Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/C55098E282BF11EEB22678414AD9E6FC.roa
File:                     C55098E282BF11EEB22678414AD9E6FC.roa (raw, json)
Hash identifier:          nhkMMbNmHSaMWlDcrFl/Opdn82+WqJxvzM4OAQ+HR2E=
Subject key identifier:   BE:EF:25:42:65:02:EB:DC:ED:9D:C1:B2:86:0B:E4:98:50:62:12:16
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       5012
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/C55098E282BF11EEB22678414AD9E6FC.roa
Signing time:             Tue 14 Nov 2023 07:31:06 +0000
ROA not before:           Tue 14 Nov 2023 07:31:02 +0000
ROA not after:            Tue 12 Nov 2024 07:31:02 +0000
asID:                     397630
IP address blocks:        154.201.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 05 May 2024 00:04:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 20498 (0x5012)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: Nov 14 07:31:02 2023 GMT
            Not After : Nov 12 07:31:02 2024 GMT
        Subject: CN=6553223a-0939
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:1b:f2:27:4e:1b:24:dc:88:e1:fd:6b:a7:41:
                    7b:6e:89:9a:9c:3f:01:f1:16:32:5b:cd:da:fe:c6:
                    d2:80:db:71:c2:f2:39:99:6e:7f:ff:59:e7:5c:f8:
                    7c:1d:5f:9e:78:fa:6c:d6:e5:84:f7:1b:e6:14:b0:
                    20:7c:9c:01:6c:7f:9e:92:f2:36:ce:eb:80:60:c5:
                    53:c3:23:77:61:3d:1a:0e:13:0e:20:7e:ae:0a:c9:
                    62:ad:b8:a7:19:48:18:48:f6:0e:98:e2:6a:26:59:
                    62:2b:3a:97:43:82:30:ed:44:e5:41:de:42:39:15:
                    60:d2:85:cc:3a:e0:6b:c7:f0:63:c0:58:db:26:20:
                    b5:1a:2d:b9:4b:5a:ec:96:5a:d6:6c:11:b4:7a:55:
                    b3:c3:95:75:0c:04:c0:3f:66:00:5a:24:42:59:21:
                    97:47:f0:a3:2c:81:f2:2d:66:98:39:56:c1:d1:0e:
                    4e:ca:69:47:9c:55:c1:89:4f:d0:30:e3:c1:36:71:
                    bf:df:11:d4:46:c6:0e:f7:c1:67:2c:8b:54:31:33:
                    aa:dc:bd:af:fc:a6:06:e3:fb:9b:32:b6:43:49:ae:
                    04:2b:82:30:ef:1a:21:1c:00:99:46:1d:44:49:61:
                    eb:a6:59:92:29:d2:20:48:26:32:04:24:c7:37:e9:
                    c1:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:EF:25:42:65:02:EB:DC:ED:9D:C1:B2:86:0B:E4:98:50:62:12:16
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/C55098E282BF11EEB22678414AD9E6FC.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.201.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:78:87:a8:12:ca:85:5d:a7:b5:27:56:4b:8a:d1:48:e0:2a:
         15:6b:3c:bd:08:db:f2:d9:c7:82:2f:c4:2c:88:19:41:e9:b4:
         89:8f:f4:9c:4e:e4:47:80:6b:b5:d8:34:cf:a2:76:2a:ef:61:
         f4:32:a8:38:64:98:f1:50:56:ab:dc:fd:47:89:5a:a7:29:b3:
         ce:01:11:c7:4b:53:72:0e:76:76:ee:fc:20:e1:cd:64:ef:f9:
         b4:54:de:e1:61:f8:d1:d4:e7:e2:95:dd:11:ac:07:1c:2d:81:
         3f:76:46:74:fd:75:a4:74:30:77:b4:4f:b9:be:3e:ac:6a:45:
         ef:47:f6:b9:09:47:dc:64:eb:2e:f0:b3:2c:30:13:12:ef:da:
         f1:e1:b1:98:d6:9d:4f:07:39:72:85:3b:f2:00:55:ed:31:5f:
         aa:52:2e:4a:8b:f9:d3:d9:e5:df:94:cd:cf:d7:51:c6:c7:98:
         e2:e7:28:24:49:2e:84:4d:74:b6:b9:01:6a:4a:fe:19:78:07:
         ea:b6:a5:1c:87:cd:f2:29:86:54:90:7f:a7:ad:e6:6a:93:70:
         a8:6e:be:f8:a8:72:27:ec:e4:e6:81:24:79:4e:39:1a:d2:d1:
         04:ab:74:c4:64:98:fc:15:ab:89:1b:cf:f2:83:fc:6e:2b:eb:
         cc:f0:83:93
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICUBIwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAwwKRjM2
OEYyRDBBRjExMC8GA1UEBRMoMjVENjNFMDhFQUJFN0NGQTY3ODVENEMxRDZEMzQx
MTZERTE1QjNEQzAeFw0yMzExMTQwNzMxMDJaFw0yNDExMTIwNzMxMDJaMBgxFjAU
BgNVBAMTDTY1NTMyMjNhLTA5MzkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDQG/InThsk3Ijh/WunQXtuiZqcPwHxFjJbzdr+xtKA23HC8jmZbn//Wedc
+HwdX554+mzW5YT3G+YUsCB8nAFsf56S8jbO64BgxVPDI3dhPRoOEw4gfq4KyWKt
uKcZSBhI9g6Y4momWWIrOpdDgjDtROVB3kI5FWDShcw64GvH8GPAWNsmILUaLblL
WuyWWtZsEbR6VbPDlXUMBMA/ZgBaJEJZIZdH8KMsgfItZpg5VsHRDk7KaUecVcGJ
T9Aw48E2cb/fEdRGxg73wWcsi1QxM6rcva/8pgbj+5sytkNJrgQrgjDvGiEcAJlG
HURJYeumWZIp0iBIJjIEJMc36cFxAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQUvu8l
QmUC69ztncGyhgvkmFBiEhYwHwYDVR0jBBgwFoAUJdY+COq+fPpnhdTB1tNBFt4V
s9wwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjhGMkQwLzdGNEE5OEVBNkUwNTExRTg5QzBENkU0QkY4QUVBMjI4L0pkWS1D
T3EtZlBwbmhkVEIxdE5CRnQ0VnM5dy5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL0pkWS1DT3EtZlBwbmhkVEIxdE5CRnQ0VnM5dy5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjhGMkQwLzdGNEE5OEVBNkUwNTExRTg5QzBENkU0QkY4
QUVBMjI4L0M1NTA5OEUyODJCRjExRUVCMjI2Nzg0MTRBRDlFNkZDLnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACaySYwDQYJKoZIhvcNAQEL
BQADggEBALV4h6gSyoVdp7UnVkuK0UjgKhVrPL0I2/LZx4IvxCyIGUHptImP9JxO
5EeAa7XYNM+idirvYfQyqDhkmPFQVqvc/UeJWqcps84BEcdLU3IOdnbu/CDhzWTv
+bRU3uFh+NHU5+KV3RGsBxwtgT92RnT9daR0MHe0T7m+PqxqRe9H9rkJR9xk6y7w
sywwExLv2vHhsZjWnU8HOXKFO/IAVe0xX6pSLkqL+dPZ5d+Uzc/XUcbHmOLnKCRJ
LoRNdLa5AWpK/hl4B+q2pRyHzfIphlSQf6et5mqTcKhuvviocifs5OaBJHlOORrS
0QSrdMRkmPwVq4kbz/KD/G4r68zwg5M=
-----END CERTIFICATE-----