Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3656177/8F51AB8E83BF11E681ABEC37F8AEA228/B638C7E6C8C711E997C29757F8AEA228.roa
File:                     B638C7E6C8C711E997C29757F8AEA228.roa (raw, json)
Hash identifier:          EisbOpC1Y+D87WQCpz01JdeRv1C7VPmD55bEQs7AK5Y=
Subject key identifier:   3A:6E:30:F6:FE:74:3E:D1:5E:36:28:C3:F3:68:8A:93:35:4D:4D:48
Certificate issuer:       /CN=F3656177AF/serialNumber=0117FF36507BEFA29BDF6E1DE7C8D530A49EA4E3
Certificate serial:       043F
Authority key identifier: 01:17:FF:36:50:7B:EF:A2:9B:DF:6E:1D:E7:C8:D5:30:A4:9E:A4:E3
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/ARf_NlB776Kb324d58jVMKSepOM.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3656177/8F51AB8E83BF11E681ABEC37F8AEA228/B638C7E6C8C711E997C29757F8AEA228.roa
Signing time:             Tue 27 Aug 2019 12:39:30 +0000
ROA not before:           Tue 27 Aug 2019 12:39:25 +0000
ROA not after:            Mon 27 Aug 2029 12:39:25 +0000
asID:                     328032
IP address blocks:        2c0f:f238:8000::/33 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3656177/8F51AB8E83BF11E681ABEC37F8AEA228/ARf_NlB776Kb324d58jVMKSepOM.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3656177/8F51AB8E83BF11E681ABEC37F8AEA228/ARf_NlB776Kb324d58jVMKSepOM.mft
                          rsync://rpki.afrinic.net/repository/afrinic/ARf_NlB776Kb324d58jVMKSepOM.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sat 27 Apr 2024 00:04:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1087 (0x43f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3656177AF/serialNumber=0117FF36507BEFA29BDF6E1DE7C8D530A49EA4E3
        Validity
            Not Before: Aug 27 12:39:25 2019 GMT
            Not After : Aug 27 12:39:25 2029 GMT
        Subject: CN=5d652481-7cd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:8b:e5:6f:b1:e3:df:32:8f:4d:9a:82:6a:e9:
                    76:9f:fa:21:44:45:02:5b:7d:45:dd:e2:8b:04:2d:
                    82:6f:90:cb:5c:b8:c6:35:db:7c:1b:cb:b1:ae:64:
                    93:d8:d9:04:7f:64:3b:e1:09:b9:59:e3:c1:53:24:
                    e6:41:28:ef:42:aa:7b:d1:4d:33:1b:6b:78:2a:ea:
                    43:15:42:00:c9:9a:b4:c8:6b:c8:f2:ce:fd:55:0a:
                    19:e3:8a:f3:5b:1a:63:03:83:7c:07:d4:a0:3d:c5:
                    75:af:a5:e8:9f:f2:91:f9:64:b9:f0:3a:15:78:37:
                    04:d4:52:57:94:c3:4e:06:5f:27:cb:db:81:9b:dd:
                    1e:6b:eb:60:4b:2c:5b:a7:35:f0:d7:17:1d:aa:b2:
                    f4:f0:a4:f5:86:b6:1a:95:d5:e6:77:ae:73:b4:c1:
                    c9:61:8a:90:8c:27:8d:02:eb:5b:b8:39:8e:0f:19:
                    d6:a1:24:d0:48:54:bb:a9:12:39:12:71:b4:aa:4d:
                    d2:5c:88:4c:7b:2c:0b:1d:47:30:28:ff:92:b3:88:
                    9c:3b:3d:a1:9c:1c:70:3c:06:20:c2:bf:19:09:3a:
                    f9:73:6d:4d:7c:79:b9:32:28:67:76:41:0b:2b:17:
                    3d:10:68:09:de:c5:ae:62:b9:53:8a:4a:cf:68:b7:
                    9b:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:6E:30:F6:FE:74:3E:D1:5E:36:28:C3:F3:68:8A:93:35:4D:4D:48
            X509v3 Authority Key Identifier:
                keyid:01:17:FF:36:50:7B:EF:A2:9B:DF:6E:1D:E7:C8:D5:30:A4:9E:A4:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3656177/8F51AB8E83BF11E681ABEC37F8AEA228/ARf_NlB776Kb324d58jVMKSepOM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/ARf_NlB776Kb324d58jVMKSepOM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3656177/8F51AB8E83BF11E681ABEC37F8AEA228/B638C7E6C8C711E997C29757F8AEA228.roa

            sbgp-ipAddrBlock: critical
                IPv6:
                  2c0f:f238:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         59:3b:7b:e4:8b:76:00:31:04:81:58:10:5c:b9:ea:db:94:7f:
         10:22:a1:38:9f:2c:85:51:52:09:c0:c2:1e:f7:05:5a:96:48:
         7d:0c:de:51:78:fa:62:db:74:20:f3:dd:79:ac:fa:2f:ca:92:
         9a:85:a4:f1:43:a2:37:5c:e7:ba:50:8d:a8:29:77:13:c6:2f:
         64:36:7e:70:92:2b:28:50:67:77:df:94:ec:71:16:f6:f1:85:
         1f:df:72:bb:11:ab:01:b5:24:12:ec:fa:76:6c:8d:f9:db:2f:
         99:d5:3b:e8:4a:dc:75:64:43:45:7a:6c:33:89:a5:a0:25:0d:
         87:ab:26:45:b7:85:7e:29:e9:df:85:73:26:ef:25:65:6f:da:
         fd:aa:71:63:36:ff:2a:1a:04:49:bf:1d:31:3e:2e:eb:b4:87:
         8b:09:06:b5:d2:e5:f9:93:e0:ed:8a:bd:55:90:41:50:cf:9e:
         97:f6:2c:aa:cc:5f:bc:c7:75:fe:ee:0c:eb:49:19:f9:65:a8:
         d6:36:79:75:0a:a7:03:f6:d3:d7:ba:11:cf:af:7f:b6:38:02:
         8d:5d:72:27:a1:92:50:2b:38:99:71:56:19:77:d4:d1:da:f9:
         9b:ea:44:d5:94:ec:39:98:87:95:e3:fa:b4:18:b8:b9:cf:6b:
         47:b3:fc:ee
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgICBD8wDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
NTYxNzdBRjExMC8GA1UEBRMoMDExN0ZGMzY1MDdCRUZBMjlCREY2RTFERTdDOEQ1
MzBBNDlFQTRFMzAeFw0xOTA4MjcxMjM5MjVaFw0yOTA4MjcxMjM5MjVaMBgxFjAU
BgNVBAMTDTVkNjUyNDgxLTdjZDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDCi+VvsePfMo9NmoJq6Xaf+iFERQJbfUXd4osELYJvkMtcuMY123wby7Gu
ZJPY2QR/ZDvhCblZ48FTJOZBKO9CqnvRTTMba3gq6kMVQgDJmrTIa8jyzv1VChnj
ivNbGmMDg3wH1KA9xXWvpeif8pH5ZLnwOhV4NwTUUleUw04GXyfL24Gb3R5r62BL
LFunNfDXFx2qsvTwpPWGthqV1eZ3rnO0wclhipCMJ40C61u4OY4PGdahJNBIVLup
EjkScbSqTdJciEx7LAsdRzAo/5KziJw7PaGcHHA8BiDCvxkJOvlzbU18ebkyKGd2
QQsrFz0QaAnexa5iuVOKSs9ot5snAgMBAAGjggJwMIICbDAdBgNVHQ4EFgQUOm4w
9v50PtFeNijD82iKkzVNTUgwHwYDVR0jBBgwFoAUARf/NlB776Kb324d58jVMKSe
pOMwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjU2MTc3LzhGNTFBQjhFODNCRjExRTY4MUFCRUMzN0Y4QUVBMjI4L0FSZl9O
bEI3NzZLYjMyNGQ1OGpWTUtTZXBPTS5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL0FSZl9ObEI3NzZLYjMyNGQ1OGpWTUtTZXBPTS5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjU2MTc3LzhGNTFBQjhFODNCRjExRTY4MUFCRUMzN0Y4
QUVBMjI4L0I2MzhDN0U2QzhDNzExRTk5N0MyOTc1N0Y4QUVBMjI4LnJvYTAhBggr
BgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBywP8jiAMA0GCSqGSIb3DQEBCwUAA4IB
AQBZO3vki3YAMQSBWBBcuerblH8QIqE4nyyFUVIJwMIe9wValkh9DN5RePpi23Qg
8915rPovypKahaTxQ6I3XOe6UI2oKXcTxi9kNn5wkisoUGd335TscRb28YUf33K7
EasBtSQS7Pp2bI352y+Z1TvoStx1ZENFemwziaWgJQ2HqyZFt4V+KenfhXMm7yVl
b9r9qnFjNv8qGgRJvx0xPi7rtIeLCQa10uX5k+Dtir1VkEFQz56X9iyqzF+8x3X+
7gzrSRn5ZajWNnl1CqcD9tPXuhHPr3+2OAKNXXInoZJQKziZcVYZd9TR2vmb6kTV
lOw5mIeV4/q0GLi5z2tHs/zu
-----END CERTIFICATE-----