Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F363DCF2/A18531B6DCBE11EFBE2B50BB762E951A/3C8225CEE70B11EF90C4C54E762E951A.roa
File:                     3C8225CEE70B11EF90C4C54E762E951A.roa (raw, json)
Hash identifier:          P1nsqXHVMhuhOX4+8Nj0hA2BUkP4xrW40MPYyOSP7Sg=
Subject key identifier:   8E:67:52:89:C3:59:3D:BC:28:EB:69:89:62:AB:48:38:B2:52:66:CC
Certificate issuer:       /CN=F363DCF2AR/serialNumber=C4BBCDEF9DC7E68F9184C80C08718C206EDDF70B
Certificate serial:       31
Authority key identifier: C4:BB:CD:EF:9D:C7:E6:8F:91:84:C8:0C:08:71:8C:20:6E:DD:F7:0B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/xLvN753H5o-RhMgMCHGMIG7d9ws.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F363DCF2/A18531B6DCBE11EFBE2B50BB762E951A/3C8225CEE70B11EF90C4C54E762E951A.roa
Signing time:             Sun 09 Feb 2025 17:28:12 +0000
ROA not before:           Sun 09 Feb 2025 17:28:07 +0000
ROA not after:            Mon 31 Dec 2035 17:28:07 +0000
asID:                     30992
IP address blocks:        129.0.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F363DCF2/A18531B6DCBE11EFBE2B50BB762E951A/xLvN753H5o-RhMgMCHGMIG7d9ws.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F363DCF2/A18531B6DCBE11EFBE2B50BB762E951A/xLvN753H5o-RhMgMCHGMIG7d9ws.mft
                          rsync://rpki.afrinic.net/repository/arin/xLvN753H5o-RhMgMCHGMIG7d9ws.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Mon 14 Apr 2025 00:26:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 49 (0x31)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F363DCF2AR, serialNumber=C4BBCDEF9DC7E68F9184C80C08718C206EDDF70B
        Validity
            Not Before: Feb  9 17:28:07 2025 GMT
            Not After : Dec 31 17:28:07 2035 GMT
        Subject: CN=67a8e5ac-2136
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:95:1e:a1:a6:24:cf:a2:9f:d9:46:84:a5:72:
                    00:7e:db:c6:b6:4c:8b:1b:21:b4:48:87:9e:06:d4:
                    26:1b:33:f5:51:44:f6:37:b7:b8:b6:64:18:3f:8a:
                    56:e5:65:13:2d:e8:54:54:eb:b1:0d:58:08:d7:d8:
                    a5:4d:f9:a4:22:42:53:d0:5c:43:5b:f5:9c:bd:64:
                    40:42:a7:1e:c0:b2:03:c3:e0:cf:37:f0:3c:7b:b0:
                    19:2b:f7:99:57:11:c1:68:a4:0b:ce:5e:c9:c0:a6:
                    89:9e:fc:30:62:5c:5b:62:66:5a:af:04:1b:c5:9a:
                    9c:42:a8:2e:ca:62:45:8d:a7:18:22:28:47:c5:74:
                    87:86:a0:4c:dc:da:e5:e7:97:9d:93:1d:f6:9e:b5:
                    56:17:f4:72:64:82:e7:36:32:b4:16:df:99:db:51:
                    aa:78:fd:14:c6:ca:8d:97:02:92:b6:76:a3:a7:99:
                    61:ce:94:6f:79:af:02:1a:d0:90:d3:7f:e7:ee:c6:
                    92:a5:3d:95:63:75:12:89:6b:78:14:bb:a3:7b:5c:
                    8e:a9:50:63:9a:07:e0:c0:a3:75:7a:8b:f1:ea:ac:
                    e8:9f:e4:27:25:ae:93:ad:c0:b5:46:ba:72:c0:c5:
                    62:30:af:c3:e5:13:84:ca:7c:42:de:c0:c4:01:2f:
                    da:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:67:52:89:C3:59:3D:BC:28:EB:69:89:62:AB:48:38:B2:52:66:CC
            X509v3 Authority Key Identifier:
                keyid:C4:BB:CD:EF:9D:C7:E6:8F:91:84:C8:0C:08:71:8C:20:6E:DD:F7:0B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F363DCF2/A18531B6DCBE11EFBE2B50BB762E951A/xLvN753H5o-RhMgMCHGMIG7d9ws.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/xLvN753H5o-RhMgMCHGMIG7d9ws.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F363DCF2/A18531B6DCBE11EFBE2B50BB762E951A/3C8225CEE70B11EF90C4C54E762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.0.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         88:88:8f:28:64:64:62:50:b9:03:6a:4d:36:1f:37:16:f3:e6:
         22:e8:7f:5c:c9:eb:28:e4:44:98:1e:00:2f:6f:0f:dd:1b:95:
         e6:b5:e2:c7:f4:5d:4e:8d:49:dd:b0:ba:59:84:47:41:5a:91:
         16:17:20:11:9d:68:98:5a:63:8e:43:3a:6a:77:54:75:9d:0a:
         73:95:3e:c9:54:f3:10:da:38:32:d4:26:ec:12:6f:0d:4d:03:
         fc:bf:07:1b:72:b0:53:c3:16:1c:7f:8d:c2:0c:72:4d:a4:0b:
         be:96:d9:13:a1:7c:9f:e4:ab:ae:7d:06:54:41:eb:83:d2:4a:
         6d:e4:18:72:89:11:aa:4f:a9:34:d2:d9:0d:7b:07:66:55:a9:
         fb:3c:75:aa:a8:56:f1:1b:ca:dc:a8:81:1c:a6:86:a4:50:94:
         e1:0a:8d:3c:e8:de:58:65:64:94:e2:97:8a:f6:ca:39:ca:49:
         a4:49:df:39:39:e0:6e:d7:fd:db:8e:9f:28:ce:b3:97:d9:ef:
         51:92:8e:51:50:33:0d:23:96:13:ed:b6:66:52:a7:c8:88:2f:
         ec:41:c7:fa:e4:e6:ca:b4:f5:d8:03:f1:79:fa:78:e9:a0:a3:
         59:cb:4d:8e:d0:7a:38:33:65:8c:77:46:1e:68:62:c3:18:53:
         95:88:da:a8
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgIBMTANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzYz
RENGMkFSMTEwLwYDVQQFEyhDNEJCQ0RFRjlEQzdFNjhGOTE4NEM4MEMwODcxOEMy
MDZFRERGNzBCMB4XDTI1MDIwOTE3MjgwN1oXDTM1MTIzMTE3MjgwN1owGDEWMBQG
A1UEAxMNNjdhOGU1YWMtMjEzNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMqVHqGmJM+in9lGhKVyAH7bxrZMixshtEiHngbUJhsz9VFE9je3uLZkGD+K
VuVlEy3oVFTrsQ1YCNfYpU35pCJCU9BcQ1v1nL1kQEKnHsCyA8PgzzfwPHuwGSv3
mVcRwWikC85eycCmiZ78MGJcW2JmWq8EG8WanEKoLspiRY2nGCIoR8V0h4agTNza
5eeXnZMd9p61Vhf0cmSC5zYytBbfmdtRqnj9FMbKjZcCkrZ2o6eZYc6Ub3mvAhrQ
kNN/5+7GkqU9lWN1EolreBS7o3tcjqlQY5oH4MCjdXqL8eqs6J/kJyWuk63AtUa6
csDFYjCvw+UThMp8Qt7AxAEv2ncCAwEAAaOCAqEwggKdMB0GA1UdDgQWBBSOZ1KJ
w1k9vCjraYliq0g4slJmzDAfBgNVHSMEGDAWgBTEu83vncfmj5GEyAwIcYwgbt33
CzAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2M0RDRjIvQTE4NTMxQjZEQ0JFMTFFRkJFMkI1MEJCNzYyRTk1MUEveEx2Tjc1
M0g1by1SaE1nTUNIR01JRzdkOXdzLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2FyaW4v
eEx2Tjc1M0g1by1SaE1nTUNIR01JRzdkOXdzLmNlcjBPBgNVHSABAf8ERTBDMEEG
CCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmljLm5l
dC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUFBzAL
hoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3Jl
cG9zaXRvcnkvRjM2M0RDRjIvQTE4NTMxQjZEQ0JFMTFFRkJFMkI1MEJCNzYyRTk1
MUEvM0M4MjI1Q0VFNzBCMTFFRjkwQzRDNTRFNzYyRTk1MUEucm9hMDUGCCsGAQUF
BzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAe
BggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAIEAMA0GCSqGSIb3DQEBCwUAA4IB
AQCIiI8oZGRiULkDak02HzcW8+Yi6H9cyeso5ESYHgAvbw/dG5XmteLH9F1OjUnd
sLpZhEdBWpEWFyARnWiYWmOOQzpqd1R1nQpzlT7JVPMQ2jgy1CbsEm8NTQP8vwcb
crBTwxYcf43CDHJNpAu+ltkToXyf5KuufQZUQeuD0kpt5BhyiRGqT6k00tkNewdm
Van7PHWqqFbxG8rcqIEcpoakUJThCo086N5YZWSU4peK9so5ykmkSd85OeBu1/3b
jp8ozrOX2e9Rko5RUDMNI5YT7bZmUqfIiC/sQcf65ObKtPXYA/F5+njpoKNZy02O
0Ho4M2WMd0YeaGLDGFOViNqo
-----END CERTIFICATE-----