Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F362B8A8/B5C94E4C9C2511EBAD78FF53F8AEA228/50E626B29EAA11EB86172E42F8AEA228.roa
File:                     50E626B29EAA11EB86172E42F8AEA228.roa (raw, json)
Hash identifier:          mLDh441cHpoJvemUeR9tMVJFEiDMnH7uLyDeQGJi6ek=
Subject key identifier:   AE:25:1F:CE:6B:06:2D:AB:B5:E1:EC:A1:05:03:A8:34:31:BC:53:6A
Certificate issuer:       /CN=F362B8A8AF/serialNumber=DF376480DCF07A1B7AD164DE64A3EA215F247541
Certificate serial:       0E
Authority key identifier: DF:37:64:80:DC:F0:7A:1B:7A:D1:64:DE:64:A3:EA:21:5F:24:75:41
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/3zdkgNzweht60WTeZKPqIV8kdUE.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F362B8A8/B5C94E4C9C2511EBAD78FF53F8AEA228/50E626B29EAA11EB86172E42F8AEA228.roa
Signing time:             Fri 16 Apr 2021 11:53:11 +0000
ROA not before:           Fri 16 Apr 2021 11:53:05 +0000
ROA not after:            Wed 16 Apr 2031 11:53:05 +0000
asID:                     37053
IP address blocks:        41.71.0.0/17 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F362B8A8/B5C94E4C9C2511EBAD78FF53F8AEA228/3zdkgNzweht60WTeZKPqIV8kdUE.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F362B8A8/B5C94E4C9C2511EBAD78FF53F8AEA228/3zdkgNzweht60WTeZKPqIV8kdUE.mft
                          rsync://rpki.afrinic.net/repository/afrinic/3zdkgNzweht60WTeZKPqIV8kdUE.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Mon 22 Apr 2024 00:04:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14 (0xe)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F362B8A8AF/serialNumber=DF376480DCF07A1B7AD164DE64A3EA215F247541
        Validity
            Not Before: Apr 16 11:53:05 2021 GMT
            Not After : Apr 16 11:53:05 2031 GMT
        Subject: CN=60797aa7-07e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:fc:5c:c0:b3:a4:9a:9f:15:9f:fc:ae:bf:54:
                    db:4b:06:2c:78:8a:27:94:56:78:91:28:d7:98:39:
                    67:4b:20:24:b1:ea:d1:00:88:a6:ba:b5:bd:81:f8:
                    a4:43:64:dc:22:fb:bd:86:3e:88:a6:f7:aa:9f:c8:
                    d3:5f:cb:03:bd:3f:bc:28:d5:5a:c8:f8:b4:11:87:
                    4c:d8:b5:03:98:dd:5d:e4:f6:76:92:cc:3c:e4:74:
                    9e:83:3b:4c:2c:63:64:15:aa:bd:cf:8b:00:fc:00:
                    04:ce:81:03:87:68:f3:49:b1:51:94:ef:55:40:fb:
                    88:01:7b:a3:48:79:ab:66:e0:cc:87:51:3d:61:de:
                    0c:14:ef:6e:ad:29:fd:f9:16:b8:f9:af:4e:99:13:
                    92:b5:db:ec:d9:23:b9:e6:e7:79:d6:8b:12:77:67:
                    b1:62:82:f0:d4:70:00:e2:cd:a3:28:ef:ac:ea:50:
                    71:b8:34:1f:40:24:6e:32:61:30:fb:c0:b2:6a:96:
                    d5:94:0d:c2:14:1b:79:ed:48:4b:10:cd:e5:be:0d:
                    01:c3:bb:db:2a:25:3c:67:9d:92:81:99:10:e3:0a:
                    e1:8d:97:c6:03:32:23:9d:f3:b0:72:db:55:3a:d8:
                    15:96:90:c0:05:ea:25:6f:f8:cd:13:de:09:6d:01:
                    4f:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:25:1F:CE:6B:06:2D:AB:B5:E1:EC:A1:05:03:A8:34:31:BC:53:6A
            X509v3 Authority Key Identifier:
                keyid:DF:37:64:80:DC:F0:7A:1B:7A:D1:64:DE:64:A3:EA:21:5F:24:75:41

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F362B8A8/B5C94E4C9C2511EBAD78FF53F8AEA228/3zdkgNzweht60WTeZKPqIV8kdUE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/3zdkgNzweht60WTeZKPqIV8kdUE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F362B8A8/B5C94E4C9C2511EBAD78FF53F8AEA228/50E626B29EAA11EB86172E42F8AEA228.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  41.71.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         27:82:1b:32:d3:90:8d:df:45:5e:ac:38:9f:72:ee:4e:9a:b2:
         94:16:ca:66:fd:b9:f1:97:de:d7:a7:42:62:a3:bc:f9:6c:f3:
         23:04:f5:12:a4:8e:05:ae:7e:37:e1:1c:13:97:df:8e:2c:b0:
         c6:0c:e6:23:9d:e3:9f:66:aa:7a:d1:c8:9c:7c:d1:c4:8b:f2:
         95:fe:fc:98:25:8e:5f:65:1f:0d:39:7a:ad:08:d5:a3:43:c6:
         fa:7b:e6:2a:61:74:61:2f:b2:7d:b1:9d:2c:a1:6f:1d:6e:31:
         ec:62:3c:21:4f:9f:0d:3f:bc:b0:78:b1:90:90:a2:42:c9:9d:
         e6:ba:87:26:d4:18:1e:e7:df:f4:82:c9:ca:80:3e:98:51:f7:
         35:cf:90:cc:17:34:7c:3e:c5:af:ca:86:87:f8:35:2a:3e:ff:
         be:83:aa:ef:c0:71:3b:ee:1d:56:a2:51:c3:cc:a6:00:70:f2:
         8a:3b:65:3f:3b:b9:d1:ba:a6:47:6c:e2:4e:ea:cb:3d:6d:48:
         0c:fe:86:b6:45:ed:08:27:48:1e:3e:0f:d5:a7:65:84:c2:62:
         9f:23:25:a7:79:88:4f:71:30:f6:a8:ff:ee:64:fe:58:c3:b1:
         31:0b:d3:5e:67:73:b6:e2:f7:38:b2:7b:a0:12:f6:69:e3:dd:
         05:70:14:7b
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBDjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzYy
QjhBOEFGMTEwLwYDVQQFEyhERjM3NjQ4MERDRjA3QTFCN0FEMTY0REU2NEEzRUEy
MTVGMjQ3NTQxMB4XDTIxMDQxNjExNTMwNVoXDTMxMDQxNjExNTMwNVowGDEWMBQG
A1UEAxMNNjA3OTdhYTctMDdlNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKP8XMCzpJqfFZ/8rr9U20sGLHiKJ5RWeJEo15g5Z0sgJLHq0QCIprq1vYH4
pENk3CL7vYY+iKb3qp/I01/LA70/vCjVWsj4tBGHTNi1A5jdXeT2dpLMPOR0noM7
TCxjZBWqvc+LAPwABM6BA4do80mxUZTvVUD7iAF7o0h5q2bgzIdRPWHeDBTvbq0p
/fkWuPmvTpkTkrXb7NkjuebnedaLEndnsWKC8NRwAOLNoyjvrOpQcbg0H0AkbjJh
MPvAsmqW1ZQNwhQbee1ISxDN5b4NAcO72yolPGedkoGZEOMK4Y2XxgMyI53zsHLb
VTrYFZaQwAXqJW/4zRPeCW0BT+kCAwEAAaOCAqUwggKhMB0GA1UdDgQWBBSuJR/O
awYtq7Xh7KEFA6g0MbxTajAfBgNVHSMEGDAWgBTfN2SA3PB6G3rRZN5ko+ohXyR1
QTAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2MkI4QTgvQjVDOTRFNEM5QzI1MTFFQkFENzhGRjUzRjhBRUEyMjgvM3pka2dO
endlaHQ2MFdUZVpLUHFJVjhrZFVFLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvM3pka2dOendlaHQ2MFdUZVpLUHFJVjhrZFVFLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2MkI4QTgvQjVDOTRFNEM5QzI1MTFFQkFENzhGRjUzRjhB
RUEyMjgvNTBFNjI2QjI5RUFBMTFFQjg2MTcyRTQyRjhBRUEyMjgucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBylHADANBgkqhkiG9w0BAQsF
AAOCAQEAJ4IbMtOQjd9FXqw4n3LuTpqylBbKZv258Zfe16dCYqO8+WzzIwT1EqSO
Ba5+N+EcE5ffjiywxgzmI53jn2aqetHInHzRxIvylf78mCWOX2UfDTl6rQjVo0PG
+nvmKmF0YS+yfbGdLKFvHW4x7GI8IU+fDT+8sHixkJCiQsmd5rqHJtQYHuff9ILJ
yoA+mFH3Nc+QzBc0fD7Fr8qGh/g1Kj7/voOq78BxO+4dVqJRw8ymAHDyijtlPzu5
0bqmR2ziTurLPW1IDP6GtkXtCCdIHj4P1adlhMJinyMlp3mIT3Ew9qj/7mT+WMOx
MQvTXmdztuL3OLJ7oBL2aePdBXAUew==
-----END CERTIFICATE-----