Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368D658/9436EDAECA4711EE8CA69780775412E6/DC6D06E4CBEB11EEA9655CAB775412E6.roa
File:                     DC6D06E4CBEB11EEA9655CAB775412E6.roa (raw, json)
Hash identifier:          rI3Z0thMS8kcuZHwZrlMXa6Fqk3EKGjdiGllXF+/6As=
Subject key identifier:   D9:32:B6:D7:71:E2:13:BE:CF:1A:39:00:41:04:3A:43:91:CF:56:15
Certificate issuer:       /CN=F368D658AF/serialNumber=FE9E01320A0E95524539A986A8F03F91EB4FC32D
Certificate serial:       06
Authority key identifier: FE:9E:01:32:0A:0E:95:52:45:39:A9:86:A8:F0:3F:91:EB:4F:C3:2D
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/_p4BMgoOlVJFOamGqPA_ketPwy0.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368D658/9436EDAECA4711EE8CA69780775412E6/DC6D06E4CBEB11EEA9655CAB775412E6.roa
Signing time:             Thu 15 Feb 2024 10:20:37 +0000
ROA not before:           Thu 15 Feb 2024 10:20:34 +0000
ROA not after:            Fri 15 Feb 2030 10:20:34 +0000
asID:                     328443
IP address blocks:        102.68.152.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368D658/9436EDAECA4711EE8CA69780775412E6/_p4BMgoOlVJFOamGqPA_ketPwy0.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368D658/9436EDAECA4711EE8CA69780775412E6/_p4BMgoOlVJFOamGqPA_ketPwy0.mft
                          rsync://rpki.afrinic.net/repository/afrinic/_p4BMgoOlVJFOamGqPA_ketPwy0.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Fri 21 Feb 2025 02:54:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6 (0x6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368D658AF
        Validity
            Not Before: Feb 15 10:20:34 2024 GMT
            Not After : Feb 15 10:20:34 2030 GMT
        Subject: CN=65cde575-62fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:aa:14:60:95:a2:d0:03:cd:94:90:e9:99:a0:
                    4d:6f:98:7f:2f:33:20:22:d6:79:72:27:0c:dc:c6:
                    4d:ba:49:af:f5:c4:11:64:dd:e8:b3:6e:f5:a4:ff:
                    23:68:8b:ae:01:f3:84:f5:a7:16:56:72:f5:a9:8b:
                    58:dd:9e:b4:eb:d0:e3:ff:e4:85:cc:27:35:31:8a:
                    63:77:6e:a4:36:6c:74:eb:8c:9b:af:e1:5c:57:fb:
                    aa:82:3e:05:c7:a3:8f:17:52:44:e2:1d:82:c3:ed:
                    b0:1e:3e:c6:11:69:c5:c7:22:a0:a2:c5:e0:18:e0:
                    b6:1a:bb:f6:d1:f8:21:6f:ee:95:6d:bf:31:3b:b0:
                    b7:48:92:56:e7:50:74:62:cd:ee:45:c6:69:74:9b:
                    77:f8:dd:eb:b4:ff:96:46:fb:f7:e0:ac:5d:7b:c0:
                    3f:0a:d6:13:43:93:00:88:df:99:1e:4b:75:1e:c3:
                    c6:92:35:e3:75:10:31:35:25:a3:3e:e8:f4:8f:67:
                    1e:0d:8e:a7:01:a7:65:ec:48:a6:ad:f8:cc:94:c6:
                    fc:69:7d:17:18:78:41:cd:60:02:1a:84:8c:b2:e5:
                    8f:b3:09:32:f9:33:90:66:5e:be:1d:8c:82:a5:04:
                    19:53:05:76:a4:ea:23:ca:51:1f:8f:92:09:aa:dd:
                    0f:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:32:B6:D7:71:E2:13:BE:CF:1A:39:00:41:04:3A:43:91:CF:56:15
            X509v3 Authority Key Identifier:
                keyid:FE:9E:01:32:0A:0E:95:52:45:39:A9:86:A8:F0:3F:91:EB:4F:C3:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368D658/9436EDAECA4711EE8CA69780775412E6/_p4BMgoOlVJFOamGqPA_ketPwy0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/_p4BMgoOlVJFOamGqPA_ketPwy0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368D658/9436EDAECA4711EE8CA69780775412E6/DC6D06E4CBEB11EEA9655CAB775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.68.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:6c:0b:77:95:36:a8:6d:ab:db:4d:e5:15:94:d4:6b:d6:eb:
         38:ee:20:65:c0:b7:62:00:87:bc:e3:05:44:b6:29:bd:23:24:
         f7:8e:ac:28:2f:05:f8:b2:aa:6c:f1:62:6d:56:aa:03:72:44:
         0d:58:97:c2:0b:ef:e4:cf:97:dd:27:9f:b7:fe:09:ed:56:12:
         23:be:84:41:e6:9b:fc:bf:46:93:6a:1e:26:46:9c:c2:89:30:
         02:3d:56:cc:9d:d8:bd:50:53:cf:80:9c:42:07:aa:9a:30:2a:
         03:78:13:4a:b0:7f:3b:0a:e0:88:6b:78:0d:4e:1c:ad:1e:97:
         dd:fc:88:14:88:28:f1:e1:1c:68:20:be:59:40:18:52:0d:b4:
         1a:3b:2b:a9:2c:e6:20:bd:71:96:b4:5d:19:89:14:e2:36:5b:
         68:ed:72:98:4f:98:7f:78:75:14:a0:23:fb:50:bf:5b:92:b8:
         44:7d:81:86:65:f2:96:2a:f4:38:a4:a8:9c:88:c6:75:86:93:
         54:2e:d7:7b:d1:58:06:68:c5:77:e8:b4:b4:f7:8b:6b:42:71:
         df:3d:37:f6:64:f5:bb:82:5e:fd:be:4b:ab:15:09:18:a4:9f:
         e4:39:b8:18:e5:14:9f:e2:d7:8a:a6:d1:4a:7b:c3:1f:6d:b5:
         8e:85:51:7c
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzY4
RDY1OEFGMTEwLwYDVQQFEyhGRTlFMDEzMjBBMEU5NTUyNDUzOUE5ODZBOEYwM0Y5
MUVCNEZDMzJEMB4XDTI0MDIxNTEwMjAzNFoXDTMwMDIxNTEwMjAzNFowGDEWMBQG
A1UEAxMNNjVjZGU1NzUtNjJmYzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANqqFGCVotADzZSQ6ZmgTW+Yfy8zICLWeXInDNzGTbpJr/XEEWTd6LNu9aT/
I2iLrgHzhPWnFlZy9amLWN2etOvQ4//khcwnNTGKY3dupDZsdOuMm6/hXFf7qoI+
BcejjxdSROIdgsPtsB4+xhFpxccioKLF4Bjgthq79tH4IW/ulW2/MTuwt0iSVudQ
dGLN7kXGaXSbd/jd67T/lkb79+CsXXvAPwrWE0OTAIjfmR5LdR7DxpI143UQMTUl
oz7o9I9nHg2OpwGnZexIpq34zJTG/Gl9Fxh4Qc1gAhqEjLLlj7MJMvkzkGZevh2M
gqUEGVMFdqTqI8pRH4+SCardD+ECAwEAAaOCAqUwggKhMB0GA1UdDgQWBBTZMrbX
ceITvs8aOQBBBDpDkc9WFTAfBgNVHSMEGDAWgBT+ngEyCg6VUkU5qYao8D+R60/D
LTAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2OEQ2NTgvOTQzNkVEQUVDQTQ3MTFFRThDQTY5NzgwNzc1NDEyRTYvX3A0Qk1n
b09sVkpGT2FtR3FQQV9rZXRQd3kwLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvX3A0Qk1nb09sVkpGT2FtR3FQQV9rZXRQd3kwLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2OEQ2NTgvOTQzNkVEQUVDQTQ3MTFFRThDQTY5NzgwNzc1
NDEyRTYvREM2RDA2RTRDQkVCMTFFRUE5NjU1Q0FCNzc1NDEyRTYucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAmZEmDANBgkqhkiG9w0BAQsF
AAOCAQEAPGwLd5U2qG2r203lFZTUa9brOO4gZcC3YgCHvOMFRLYpvSMk946sKC8F
+LKqbPFibVaqA3JEDViXwgvv5M+X3Seft/4J7VYSI76EQeab/L9Gk2oeJkacwokw
Aj1WzJ3YvVBTz4CcQgeqmjAqA3gTSrB/OwrgiGt4DU4crR6X3fyIFIgo8eEcaCC+
WUAYUg20GjsrqSzmIL1xlrRdGYkU4jZbaO1ymE+Yf3h1FKAj+1C/W5K4RH2BhmXy
lir0OKSonIjGdYaTVC7Xe9FYBmjFd+i0tPeLa0Jx3z039mT1u4Je/b5LqxUJGKSf
5Dm4GOUUn+LXiqbRSnvDH221joVRfA==
-----END CERTIFICATE-----