Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3682104/09CCB94CA76311EABBC1911CF8AEA228/A1C08CEAAB0211EAA396101FF8AEA228.roa
File:                     A1C08CEAAB0211EAA396101FF8AEA228.roa (raw, json)
Hash identifier:          mUdyM8jVbZOdUnYstWhFSJu3Gnm/9gnZidIzSu9DdSk=
Subject key identifier:   CE:DA:10:9A:75:58:C6:D9:B9:3E:B8:36:B6:1C:D3:85:53:1F:9F:67
Certificate issuer:       /CN=F3682104AF/serialNumber=8B1026953ECF7C4CE139FE9A59BDD7228A153544
Certificate serial:       24
Authority key identifier: 8B:10:26:95:3E:CF:7C:4C:E1:39:FE:9A:59:BD:D7:22:8A:15:35:44
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/ixAmlT7PfEzhOf6aWb3XIooVNUQ.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3682104/09CCB94CA76311EABBC1911CF8AEA228/A1C08CEAAB0211EAA396101FF8AEA228.roa
Signing time:             Wed 10 Jun 2020 10:10:39 +0000
ROA not before:           Wed 10 Jun 2020 10:10:33 +0000
ROA not after:            Tue 31 Dec 2030 10:10:33 +0000
asID:                     33771
IP address blocks:        41.139.128.0/17 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3682104/09CCB94CA76311EABBC1911CF8AEA228/ixAmlT7PfEzhOf6aWb3XIooVNUQ.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3682104/09CCB94CA76311EABBC1911CF8AEA228/ixAmlT7PfEzhOf6aWb3XIooVNUQ.mft
                          rsync://rpki.afrinic.net/repository/afrinic/ixAmlT7PfEzhOf6aWb3XIooVNUQ.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Mon 03 Jun 2024 00:05:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 36 (0x24)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3682104AF/serialNumber=8B1026953ECF7C4CE139FE9A59BDD7228A153544
        Validity
            Not Before: Jun 10 10:10:33 2020 GMT
            Not After : Dec 31 10:10:33 2030 GMT
        Subject: CN=5ee0b19e-782c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:42:70:b0:ee:08:d9:6f:26:8a:46:e1:06:ef:
                    7d:46:c2:9d:db:85:66:88:54:91:51:6a:a3:a5:1b:
                    1a:34:eb:1d:c9:8f:a3:5d:c7:08:df:2b:3e:19:43:
                    d4:dd:a8:9d:47:8b:5e:a8:30:7d:d9:7a:f0:68:66:
                    3a:d0:f7:4c:89:e2:89:d5:53:e4:fe:98:78:8f:35:
                    8a:42:86:cd:c5:c2:c3:91:0a:bd:a9:36:6b:9d:21:
                    98:63:c4:62:77:ea:43:e5:a2:e9:dd:fd:c9:54:56:
                    e2:23:9b:6d:d3:f0:cf:75:04:62:1f:d9:92:48:3a:
                    88:0e:35:26:88:af:95:5a:2f:3a:d9:49:dc:70:cc:
                    4e:cf:90:36:02:67:ff:bb:fc:0f:31:c0:33:ac:de:
                    b8:4b:0f:5e:b9:bd:57:9d:6f:e9:68:dd:0a:be:e3:
                    27:aa:1e:2e:61:3b:c3:65:60:af:3a:50:74:87:50:
                    90:3a:fb:84:28:b5:c8:ff:02:7d:e5:c7:18:87:d0:
                    24:f4:48:30:98:2e:d0:dc:4c:29:ae:ae:4c:2a:37:
                    b6:3e:b7:16:3c:04:60:b5:53:75:e7:c0:53:c9:bf:
                    51:75:5c:58:95:a3:ef:34:cf:80:41:05:a0:0a:f5:
                    86:2f:2c:9d:f1:96:4e:30:55:16:30:6c:ae:54:1b:
                    c3:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:DA:10:9A:75:58:C6:D9:B9:3E:B8:36:B6:1C:D3:85:53:1F:9F:67
            X509v3 Authority Key Identifier:
                keyid:8B:10:26:95:3E:CF:7C:4C:E1:39:FE:9A:59:BD:D7:22:8A:15:35:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3682104/09CCB94CA76311EABBC1911CF8AEA228/ixAmlT7PfEzhOf6aWb3XIooVNUQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/ixAmlT7PfEzhOf6aWb3XIooVNUQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3682104/09CCB94CA76311EABBC1911CF8AEA228/A1C08CEAAB0211EAA396101FF8AEA228.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  41.139.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         33:e1:1d:e3:38:94:44:30:5b:9c:ed:86:e7:cb:ec:c1:db:87:
         86:6d:b9:f8:56:cb:4d:16:fe:7f:7c:87:ce:4c:e6:06:d8:a8:
         2f:eb:fc:d0:30:12:63:af:c5:a0:3d:bb:9c:fc:84:75:02:ab:
         82:f7:0c:92:d4:01:e0:dc:68:80:31:c6:c1:f7:4f:5a:7d:d6:
         91:71:cd:0b:e4:2d:5f:94:75:08:de:7e:b8:1a:8c:a9:1d:69:
         9a:9e:97:c6:21:55:b6:19:29:25:79:57:57:41:2b:06:4b:db:
         36:f7:78:e6:0a:e9:4a:e5:84:00:c6:8a:70:38:63:6e:6f:cc:
         ca:86:73:33:38:02:63:62:9d:08:6e:61:1a:07:d1:65:10:1b:
         db:d7:5e:23:fb:79:e2:51:26:52:10:c2:67:57:13:95:bc:4f:
         44:92:c0:00:71:b1:36:a1:a9:14:99:38:17:47:fb:3f:a5:a8:
         4a:ed:7a:4f:95:62:b8:90:35:d7:2b:0f:e2:f6:f7:eb:1a:88:
         27:31:60:1e:af:ae:c8:4c:71:34:07:aa:21:d5:ed:a8:ef:0c:
         47:de:d7:7e:99:40:25:78:f8:7c:5f:41:19:5e:e6:2e:8f:c2:
         a0:5e:32:37:29:47:8e:1b:7d:1d:ea:f4:10:4d:f2:d1:d1:75:
         a5:0f:f6:b7
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBJDANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzY4
MjEwNEFGMTEwLwYDVQQFEyg4QjEwMjY5NTNFQ0Y3QzRDRTEzOUZFOUE1OUJERDcy
MjhBMTUzNTQ0MB4XDTIwMDYxMDEwMTAzM1oXDTMwMTIzMTEwMTAzM1owGDEWMBQG
A1UEAxMNNWVlMGIxOWUtNzgyYzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMVCcLDuCNlvJopG4QbvfUbCnduFZohUkVFqo6UbGjTrHcmPo13HCN8rPhlD
1N2onUeLXqgwfdl68GhmOtD3TIniidVT5P6YeI81ikKGzcXCw5EKvak2a50hmGPE
YnfqQ+Wi6d39yVRW4iObbdPwz3UEYh/Zkkg6iA41JoivlVovOtlJ3HDMTs+QNgJn
/7v8DzHAM6zeuEsPXrm9V51v6WjdCr7jJ6oeLmE7w2VgrzpQdIdQkDr7hCi1yP8C
feXHGIfQJPRIMJgu0NxMKa6uTCo3tj63FjwEYLVTdefAU8m/UXVcWJWj7zTPgEEF
oAr1hi8snfGWTjBVFjBsrlQbw9UCAwEAAaOCAqUwggKhMB0GA1UdDgQWBBTO2hCa
dVjG2bk+uDa2HNOFUx+fZzAfBgNVHSMEGDAWgBSLECaVPs98TOE5/ppZvdciihU1
RDAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2ODIxMDQvMDlDQ0I5NENBNzYzMTFFQUJCQzE5MTFDRjhBRUEyMjgvaXhBbWxU
N1BmRXpoT2Y2YVdiM1hJb29WTlVRLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvaXhBbWxUN1BmRXpoT2Y2YVdiM1hJb29WTlVRLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2ODIxMDQvMDlDQ0I5NENBNzYzMTFFQUJCQzE5MTFDRjhB
RUEyMjgvQTFDMDhDRUFBQjAyMTFFQUEzOTYxMDFGRjhBRUEyMjgucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBymLgDANBgkqhkiG9w0BAQsF
AAOCAQEAM+Ed4ziURDBbnO2G58vswduHhm25+FbLTRb+f3yHzkzmBtioL+v80DAS
Y6/FoD27nPyEdQKrgvcMktQB4NxogDHGwfdPWn3WkXHNC+QtX5R1CN5+uBqMqR1p
mp6XxiFVthkpJXlXV0ErBkvbNvd45grpSuWEAMaKcDhjbm/MyoZzMzgCY2KdCG5h
GgfRZRAb29deI/t54lEmUhDCZ1cTlbxPRJLAAHGxNqGpFJk4F0f7P6WoSu16T5Vi
uJA11ysP4vb36xqIJzFgHq+uyExxNAeqIdXtqO8MR97XfplAJXj4fF9BGV7mLo/C
oF4yNylHjht9Her0EE3y0dF1pQ/2tw==
-----END CERTIFICATE-----