Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3625A15/92C3CE082ECD11E980230320F8AEA228/B785A0A892A611EEAC80BD72D25BE465.roa
File:                     B785A0A892A611EEAC80BD72D25BE465.roa (raw, json)
Hash identifier:          0EcQiKXcB6upVmjNjOVseGG+e+e/Qe8GkvIuWAlYYX0=
Subject key identifier:   0B:BA:60:62:BD:24:68:FB:7F:4E:EB:23:9B:65:3D:A6:CF:A7:1C:66
Certificate issuer:       /CN=F3625A15AF/serialNumber=08D2C54E7B51CBC73434DD00605145122F1ACB67
Certificate serial:       0708
Authority key identifier: 08:D2:C5:4E:7B:51:CB:C7:34:34:DD:00:60:51:45:12:2F:1A:CB:67
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/CNLFTntRy8c0NN0AYFFFEi8ay2c.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3625A15/92C3CE082ECD11E980230320F8AEA228/B785A0A892A611EEAC80BD72D25BE465.roa
Signing time:             Mon 04 Dec 2023 13:12:04 +0000
ROA not before:           Mon 04 Dec 2023 13:12:00 +0000
ROA not after:            Sat 31 Dec 2033 13:12:00 +0000
asID:                     328434
IP address blocks:        102.68.40.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3625A15/92C3CE082ECD11E980230320F8AEA228/CNLFTntRy8c0NN0AYFFFEi8ay2c.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3625A15/92C3CE082ECD11E980230320F8AEA228/CNLFTntRy8c0NN0AYFFFEi8ay2c.mft
                          rsync://rpki.afrinic.net/repository/afrinic/CNLFTntRy8c0NN0AYFFFEi8ay2c.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1800 (0x708)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3625A15AF/serialNumber=08D2C54E7B51CBC73434DD00605145122F1ACB67
        Validity
            Not Before: Dec  4 13:12:00 2023 GMT
            Not After : Dec 31 13:12:00 2033 GMT
        Subject: CN=656dd024-28ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:ce:06:96:b8:66:8a:85:c7:6f:ea:42:e6:6f:
                    2f:ed:28:ec:0b:d0:a7:ff:02:98:41:77:93:f3:00:
                    c6:43:ba:4a:c2:85:d5:83:40:8f:43:9b:cd:a4:3a:
                    95:48:a5:8e:98:8f:2d:bf:b3:a3:b8:9a:8a:f2:77:
                    8e:3b:d5:fa:98:a3:a0:e6:dd:60:a0:ff:1b:59:91:
                    da:1d:21:7a:93:b0:32:7a:59:60:1b:52:8d:0e:89:
                    16:07:5c:ae:0b:fa:6c:90:9e:9b:e0:b3:22:82:68:
                    b5:db:5c:20:2f:5b:7a:f2:11:a1:b2:08:a8:2c:23:
                    57:c9:58:25:9f:56:c9:b6:e3:17:cb:db:7c:a8:f4:
                    7e:32:df:78:a2:b2:52:56:c1:94:4b:a8:a9:9f:07:
                    c8:45:5c:00:fd:de:9e:40:35:5a:27:82:ce:0c:68:
                    77:0c:2f:8e:97:10:fb:c8:5d:ce:64:17:b0:9d:cf:
                    19:50:d0:06:04:92:ad:f5:b7:52:ca:68:c5:54:2d:
                    29:88:89:e7:82:10:3c:c3:c8:84:65:7a:f8:15:ee:
                    95:ec:90:83:a0:aa:e3:fe:52:3a:cd:bb:79:2b:7a:
                    fb:22:86:ae:e9:8c:15:20:1e:f3:99:41:39:fe:96:
                    31:ae:75:ef:10:89:55:64:d9:4d:dd:c1:bf:3d:5b:
                    c1:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:BA:60:62:BD:24:68:FB:7F:4E:EB:23:9B:65:3D:A6:CF:A7:1C:66
            X509v3 Authority Key Identifier:
                keyid:08:D2:C5:4E:7B:51:CB:C7:34:34:DD:00:60:51:45:12:2F:1A:CB:67

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3625A15/92C3CE082ECD11E980230320F8AEA228/CNLFTntRy8c0NN0AYFFFEi8ay2c.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/CNLFTntRy8c0NN0AYFFFEi8ay2c.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3625A15/92C3CE082ECD11E980230320F8AEA228/B785A0A892A611EEAC80BD72D25BE465.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.68.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         c6:64:f2:43:0d:b6:88:7c:db:90:ec:02:94:77:ea:88:67:a2:
         6b:5e:75:c0:b7:38:a4:b0:ed:f2:83:68:a1:25:c6:11:d1:b7:
         56:b0:54:36:6a:cb:a1:d3:d6:36:0b:ad:73:b8:70:3f:73:71:
         42:0d:d1:23:27:4e:c2:c9:05:97:71:ea:cc:f6:dd:9d:66:bb:
         fe:40:31:ee:d1:5c:33:b7:e3:50:58:d8:dd:41:87:fb:d1:7f:
         b2:91:d1:29:36:a3:7a:a1:42:73:f4:02:21:a4:18:6c:12:c0:
         e3:74:03:36:87:c8:53:c1:8b:c0:5d:01:6f:54:08:ef:8d:97:
         ec:a0:56:dd:f3:c1:62:70:9f:5f:da:c9:5e:11:04:84:ce:20:
         6d:55:00:7d:cd:ef:61:c8:ec:e7:c3:fa:cb:0f:b6:c3:81:50:
         42:33:da:cc:7b:3d:50:f3:a3:ab:31:05:fc:4a:a5:41:0d:2a:
         14:f6:77:bc:9a:31:22:05:40:a7:6f:43:26:b7:e7:4b:60:19:
         86:ed:d4:2a:8a:8f:5b:49:7d:9b:bc:62:4f:b2:d1:9f:f7:4c:
         e0:84:33:aa:88:b2:20:82:46:34:f5:64:4b:b4:66:de:6a:f4:
         31:b6:55:fd:5f:2d:cf:7b:07:22:8d:26:5e:49:d6:d6:e5:92:
         04:61:ed:76
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICBwgwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAwwKRjM2
MjVBMTVBRjExMC8GA1UEBRMoMDhEMkM1NEU3QjUxQ0JDNzM0MzRERDAwNjA1MTQ1
MTIyRjFBQ0I2NzAeFw0yMzEyMDQxMzEyMDBaFw0zMzEyMzExMzEyMDBaMBgxFjAU
BgNVBAMTDTY1NmRkMDI0LTI4YWMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDUzgaWuGaKhcdv6kLmby/tKOwL0Kf/AphBd5PzAMZDukrChdWDQI9Dm82k
OpVIpY6Yjy2/s6O4moryd4471fqYo6Dm3WCg/xtZkdodIXqTsDJ6WWAbUo0OiRYH
XK4L+myQnpvgsyKCaLXbXCAvW3ryEaGyCKgsI1fJWCWfVsm24xfL23yo9H4y33ii
slJWwZRLqKmfB8hFXAD93p5ANVongs4MaHcML46XEPvIXc5kF7CdzxlQ0AYEkq31
t1LKaMVULSmIieeCEDzDyIRlevgV7pXskIOgquP+UjrNu3krevsihq7pjBUgHvOZ
QTn+ljGude8QiVVk2U3dwb89W8HRAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQUC7pg
Yr0kaPt/Tusjm2U9ps+nHGYwHwYDVR0jBBgwFoAUCNLFTntRy8c0NN0AYFFFEi8a
y2cwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjI1QTE1LzkyQzNDRTA4MkVDRDExRTk4MDIzMDMyMEY4QUVBMjI4L0NOTEZU
bnRSeThjME5OMEFZRkZGRWk4YXkyYy5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL0NOTEZUbnRSeThjME5OMEFZRkZGRWk4YXkyYy5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjI1QTE1LzkyQzNDRTA4MkVDRDExRTk4MDIzMDMyMEY4
QUVBMjI4L0I3ODVBMEE4OTJBNjExRUVBQzgwQkQ3MkQyNUJFNDY1LnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBANmRCgwDQYJKoZIhvcNAQEL
BQADggEBAMZk8kMNtoh825DsApR36ohnomtedcC3OKSw7fKDaKElxhHRt1awVDZq
y6HT1jYLrXO4cD9zcUIN0SMnTsLJBZdx6sz23Z1mu/5AMe7RXDO341BY2N1Bh/vR
f7KR0Sk2o3qhQnP0AiGkGGwSwON0AzaHyFPBi8BdAW9UCO+Nl+ygVt3zwWJwn1/a
yV4RBITOIG1VAH3N72HI7OfD+ssPtsOBUEIz2sx7PVDzo6sxBfxKpUENKhT2d7ya
MSIFQKdvQya350tgGYbt1CqKj1tJfZu8Yk+y0Z/3TOCEM6qIsiCCRjT1ZEu0Zt5q
9DG2Vf1fLc97ByKNJl5J1tblkgRh7XY=
-----END CERTIFICATE-----