Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F367B216/36AC0F9687D511EBAAFF3447F8AEA228/90D220F48C5911EB923ACA40F8AEA228.roa
File:                     90D220F48C5911EB923ACA40F8AEA228.roa (raw, json)
Hash identifier:          92cmhlPGfBhZmxbDd+ynZwKEGHmVxzOb8nh1FYoKRjU=
Subject key identifier:   42:E4:D7:D0:3A:BC:04:10:A2:B5:EE:01:F6:2E:21:4E:95:89:39:8A
Certificate issuer:       /CN=F367B216AF/serialNumber=2F407FECD8B7DDDCA5D5B90A5E19589D06C101DC
Certificate serial:       2A
Authority key identifier: 2F:40:7F:EC:D8:B7:DD:DC:A5:D5:B9:0A:5E:19:58:9D:06:C1:01:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/L0B_7Ni33dyl1bkKXhlYnQbBAdw.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F367B216/36AC0F9687D511EBAAFF3447F8AEA228/90D220F48C5911EB923ACA40F8AEA228.roa
Signing time:             Wed 24 Mar 2021 04:29:47 +0000
ROA not before:           Wed 24 Mar 2021 04:29:42 +0000
ROA not after:            Mon 24 Mar 2031 04:29:42 +0000
asID:                     3741
IP address blocks:        196.208.0.0/14 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F367B216/36AC0F9687D511EBAAFF3447F8AEA228/L0B_7Ni33dyl1bkKXhlYnQbBAdw.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F367B216/36AC0F9687D511EBAAFF3447F8AEA228/L0B_7Ni33dyl1bkKXhlYnQbBAdw.mft
                          rsync://rpki.afrinic.net/repository/afrinic/L0B_7Ni33dyl1bkKXhlYnQbBAdw.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Thu 30 May 2024 00:04:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 42 (0x2a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F367B216AF/serialNumber=2F407FECD8B7DDDCA5D5B90A5E19589D06C101DC
        Validity
            Not Before: Mar 24 04:29:42 2021 GMT
            Not After : Mar 24 04:29:42 2031 GMT
        Subject: CN=605ac03b-cb61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:d8:7a:7f:79:14:83:1f:bd:74:9e:d0:5e:9a:
                    2d:c0:54:f1:97:5e:fc:c0:ad:a1:f8:c5:c1:0f:35:
                    8a:92:4e:5f:be:e1:89:a9:7b:2f:1c:14:23:54:8e:
                    fb:67:2e:1b:26:b9:06:b9:06:e0:e6:40:57:dc:7b:
                    20:84:67:c6:6e:de:9f:dc:e2:a9:b0:93:c6:d6:b7:
                    49:b1:df:a4:0c:e9:8b:06:28:c8:f1:95:ab:d9:7a:
                    eb:e2:fe:9f:d2:76:bd:2b:c6:fe:6a:57:3d:ed:93:
                    f1:52:28:5d:bb:24:39:f9:be:4d:eb:6e:c3:eb:0a:
                    55:79:2c:45:6b:b2:f3:92:e0:fa:3e:f5:17:0d:5f:
                    3f:a2:76:25:c7:de:15:20:74:a8:ab:6d:38:2c:de:
                    ec:56:33:b6:df:f7:3f:3b:f3:19:71:1f:f1:db:c8:
                    0c:3e:65:3c:de:98:de:82:50:b5:84:da:2d:8e:89:
                    7f:c8:77:c7:80:7e:4f:99:cf:67:50:cc:33:5c:d3:
                    29:49:b7:ee:6d:02:3c:c3:b5:ce:48:7f:e4:de:8d:
                    d3:7d:e2:51:d1:77:2f:08:12:de:67:ec:94:4c:f0:
                    13:22:d2:9d:2f:0d:e9:1c:d3:61:a5:57:21:b1:ef:
                    24:63:7b:f4:8b:a3:88:4b:78:cb:9b:19:97:61:93:
                    9a:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:E4:D7:D0:3A:BC:04:10:A2:B5:EE:01:F6:2E:21:4E:95:89:39:8A
            X509v3 Authority Key Identifier:
                keyid:2F:40:7F:EC:D8:B7:DD:DC:A5:D5:B9:0A:5E:19:58:9D:06:C1:01:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F367B216/36AC0F9687D511EBAAFF3447F8AEA228/L0B_7Ni33dyl1bkKXhlYnQbBAdw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/L0B_7Ni33dyl1bkKXhlYnQbBAdw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F367B216/36AC0F9687D511EBAAFF3447F8AEA228/90D220F48C5911EB923ACA40F8AEA228.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  196.208.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         c8:6a:31:c6:b0:af:0a:bc:df:f6:84:84:64:85:6c:fc:00:bf:
         bb:65:29:43:19:55:52:03:34:0a:79:93:9c:79:93:7e:4f:53:
         4a:12:ed:1f:d1:c8:57:a3:cc:8f:c3:23:e6:bd:62:c9:99:43:
         2c:de:70:ce:72:ba:3b:49:e4:dc:77:47:f9:96:dd:d7:66:da:
         ed:ad:c5:ee:c4:c0:8f:c9:6a:e0:dc:22:0a:9e:26:f8:d3:3a:
         67:9a:1a:da:13:60:f1:92:48:ce:0c:3a:87:e2:21:61:6a:f5:
         bf:f7:eb:9a:e9:f4:5a:f8:0e:1e:4f:bf:3d:5f:9f:c0:8d:e7:
         6b:46:c6:8b:3e:6c:c4:c5:8a:3a:56:18:cb:72:28:33:73:19:
         54:29:c0:32:7b:f7:66:6c:cb:ae:08:df:f8:ec:61:73:bd:35:
         d5:9f:9e:2c:d7:a3:23:6e:b0:9f:50:70:70:05:6d:9a:98:70:
         11:fb:00:d3:9c:f4:d7:f8:ca:77:d8:9a:fd:59:2f:72:25:93:
         41:43:16:d7:72:47:3f:f7:ee:d7:4b:c3:b1:4a:b7:c9:d9:a1:
         c7:6a:5a:6b:9f:3e:d0:30:a5:7a:6a:b8:ef:db:5c:ef:12:45:
         d0:cd:24:b2:f5:22:7d:72:1e:cc:ce:a1:5a:96:93:99:5d:93:
         59:00:f5:d7
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIBKjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzY3
QjIxNkFGMTEwLwYDVQQFEygyRjQwN0ZFQ0Q4QjdERERDQTVENUI5MEE1RTE5NTg5
RDA2QzEwMURDMB4XDTIxMDMyNDA0Mjk0MloXDTMxMDMyNDA0Mjk0MlowGDEWMBQG
A1UEAxMNNjA1YWMwM2ItY2I2MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANHYen95FIMfvXSe0F6aLcBU8Zde/MCtofjFwQ81ipJOX77hial7LxwUI1SO
+2cuGya5BrkG4OZAV9x7IIRnxm7en9ziqbCTxta3SbHfpAzpiwYoyPGVq9l66+L+
n9J2vSvG/mpXPe2T8VIoXbskOfm+Tetuw+sKVXksRWuy85Lg+j71Fw1fP6J2Jcfe
FSB0qKttOCze7FYztt/3PzvzGXEf8dvIDD5lPN6Y3oJQtYTaLY6Jf8h3x4B+T5nP
Z1DMM1zTKUm37m0CPMO1zkh/5N6N033iUdF3LwgS3mfslEzwEyLSnS8N6RzTYaVX
IbHvJGN79IujiEt4y5sZl2GTmtkCAwEAAaOCAqQwggKgMB0GA1UdDgQWBBRC5NfQ
OrwEEKK17gH2LiFOlYk5ijAfBgNVHSMEGDAWgBQvQH/s2Lfd3KXVuQpeGVidBsEB
3DAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2N0IyMTYvMzZBQzBGOTY4N0Q1MTFFQkFBRkYzNDQ3RjhBRUEyMjgvTDBCXzdO
aTMzZHlsMWJrS1hobFluUWJCQWR3LmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvTDBCXzdOaTMzZHlsMWJrS1hobFluUWJCQWR3LmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2N0IyMTYvMzZBQzBGOTY4N0Q1MTFFQkFBRkYzNDQ3RjhB
RUEyMjgvOTBEMjIwRjQ4QzU5MTFFQjkyM0FDQTQwRjhBRUEyMjgucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAsTQMA0GCSqGSIb3DQEBCwUA
A4IBAQDIajHGsK8KvN/2hIRkhWz8AL+7ZSlDGVVSAzQKeZOceZN+T1NKEu0f0chX
o8yPwyPmvWLJmUMs3nDOcro7SeTcd0f5lt3XZtrtrcXuxMCPyWrg3CIKnib40zpn
mhraE2DxkkjODDqH4iFhavW/9+ua6fRa+A4eT789X5/AjedrRsaLPmzExYo6VhjL
cigzcxlUKcAye/dmbMuuCN/47GFzvTXVn54s16MjbrCfUHBwBW2amHAR+wDTnPTX
+Mp32Jr9WS9yJZNBQxbXckc/9+7XS8OxSrfJ2aHHalprnz7QMKV6arjv21zvEkXQ
zSSy9SJ9ch7MzqFalpOZXZNZAPXX
-----END CERTIFICATE-----