Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F362B8A8/B5C94E4C9C2511EBAD78FF53F8AEA228/98E14F269EA711EBBE0A593EF8AEA228.roa
File:                     98E14F269EA711EBBE0A593EF8AEA228.roa (raw, json)
Hash identifier:          FZ26ySvv3oron31W1iao0hhqAh46EM14zvc7xYlbQnc=
Subject key identifier:   8F:5F:00:72:07:0D:3D:10:B9:7D:92:E4:D7:E3:7B:48:16:96:88:48
Certificate issuer:       /CN=F362B8A8AF/serialNumber=DF376480DCF07A1B7AD164DE64A3EA215F247541
Certificate serial:       05
Authority key identifier: DF:37:64:80:DC:F0:7A:1B:7A:D1:64:DE:64:A3:EA:21:5F:24:75:41
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/3zdkgNzweht60WTeZKPqIV8kdUE.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F362B8A8/B5C94E4C9C2511EBAD78FF53F8AEA228/98E14F269EA711EBBE0A593EF8AEA228.roa
Signing time:             Fri 16 Apr 2021 11:33:43 +0000
ROA not before:           Fri 16 Apr 2021 11:33:37 +0000
ROA not after:            Wed 16 Apr 2031 11:33:37 +0000
asID:                     37053
IP address blocks:        41.79.156.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F362B8A8/B5C94E4C9C2511EBAD78FF53F8AEA228/3zdkgNzweht60WTeZKPqIV8kdUE.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F362B8A8/B5C94E4C9C2511EBAD78FF53F8AEA228/3zdkgNzweht60WTeZKPqIV8kdUE.mft
                          rsync://rpki.afrinic.net/repository/afrinic/3zdkgNzweht60WTeZKPqIV8kdUE.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Fri 26 Apr 2024 00:05:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5 (0x5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F362B8A8AF/serialNumber=DF376480DCF07A1B7AD164DE64A3EA215F247541
        Validity
            Not Before: Apr 16 11:33:37 2021 GMT
            Not After : Apr 16 11:33:37 2031 GMT
        Subject: CN=60797617-ba0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:92:63:bd:24:57:e6:fe:4b:e3:a9:ac:48:16:
                    96:23:03:66:13:c7:36:99:9e:6a:18:4e:f7:09:17:
                    9b:4b:d5:aa:00:66:c3:f9:56:a0:69:06:d8:ac:6a:
                    4e:88:38:7e:21:be:c0:18:e9:d7:70:3c:28:de:30:
                    8c:0c:97:03:2c:74:82:3f:c1:81:a1:df:4a:d4:bd:
                    8b:93:40:d0:f6:3d:b6:c9:29:5b:11:53:a7:16:39:
                    0a:8e:41:a0:7a:20:3e:84:32:35:03:a3:31:ba:ab:
                    92:1f:38:c2:c6:ca:4d:e9:97:20:ee:f7:a1:30:8b:
                    ae:11:5a:17:d1:c3:53:ca:6e:14:e7:3f:01:c4:8f:
                    23:63:58:02:c3:2e:02:e6:4d:d1:20:91:f7:ff:95:
                    c3:53:ad:19:fd:16:6d:47:f3:0f:3a:34:3a:9d:b8:
                    c3:58:b0:e4:68:6c:1f:42:de:78:f2:9a:ab:83:e2:
                    79:51:fd:b8:4c:eb:6b:58:b3:52:e6:3e:4b:26:b3:
                    47:0b:f1:b9:a8:8d:66:7e:04:d6:a8:5a:1f:d9:2e:
                    c3:83:e4:f1:7f:87:c2:4c:5f:07:42:24:be:c0:14:
                    5c:01:83:4e:56:88:b9:da:b5:60:ad:80:14:22:f4:
                    c1:b4:c8:51:d6:97:61:ac:86:0f:4f:22:b2:4d:46:
                    99:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:5F:00:72:07:0D:3D:10:B9:7D:92:E4:D7:E3:7B:48:16:96:88:48
            X509v3 Authority Key Identifier:
                keyid:DF:37:64:80:DC:F0:7A:1B:7A:D1:64:DE:64:A3:EA:21:5F:24:75:41

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F362B8A8/B5C94E4C9C2511EBAD78FF53F8AEA228/3zdkgNzweht60WTeZKPqIV8kdUE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/3zdkgNzweht60WTeZKPqIV8kdUE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F362B8A8/B5C94E4C9C2511EBAD78FF53F8AEA228/98E14F269EA711EBBE0A593EF8AEA228.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  41.79.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a2:63:e3:65:7d:cd:a4:8e:be:0d:f9:00:64:e9:ef:fa:75:56:
         4f:9c:f0:3b:b2:87:20:89:6f:f4:23:88:a2:28:71:9a:c0:16:
         56:f0:ac:65:70:dd:a4:01:10:0d:33:23:bd:e2:ba:e6:ec:5e:
         15:20:1b:b3:58:84:50:9a:1e:70:58:c1:17:09:ec:94:d8:39:
         d4:94:4d:20:7e:89:ad:cc:0a:0c:ae:b9:c9:ff:b3:f0:a5:d1:
         3b:ae:36:9f:32:78:fb:b3:d7:47:35:14:8f:71:50:f3:c4:2d:
         fe:40:b6:df:f6:8c:50:64:a3:84:76:76:58:07:e3:62:0f:ed:
         da:3d:45:32:8d:12:e4:6d:f8:f0:2f:95:55:a1:59:0d:6b:52:
         60:0d:3b:f5:29:29:d7:90:f1:9b:a9:91:02:a3:06:5e:b7:92:
         bc:4b:d3:4e:3d:20:12:de:fd:71:41:50:39:3d:35:de:12:ae:
         0a:e7:82:79:71:85:69:8c:65:be:c7:d2:12:6a:93:4d:4a:a2:
         38:ef:d4:10:53:56:24:74:b8:c8:48:19:45:41:fc:b3:67:e3:
         97:7f:55:7c:39:c1:f7:e5:a4:47:cd:91:8f:a2:61:b4:cb:da:
         af:f9:41:ff:ad:c5:9b:97:66:eb:1c:86:ca:08:0a:0e:ef:1a:
         05:29:c6:45
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzYy
QjhBOEFGMTEwLwYDVQQFEyhERjM3NjQ4MERDRjA3QTFCN0FEMTY0REU2NEEzRUEy
MTVGMjQ3NTQxMB4XDTIxMDQxNjExMzMzN1oXDTMxMDQxNjExMzMzN1owGDEWMBQG
A1UEAxMNNjA3OTc2MTctYmEwYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKKSY70kV+b+S+OprEgWliMDZhPHNpmeahhO9wkXm0vVqgBmw/lWoGkG2Kxq
Tog4fiG+wBjp13A8KN4wjAyXAyx0gj/BgaHfStS9i5NA0PY9tskpWxFTpxY5Co5B
oHogPoQyNQOjMbqrkh84wsbKTemXIO73oTCLrhFaF9HDU8puFOc/AcSPI2NYAsMu
AuZN0SCR9/+Vw1OtGf0WbUfzDzo0Op24w1iw5GhsH0LeePKaq4PieVH9uEzra1iz
UuY+SyazRwvxuaiNZn4E1qhaH9kuw4Pk8X+HwkxfB0IkvsAUXAGDTlaIudq1YK2A
FCL0wbTIUdaXYayGD08isk1GmV0CAwEAAaOCAqUwggKhMB0GA1UdDgQWBBSPXwBy
Bw09ELl9kuTX43tIFpaISDAfBgNVHSMEGDAWgBTfN2SA3PB6G3rRZN5ko+ohXyR1
QTAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2MkI4QTgvQjVDOTRFNEM5QzI1MTFFQkFENzhGRjUzRjhBRUEyMjgvM3pka2dO
endlaHQ2MFdUZVpLUHFJVjhrZFVFLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvM3pka2dOendlaHQ2MFdUZVpLUHFJVjhrZFVFLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2MkI4QTgvQjVDOTRFNEM5QzI1MTFFQkFENzhGRjUzRjhB
RUEyMjgvOThFMTRGMjY5RUE3MTFFQkJFMEE1OTNFRjhBRUEyMjgucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAilPnDANBgkqhkiG9w0BAQsF
AAOCAQEAomPjZX3NpI6+DfkAZOnv+nVWT5zwO7KHIIlv9COIoihxmsAWVvCsZXDd
pAEQDTMjveK65uxeFSAbs1iEUJoecFjBFwnslNg51JRNIH6JrcwKDK65yf+z8KXR
O642nzJ4+7PXRzUUj3FQ88Qt/kC23/aMUGSjhHZ2WAfjYg/t2j1FMo0S5G348C+V
VaFZDWtSYA079Skp15Dxm6mRAqMGXreSvEvTTj0gEt79cUFQOT013hKuCueCeXGF
aYxlvsfSEmqTTUqiOO/UEFNWJHS4yEgZRUH8s2fjl39VfDnB9+WkR82Rj6JhtMva
r/lB/63Fm5dm6xyGyggKDu8aBSnGRQ==
-----END CERTIFICATE-----