Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F366351B/4665A9F0ACA011EDAF100DF7F1222468/27AA2D78ACA111EDB32660F9F1222468.roa
File:                     27AA2D78ACA111EDB32660F9F1222468.roa (raw, json)
Hash identifier:          aFi9RZ2jR17q9wqzUvxZqHWXbSaW+vzPZaKbsAiYUDM=
Subject key identifier:   B7:28:45:0D:0E:30:74:D8:18:68:BC:03:7C:65:50:3E:22:17:5F:54
Certificate issuer:       /CN=F366351BAF/serialNumber=6789A254726D031E59B46B61B4ACAA851BFA2DDF
Certificate serial:       02
Authority key identifier: 67:89:A2:54:72:6D:03:1E:59:B4:6B:61:B4:AC:AA:85:1B:FA:2D:DF
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/Z4miVHJtAx5ZtGthtKyqhRv6Ld8.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F366351B/4665A9F0ACA011EDAF100DF7F1222468/27AA2D78ACA111EDB32660F9F1222468.roa
Signing time:             Tue 14 Feb 2023 19:52:47 +0000
ROA not before:           Tue 14 Feb 2023 19:52:44 +0000
ROA not after:            Mon 14 Feb 2033 19:52:44 +0000
asID:                     329208
IP address blocks:        102.214.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F366351B/4665A9F0ACA011EDAF100DF7F1222468/Z4miVHJtAx5ZtGthtKyqhRv6Ld8.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F366351B/4665A9F0ACA011EDAF100DF7F1222468/Z4miVHJtAx5ZtGthtKyqhRv6Ld8.mft
                          rsync://rpki.afrinic.net/repository/afrinic/Z4miVHJtAx5ZtGthtKyqhRv6Ld8.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Wed 19 Jun 2024 00:05:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F366351BAF/serialNumber=6789A254726D031E59B46B61B4ACAA851BFA2DDF
        Validity
            Not Before: Feb 14 19:52:44 2023 GMT
            Not After : Feb 14 19:52:44 2033 GMT
        Subject: CN=63ebe68f-3876
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:d0:04:57:22:21:d8:e6:96:c9:20:b2:7b:ac:
                    16:28:4a:cd:6c:0c:32:99:f2:ba:12:8b:f4:93:92:
                    29:68:14:0e:3d:be:99:f2:c8:a0:bd:e5:f9:06:62:
                    28:d6:cf:9e:50:71:21:c7:23:cf:d8:5c:04:ee:8e:
                    53:7d:c0:25:50:c7:6b:fc:a1:1c:f4:ab:c9:01:ef:
                    d3:f9:96:31:ec:84:68:13:25:27:a5:18:9a:a5:bb:
                    9e:5a:e0:84:40:87:60:f7:81:29:3f:35:ac:4e:14:
                    66:12:82:91:ea:1a:c3:3a:5e:05:61:44:c7:01:ed:
                    ed:cb:ee:fe:d2:6a:df:41:9b:ac:8b:63:49:f0:b7:
                    fa:dc:9c:2e:17:fd:ed:bd:97:dd:a1:f9:62:86:dd:
                    87:11:ba:5e:ba:49:dd:a4:da:8e:6a:09:55:93:70:
                    13:2b:57:b6:b2:58:af:1f:07:63:09:b0:ca:f3:e3:
                    1a:5d:4a:8e:80:c1:b1:4d:2b:b9:e9:39:3a:0c:62:
                    ef:c9:98:da:27:ac:e2:69:68:56:5b:d3:42:d6:32:
                    43:95:4e:37:36:f4:36:fb:31:23:22:9e:a2:bd:91:
                    f5:00:91:31:b9:79:ff:e3:8a:00:23:01:08:0f:6b:
                    7f:80:2d:fb:b7:4f:cf:f8:d5:ce:46:3a:a9:34:aa:
                    88:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:28:45:0D:0E:30:74:D8:18:68:BC:03:7C:65:50:3E:22:17:5F:54
            X509v3 Authority Key Identifier:
                keyid:67:89:A2:54:72:6D:03:1E:59:B4:6B:61:B4:AC:AA:85:1B:FA:2D:DF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F366351B/4665A9F0ACA011EDAF100DF7F1222468/Z4miVHJtAx5ZtGthtKyqhRv6Ld8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/Z4miVHJtAx5ZtGthtKyqhRv6Ld8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F366351B/4665A9F0ACA011EDAF100DF7F1222468/27AA2D78ACA111EDB32660F9F1222468.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.214.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:99:0e:f9:fb:94:06:bd:4d:6a:92:57:32:b7:71:5a:14:11:
         4b:8b:f9:48:0f:56:56:74:ea:90:b6:ae:8e:98:33:b4:bc:1d:
         80:ea:07:83:85:8b:ef:76:8f:38:5d:12:38:de:3e:7f:ca:86:
         8a:06:76:41:f2:6c:9b:fd:a6:37:3b:07:89:16:b4:29:20:d5:
         14:64:98:c0:e5:fd:9d:b1:f2:11:1b:70:df:2d:c0:40:49:6c:
         a7:71:c9:05:9e:7b:3b:2d:d1:ec:a6:21:43:a8:ed:22:37:43:
         95:e9:90:b5:80:a8:70:ff:8b:16:97:34:5c:a9:d6:00:1a:35:
         fb:9e:e8:5b:fb:84:41:a9:fd:6b:86:1b:0f:71:3e:61:a7:7b:
         e8:15:66:34:94:be:d7:f0:d1:80:ec:7d:57:f9:6f:d4:47:30:
         59:4d:82:8d:6c:da:44:25:d8:a9:69:77:c5:bd:8c:fc:0c:49:
         62:6c:62:d5:e3:80:7d:f1:2d:4a:6c:e3:fd:55:e1:15:34:19:
         13:84:f7:dc:03:e1:2f:cb:3d:b4:61:90:6d:9f:a7:e1:a6:1b:
         c7:d2:66:6e:77:99:f5:5d:79:b2:65:0c:a3:b9:52:29:21:89:
         f1:17:73:85:42:ac:cb:f6:ca:f8:b9:26:07:41:1b:68:6f:82:
         63:0c:05:4b
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDDApGMzY2
MzUxQkFGMTEwLwYDVQQFEyg2Nzg5QTI1NDcyNkQwMzFFNTlCNDZCNjFCNEFDQUE4
NTFCRkEyRERGMB4XDTIzMDIxNDE5NTI0NFoXDTMzMDIxNDE5NTI0NFowGDEWMBQG
A1UEAwwNNjNlYmU2OGYtMzg3NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANjQBFciIdjmlskgsnusFihKzWwMMpnyuhKL9JOSKWgUDj2+mfLIoL3l+QZi
KNbPnlBxIccjz9hcBO6OU33AJVDHa/yhHPSryQHv0/mWMeyEaBMlJ6UYmqW7nlrg
hECHYPeBKT81rE4UZhKCkeoawzpeBWFExwHt7cvu/tJq30GbrItjSfC3+tycLhf9
7b2X3aH5YobdhxG6XrpJ3aTajmoJVZNwEytXtrJYrx8HYwmwyvPjGl1KjoDBsU0r
uek5Ogxi78mY2ies4mloVlvTQtYyQ5VONzb0NvsxIyKeor2R9QCRMbl5/+OKACMB
CA9rf4At+7dPz/jVzkY6qTSqiBUCAwEAAaOCAqUwggKhMB0GA1UdDgQWBBS3KEUN
DjB02BhovAN8ZVA+IhdfVDAfBgNVHSMEGDAWgBRniaJUcm0DHlm0a2G0rKqFG/ot
3zAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2NjM1MUIvNDY2NUE5RjBBQ0EwMTFFREFGMTAwREY3RjEyMjI0NjgvWjRtaVZI
SnRBeDVadEd0aHRLeXFoUnY2TGQ4LmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvWjRtaVZISnRBeDVadEd0aHRLeXFoUnY2TGQ4LmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2NjM1MUIvNDY2NUE5RjBBQ0EwMTFFREFGMTAwREY3RjEy
MjI0NjgvMjdBQTJENzhBQ0ExMTFFREIzMjY2MEY5RjEyMjI0Njgucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAGbWDDANBgkqhkiG9w0BAQsF
AAOCAQEAY5kO+fuUBr1NapJXMrdxWhQRS4v5SA9WVnTqkLaujpgztLwdgOoHg4WL
73aPOF0SON4+f8qGigZ2QfJsm/2mNzsHiRa0KSDVFGSYwOX9nbHyERtw3y3AQEls
p3HJBZ57Oy3R7KYhQ6jtIjdDlemQtYCocP+LFpc0XKnWABo1+57oW/uEQan9a4Yb
D3E+Yad76BVmNJS+1/DRgOx9V/lv1EcwWU2CjWzaRCXYqWl3xb2M/AxJYmxi1eOA
ffEtSmzj/VXhFTQZE4T33APhL8s9tGGQbZ+n4aYbx9JmbneZ9V15smUMo7lSKSGJ
8RdzhUKsy/bK+LkmB0EbaG+CYwwFSw==
-----END CERTIFICATE-----