Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36B0C44/DEB69BA6BF7811EE86CB6CB7775412E6/070A0F76BF7D11EEB89736BE775412E6.roa
File:                     070A0F76BF7D11EEB89736BE775412E6.roa (raw, json)
Hash identifier:          grOTvQ1t6UyvliV5knhBI1h+ljufMPN9n26TEDv5AK8=
Subject key identifier:   E0:16:D3:37:C9:CA:59:CE:51:62:53:2A:E3:3A:9C:C5:CC:3B:FE:53
Certificate issuer:       /CN=F36B0C44AF/serialNumber=49BAE67DFEDE9D9509BB03A7C732DC566166B75A
Certificate serial:       05
Authority key identifier: 49:BA:E6:7D:FE:DE:9D:95:09:BB:03:A7:C7:32:DC:56:61:66:B7:5A
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/Sbrmff7enZUJuwOnxzLcVmFmt1o.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36B0C44/DEB69BA6BF7811EE86CB6CB7775412E6/070A0F76BF7D11EEB89736BE775412E6.roa
Signing time:             Tue 30 Jan 2024 14:37:01 +0000
ROA not before:           Tue 30 Jan 2024 14:36:57 +0000
ROA not after:            Thu 25 Feb 2044 14:36:57 +0000
asID:                     37480
IP address blocks:        197.149.64.0/18 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36B0C44/DEB69BA6BF7811EE86CB6CB7775412E6/Sbrmff7enZUJuwOnxzLcVmFmt1o.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36B0C44/DEB69BA6BF7811EE86CB6CB7775412E6/Sbrmff7enZUJuwOnxzLcVmFmt1o.mft
                          rsync://rpki.afrinic.net/repository/afrinic/Sbrmff7enZUJuwOnxzLcVmFmt1o.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5 (0x5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36B0C44AF/serialNumber=49BAE67DFEDE9D9509BB03A7C732DC566166B75A
        Validity
            Not Before: Jan 30 14:36:57 2024 GMT
            Not After : Feb 25 14:36:57 2044 GMT
        Subject: CN=65b9098c-842a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:fc:af:c6:b1:63:a9:ca:a6:06:c5:0b:4f:d3:
                    04:01:06:3a:c0:a5:7f:21:ce:a4:f5:07:e4:bf:39:
                    26:f1:ad:91:9e:3a:ff:20:8c:c2:a6:41:a8:0c:33:
                    cc:3f:5e:9f:26:28:a7:85:ee:0c:cd:68:09:2f:c2:
                    00:e5:54:24:c6:2e:1d:dc:c2:19:cd:23:29:35:8d:
                    e5:1b:e2:f1:60:ba:02:93:b6:ca:2e:ce:cf:2e:24:
                    8f:c2:2c:b7:29:e4:62:4a:b2:18:96:50:d6:c9:0a:
                    55:d9:00:af:8b:9e:78:85:a6:9c:f8:1a:8e:19:98:
                    08:d7:a7:8f:f3:de:a1:3e:2c:12:98:3a:6e:f5:56:
                    f8:cb:41:7c:97:c7:8a:83:20:b8:e9:36:b3:37:6e:
                    46:1e:1f:cd:91:19:64:6c:7d:6c:2c:4e:cd:87:d6:
                    51:5b:3f:b1:b7:07:82:15:5b:d2:e7:66:17:c6:e9:
                    fa:58:83:72:b0:15:06:88:3b:7a:9b:3a:20:92:d9:
                    73:bc:4b:eb:32:d5:6b:db:40:82:df:4a:7c:94:18:
                    92:e6:0d:d9:ba:4b:ac:d4:6b:60:a6:90:4a:b1:a7:
                    49:32:c8:66:cb:78:c0:20:b9:8e:b7:0d:bb:aa:0a:
                    c7:73:6d:ed:ee:e2:28:14:43:8c:8e:1b:a6:71:1e:
                    a3:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:16:D3:37:C9:CA:59:CE:51:62:53:2A:E3:3A:9C:C5:CC:3B:FE:53
            X509v3 Authority Key Identifier:
                keyid:49:BA:E6:7D:FE:DE:9D:95:09:BB:03:A7:C7:32:DC:56:61:66:B7:5A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36B0C44/DEB69BA6BF7811EE86CB6CB7775412E6/Sbrmff7enZUJuwOnxzLcVmFmt1o.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/Sbrmff7enZUJuwOnxzLcVmFmt1o.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36B0C44/DEB69BA6BF7811EE86CB6CB7775412E6/070A0F76BF7D11EEB89736BE775412E6.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  197.149.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         29:6a:39:f2:55:a2:86:92:d5:eb:9b:c5:de:78:02:9d:d4:d8:
         09:e6:47:0d:b6:0c:a0:ad:59:5d:fc:36:7e:36:a1:f4:bf:bc:
         8e:46:4d:5c:c2:a0:9b:22:ec:00:38:e9:c1:85:e0:0e:67:df:
         c5:1f:c1:fd:98:df:c4:06:19:db:0e:bc:66:97:d5:42:87:9c:
         a3:ff:3a:89:60:c2:bc:f2:4c:46:b4:81:74:69:0f:55:71:08:
         f5:36:33:57:07:ae:87:d6:af:cd:60:dd:57:10:89:4a:6a:31:
         7d:6f:a8:02:d0:4e:51:e9:17:99:3d:91:df:b0:5f:b1:73:2c:
         25:85:cd:f6:d3:7d:21:54:f3:b9:fb:b8:b5:1d:87:9e:8d:6b:
         ee:0c:e4:06:b7:92:49:fe:27:d7:00:5d:44:a7:49:5f:39:0e:
         6b:3f:88:fa:a1:6a:e8:e5:e0:b3:39:8b:eb:cb:83:f1:01:1f:
         bc:4d:bd:fe:30:77:80:d3:c4:6f:90:bb:05:5b:c6:6b:63:9a:
         95:5c:b4:47:b3:42:63:21:e2:4b:db:21:39:98:24:be:79:2f:
         24:8b:82:d0:7f:79:69:d4:37:1f:b3:46:7b:3f:9d:6e:8c:57:
         e3:1c:12:d1:36:ad:65:66:9e:93:c4:1e:23:f7:a6:c7:5a:99:
         a1:65:97:53
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzZC
MEM0NEFGMTEwLwYDVQQFEyg0OUJBRTY3REZFREU5RDk1MDlCQjAzQTdDNzMyREM1
NjYxNjZCNzVBMB4XDTI0MDEzMDE0MzY1N1oXDTQ0MDIyNTE0MzY1N1owGDEWMBQG
A1UEAxMNNjViOTA5OGMtODQyYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPX8r8axY6nKpgbFC0/TBAEGOsClfyHOpPUH5L85JvGtkZ46/yCMwqZBqAwz
zD9enyYop4XuDM1oCS/CAOVUJMYuHdzCGc0jKTWN5Rvi8WC6ApO2yi7Ozy4kj8Is
tynkYkqyGJZQ1skKVdkAr4ueeIWmnPgajhmYCNenj/PeoT4sEpg6bvVW+MtBfJfH
ioMguOk2szduRh4fzZEZZGx9bCxOzYfWUVs/sbcHghVb0udmF8bp+liDcrAVBog7
eps6IJLZc7xL6zLVa9tAgt9KfJQYkuYN2bpLrNRrYKaQSrGnSTLIZst4wCC5jrcN
u6oKx3Nt7e7iKBRDjI4bpnEeo9UCAwEAAaOCAqUwggKhMB0GA1UdDgQWBBTgFtM3
ycpZzlFiUyrjOpzFzDv+UzAfBgNVHSMEGDAWgBRJuuZ9/t6dlQm7A6fHMtxWYWa3
WjAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2QjBDNDQvREVCNjlCQTZCRjc4MTFFRTg2Q0I2Q0I3Nzc1NDEyRTYvU2JybWZm
N2VuWlVKdXdPbnh6TGNWbUZtdDFvLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvU2JybWZmN2VuWlVKdXdPbnh6TGNWbUZtdDFvLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2QjBDNDQvREVCNjlCQTZCRjc4MTFFRTg2Q0I2Q0I3Nzc1
NDEyRTYvMDcwQTBGNzZCRjdEMTFFRUI4OTczNkJFNzc1NDEyRTYucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBsWVQDANBgkqhkiG9w0BAQsF
AAOCAQEAKWo58lWihpLV65vF3ngCndTYCeZHDbYMoK1ZXfw2fjah9L+8jkZNXMKg
myLsADjpwYXgDmffxR/B/ZjfxAYZ2w68ZpfVQoeco/86iWDCvPJMRrSBdGkPVXEI
9TYzVweuh9avzWDdVxCJSmoxfW+oAtBOUekXmT2R37BfsXMsJYXN9tN9IVTzufu4
tR2Hno1r7gzkBreSSf4n1wBdRKdJXzkOaz+I+qFq6OXgszmL68uD8QEfvE29/jB3
gNPEb5C7BVvGa2OalVy0R7NCYyHiS9shOZgkvnkvJIuC0H95adQ3H7NGez+dboxX
4xwS0TatZWaek8QeI/emx1qZoWWXUw==
-----END CERTIFICATE-----