Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3682104/09CCB94CA76311EABBC1911CF8AEA228/F08DC35AAB0311EAA2FC7020F8AEA228.roa
File:                     F08DC35AAB0311EAA2FC7020F8AEA228.roa (raw, json)
Hash identifier:          ZkcsfNFonZHY0l0CGy37g2maUdxSkH07LKPBv7Ii97w=
Subject key identifier:   10:55:E7:28:CB:22:2A:22:03:B6:A1:05:1C:E9:98:F4:45:D9:FF:93
Certificate issuer:       /CN=F3682104AF/serialNumber=8B1026953ECF7C4CE139FE9A59BDD7228A153544
Certificate serial:       2A
Authority key identifier: 8B:10:26:95:3E:CF:7C:4C:E1:39:FE:9A:59:BD:D7:22:8A:15:35:44
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/ixAmlT7PfEzhOf6aWb3XIooVNUQ.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3682104/09CCB94CA76311EABBC1911CF8AEA228/F08DC35AAB0311EAA2FC7020F8AEA228.roa
Signing time:             Wed 10 Jun 2020 10:20:00 +0000
ROA not before:           Wed 10 Jun 2020 10:19:55 +0000
ROA not after:            Tue 31 Dec 2030 10:19:55 +0000
asID:                     37061
IP address blocks:        2001:43d0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F3682104/09CCB94CA76311EABBC1911CF8AEA228/ixAmlT7PfEzhOf6aWb3XIooVNUQ.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F3682104/09CCB94CA76311EABBC1911CF8AEA228/ixAmlT7PfEzhOf6aWb3XIooVNUQ.mft
                          rsync://rpki.afrinic.net/repository/afrinic/ixAmlT7PfEzhOf6aWb3XIooVNUQ.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Mon 03 Jun 2024 00:05:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 42 (0x2a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3682104AF/serialNumber=8B1026953ECF7C4CE139FE9A59BDD7228A153544
        Validity
            Not Before: Jun 10 10:19:55 2020 GMT
            Not After : Dec 31 10:19:55 2030 GMT
        Subject: CN=5ee0b3d0-e866
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b9:f6:a7:fd:e7:e7:ae:29:d1:7a:82:92:6e:
                    e2:c9:8e:36:b3:ae:9c:f4:7f:6a:b6:22:7f:89:86:
                    8b:75:7d:86:3a:b1:f7:71:90:b0:e6:7e:eb:3b:5b:
                    4e:6d:81:2a:fc:3b:78:e8:d2:e6:86:a3:4e:3f:ca:
                    0d:5c:15:67:05:08:cb:ea:16:6d:af:11:1b:af:a2:
                    f6:bb:32:86:cb:f6:b5:4e:55:4e:b0:67:5b:f7:0c:
                    7b:42:6d:04:42:41:09:1f:e5:76:da:e6:69:c2:9e:
                    74:28:bd:bb:70:60:4b:dc:80:07:2d:eb:3a:1c:58:
                    81:64:ab:34:b3:42:c3:a5:84:f6:9e:fd:54:09:ec:
                    a8:06:b7:0a:da:88:ad:7f:05:6a:a1:ea:98:45:8d:
                    d7:b1:c9:f4:f5:77:e4:3d:3b:2b:e6:f7:65:5f:ef:
                    6e:17:02:65:9e:17:a1:63:80:64:f4:18:dd:73:9c:
                    cd:3a:51:72:f2:82:57:da:2a:ee:78:33:ec:26:9f:
                    cf:de:0b:10:80:6e:9b:5e:b9:67:72:23:6b:1d:9c:
                    f0:6a:e9:0b:4f:e2:a0:36:eb:88:57:df:e7:18:cc:
                    af:b4:46:0c:33:fc:99:0a:74:6b:b7:79:36:61:e2:
                    f7:5e:65:44:4e:fc:aa:92:d5:82:06:02:20:b3:d6:
                    54:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:55:E7:28:CB:22:2A:22:03:B6:A1:05:1C:E9:98:F4:45:D9:FF:93
            X509v3 Authority Key Identifier:
                keyid:8B:10:26:95:3E:CF:7C:4C:E1:39:FE:9A:59:BD:D7:22:8A:15:35:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3682104/09CCB94CA76311EABBC1911CF8AEA228/ixAmlT7PfEzhOf6aWb3XIooVNUQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/ixAmlT7PfEzhOf6aWb3XIooVNUQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3682104/09CCB94CA76311EABBC1911CF8AEA228/F08DC35AAB0311EAA2FC7020F8AEA228.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:43d0::/32

    Signature Algorithm: sha256WithRSAEncryption
         58:92:1c:09:e1:3a:74:c1:77:f8:d3:43:ed:c6:d6:cc:82:73:
         f7:56:58:a6:c3:50:d9:0e:17:40:7a:ac:ee:32:8d:00:0e:37:
         e5:ad:3a:2a:6f:a2:fa:1f:45:4f:97:db:c0:22:6c:c5:e2:35:
         dc:90:5c:7c:01:dd:58:d0:69:a3:9e:4d:dd:4f:c7:e2:d1:ff:
         06:6a:7d:37:6d:c1:f0:80:5d:97:45:dd:9d:4c:11:f1:a0:01:
         c0:4c:85:54:7c:53:1f:ca:26:4b:b4:91:8c:6a:44:db:33:05:
         b4:40:69:3c:cc:34:c7:c1:ad:57:cc:29:e7:43:ef:f9:09:3f:
         0f:b3:28:58:f6:5c:c4:37:a1:7e:aa:a6:00:37:8f:52:de:1b:
         d4:91:0a:6f:d0:e7:da:c5:12:16:e6:26:28:a4:d2:51:08:5a:
         f0:6c:eb:01:40:f1:be:de:95:50:d2:a4:a1:53:44:7f:e0:c2:
         a8:5e:fb:d5:77:f0:81:3c:21:2d:43:01:66:7d:58:07:3b:85:
         e5:d1:46:ce:d7:2d:d3:46:6e:dd:99:4c:50:4a:a1:f2:60:0f:
         0b:e7:36:bf:14:dd:05:5e:d2:e7:cf:bb:3f:7d:30:9c:2a:4f:
         b3:be:d3:7a:af:9e:f1:b0:7a:8b:67:84:c1:31:e2:4c:e8:76:
         0e:ec:59:eb
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgIBKjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzY4
MjEwNEFGMTEwLwYDVQQFEyg4QjEwMjY5NTNFQ0Y3QzRDRTEzOUZFOUE1OUJERDcy
MjhBMTUzNTQ0MB4XDTIwMDYxMDEwMTk1NVoXDTMwMTIzMTEwMTk1NVowGDEWMBQG
A1UEAxMNNWVlMGIzZDAtZTg2NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKW59qf95+euKdF6gpJu4smONrOunPR/arYif4mGi3V9hjqx93GQsOZ+6ztb
Tm2BKvw7eOjS5oajTj/KDVwVZwUIy+oWba8RG6+i9rsyhsv2tU5VTrBnW/cMe0Jt
BEJBCR/ldtrmacKedCi9u3BgS9yABy3rOhxYgWSrNLNCw6WE9p79VAnsqAa3CtqI
rX8FaqHqmEWN17HJ9PV35D07K+b3ZV/vbhcCZZ4XoWOAZPQY3XOczTpRcvKCV9oq
7ngz7Cafz94LEIBum165Z3Ijax2c8GrpC0/ioDbriFff5xjMr7RGDDP8mQp0a7d5
NmHi915lRE78qpLVggYCILPWVEUCAwEAAaOCAqYwggKiMB0GA1UdDgQWBBQQVeco
yyIqIgO2oQUc6Zj0Rdn/kzAfBgNVHSMEGDAWgBSLECaVPs98TOE5/ppZvdciihU1
RDAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2ODIxMDQvMDlDQ0I5NENBNzYzMTFFQUJCQzE5MTFDRjhBRUEyMjgvaXhBbWxU
N1BmRXpoT2Y2YVdiM1hJb29WTlVRLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvaXhBbWxUN1BmRXpoT2Y2YVdiM1hJb29WTlVRLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2ODIxMDQvMDlDQ0I5NENBNzYzMTFFQUJCQzE5MTFDRjhB
RUEyMjgvRjA4REMzNUFBQjAzMTFFQUEyRkM3MDIwRjhBRUEyMjgucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACABQ9AwDQYJKoZIhvcNAQEL
BQADggEBAFiSHAnhOnTBd/jTQ+3G1syCc/dWWKbDUNkOF0B6rO4yjQAON+WtOipv
ovofRU+X28AibMXiNdyQXHwB3VjQaaOeTd1Px+LR/wZqfTdtwfCAXZdF3Z1MEfGg
AcBMhVR8Ux/KJku0kYxqRNszBbRAaTzMNMfBrVfMKedD7/kJPw+zKFj2XMQ3oX6q
pgA3j1LeG9SRCm/Q59rFEhbmJiik0lEIWvBs6wFA8b7elVDSpKFTRH/gwqhe+9V3
8IE8IS1DAWZ9WAc7heXRRs7XLdNGbt2ZTFBKofJgDwvnNr8U3QVe0ufPuz99MJwq
T7O+03qvnvGweotnhMEx4kzodg7sWes=
-----END CERTIFICATE-----