Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36406D3/FB643C36876F11E994958B32F8AEA228/E0B7E5C6AE2111E98F04DF3CF8AEA228.roa
File:                     E0B7E5C6AE2111E98F04DF3CF8AEA228.roa (raw, json)
Hash identifier:          DsX+R5lwZz5IbPxYwdbT3HKP4x8lgrMkS5VZBHtyCkQ=
Subject key identifier:   35:71:93:CA:17:40:B5:EC:3F:81:E4:9A:87:53:1B:F8:F6:B9:8C:3F
Certificate issuer:       /CN=F36406D3AF/serialNumber=2AF08D82A5C88A66F005B31C80E8729AE28CD755
Certificate serial:       3A
Authority key identifier: 2A:F0:8D:82:A5:C8:8A:66:F0:05:B3:1C:80:E8:72:9A:E2:8C:D7:55
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/KvCNgqXIimbwBbMcgOhymuKM11U.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36406D3/FB643C36876F11E994958B32F8AEA228/E0B7E5C6AE2111E98F04DF3CF8AEA228.roa
Signing time:             Wed 24 Jul 2019 14:46:54 +0000
ROA not before:           Wed 24 Jul 2019 14:46:49 +0000
ROA not after:            Tue 31 Jul 2029 14:46:49 +0000
asID:                     37159
IP address blocks:        41.78.28.0/22 maxlen: 24
                          2c0f:ea08::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36406D3/FB643C36876F11E994958B32F8AEA228/KvCNgqXIimbwBbMcgOhymuKM11U.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36406D3/FB643C36876F11E994958B32F8AEA228/KvCNgqXIimbwBbMcgOhymuKM11U.mft
                          rsync://rpki.afrinic.net/repository/afrinic/KvCNgqXIimbwBbMcgOhymuKM11U.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Tue 21 May 2024 00:04:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 58 (0x3a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36406D3AF/serialNumber=2AF08D82A5C88A66F005B31C80E8729AE28CD755
        Validity
            Not Before: Jul 24 14:46:49 2019 GMT
            Not After : Jul 31 14:46:49 2029 GMT
        Subject: CN=5d386f5e-8079
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:43:50:b9:95:7f:e1:99:f2:2d:55:2c:67:5f:
                    0a:5b:86:39:3d:40:5c:39:12:2e:d8:44:0e:dc:d4:
                    3c:d1:b8:d6:bd:76:3a:12:4e:02:e4:b0:bc:f2:ea:
                    14:70:4d:c2:e0:35:cc:3e:75:5d:bd:f7:3c:d5:9d:
                    7a:85:3c:fa:21:ad:74:b5:53:a0:17:d9:81:94:23:
                    6f:4b:8e:f4:e8:97:45:5c:a3:e9:48:ce:d2:f9:67:
                    b1:d9:25:75:41:dd:0a:a0:98:a8:1d:6f:a8:96:b9:
                    c0:2d:52:f4:ba:96:dc:c6:54:7f:d5:a1:e2:69:2a:
                    b0:d2:2c:df:20:2a:55:79:9a:f9:96:49:cf:a7:73:
                    cf:8f:5e:f5:74:02:14:26:b3:1e:41:23:d1:0f:32:
                    bb:78:da:09:41:6b:83:0a:2e:72:a3:ba:c4:a1:7b:
                    b3:7f:92:c1:03:21:c0:80:f1:cd:18:eb:8d:4e:7b:
                    39:52:e9:36:37:c1:46:77:e4:7f:bf:7d:5e:75:d3:
                    5f:9e:55:21:b2:b9:a3:c5:d9:fa:b5:b0:c7:ed:ed:
                    48:ed:68:d0:ca:b3:d3:2a:e3:72:d9:64:77:c4:be:
                    03:1b:bd:d4:22:df:15:16:15:94:8d:fe:7c:54:0f:
                    29:e3:34:cb:4e:6c:13:4d:03:2c:30:6f:19:9b:d4:
                    f0:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:71:93:CA:17:40:B5:EC:3F:81:E4:9A:87:53:1B:F8:F6:B9:8C:3F
            X509v3 Authority Key Identifier:
                keyid:2A:F0:8D:82:A5:C8:8A:66:F0:05:B3:1C:80:E8:72:9A:E2:8C:D7:55

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36406D3/FB643C36876F11E994958B32F8AEA228/KvCNgqXIimbwBbMcgOhymuKM11U.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/KvCNgqXIimbwBbMcgOhymuKM11U.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36406D3/FB643C36876F11E994958B32F8AEA228/E0B7E5C6AE2111E98F04DF3CF8AEA228.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  41.78.28.0/22
                IPv6:
                  2c0f:ea08::/32

    Signature Algorithm: sha256WithRSAEncryption
         4d:73:86:58:92:28:88:17:6a:b0:3c:ac:ab:73:9a:72:19:96:
         9e:d8:a0:cd:10:93:45:1c:19:f2:ad:30:d6:54:2b:a2:8e:1e:
         f0:b1:a6:1c:b6:2a:5a:d5:1d:d4:e7:d8:8e:ef:53:2a:1c:6a:
         d2:d4:8e:e6:ff:97:02:7d:e4:2d:31:1a:2e:17:5f:c1:60:bb:
         32:74:eb:94:ed:ac:93:71:15:60:eb:1b:11:9b:18:aa:3d:fd:
         9a:06:30:4b:12:dc:0b:c6:87:30:16:77:bb:b1:07:9c:2c:be:
         c4:b2:cb:f7:e9:c5:3e:df:77:4d:68:e5:f0:71:9d:d6:84:32:
         03:65:07:34:55:a6:9b:19:29:e2:2f:4f:55:1d:be:88:d7:4f:
         e3:6f:4e:bc:08:f4:4b:fe:6d:22:72:40:02:79:f0:26:8b:89:
         b9:3f:a7:c0:d4:66:8e:f0:b9:62:4f:70:3f:cf:0e:66:e3:53:
         7e:e4:82:c5:ba:f2:fb:0f:06:76:4c:0f:44:a4:09:b9:31:b0:
         02:3a:7c:4e:13:ed:ec:f6:8b:20:69:d4:41:9d:a3:58:8f:6c:
         09:fa:c4:53:6e:75:af:16:0a:98:91:d8:bd:d4:a3:a5:3d:e7:
         e5:1d:45:39:5e:a0:23:fa:eb:bd:1e:90:f5:71:cc:19:05:96:
         6d:1f:b0:6d
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgIBOjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzY0
MDZEM0FGMTEwLwYDVQQFEygyQUYwOEQ4MkE1Qzg4QTY2RjAwNUIzMUM4MEU4NzI5
QUUyOENENzU1MB4XDTE5MDcyNDE0NDY0OVoXDTI5MDczMTE0NDY0OVowGDEWMBQG
A1UEAxMNNWQzODZmNWUtODA3OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALpDULmVf+GZ8i1VLGdfCluGOT1AXDkSLthEDtzUPNG41r12OhJOAuSwvPLq
FHBNwuA1zD51Xb33PNWdeoU8+iGtdLVToBfZgZQjb0uO9OiXRVyj6UjO0vlnsdkl
dUHdCqCYqB1vqJa5wC1S9LqW3MZUf9Wh4mkqsNIs3yAqVXma+ZZJz6dzz49e9XQC
FCazHkEj0Q8yu3jaCUFrgwoucqO6xKF7s3+SwQMhwIDxzRjrjU57OVLpNjfBRnfk
f799XnXTX55VIbK5o8XZ+rWwx+3tSO1o0Mqz0yrjctlkd8S+Axu91CLfFRYVlI3+
fFQPKeM0y05sE00DLDBvGZvU8FkCAwEAAaOCAn0wggJ5MB0GA1UdDgQWBBQ1cZPK
F0C17D+B5JqHUxv49rmMPzAfBgNVHSMEGDAWgBQq8I2CpciKZvAFsxyA6HKa4ozX
VTAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2NDA2RDMvRkI2NDNDMzY4NzZGMTFFOTk0OTU4QjMyRjhBRUEyMjgvS3ZDTmdx
WElpbWJ3QmJNY2dPaHltdUtNMTFVLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvS3ZDTmdxWElpbWJ3QmJNY2dPaHltdUtNMTFVLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCBpAYIKwYBBQUHAQsEgZcwgZQwgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2NDA2RDMvRkI2NDNDMzY4NzZGMTFFOTk0OTU4QjMyRjhB
RUEyMjgvRTBCN0U1QzZBRTIxMTFFOThGMDRERjNDRjhBRUEyMjgucm9hMC4GCCsG
AQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCKU4cMA0EAgACMAcDBQAsD+oIMA0GCSqG
SIb3DQEBCwUAA4IBAQBNc4ZYkiiIF2qwPKyrc5pyGZae2KDNEJNFHBnyrTDWVCui
jh7wsaYctipa1R3U59iO71MqHGrS1I7m/5cCfeQtMRouF1/BYLsydOuU7ayTcRVg
6xsRmxiqPf2aBjBLEtwLxocwFne7sQecLL7Essv36cU+33dNaOXwcZ3WhDIDZQc0
VaabGSniL09VHb6I10/jb068CPRL/m0ickACefAmi4m5P6fA1GaO8LliT3A/zw5m
41N+5ILFuvL7DwZ2TA9EpAm5MbACOnxOE+3s9osgadRBnaNYj2wJ+sRTbnWvFgqY
kdi91KOlPeflHUU5XqAj+uu9HpD1ccwZBZZtH7Bt
-----END CERTIFICATE-----