Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3682104/09CCB94CA76311EABBC1911CF8AEA228/03AFDF00AB0311EAA3AD8C1FF8AEA228.roa
File:                     03AFDF00AB0311EAA3AD8C1FF8AEA228.roa (raw, json)
Hash identifier:          sFzYJqYLs5ONLQlckUmbZswzqVXiB3p2Q/pIoyHdJqo=
Subject key identifier:   84:12:33:02:62:11:0E:E3:4E:C2:B5:D3:65:CC:6B:3A:E6:43:C5:1F
Certificate issuer:       /CN=F3682104AF/serialNumber=8B1026953ECF7C4CE139FE9A59BDD7228A153544
Certificate serial:       28
Authority key identifier: 8B:10:26:95:3E:CF:7C:4C:E1:39:FE:9A:59:BD:D7:22:8A:15:35:44
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/ixAmlT7PfEzhOf6aWb3XIooVNUQ.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3682104/09CCB94CA76311EABBC1911CF8AEA228/03AFDF00AB0311EAA3AD8C1FF8AEA228.roa
Signing time:             Wed 10 Jun 2020 10:13:22 +0000
ROA not before:           Wed 10 Jun 2020 10:13:18 +0000
ROA not after:            Tue 31 Dec 2030 10:13:18 +0000
asID:                     33771
IP address blocks:        41.203.208.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3682104/09CCB94CA76311EABBC1911CF8AEA228/ixAmlT7PfEzhOf6aWb3XIooVNUQ.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3682104/09CCB94CA76311EABBC1911CF8AEA228/ixAmlT7PfEzhOf6aWb3XIooVNUQ.mft
                          rsync://rpki.afrinic.net/repository/afrinic/ixAmlT7PfEzhOf6aWb3XIooVNUQ.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 40 (0x28)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3682104AF/serialNumber=8B1026953ECF7C4CE139FE9A59BDD7228A153544
        Validity
            Not Before: Jun 10 10:13:18 2020 GMT
            Not After : Dec 31 10:13:18 2030 GMT
        Subject: CN=5ee0b242-0596
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:11:11:4e:e6:3a:e7:52:03:7b:0f:2f:de:9c:
                    ae:f1:01:ae:00:c1:0a:3f:48:d1:2e:62:37:22:ad:
                    a7:0a:06:82:39:cc:d6:08:cb:86:fc:2c:6d:d0:5f:
                    ec:17:8b:7f:d6:74:26:18:4a:36:8e:31:f6:f3:b0:
                    4f:2a:e4:f5:c6:c5:ca:91:49:d1:98:62:39:ef:16:
                    de:92:77:3f:65:a6:05:c7:d5:e6:b6:ff:22:a9:fe:
                    47:c6:59:49:34:e1:b2:49:d8:93:f7:ce:61:40:bd:
                    42:6e:b2:74:e8:a2:10:0b:73:de:9b:27:64:e4:01:
                    6d:b9:5c:56:e8:8e:61:fd:0a:5e:ff:5b:31:6c:01:
                    7d:0a:b1:9b:af:0b:00:a6:96:93:17:26:36:5b:2a:
                    5d:93:59:94:ac:5e:aa:eb:c4:5b:ec:93:1c:62:cc:
                    ab:94:7f:f6:a6:ef:68:27:a9:ec:cb:12:e9:cb:e1:
                    7d:41:21:f7:97:1a:72:00:dc:4d:c2:3a:fe:14:76:
                    4e:89:98:c4:0b:92:50:d4:67:f3:c0:94:8c:f3:f1:
                    0f:20:25:d1:d4:d9:0f:ff:cc:c2:ea:8f:f7:a1:1f:
                    a5:f4:e0:9b:db:0a:54:8c:e0:bd:99:8c:30:ad:4c:
                    49:db:c7:65:df:8d:a8:bc:a5:71:a7:dc:1e:c8:d1:
                    62:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:12:33:02:62:11:0E:E3:4E:C2:B5:D3:65:CC:6B:3A:E6:43:C5:1F
            X509v3 Authority Key Identifier:
                keyid:8B:10:26:95:3E:CF:7C:4C:E1:39:FE:9A:59:BD:D7:22:8A:15:35:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3682104/09CCB94CA76311EABBC1911CF8AEA228/ixAmlT7PfEzhOf6aWb3XIooVNUQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/ixAmlT7PfEzhOf6aWb3XIooVNUQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3682104/09CCB94CA76311EABBC1911CF8AEA228/03AFDF00AB0311EAA3AD8C1FF8AEA228.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  41.203.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         28:5c:b7:70:36:2b:68:d8:1a:7f:2c:d0:86:29:76:e7:2b:35:
         55:eb:54:53:f7:f6:a5:2e:05:b6:cd:79:33:a3:88:0f:ae:62:
         ab:03:ef:12:23:39:62:e3:d9:4c:15:8c:d0:ab:5a:24:f7:35:
         19:c4:30:de:0c:89:0b:ea:cf:e5:3a:10:da:bf:27:25:ff:c3:
         06:bd:39:9c:c6:85:98:05:73:e8:0e:7b:a9:26:71:a0:41:57:
         73:5a:e7:6a:8c:23:66:39:a3:81:ba:fb:db:0a:26:4f:0f:8f:
         8c:5a:9f:3d:66:c0:7b:23:c3:e4:7f:2c:15:1b:38:dc:8d:d0:
         fb:6f:0b:10:95:6a:8a:9e:37:ca:b5:31:16:75:bd:10:60:66:
         8f:45:73:1e:45:57:fe:46:de:2e:64:d0:25:ad:53:6a:b8:2e:
         6b:32:28:39:6b:a1:55:58:ec:9d:76:88:9c:f6:4b:cb:67:fb:
         ed:47:a5:1d:06:74:86:ea:22:1e:83:70:52:41:89:5a:bd:91:
         d9:05:f5:bb:2f:40:69:30:74:fd:45:55:fb:87:54:96:12:e4:
         5f:50:9c:11:40:60:eb:46:13:bb:5b:b5:6e:75:2d:8f:f2:c9:
         f1:99:10:36:48:f7:e2:4e:0c:f7:fe:ab:d3:b4:9c:9d:a3:0d:
         41:71:97:43
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBKDANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzY4
MjEwNEFGMTEwLwYDVQQFEyg4QjEwMjY5NTNFQ0Y3QzRDRTEzOUZFOUE1OUJERDcy
MjhBMTUzNTQ0MB4XDTIwMDYxMDEwMTMxOFoXDTMwMTIzMTEwMTMxOFowGDEWMBQG
A1UEAxMNNWVlMGIyNDItMDU5NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMYREU7mOudSA3sPL96crvEBrgDBCj9I0S5iNyKtpwoGgjnM1gjLhvwsbdBf
7BeLf9Z0JhhKNo4x9vOwTyrk9cbFypFJ0ZhiOe8W3pJ3P2WmBcfV5rb/Iqn+R8ZZ
STThsknYk/fOYUC9Qm6ydOiiEAtz3psnZOQBbblcVuiOYf0KXv9bMWwBfQqxm68L
AKaWkxcmNlsqXZNZlKxequvEW+yTHGLMq5R/9qbvaCep7MsS6cvhfUEh95cacgDc
TcI6/hR2TomYxAuSUNRn88CUjPPxDyAl0dTZD//MwuqP96EfpfTgm9sKVIzgvZmM
MK1MSdvHZd+NqLylcafcHsjRYkECAwEAAaOCAqUwggKhMB0GA1UdDgQWBBSEEjMC
YhEO407CtdNlzGs65kPFHzAfBgNVHSMEGDAWgBSLECaVPs98TOE5/ppZvdciihU1
RDAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2ODIxMDQvMDlDQ0I5NENBNzYzMTFFQUJCQzE5MTFDRjhBRUEyMjgvaXhBbWxU
N1BmRXpoT2Y2YVdiM1hJb29WTlVRLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvaXhBbWxUN1BmRXpoT2Y2YVdiM1hJb29WTlVRLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2ODIxMDQvMDlDQ0I5NENBNzYzMTFFQUJCQzE5MTFDRjhB
RUEyMjgvMDNBRkRGMDBBQjAzMTFFQUEzQUQ4QzFGRjhBRUEyMjgucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBCnL0DANBgkqhkiG9w0BAQsF
AAOCAQEAKFy3cDYraNgafyzQhil25ys1VetUU/f2pS4Fts15M6OID65iqwPvEiM5
YuPZTBWM0KtaJPc1GcQw3gyJC+rP5ToQ2r8nJf/DBr05nMaFmAVz6A57qSZxoEFX
c1rnaowjZjmjgbr72womTw+PjFqfPWbAeyPD5H8sFRs43I3Q+28LEJVqip43yrUx
FnW9EGBmj0VzHkVX/kbeLmTQJa1TarguazIoOWuhVVjsnXaInPZLy2f77UelHQZ0
huoiHoNwUkGJWr2R2QX1uy9AaTB0/UVV+4dUlhLkX1CcEUBg60YTu1u1bnUtj/LJ
8ZkQNkj34k4M9/6r07ScnaMNQXGXQw==
-----END CERTIFICATE-----