Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3668CFE/95EFD74C375711EEBB1432184AD9E6FC/3FC126045B7F11EE91B3797C4AD9E6FC.roa
File:                     3FC126045B7F11EE91B3797C4AD9E6FC.roa (raw, json)
Hash identifier:          B4Jxb4zuiNxx8ARYO+8FuXUu5CFHZJCjPVqFobOB2EU=
Subject key identifier:   65:62:36:26:60:79:41:43:5B:E8:E8:F7:85:8D:15:B4:F9:BA:BC:2B
Certificate issuer:       /CN=F3668CFEAF/serialNumber=A8EF960514E336444D3CDE37B24B66DC39D43D1B
Certificate serial:       48
Authority key identifier: A8:EF:96:05:14:E3:36:44:4D:3C:DE:37:B2:4B:66:DC:39:D4:3D:1B
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/qO-WBRTjNkRNPN43sktm3DnUPRs.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3668CFE/95EFD74C375711EEBB1432184AD9E6FC/3FC126045B7F11EE91B3797C4AD9E6FC.roa
Signing time:             Mon 25 Sep 2023 08:40:58 +0000
ROA not before:           Mon 25 Sep 2023 08:40:55 +0000
ROA not after:            Sat 31 Dec 2033 08:40:55 +0000
asID:                     61266
IP address blocks:        2c0f:eb00:300::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3668CFE/95EFD74C375711EEBB1432184AD9E6FC/qO-WBRTjNkRNPN43sktm3DnUPRs.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3668CFE/95EFD74C375711EEBB1432184AD9E6FC/qO-WBRTjNkRNPN43sktm3DnUPRs.mft
                          rsync://rpki.afrinic.net/repository/afrinic/qO-WBRTjNkRNPN43sktm3DnUPRs.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 72 (0x48)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3668CFEAF/serialNumber=A8EF960514E336444D3CDE37B24B66DC39D43D1B
        Validity
            Not Before: Sep 25 08:40:55 2023 GMT
            Not After : Dec 31 08:40:55 2033 GMT
        Subject: CN=6511479a-6f74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:44:c0:c6:64:d3:d3:dd:99:19:ec:f9:7e:30:
                    da:a4:8e:ca:c9:a5:56:9d:57:c7:24:fc:47:4d:6b:
                    0d:19:07:2b:6c:e3:61:fc:76:ac:55:33:86:8c:72:
                    05:dd:57:1c:fe:08:b2:e7:85:84:d3:26:95:95:63:
                    ad:6c:10:7e:ea:e5:15:cc:f6:0c:ce:e1:28:76:7e:
                    91:1c:c0:af:d4:f3:b5:94:30:47:9b:d8:a6:e5:52:
                    46:1a:48:96:b7:a2:09:06:1c:fa:d2:5f:f7:11:ba:
                    68:03:1a:e6:0e:a3:87:28:cf:8b:43:16:6a:e1:0f:
                    c0:45:20:c5:26:35:30:dc:e7:8c:ec:f1:c1:8b:ea:
                    ba:57:09:68:eb:ed:06:3f:2e:85:56:ab:7c:96:6c:
                    7a:95:60:e7:36:d2:5b:76:d0:6b:b1:ea:1c:30:41:
                    94:75:7a:27:f6:48:e9:5c:f2:ac:02:38:f3:60:98:
                    98:db:75:a3:35:99:15:52:75:ab:0e:47:6b:47:21:
                    8e:ab:e4:8d:48:1a:5e:e0:93:34:9a:8b:a9:55:7e:
                    4a:15:51:3e:f2:9b:f8:02:73:eb:b2:9a:d5:27:5a:
                    f0:77:f0:28:21:b3:cf:60:4a:97:9c:ba:cc:1e:1a:
                    1e:93:49:ed:61:55:92:53:83:aa:93:89:3d:5a:c4:
                    d7:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:62:36:26:60:79:41:43:5B:E8:E8:F7:85:8D:15:B4:F9:BA:BC:2B
            X509v3 Authority Key Identifier:
                keyid:A8:EF:96:05:14:E3:36:44:4D:3C:DE:37:B2:4B:66:DC:39:D4:3D:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3668CFE/95EFD74C375711EEBB1432184AD9E6FC/qO-WBRTjNkRNPN43sktm3DnUPRs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/qO-WBRTjNkRNPN43sktm3DnUPRs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3668CFE/95EFD74C375711EEBB1432184AD9E6FC/3FC126045B7F11EE91B3797C4AD9E6FC.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2c0f:eb00:300::/40

    Signature Algorithm: sha256WithRSAEncryption
         51:f9:49:56:5d:4e:b7:5e:03:9f:59:bf:50:aa:32:dd:95:4f:
         58:09:f2:7e:9d:95:c3:d6:0b:cd:40:ab:0e:cd:5a:73:16:cc:
         de:66:23:9d:dd:90:f1:66:26:29:0d:b1:8c:1f:01:02:37:f7:
         8f:d0:32:52:30:09:c4:5c:b1:74:2d:f7:a6:e0:e5:64:37:30:
         5c:7a:e1:b2:d9:1f:da:dd:00:0c:77:8c:42:4e:b7:51:2d:75:
         8e:ce:99:29:da:8f:e0:f2:b5:22:30:7e:1e:24:6b:b6:db:10:
         f2:72:f8:b7:4c:94:1b:9f:bb:96:52:12:13:24:c0:d2:f4:92:
         d4:16:e4:e5:68:a3:e4:02:36:4a:46:29:ea:10:37:32:9a:f8:
         ec:ae:6a:84:b5:5f:65:c9:25:ec:25:14:49:ed:84:9b:58:45:
         1d:d8:b1:13:c8:73:cc:6e:e7:ef:e6:67:69:9c:a1:1a:0a:53:
         76:82:8c:5b:50:a9:36:17:44:d0:68:f4:34:dd:f9:e5:e2:fb:
         43:7b:e0:10:d6:86:cb:1e:6a:41:f6:d0:fe:5c:26:d5:e6:74:
         27:3a:3a:c6:46:90:b2:c2:32:1a:bd:2e:a3:40:87:18:cf:2f:
         4c:e1:c7:8c:b1:4f:66:78:7c:c8:41:ac:80:ea:6f:66:43:76:
         6e:48:71:bf
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIBSDANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzY2
OENGRUFGMTEwLwYDVQQFEyhBOEVGOTYwNTE0RTMzNjQ0NEQzQ0RFMzdCMjRCNjZE
QzM5RDQzRDFCMB4XDTIzMDkyNTA4NDA1NVoXDTMzMTIzMTA4NDA1NVowGDEWMBQG
A1UEAxMNNjUxMTQ3OWEtNmY3NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALxEwMZk09PdmRns+X4w2qSOysmlVp1XxyT8R01rDRkHK2zjYfx2rFUzhoxy
Bd1XHP4IsueFhNMmlZVjrWwQfurlFcz2DM7hKHZ+kRzAr9TztZQwR5vYpuVSRhpI
lreiCQYc+tJf9xG6aAMa5g6jhyjPi0MWauEPwEUgxSY1MNznjOzxwYvqulcJaOvt
Bj8uhVarfJZsepVg5zbSW3bQa7HqHDBBlHV6J/ZI6VzyrAI482CYmNt1ozWZFVJ1
qw5Ha0chjqvkjUgaXuCTNJqLqVV+ShVRPvKb+AJz67Ka1Sda8HfwKCGzz2BKl5y6
zB4aHpNJ7WFVklODqpOJPVrE140CAwEAAaOCAqcwggKjMB0GA1UdDgQWBBRlYjYm
YHlBQ1vo6PeFjRW0+bq8KzAfBgNVHSMEGDAWgBSo75YFFOM2RE083jeyS2bcOdQ9
GzAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2NjhDRkUvOTVFRkQ3NEMzNzU3MTFFRUJCMTQzMjE4NEFEOUU2RkMvcU8tV0JS
VGpOa1JOUE40M3NrdG0zRG5VUFJzLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvcU8tV0JSVGpOa1JOUE40M3NrdG0zRG5VUFJzLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2NjhDRkUvOTVFRkQ3NEMzNzU3MTFFRUJCMTQzMjE4NEFE
OUU2RkMvM0ZDMTI2MDQ1QjdGMTFFRTkxQjM3OTdDNEFEOUU2RkMucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACwP6wADMA0GCSqGSIb3DQEB
CwUAA4IBAQBR+UlWXU63XgOfWb9QqjLdlU9YCfJ+nZXD1gvNQKsOzVpzFszeZiOd
3ZDxZiYpDbGMHwECN/eP0DJSMAnEXLF0Lfem4OVkNzBceuGy2R/a3QAMd4xCTrdR
LXWOzpkp2o/g8rUiMH4eJGu22xDycvi3TJQbn7uWUhITJMDS9JLUFuTlaKPkAjZK
RinqEDcymvjsrmqEtV9lySXsJRRJ7YSbWEUd2LETyHPMbufv5mdpnKEaClN2goxb
UKk2F0TQaPQ03fnl4vtDe+AQ1obLHmpB9tD+XCbV5nQnOjrGRpCywjIavS6jQIcY
zy9M4ceMsU9meHzIQayA6m9mQ3ZuSHG/
-----END CERTIFICATE-----