Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F364321A/2F1373BEBCDA11EDACA5CAAFF1222468/42C4F012BA9B11EEBDCEFB54775412E6.roa
File:                     42C4F012BA9B11EEBDCEFB54775412E6.roa (raw, json)
Hash identifier:          LHh0dqYgf1/pnnPDpPBdW0FbS5GdfTwmf0K8VHAbqwo=
Subject key identifier:   99:00:6B:F1:AB:29:EC:76:96:DF:A2:EB:C6:AD:81:E7:41:C0:99:BE
Certificate issuer:       /CN=F364321AAF/serialNumber=3DA3DDAE4FD574BDFADB2FE7524D5D303741352C
Certificate serial:       015A
Authority key identifier: 3D:A3:DD:AE:4F:D5:74:BD:FA:DB:2F:E7:52:4D:5D:30:37:41:35:2C
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/PaPdrk_VdL362y_nUk1dMDdBNSw.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F364321A/2F1373BEBCDA11EDACA5CAAFF1222468/42C4F012BA9B11EEBDCEFB54775412E6.roa
Signing time:             Wed 24 Jan 2024 09:30:50 +0000
ROA not before:           Wed 24 Jan 2024 09:30:46 +0000
ROA not after:            Thu 24 Jan 2030 09:30:46 +0000
asID:                     202023
IP address blocks:        2c0f:3781:2110::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F364321A/2F1373BEBCDA11EDACA5CAAFF1222468/PaPdrk_VdL362y_nUk1dMDdBNSw.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F364321A/2F1373BEBCDA11EDACA5CAAFF1222468/PaPdrk_VdL362y_nUk1dMDdBNSw.mft
                          rsync://rpki.afrinic.net/repository/afrinic/PaPdrk_VdL362y_nUk1dMDdBNSw.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sat 25 May 2024 00:04:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 346 (0x15a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F364321AAF/serialNumber=3DA3DDAE4FD574BDFADB2FE7524D5D303741352C
        Validity
            Not Before: Jan 24 09:30:46 2024 GMT
            Not After : Jan 24 09:30:46 2030 GMT
        Subject: CN=65b0d8ca-cb46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c4:1f:f3:f6:35:c3:05:07:87:d2:85:76:d5:
                    bd:74:44:db:f7:4a:50:16:c2:34:81:ec:92:30:56:
                    53:47:dc:ca:4b:58:4b:69:b2:1a:57:1a:41:90:f7:
                    ea:bc:92:19:9a:d0:0a:eb:fd:c4:11:62:59:e2:92:
                    e7:d6:64:23:1c:6c:e3:b0:66:8b:f2:28:da:13:70:
                    1d:25:f4:6e:23:a4:1f:70:c3:17:b7:e7:fc:0f:77:
                    a6:68:5e:90:c5:2e:17:b3:7a:01:d2:77:52:25:0a:
                    32:50:27:60:30:2c:bd:b1:64:a6:68:c1:82:40:7c:
                    a9:92:38:f4:b5:4c:f8:10:bc:e6:d2:0f:6e:b7:1e:
                    2c:84:fa:1a:b3:7e:d4:05:10:fe:ae:c7:e2:58:fc:
                    cc:9d:57:14:b8:7d:1e:4c:18:04:51:1f:f9:52:f2:
                    a9:e5:50:76:f6:a9:64:78:ce:50:96:17:6a:32:5f:
                    32:d8:be:ea:b6:ac:8f:ed:f5:3f:dd:83:35:d3:59:
                    ec:a5:e7:b0:3b:f2:20:dd:42:7b:e7:28:80:f4:a6:
                    c2:13:55:cd:8f:5c:5b:0b:a8:3c:15:ac:99:39:b9:
                    37:e6:fa:b2:5a:fa:98:45:9e:c7:76:db:bc:f6:83:
                    8a:7b:12:8b:61:11:82:97:38:6a:fa:37:50:ee:24:
                    04:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:00:6B:F1:AB:29:EC:76:96:DF:A2:EB:C6:AD:81:E7:41:C0:99:BE
            X509v3 Authority Key Identifier:
                keyid:3D:A3:DD:AE:4F:D5:74:BD:FA:DB:2F:E7:52:4D:5D:30:37:41:35:2C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F364321A/2F1373BEBCDA11EDACA5CAAFF1222468/PaPdrk_VdL362y_nUk1dMDdBNSw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/PaPdrk_VdL362y_nUk1dMDdBNSw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F364321A/2F1373BEBCDA11EDACA5CAAFF1222468/42C4F012BA9B11EEBDCEFB54775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2c0f:3781:2110::/44

    Signature Algorithm: sha256WithRSAEncryption
         2b:2a:35:a4:11:16:4e:a4:6c:71:69:eb:3c:0e:e9:45:7d:80:
         cf:a8:48:ed:3e:d6:27:d5:35:12:c2:a9:ca:12:1b:b5:e7:d5:
         a1:06:97:26:73:a4:13:7b:18:e7:38:7a:c8:1d:1e:f3:63:db:
         50:cc:ba:c1:eb:e6:ef:2e:76:ae:f2:4c:76:eb:2c:5a:d1:9d:
         0c:16:3f:9c:ec:e8:bb:ed:4c:81:51:70:ee:fe:ce:81:09:f9:
         6d:95:76:a5:cc:42:0c:0b:0e:2a:77:7a:ae:f3:25:85:57:8d:
         b1:d3:09:36:5e:19:2c:21:fc:ca:31:63:8e:a4:2c:95:75:5f:
         c3:2b:04:8d:2e:8e:9b:f1:16:8c:38:80:6e:8c:af:3a:0f:0e:
         6a:8e:6e:e5:e1:a0:56:e5:f6:b2:68:3f:f6:63:56:c6:25:66:
         02:f4:de:e9:3c:26:84:aa:14:bb:f6:a9:02:72:6f:59:d9:d8:
         77:87:ea:bc:2b:cf:fe:d1:2e:86:af:f4:99:d0:3a:ed:71:22:
         5b:ab:82:7f:8f:ac:1e:7a:84:a4:8b:72:6b:db:7e:56:fe:42:
         e1:23:98:d0:10:9c:78:20:d9:60:fc:63:c8:5d:6f:29:9c:32:
         50:f3:85:75:50:d1:ca:b7:b0:c5:01:25:13:72:d0:96:04:ae:
         17:8f:15:ac
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICAVowDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
NDMyMUFBRjExMC8GA1UEBRMoM0RBM0REQUU0RkQ1NzRCREZBREIyRkU3NTI0RDVE
MzAzNzQxMzUyQzAeFw0yNDAxMjQwOTMwNDZaFw0zMDAxMjQwOTMwNDZaMBgxFjAU
BgNVBAMTDTY1YjBkOGNhLWNiNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCkxB/z9jXDBQeH0oV21b10RNv3SlAWwjSB7JIwVlNH3MpLWEtpshpXGkGQ
9+q8khma0Arr/cQRYlnikufWZCMcbOOwZovyKNoTcB0l9G4jpB9wwxe35/wPd6Zo
XpDFLhezegHSd1IlCjJQJ2AwLL2xZKZowYJAfKmSOPS1TPgQvObSD263HiyE+hqz
ftQFEP6ux+JY/MydVxS4fR5MGARRH/lS8qnlUHb2qWR4zlCWF2oyXzLYvuq2rI/t
9T/dgzXTWeyl57A78iDdQnvnKID0psITVc2PXFsLqDwVrJk5uTfm+rJa+phFnsd2
27z2g4p7EothEYKXOGr6N1DuJAThAgMBAAGjggKoMIICpDAdBgNVHQ4EFgQUmQBr
8asp7HaW36Lrxq2B50HAmb4wHwYDVR0jBBgwFoAUPaPdrk/VdL362y/nUk1dMDdB
NSwwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjQzMjFBLzJGMTM3M0JFQkNEQTExRURBQ0E1Q0FBRkYxMjIyNDY4L1BhUGRy
a19WZEwzNjJ5X25VazFkTURkQk5Tdy5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL1BhUGRya19WZEwzNjJ5X25VazFkTURkQk5Tdy5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjQzMjFBLzJGMTM3M0JFQkNEQTExRURBQ0E1Q0FBRkYx
MjIyNDY4LzQyQzRGMDEyQkE5QjExRUVCRENFRkI1NDc3NTQxMkU2LnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwQsDzeBIRAwDQYJKoZIhvcN
AQELBQADggEBACsqNaQRFk6kbHFp6zwO6UV9gM+oSO0+1ifVNRLCqcoSG7Xn1aEG
lyZzpBN7GOc4esgdHvNj21DMusHr5u8udq7yTHbrLFrRnQwWP5zs6LvtTIFRcO7+
zoEJ+W2VdqXMQgwLDip3eq7zJYVXjbHTCTZeGSwh/MoxY46kLJV1X8MrBI0ujpvx
Fow4gG6MrzoPDmqObuXhoFbl9rJoP/ZjVsYlZgL03uk8JoSqFLv2qQJyb1nZ2HeH
6rwrz/7RLoav9JnQOu1xIlurgn+PrB56hKSLcmvbflb+QuEjmNAQnHgg2WD8Y8hd
bymcMlDzhXVQ0cq3sMUBJRNy0JYErhePFaw=
-----END CERTIFICATE-----