Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36114AA/86D6E57EBE8F11EE832F4491775412E6/B931C400BE9C11EEA0A534A7775412E6.roa
File:                     B931C400BE9C11EEA0A534A7775412E6.roa (raw, json)
Hash identifier:          IJ0CO9zxuOXyI58eb3kLZpx5bBprglgm5dvQomrvs7c=
Subject key identifier:   B3:9D:E6:FA:21:77:3E:21:5A:96:70:C7:C5:D0:FB:DB:FC:D6:96:26
Certificate issuer:       /CN=F36114AAAF/serialNumber=CD5232B63C6A832990C86707CB739BDC04DB9A59
Certificate serial:       0C
Authority key identifier: CD:52:32:B6:3C:6A:83:29:90:C8:67:07:CB:73:9B:DC:04:DB:9A:59
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/zVIytjxqgymQyGcHy3Ob3ATbmlk.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36114AA/86D6E57EBE8F11EE832F4491775412E6/B931C400BE9C11EEA0A534A7775412E6.roa
Signing time:             Mon 29 Jan 2024 11:51:23 +0000
ROA not before:           Mon 29 Jan 2024 11:51:19 +0000
ROA not after:            Thu 29 Jan 2026 11:51:19 +0000
asID:                     21003
IP address blocks:        102.68.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36114AA/86D6E57EBE8F11EE832F4491775412E6/zVIytjxqgymQyGcHy3Ob3ATbmlk.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36114AA/86D6E57EBE8F11EE832F4491775412E6/zVIytjxqgymQyGcHy3Ob3ATbmlk.mft
                          rsync://rpki.afrinic.net/repository/afrinic/zVIytjxqgymQyGcHy3Ob3ATbmlk.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Tue 04 Jun 2024 00:04:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 12 (0xc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36114AAAF/serialNumber=CD5232B63C6A832990C86707CB739BDC04DB9A59
        Validity
            Not Before: Jan 29 11:51:19 2024 GMT
            Not After : Jan 29 11:51:19 2026 GMT
        Subject: CN=65b7913b-4b2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:d0:d1:61:5b:28:80:5c:c4:d5:f2:37:66:af:
                    ee:8d:17:39:81:b1:6b:ae:d0:09:9b:f6:f8:1f:dd:
                    d7:ac:76:d8:ce:d1:c7:fb:40:20:46:e4:51:df:4d:
                    d9:03:c7:0a:3c:79:5e:0b:cc:60:04:e5:ba:f3:91:
                    ff:1a:c4:b0:f9:86:5f:f8:f9:6a:84:0d:83:0c:94:
                    6e:1f:85:a1:c1:9d:5a:13:cd:88:59:4b:0c:18:ca:
                    e5:3a:41:34:21:35:10:27:60:95:af:fc:21:39:12:
                    8e:33:e0:b6:20:06:05:90:a3:9f:4b:80:2b:91:5f:
                    2b:f1:c7:6e:06:4f:c3:27:f0:b8:7c:fc:19:52:34:
                    28:02:f2:65:f4:f0:6d:88:0a:26:c1:4a:4c:ca:d7:
                    2a:2b:60:9c:ff:4f:c0:0a:24:54:89:0e:4d:69:d0:
                    c4:16:af:6c:7b:54:11:7a:8e:dc:6d:ef:4d:c6:8e:
                    b4:c0:46:98:4e:98:24:67:df:f5:aa:21:52:a8:f5:
                    d1:82:b7:d9:2d:59:58:17:42:6e:41:f1:70:4a:c8:
                    7e:aa:12:bf:8b:e7:7f:47:73:a8:a2:cb:64:6a:74:
                    ee:63:86:36:a1:08:fd:eb:82:db:2b:7b:6f:42:53:
                    87:37:68:50:8b:e7:1c:89:c6:21:28:65:5a:ce:a2:
                    9b:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:9D:E6:FA:21:77:3E:21:5A:96:70:C7:C5:D0:FB:DB:FC:D6:96:26
            X509v3 Authority Key Identifier:
                keyid:CD:52:32:B6:3C:6A:83:29:90:C8:67:07:CB:73:9B:DC:04:DB:9A:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36114AA/86D6E57EBE8F11EE832F4491775412E6/zVIytjxqgymQyGcHy3Ob3ATbmlk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/zVIytjxqgymQyGcHy3Ob3ATbmlk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36114AA/86D6E57EBE8F11EE832F4491775412E6/B931C400BE9C11EEA0A534A7775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.68.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:6a:76:a2:40:2b:77:b2:91:b7:c1:04:f2:4c:9d:d3:d8:84:
         bb:4b:96:a2:5b:9e:0b:10:51:da:8b:70:66:17:dd:a9:d3:5b:
         22:85:9a:07:87:75:c1:aa:7d:cf:ac:f3:cf:b3:22:a9:02:bb:
         90:ae:24:8b:dc:d4:ff:aa:8c:ba:25:f7:c6:d6:07:b2:6c:9e:
         47:f0:1a:b3:62:c1:da:57:51:95:a1:d2:43:5b:b5:f4:ac:0d:
         23:cc:c6:81:d5:ec:37:89:ab:44:86:2e:f9:0f:b2:a9:57:74:
         17:43:b0:26:62:b1:1d:ed:dc:0a:2f:2f:07:f8:16:e8:cc:11:
         ee:fa:f8:13:73:96:9a:7e:bc:2d:11:eb:d3:9d:63:c8:a8:f9:
         02:b8:5a:50:da:bc:af:43:f2:71:6f:33:e3:49:b6:00:b3:ae:
         27:6c:86:f8:40:61:03:46:26:fb:6d:91:f8:13:95:19:0d:67:
         12:d9:f7:d1:7f:fe:d3:0e:43:96:91:fa:12:46:15:67:f5:1e:
         e7:5c:20:d5:e8:30:c2:ca:49:8e:ab:be:51:f8:ca:8c:d1:f3:
         bc:1a:e8:b2:15:23:a2:ab:9f:fc:fe:b9:ce:17:c4:c4:8e:18:
         4c:70:68:00:67:0c:99:12:0f:10:3c:53:ad:ab:27:a7:eb:c1:
         d9:78:44:e2
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBDDANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzYx
MTRBQUFGMTEwLwYDVQQFEyhDRDUyMzJCNjNDNkE4MzI5OTBDODY3MDdDQjczOUJE
QzA0REI5QTU5MB4XDTI0MDEyOTExNTExOVoXDTI2MDEyOTExNTExOVowGDEWMBQG
A1UEAxMNNjViNzkxM2ItNGIyZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM7Q0WFbKIBcxNXyN2av7o0XOYGxa67QCZv2+B/d16x22M7Rx/tAIEbkUd9N
2QPHCjx5XgvMYATluvOR/xrEsPmGX/j5aoQNgwyUbh+FocGdWhPNiFlLDBjK5TpB
NCE1ECdgla/8ITkSjjPgtiAGBZCjn0uAK5FfK/HHbgZPwyfwuHz8GVI0KALyZfTw
bYgKJsFKTMrXKitgnP9PwAokVIkOTWnQxBavbHtUEXqO3G3vTcaOtMBGmE6YJGff
9aohUqj10YK32S1ZWBdCbkHxcErIfqoSv4vnf0dzqKLLZGp07mOGNqEI/euC2yt7
b0JThzdoUIvnHInGIShlWs6im2UCAwEAAaOCAqUwggKhMB0GA1UdDgQWBBSzneb6
IXc+IVqWcMfF0Pvb/NaWJjAfBgNVHSMEGDAWgBTNUjK2PGqDKZDIZwfLc5vcBNua
WTAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2MTE0QUEvODZENkU1N0VCRThGMTFFRTgzMkY0NDkxNzc1NDEyRTYvelZJeXRq
eHFneW1ReUdjSHkzT2IzQVRibWxrLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvelZJeXRqeHFneW1ReUdjSHkzT2IzQVRibWxrLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2MTE0QUEvODZENkU1N0VCRThGMTFFRTgzMkY0NDkxNzc1
NDEyRTYvQjkzMUM0MDBCRTlDMTFFRUEwQTUzNEE3Nzc1NDEyRTYucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAGZEhTANBgkqhkiG9w0BAQsF
AAOCAQEAd2p2okArd7KRt8EE8kyd09iEu0uWolueCxBR2otwZhfdqdNbIoWaB4d1
wap9z6zzz7MiqQK7kK4ki9zU/6qMuiX3xtYHsmyeR/Aas2LB2ldRlaHSQ1u19KwN
I8zGgdXsN4mrRIYu+Q+yqVd0F0OwJmKxHe3cCi8vB/gW6MwR7vr4E3OWmn68LRHr
051jyKj5ArhaUNq8r0PycW8z40m2ALOuJ2yG+EBhA0Ym+22R+BOVGQ1nEtn30X/+
0w5DlpH6EkYVZ/Ue51wg1egwwspJjqu+UfjKjNHzvBroshUjoquf/P65zhfExI4Y
THBoAGcMmRIPEDxTrasnp+vB2XhE4g==
-----END CERTIFICATE-----