Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3634D22/1D5F7C26047311E580C18A06F8AEA228/6CA06204A12911EDA95084E8F1222468.roa
File:                     6CA06204A12911EDA95084E8F1222468.roa (raw, json)
Hash identifier:          B3MLucWl52HaPisX4myUBfeTvIS+UfC3YFpOg0QZL0c=
Subject key identifier:   8A:F7:97:6C:27:9E:32:C4:6B:43:52:8B:06:54:65:10:25:1E:BC:22
Certificate issuer:       /CN=F3634D22AF/serialNumber=8D01D808E89774543DE22D0DA844378ECEA8BB9B
Certificate serial:       0C34
Authority key identifier: 8D:01:D8:08:E8:97:74:54:3D:E2:2D:0D:A8:44:37:8E:CE:A8:BB:9B
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/jQHYCOiXdFQ94i0NqEQ3js6ou5s.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3634D22/1D5F7C26047311E580C18A06F8AEA228/6CA06204A12911EDA95084E8F1222468.roa
Signing time:             Tue 31 Jan 2023 05:38:01 +0000
ROA not before:           Tue 31 Jan 2023 05:37:57 +0000
ROA not after:            Thu 31 Jan 2030 05:37:57 +0000
asID:                     33764
IP address blocks:        196.216.2.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3634D22/1D5F7C26047311E580C18A06F8AEA228/jQHYCOiXdFQ94i0NqEQ3js6ou5s.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3634D22/1D5F7C26047311E580C18A06F8AEA228/jQHYCOiXdFQ94i0NqEQ3js6ou5s.mft
                          rsync://rpki.afrinic.net/repository/afrinic/jQHYCOiXdFQ94i0NqEQ3js6ou5s.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Mon 03 Jun 2024 00:05:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3124 (0xc34)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3634D22AF/serialNumber=8D01D808E89774543DE22D0DA844378ECEA8BB9B
        Validity
            Not Before: Jan 31 05:37:57 2023 GMT
            Not After : Jan 31 05:37:57 2030 GMT
        Subject: CN=63d8a939-1f2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:73:47:15:4b:9f:7d:69:3c:31:0f:70:3a:b6:
                    c2:19:71:f2:2f:69:0e:73:b9:a3:19:b3:8f:71:a6:
                    71:3e:6c:d1:0a:0e:80:13:f7:d7:e6:d9:2e:29:a9:
                    3c:dd:ae:ba:77:a7:fd:97:b4:d8:77:44:f7:21:46:
                    d6:f0:e7:18:75:04:d3:43:26:ff:68:74:1b:e7:67:
                    55:0d:f6:e0:66:94:ed:41:eb:a1:cd:7d:21:b0:cb:
                    18:63:6a:c2:5b:19:56:f9:0a:ae:d7:ff:54:9f:80:
                    30:9c:e8:dc:74:71:ce:6f:22:7f:fe:9b:a5:05:3c:
                    32:6c:98:73:ff:b3:4f:e0:a5:3e:50:19:68:fb:69:
                    b0:5f:d1:8a:a9:6e:6a:a9:bb:1c:a2:d0:5e:3b:cf:
                    b5:6e:3b:ba:16:e2:f9:75:0c:85:8a:3f:d9:a0:46:
                    76:7d:1e:92:85:85:3a:48:2c:25:c6:08:7a:1b:2f:
                    92:b8:d5:8b:56:08:88:9d:5c:09:95:f7:fa:0b:b9:
                    2e:ba:d0:76:54:bb:cc:da:0c:b2:a9:01:e1:0b:b7:
                    0d:6c:a0:99:1c:4f:36:95:56:d0:36:6e:f3:15:04:
                    e9:ec:5e:0b:1e:75:85:58:a0:3e:54:25:3a:da:dc:
                    cd:25:c1:a0:08:c1:da:83:09:12:be:24:97:cf:c8:
                    f5:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:F7:97:6C:27:9E:32:C4:6B:43:52:8B:06:54:65:10:25:1E:BC:22
            X509v3 Authority Key Identifier:
                keyid:8D:01:D8:08:E8:97:74:54:3D:E2:2D:0D:A8:44:37:8E:CE:A8:BB:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3634D22/1D5F7C26047311E580C18A06F8AEA228/jQHYCOiXdFQ94i0NqEQ3js6ou5s.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/jQHYCOiXdFQ94i0NqEQ3js6ou5s.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3634D22/1D5F7C26047311E580C18A06F8AEA228/6CA06204A12911EDA95084E8F1222468.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  196.216.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         43:85:6a:a8:ea:26:28:ac:57:29:c7:bc:24:37:9c:e8:94:77:
         78:eb:67:ea:3d:ab:fc:2a:cb:49:4a:fe:5a:06:3d:c1:c0:cd:
         84:40:63:d3:06:f3:d9:7e:47:a2:81:91:71:a3:75:82:cc:6c:
         57:a2:3e:9a:03:49:f0:4a:d3:01:da:bf:49:83:33:e5:47:90:
         c7:19:18:98:31:aa:b3:84:e9:96:11:7b:d9:b1:3a:02:8c:96:
         91:66:e2:4d:f3:6d:1f:03:be:e8:cd:80:23:e5:0d:b3:bf:dc:
         be:88:0e:e3:1d:cd:5a:97:90:77:6f:ae:c2:56:a4:8a:68:91:
         a3:a2:1b:40:f3:33:52:9f:61:3b:10:8f:a8:52:b5:8a:cc:72:
         b4:93:91:64:7c:eb:40:b3:37:ba:97:34:ff:e0:bb:eb:fb:8e:
         44:7c:df:17:24:e1:d9:58:0b:cb:b0:25:42:cf:2c:62:6d:47:
         59:20:f1:72:36:27:c0:6e:ff:e0:ec:de:36:cf:cb:f9:19:5e:
         2c:65:08:f0:f4:e6:32:a2:77:5a:5a:62:25:94:69:28:78:89:
         10:a3:36:ec:6f:55:21:5a:ed:c8:f2:91:47:28:1a:f3:a8:8a:
         ce:40:34:22:b1:ca:4c:59:b2:d0:a4:15:40:b5:b2:58:d3:c8:
         97:fa:96:1d
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICDDQwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAwwKRjM2
MzREMjJBRjExMC8GA1UEBRMoOEQwMUQ4MDhFODk3NzQ1NDNERTIyRDBEQTg0NDM3
OEVDRUE4QkI5QjAeFw0yMzAxMzEwNTM3NTdaFw0zMDAxMzEwNTM3NTdaMBgxFjAU
BgNVBAMMDTYzZDhhOTM5LTFmMmIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDGc0cVS599aTwxD3A6tsIZcfIvaQ5zuaMZs49xpnE+bNEKDoAT99fm2S4p
qTzdrrp3p/2XtNh3RPchRtbw5xh1BNNDJv9odBvnZ1UN9uBmlO1B66HNfSGwyxhj
asJbGVb5Cq7X/1SfgDCc6Nx0cc5vIn/+m6UFPDJsmHP/s0/gpT5QGWj7abBf0Yqp
bmqpuxyi0F47z7VuO7oW4vl1DIWKP9mgRnZ9HpKFhTpILCXGCHobL5K41YtWCIid
XAmV9/oLuS660HZUu8zaDLKpAeELtw1soJkcTzaVVtA2bvMVBOnsXgsedYVYoD5U
JTra3M0lwaAIwdqDCRK+JJfPyPXvAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQUiveX
bCeeMsRrQ1KLBlRlECUevCIwHwYDVR0jBBgwFoAUjQHYCOiXdFQ94i0NqEQ3js6o
u5swDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjM0RDIyLzFENUY3QzI2MDQ3MzExRTU4MEMxOEEwNkY4QUVBMjI4L2pRSFlD
T2lYZEZROTRpME5xRVEzanM2b3U1cy5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL2pRSFlDT2lYZEZROTRpME5xRVEzanM2b3U1cy5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjM0RDIyLzFENUY3QzI2MDQ3MzExRTU4MEMxOEEwNkY4
QUVBMjI4LzZDQTA2MjA0QTEyOTExRURBOTUwODRFOEYxMjIyNDY4LnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHE2AIwDQYJKoZIhvcNAQEL
BQADggEBAEOFaqjqJiisVynHvCQ3nOiUd3jrZ+o9q/wqy0lK/loGPcHAzYRAY9MG
89l+R6KBkXGjdYLMbFeiPpoDSfBK0wHav0mDM+VHkMcZGJgxqrOE6ZYRe9mxOgKM
lpFm4k3zbR8DvujNgCPlDbO/3L6IDuMdzVqXkHdvrsJWpIpokaOiG0DzM1KfYTsQ
j6hStYrMcrSTkWR860CzN7qXNP/gu+v7jkR83xck4dlYC8uwJULPLGJtR1kg8XI2
J8Bu/+Ds3jbPy/kZXixlCPD05jKid1paYiWUaSh4iRCjNuxvVSFa7cjykUcoGvOo
is5ANCKxykxZstCkFUC1sljTyJf6lh0=
-----END CERTIFICATE-----