Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36B2802/9C4B6D560F8B11EA9ADDAE62F8AEA228/0339DB7E0F8C11EAB91E1463F8AEA228.roa
File:                     0339DB7E0F8C11EAB91E1463F8AEA228.roa (raw, json)
Hash identifier:          VEE0Ckp6I2VcUJ5B3ZZaJwDqeoS1pgqeABgMWtZnTH8=
Subject key identifier:   C4:29:1D:E7:AF:2E:23:02:37:AA:A9:54:74:32:18:55:1D:63:AC:F3
Certificate issuer:       /CN=F36B2802AR/serialNumber=1374B9C3F45F74183DD4F72B1610252ADFB12620
Certificate serial:       02
Authority key identifier: 13:74:B9:C3:F4:5F:74:18:3D:D4:F7:2B:16:10:25:2A:DF:B1:26:20
Authority info access:    rsync://rpki.afrinic.net/repository/arin/E3S5w_RfdBg91PcrFhAlKt-xJiA.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36B2802/9C4B6D560F8B11EA9ADDAE62F8AEA228/0339DB7E0F8C11EAB91E1463F8AEA228.roa
Signing time:             Mon 25 Nov 2019 14:01:01 +0000
ROA not before:           Mon 25 Nov 2019 14:00:57 +0000
ROA not after:            Fri 30 Nov 2029 14:00:57 +0000
asID:                     328146
IP address blocks:        160.119.220.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36B2802/9C4B6D560F8B11EA9ADDAE62F8AEA228/E3S5w_RfdBg91PcrFhAlKt-xJiA.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36B2802/9C4B6D560F8B11EA9ADDAE62F8AEA228/E3S5w_RfdBg91PcrFhAlKt-xJiA.mft
                          rsync://rpki.afrinic.net/repository/arin/E3S5w_RfdBg91PcrFhAlKt-xJiA.cer
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
                          rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Tue 07 May 2024 00:16:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36B2802AR/serialNumber=1374B9C3F45F74183DD4F72B1610252ADFB12620
        Validity
            Not Before: Nov 25 14:00:57 2019 GMT
            Not After : Nov 30 14:00:57 2029 GMT
        Subject: CN=5ddbde9d-be09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:b2:62:92:41:25:96:4e:6f:04:39:51:4b:ba:
                    d1:21:cf:b1:29:cc:f0:3d:bb:ed:75:5d:44:a9:fb:
                    dd:b3:f6:32:53:b8:26:4b:3d:55:39:66:3c:05:83:
                    80:eb:e1:ee:a9:27:5c:ec:e5:1e:59:f0:c3:01:ff:
                    a7:c3:53:65:05:41:40:94:4c:ae:2e:93:3c:8e:72:
                    14:b9:32:f8:ac:b6:57:e7:35:70:25:76:dd:e5:0a:
                    80:31:8d:48:86:5c:d2:be:85:18:c2:58:88:9f:ea:
                    95:13:11:51:bf:70:8f:ed:dc:fc:65:50:92:00:67:
                    b3:ba:fa:ba:c9:77:f8:cd:0f:21:aa:47:82:a0:0f:
                    be:2d:45:ca:e2:eb:0a:b2:85:77:a9:1a:6f:16:d5:
                    2f:2b:85:b1:68:e2:44:19:fe:96:4c:be:29:33:d2:
                    70:a0:80:61:2f:09:38:95:11:eb:60:d3:a5:36:9d:
                    8b:f2:cc:5c:ae:93:6f:7a:9a:c8:4e:da:40:f7:1d:
                    2d:e4:6d:c7:db:6d:07:08:2b:1d:b5:2c:0b:bb:51:
                    18:de:cb:fa:fb:85:2c:ce:7a:23:f5:ae:b0:34:09:
                    fb:96:a3:52:b1:94:95:02:0c:28:c1:fe:65:9d:7e:
                    bd:6f:c0:bd:e2:29:70:9f:7c:5f:14:c3:ec:5a:bc:
                    9a:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:29:1D:E7:AF:2E:23:02:37:AA:A9:54:74:32:18:55:1D:63:AC:F3
            X509v3 Authority Key Identifier:
                keyid:13:74:B9:C3:F4:5F:74:18:3D:D4:F7:2B:16:10:25:2A:DF:B1:26:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36B2802/9C4B6D560F8B11EA9ADDAE62F8AEA228/E3S5w_RfdBg91PcrFhAlKt-xJiA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/E3S5w_RfdBg91PcrFhAlKt-xJiA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36B2802/9C4B6D560F8B11EA9ADDAE62F8AEA228/0339DB7E0F8C11EAB91E1463F8AEA228.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.119.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:9a:38:34:cd:ce:22:7d:55:d8:32:9e:63:41:20:b7:2d:48:
         49:62:e4:51:55:df:c3:a2:d7:b8:89:3d:9e:e0:08:3f:3e:82:
         d2:58:8b:eb:9a:8f:53:33:40:d6:e4:08:53:9b:d2:99:f7:99:
         0f:79:11:db:32:c7:c9:59:41:ec:79:05:d4:d1:80:04:1c:c6:
         e9:30:92:6a:c5:33:00:0f:6a:fc:34:65:dc:e5:22:24:f5:f3:
         06:12:1f:22:7c:b0:ed:30:77:73:2c:ed:60:2c:aa:c8:50:e4:
         8f:6d:ca:4c:1a:28:8c:d3:4b:6d:92:63:17:50:fc:70:a5:cd:
         c5:fa:c1:78:b8:d0:83:99:7e:aa:03:70:bc:c8:43:71:12:81:
         4b:57:13:ca:2a:fd:dd:79:12:57:46:8d:90:b3:b1:19:da:b0:
         34:54:8b:b0:fe:64:0c:0d:74:19:c9:7a:a4:fc:59:81:f6:34:
         a4:44:4e:8c:ae:50:ea:77:a7:7a:65:92:70:d5:85:e4:af:b7:
         ff:cd:97:a7:8e:d6:c3:a0:d7:f3:bf:80:6b:e5:96:7d:76:14:
         90:5a:2f:4d:61:99:a1:da:16:e3:c7:04:5b:b9:e6:ef:31:6b:
         6a:6d:e0:17:5f:e9:4c:26:68:81:6d:e8:54:bd:0e:dc:4d:cc:
         0f:a7:d7:e5
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzZC
MjgwMkFSMTEwLwYDVQQFEygxMzc0QjlDM0Y0NUY3NDE4M0RENEY3MkIxNjEwMjUy
QURGQjEyNjIwMB4XDTE5MTEyNTE0MDA1N1oXDTI5MTEzMDE0MDA1N1owGDEWMBQG
A1UEAxMNNWRkYmRlOWQtYmUwOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANGyYpJBJZZObwQ5UUu60SHPsSnM8D277XVdRKn73bP2MlO4Jks9VTlmPAWD
gOvh7qknXOzlHlnwwwH/p8NTZQVBQJRMri6TPI5yFLky+Ky2V+c1cCV23eUKgDGN
SIZc0r6FGMJYiJ/qlRMRUb9wj+3c/GVQkgBns7r6usl3+M0PIapHgqAPvi1FyuLr
CrKFd6kabxbVLyuFsWjiRBn+lky+KTPScKCAYS8JOJUR62DTpTadi/LMXK6Tb3qa
yE7aQPcdLeRtx9ttBwgrHbUsC7tRGN7L+vuFLM56I/WusDQJ+5ajUrGUlQIMKMH+
ZZ1+vW/AveIpcJ98XxTD7Fq8mgsCAwEAAaOCAmswggJnMB0GA1UdDgQWBBTEKR3n
ry4jAjeqqVR0MhhVHWOs8zAfBgNVHSMEGDAWgBQTdLnD9F90GD3U9ysWECUq37Em
IDAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2QjI4MDIvOUM0QjZENTYwRjhCMTFFQTlBRERBRTYyRjhBRUEyMjgvRTNTNXdf
UmZkQmc5MVBjckZoQWxLdC14SmlBLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2FyaW4v
RTNTNXdfUmZkQmc5MVBjckZoQWxLdC14SmlBLmNlcjBPBgNVHSABAf8ERTBDMEEG
CCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmljLm5l
dC9wb2xpY3kvQ1BTLnBkZjCBpAYIKwYBBQUHAQsEgZcwgZQwgZEGCCsGAQUFBzAL
hoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3Jl
cG9zaXRvcnkvRjM2QjI4MDIvOUM0QjZENTYwRjhCMTFFQTlBRERBRTYyRjhBRUEy
MjgvMDMzOURCN0UwRjhDMTFFQUI5MUUxNDYzRjhBRUEyMjgucm9hMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCoHfcMA0GCSqGSIb3DQEBCwUAA4IBAQAUmjg0
zc4ifVXYMp5jQSC3LUhJYuRRVd/Dote4iT2e4Ag/PoLSWIvrmo9TM0DW5AhTm9KZ
95kPeRHbMsfJWUHseQXU0YAEHMbpMJJqxTMAD2r8NGXc5SIk9fMGEh8ifLDtMHdz
LO1gLKrIUOSPbcpMGiiM00ttkmMXUPxwpc3F+sF4uNCDmX6qA3C8yENxEoFLVxPK
Kv3deRJXRo2Qs7EZ2rA0VIuw/mQMDXQZyXqk/FmB9jSkRE6MrlDqd6d6ZZJw1YXk
r7f/zZenjtbDoNfzv4Br5ZZ9dhSQWi9NYZmh2hbjxwRbuebvMWtqbeAXX+lMJmiB
behUvQ7cTcwPp9fl
-----END CERTIFICATE-----