewdc
nPRihW/QZtoLAy20G+lfvlLNjR3oPpXaQnts1mbYNF43YiDxPPi4rXCGrsr1g/aE
MuW39cNRqQ+QG8G5H3Rq7Z5KsAH6BZI6LTAEyPLQ0DwOdO5S383L9HLLkN25AU1o
hCgRbz45Oi/fbr3MYqHhd+8sf4FI0NCV8wo2OopdppL3acSu4lCT1iNVelCXSp2G
engpjbPTU3eAGJfUEmsShKu5H/MCAwEAAaOCAqIwggKeMB0GA1UdDgQWBBT7UeJx
f3NIeyL7QEuX4ZwjVZJtuDAfBgNVHSMEGDAWgBTd71HIoP+FUF2eDm/6AidsKlWu
6DAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2RkJCNjgvRUVCRDExREU3NjczMTFFQjkyNTQ4QTZERjhBRUEyMjgvM2U5UnlL
RF9oVkJkbmc1di1nSW5iQ3BWcnVnLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2FyaW4v
M2U5UnlLRF9oVkJkbmc1di1nSW5iQ3BWcnVnLmNlcjBPBgNVHSABAf8ERTBDMEEG
CCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmljLm5l
dC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUFBzAL
hoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3Jl
cG9zaXRvcnkvRjM2RkJCNjgvRUVCRDExREU3NjczMTFFQjkyNTQ4QTZERjhBRUEy
MjgvQThCMjE4N0M3Njc1MTFFQkI4MDE1QzZGRjhBRUEyMjgucm9hMDUGCCsGAQUF
BzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAqnvDDANBgkqhkiG9w0BAQsFAAOC
AQEAcOzTIe9ZFvU99/fA5ZoirGE/BPYcnd2Ki0i1Mg4NuEBShSkQQqIwVbiUqTi1
jKV2Uh/cE5MxnZFMCeHXwPsffxlKAe44861I/0U4bolnhNFiRvHvoULRSL4IB8WW
S8PKlU49Hxb4fJZvgCgscw+5+5BGIyT7MQS8OAB1gJO54A5+c8eZey3u2eh6OFml
2tLkEQNu15mM+tBUktOoJlWUQD11wIjTjOd1PlKfZUSKMGHU1Hrd9nE7VLH9cXzD
qXkwwU2XY6IcYM/+FZTxk9i/XkiHWN7NxShmc15I64YsT1SP8YPhPctxVAn4sZyU
ZxkQL0Pu6nk3hOgSapwfY0HpsQ==
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:10:20 2024 by rpki-client on console-fra.rpki-client.org