Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36217DF/54BDBB24E93811EF998A6679762E951A/12C71FFA414211F08D0BA2A9DAE4EC9C.roa
File:                     12C71FFA414211F08D0BA2A9DAE4EC9C.roa (raw, json)
Hash identifier:          L0xlt1TQw2jjAYhdxTaR7ffVXvpBJOWHJHDBNeBUdlQ=
Subject key identifier:   0D:8E:8A:6F:FF:A9:21:0E:9D:20:80:0B:0A:8C:AA:4D:A8:A2:99:CD
Certificate issuer:       /CN=F36217DFAF/serialNumber=384F6A3D0C8A91C5F2DF37A11F5A7B9C525BEE16
Certificate serial:       79
Authority key identifier: 38:4F:6A:3D:0C:8A:91:C5:F2:DF:37:A1:1F:5A:7B:9C:52:5B:EE:16
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/OE9qPQyKkcXy3zehH1p7nFJb7hY.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36217DF/54BDBB24E93811EF998A6679762E951A/12C71FFA414211F08D0BA2A9DAE4EC9C.roa
Signing time:             Wed 04 Jun 2025 12:47:29 +0000
ROA not before:           Wed 04 Jun 2025 12:47:24 +0000
ROA not after:            Wed 17 Jun 2026 12:47:24 +0000
asID:                     44592
IP address blocks:        102.134.28.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36217DF/54BDBB24E93811EF998A6679762E951A/OE9qPQyKkcXy3zehH1p7nFJb7hY.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36217DF/54BDBB24E93811EF998A6679762E951A/OE9qPQyKkcXy3zehH1p7nFJb7hY.mft
                          rsync://rpki.afrinic.net/repository/afrinic/OE9qPQyKkcXy3zehH1p7nFJb7hY.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 08 Jun 2025 00:06:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 121 (0x79)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36217DFAF, serialNumber=384F6A3D0C8A91C5F2DF37A11F5A7B9C525BEE16
        Validity
            Not Before: Jun  4 12:47:24 2025 GMT
            Not After : Jun 17 12:47:24 2026 GMT
        Subject: CN=68404061-19fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:e1:a3:18:ce:57:cf:a1:dc:98:50:08:48:c7:
                    1b:64:82:45:39:50:88:56:fb:d9:ba:43:ac:59:64:
                    3c:f6:76:51:2a:08:2b:dc:e6:bb:46:a8:db:f2:c4:
                    c3:68:52:e0:26:d5:8c:ec:f4:18:ba:39:9e:c2:06:
                    c2:2f:4c:fd:01:17:4c:20:64:cb:79:42:74:97:96:
                    a1:97:54:1a:7b:d7:d2:f7:1f:2f:30:13:09:31:e7:
                    be:b2:31:1b:96:9e:f2:b9:85:5e:33:5d:71:0b:6c:
                    3a:d2:d6:93:d1:6b:9d:ab:aa:7b:6e:bb:97:73:f9:
                    8d:89:57:50:e0:4b:5d:57:9c:43:95:05:63:84:4f:
                    29:e5:e9:93:55:d7:22:43:71:72:3d:b1:0b:92:30:
                    aa:7a:c1:49:63:f4:f6:97:e6:aa:36:9f:87:f4:a0:
                    e6:7b:78:84:fd:62:27:e4:0e:b8:01:d9:92:14:3e:
                    3a:d5:2e:b0:db:55:00:a4:7b:29:3a:8d:09:38:62:
                    50:66:7d:7a:e3:da:e1:4c:2b:16:da:fe:cc:c9:82:
                    1f:d3:8e:de:20:99:75:b8:f5:e3:dd:c1:ab:a0:50:
                    8d:7b:fa:0d:fe:bd:9c:e4:ff:91:20:6e:78:f8:08:
                    34:91:a7:60:de:76:50:f4:73:62:e6:07:35:11:6d:
                    c2:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:8E:8A:6F:FF:A9:21:0E:9D:20:80:0B:0A:8C:AA:4D:A8:A2:99:CD
            X509v3 Authority Key Identifier:
                keyid:38:4F:6A:3D:0C:8A:91:C5:F2:DF:37:A1:1F:5A:7B:9C:52:5B:EE:16

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36217DF/54BDBB24E93811EF998A6679762E951A/OE9qPQyKkcXy3zehH1p7nFJb7hY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/OE9qPQyKkcXy3zehH1p7nFJb7hY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36217DF/54BDBB24E93811EF998A6679762E951A/12C71FFA414211F08D0BA2A9DAE4EC9C.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.134.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:7a:7e:85:f7:5b:98:66:58:7c:a9:f8:46:ec:bc:78:f9:b1:
         56:e5:4a:4c:34:bf:11:f4:63:4f:14:c3:17:39:47:f8:cb:80:
         c9:cc:19:aa:82:63:7b:fe:e5:fe:28:03:7c:4a:3a:e4:cc:bd:
         2a:6c:bd:5b:ce:ec:65:c0:5c:d5:0a:b4:5e:9b:8f:89:6e:a1:
         de:08:ec:d8:8d:7c:1a:19:e3:c9:eb:61:ba:16:72:a6:58:d8:
         a6:cd:ca:d5:80:95:11:ab:4d:7e:d7:d8:f0:77:9e:2f:32:56:
         9f:b7:19:c5:1d:b6:ae:f7:42:15:10:5c:cd:73:4d:20:18:2f:
         c0:1e:74:58:a5:a9:9c:94:82:9e:c0:63:05:4a:8e:88:43:6e:
         af:7a:7b:31:ab:2c:65:a1:c1:cc:80:07:b2:af:f5:30:48:a7:
         48:82:d6:7f:26:5f:43:bf:a8:bf:b5:6b:b8:34:6d:d5:25:e0:
         fe:0c:4e:c4:5e:0f:22:97:26:15:be:82:b3:dd:15:94:c9:27:
         77:f7:98:90:7f:17:4d:ae:42:c4:5a:00:8e:ba:e2:a7:e2:f3:
         36:fa:14:eb:ef:9b:15:09:1d:c8:7a:c8:61:8d:c3:74:de:e6:
         5f:10:a4:c3:81:26:49:77:d7:87:ae:e2:9d:a4:8c:1c:a3:cd:
         47:0f:f2:d3
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBeTANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzYy
MTdERkFGMTEwLwYDVQQFEygzODRGNkEzRDBDOEE5MUM1RjJERjM3QTExRjVBN0I5
QzUyNUJFRTE2MB4XDTI1MDYwNDEyNDcyNFoXDTI2MDYxNzEyNDcyNFowGDEWMBQG
A1UEAxMNNjg0MDQwNjEtMTlmZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMHhoxjOV8+h3JhQCEjHG2SCRTlQiFb72bpDrFlkPPZ2USoIK9zmu0ao2/LE
w2hS4CbVjOz0GLo5nsIGwi9M/QEXTCBky3lCdJeWoZdUGnvX0vcfLzATCTHnvrIx
G5ae8rmFXjNdcQtsOtLWk9Frnauqe267l3P5jYlXUOBLXVecQ5UFY4RPKeXpk1XX
IkNxcj2xC5IwqnrBSWP09pfmqjafh/Sg5nt4hP1iJ+QOuAHZkhQ+OtUusNtVAKR7
KTqNCThiUGZ9euPa4UwrFtr+zMmCH9OO3iCZdbj1493Bq6BQjXv6Df69nOT/kSBu
ePgINJGnYN52UPRzYuYHNRFtwjkCAwEAAaOCAqUwggKhMB0GA1UdDgQWBBQNjopv
/6khDp0ggAsKjKpNqKKZzTAfBgNVHSMEGDAWgBQ4T2o9DIqRxfLfN6EfWnucUlvu
FjAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2MjE3REYvNTRCREJCMjRFOTM4MTFFRjk5OEE2Njc5NzYyRTk1MUEvT0U5cVBR
eUtrY1h5M3plaEgxcDduRkpiN2hZLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvT0U5cVBReUtrY1h5M3plaEgxcDduRkpiN2hZLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2MjE3REYvNTRCREJCMjRFOTM4MTFFRjk5OEE2Njc5NzYy
RTk1MUEvMTJDNzFGRkE0MTQyMTFGMDhEMEJBMkE5REFFNEVDOUMucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAmaGHDANBgkqhkiG9w0BAQsF
AAOCAQEAFnp+hfdbmGZYfKn4Ruy8ePmxVuVKTDS/EfRjTxTDFzlH+MuAycwZqoJj
e/7l/igDfEo65My9Kmy9W87sZcBc1Qq0XpuPiW6h3gjs2I18GhnjyethuhZypljY
ps3K1YCVEatNftfY8HeeLzJWn7cZxR22rvdCFRBczXNNIBgvwB50WKWpnJSCnsBj
BUqOiENur3p7MassZaHBzIAHsq/1MEinSILWfyZfQ7+ov7VruDRt1SXg/gxOxF4P
IpcmFb6Cs90VlMknd/eYkH8XTa5CxFoAjrrip+LzNvoU6++bFQkdyHrIYY3DdN7m
XxCkw4EmSXfXh67inaSMHKPNRw/y0w==
-----END CERTIFICATE-----