Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3636185/6EFD78B6270911ECAF80DC7BD8A014CE/8569FFFEC09311EE82CC19B4775412E6.roa
File:                     8569FFFEC09311EE82CC19B4775412E6.roa (raw, json)
Hash identifier:          qk3Riga7xUPf3FLu17cWPMbk3RmFvo1KiRk9xRM0fy8=
Subject key identifier:   A2:25:DF:EC:0F:FC:A2:DD:06:88:DB:C5:65:9C:B7:B2:35:B1:11:7E
Certificate issuer:       /CN=F3636185AF/serialNumber=EF8798989E4B8FB35946574F7BC7F08E2CF7FE4B
Certificate serial:       037B
Authority key identifier: EF:87:98:98:9E:4B:8F:B3:59:46:57:4F:7B:C7:F0:8E:2C:F7:FE:4B
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/74eYmJ5Lj7NZRldPe8fwjiz3_ks.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3636185/6EFD78B6270911ECAF80DC7BD8A014CE/8569FFFEC09311EE82CC19B4775412E6.roa
Signing time:             Wed 31 Jan 2024 23:50:33 +0000
ROA not before:           Wed 31 Jan 2024 23:50:29 +0000
ROA not after:            Sun 31 Jan 2027 23:50:29 +0000
asID:                     22822
IP address blocks:        41.63.64.0/18 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3636185/6EFD78B6270911ECAF80DC7BD8A014CE/74eYmJ5Lj7NZRldPe8fwjiz3_ks.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3636185/6EFD78B6270911ECAF80DC7BD8A014CE/74eYmJ5Lj7NZRldPe8fwjiz3_ks.mft
                          rsync://rpki.afrinic.net/repository/afrinic/74eYmJ5Lj7NZRldPe8fwjiz3_ks.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Tue 18 Feb 2025 00:06:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 891 (0x37b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3636185AF
        Validity
            Not Before: Jan 31 23:50:29 2024 GMT
            Not After : Jan 31 23:50:29 2027 GMT
        Subject: CN=65badcc8-83a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e2:ee:cb:51:c7:a5:f4:8c:2e:02:c8:f5:e3:
                    6f:5d:a5:3e:54:e6:04:3c:77:8f:15:bf:03:67:4a:
                    46:b8:af:a0:f3:1a:ed:f8:37:12:27:8b:aa:91:43:
                    c2:f5:6e:6e:33:39:52:8a:a2:75:90:be:c4:6f:00:
                    93:68:a3:01:7e:b6:b9:0c:36:db:5f:0f:8c:10:da:
                    f7:d2:e2:40:04:e3:a6:dc:62:92:d2:b1:1b:2a:0d:
                    62:f9:da:fd:a7:1e:0e:f4:d0:6e:9b:d4:54:37:b7:
                    4b:9d:e2:93:f2:b7:dd:5e:22:fd:9b:3d:73:d1:a0:
                    c3:85:4b:08:ec:63:93:43:f9:8a:b6:19:27:4f:76:
                    65:71:91:eb:92:bb:02:ea:37:1f:ea:98:8b:7d:54:
                    e6:7a:18:f6:69:de:18:ce:e5:51:dd:a9:79:a8:de:
                    dd:57:4e:90:77:27:93:63:9d:f0:a6:c4:31:60:30:
                    ac:c2:b2:34:57:5f:51:2b:97:1a:a4:43:19:57:84:
                    16:cb:a2:97:80:81:d6:b9:31:ff:d4:88:2a:9f:66:
                    c3:9b:1e:67:56:03:55:2b:13:1b:26:36:06:1c:7c:
                    c5:12:23:d4:30:db:dd:33:dc:9e:81:19:dd:d2:1e:
                    0b:2e:b0:48:5f:c1:cd:75:e3:1f:89:c8:39:06:ef:
                    fa:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:25:DF:EC:0F:FC:A2:DD:06:88:DB:C5:65:9C:B7:B2:35:B1:11:7E
            X509v3 Authority Key Identifier:
                keyid:EF:87:98:98:9E:4B:8F:B3:59:46:57:4F:7B:C7:F0:8E:2C:F7:FE:4B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3636185/6EFD78B6270911ECAF80DC7BD8A014CE/74eYmJ5Lj7NZRldPe8fwjiz3_ks.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/74eYmJ5Lj7NZRldPe8fwjiz3_ks.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3636185/6EFD78B6270911ECAF80DC7BD8A014CE/8569FFFEC09311EE82CC19B4775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  41.63.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         6a:62:a3:4f:0e:2e:ac:57:ce:14:14:20:90:05:58:cd:00:79:
         4d:07:58:98:c8:d7:7e:6c:41:ad:1f:a2:e7:05:11:c9:86:76:
         9f:01:a7:55:71:0b:db:00:33:c3:78:04:96:c0:36:64:dc:92:
         b6:00:90:1d:43:a6:34:76:b9:9c:07:a2:63:aa:61:d0:c9:0b:
         12:27:55:13:97:28:8d:f7:0c:10:e8:17:74:c6:55:b2:81:d1:
         c9:54:e2:77:7b:a0:76:06:00:a1:e9:37:50:4e:71:c6:39:61:
         e7:81:69:38:6b:df:03:95:25:17:01:9c:c9:b8:e6:e6:7a:0c:
         9e:d9:91:78:25:57:c9:13:93:1a:63:ca:e4:f5:60:01:1f:2a:
         41:a3:2e:e7:c7:32:6d:4e:d3:8a:37:36:d5:d6:64:14:44:c2:
         9e:d0:47:98:b3:bc:10:a4:01:07:86:28:2d:4c:29:66:c3:ed:
         a5:20:78:24:13:41:ab:60:8e:d6:14:c7:4c:03:23:44:5d:62:
         89:81:5e:cc:74:c2:c9:32:ad:4d:34:e3:84:08:44:2d:fd:af:
         3e:99:16:c0:ab:c7:1b:22:91:98:b3:37:46:a7:77:cb:f2:a1:
         df:43:da:2a:34:53:67:f1:58:7b:6c:94:f7:5d:a3:ab:24:88:
         f0:ab:62:1b
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICA3swDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
MzYxODVBRjExMC8GA1UEBRMoRUY4Nzk4OTg5RTRCOEZCMzU5NDY1NzRGN0JDN0Yw
OEUyQ0Y3RkU0QjAeFw0yNDAxMzEyMzUwMjlaFw0yNzAxMzEyMzUwMjlaMBgxFjAU
BgNVBAMTDTY1YmFkY2M4LTgzYTMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC+4u7LUcel9IwuAsj1429dpT5U5gQ8d48VvwNnSka4r6DzGu34NxIni6qR
Q8L1bm4zOVKKonWQvsRvAJNoowF+trkMNttfD4wQ2vfS4kAE46bcYpLSsRsqDWL5
2v2nHg700G6b1FQ3t0ud4pPyt91eIv2bPXPRoMOFSwjsY5ND+Yq2GSdPdmVxkeuS
uwLqNx/qmIt9VOZ6GPZp3hjO5VHdqXmo3t1XTpB3J5NjnfCmxDFgMKzCsjRXX1Er
lxqkQxlXhBbLopeAgda5Mf/UiCqfZsObHmdWA1UrExsmNgYcfMUSI9Qw290z3J6B
Gd3SHgsusEhfwc114x+JyDkG7/oTAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQUoiXf
7A/8ot0GiNvFZZy3sjWxEX4wHwYDVR0jBBgwFoAU74eYmJ5Lj7NZRldPe8fwjiz3
/kswDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjM2MTg1LzZFRkQ3OEI2MjcwOTExRUNBRjgwREM3QkQ4QTAxNENFLzc0ZVlt
SjVMajdOWlJsZFBlOGZ3aml6M19rcy5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljLzc0ZVltSjVMajdOWlJsZFBlOGZ3aml6M19rcy5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjM2MTg1LzZFRkQ3OEI2MjcwOTExRUNBRjgwREM3QkQ4
QTAxNENFLzg1NjlGRkZFQzA5MzExRUU4MkNDMTlCNDc3NTQxMkU2LnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAYpP0AwDQYJKoZIhvcNAQEL
BQADggEBAGpio08OLqxXzhQUIJAFWM0AeU0HWJjI135sQa0foucFEcmGdp8Bp1Vx
C9sAM8N4BJbANmTckrYAkB1DpjR2uZwHomOqYdDJCxInVROXKI33DBDoF3TGVbKB
0clU4nd7oHYGAKHpN1BOccY5YeeBaThr3wOVJRcBnMm45uZ6DJ7ZkXglV8kTkxpj
yuT1YAEfKkGjLufHMm1O04o3NtXWZBREwp7QR5izvBCkAQeGKC1MKWbD7aUgeCQT
QatgjtYUx0wDI0RdYomBXsx0wskyrU0044QIRC39rz6ZFsCrxxsikZizN0and8vy
od9D2io0U2fxWHtslPddo6skiPCrYhs=
-----END CERTIFICATE-----