Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36B35B7/86A7F99073F111EF93569567762E951A/D8F28FD87BEB11EFB2CEC399762E951A.roa
File:                     D8F28FD87BEB11EFB2CEC399762E951A.roa (raw, json)
Hash identifier:          IrfNf4mCYxKNNTtpjGrbLvkdxYvkdOQJJFgReOprMII=
Subject key identifier:   4F:02:E5:65:6C:1D:F2:A6:71:37:A5:E2:CC:42:15:80:FC:F5:B1:7C
Certificate issuer:       /CN=F36B35B7AF/serialNumber=E38937DE377A183822308BE399F0E16DD21E730D
Certificate serial:       15
Authority key identifier: E3:89:37:DE:37:7A:18:38:22:30:8B:E3:99:F0:E1:6D:D2:1E:73:0D
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/44k33jd6GDgiMIvjmfDhbdIecw0.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36B35B7/86A7F99073F111EF93569567762E951A/D8F28FD87BEB11EFB2CEC399762E951A.roa
Signing time:             Thu 26 Sep 2024 09:43:56 +0000
ROA not before:           Thu 26 Sep 2024 09:43:52 +0000
ROA not after:            Sun 17 Nov 2030 09:43:52 +0000
asID:                     37395
IP address blocks:        102.165.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36B35B7/86A7F99073F111EF93569567762E951A/44k33jd6GDgiMIvjmfDhbdIecw0.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36B35B7/86A7F99073F111EF93569567762E951A/44k33jd6GDgiMIvjmfDhbdIecw0.mft
                          rsync://rpki.afrinic.net/repository/afrinic/44k33jd6GDgiMIvjmfDhbdIecw0.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sat 26 Oct 2024 00:05:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 21 (0x15)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36B35B7AF/serialNumber=E38937DE377A183822308BE399F0E16DD21E730D
        Validity
            Not Before: Sep 26 09:43:52 2024 GMT
            Not After : Nov 17 09:43:52 2030 GMT
        Subject: CN=66f52cdc-b181
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:43:0a:23:0f:55:39:c9:c7:00:b7:22:71:25:
                    d0:c5:75:ba:07:dc:31:d0:d1:4a:22:fe:36:91:cb:
                    51:09:d1:89:e2:e1:2e:09:6c:70:d8:00:17:49:46:
                    1e:2b:12:8d:0d:76:7b:78:61:c7:28:9c:a4:a9:fa:
                    ab:78:9a:de:95:17:1e:d5:52:74:c7:80:e2:6a:ed:
                    b8:f6:29:84:8e:53:4c:7c:2f:f4:db:34:72:66:73:
                    21:fb:f8:3a:4b:31:57:d7:d2:cb:c6:b9:dc:c3:15:
                    ac:f8:95:20:4b:39:ea:7d:a4:2e:77:ad:e2:6e:ef:
                    04:1c:82:fd:bf:e2:05:04:44:6a:d5:9f:5d:e9:cb:
                    25:a8:8b:04:7d:b6:cd:47:cd:5e:5c:23:1d:94:05:
                    af:8d:99:f6:d5:b0:69:93:35:02:93:32:e5:26:89:
                    e6:bb:af:53:50:06:8e:8a:5e:a8:da:0a:71:57:53:
                    9f:51:51:4d:57:d2:f3:f8:f1:5d:16:c8:e4:f3:d5:
                    2b:4e:ff:ea:be:e6:c8:8b:8b:71:c7:f7:3f:ed:34:
                    b2:bd:5b:5b:33:e3:1c:30:1b:72:dc:72:8d:f7:78:
                    81:e1:db:8c:c3:42:44:3c:a9:cb:1f:99:3f:8c:aa:
                    61:9f:94:cb:db:70:5d:07:f7:f9:67:92:dc:10:2f:
                    83:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:02:E5:65:6C:1D:F2:A6:71:37:A5:E2:CC:42:15:80:FC:F5:B1:7C
            X509v3 Authority Key Identifier:
                keyid:E3:89:37:DE:37:7A:18:38:22:30:8B:E3:99:F0:E1:6D:D2:1E:73:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36B35B7/86A7F99073F111EF93569567762E951A/44k33jd6GDgiMIvjmfDhbdIecw0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/44k33jd6GDgiMIvjmfDhbdIecw0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36B35B7/86A7F99073F111EF93569567762E951A/D8F28FD87BEB11EFB2CEC399762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.165.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:b0:bc:2e:7f:48:07:26:31:e3:e3:a7:31:4d:d0:09:9b:e3:
         13:a0:2d:38:7c:0b:25:a1:29:91:d9:f4:a8:aa:83:87:51:11:
         ec:b8:65:ae:a5:9f:18:97:b9:e5:1e:49:9f:3c:4f:4e:29:3f:
         8a:d5:3b:43:5b:73:ef:53:6a:0a:42:c1:9d:8a:7f:c8:c4:a2:
         55:ec:d3:01:d0:1b:14:f1:ae:e3:80:0b:38:0f:c1:0d:32:b3:
         4e:f3:79:aa:f7:8d:9a:bd:4f:f5:3e:b4:4a:1f:cf:08:75:ed:
         78:a6:fc:4f:7a:8f:a7:35:c8:10:51:94:52:5d:74:02:95:3c:
         57:10:3e:c1:a5:82:b7:d4:b1:78:17:d1:1b:4e:c4:6b:ed:9f:
         db:81:25:13:ad:6b:9c:9c:0b:70:1f:c5:f3:d8:8f:25:fc:cb:
         8f:5a:64:8b:2c:f3:11:96:9a:82:b6:75:ba:9a:ca:e5:f6:51:
         20:07:a5:dd:8e:52:9f:e5:ec:4c:93:80:aa:50:28:ea:2e:14:
         04:2a:08:73:22:e8:f0:a2:e0:23:e0:f0:fb:1a:3f:2b:54:cd:
         b7:34:d1:1b:8c:c5:05:8b:ad:05:f5:cf:7b:8b:aa:da:cb:08:
         83:c5:c9:ac:78:ca:e9:96:7d:39:01:30:95:f3:7b:6b:34:c9:
         22:77:a5:4b
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBFTANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzZC
MzVCN0FGMTEwLwYDVQQFEyhFMzg5MzdERTM3N0ExODM4MjIzMDhCRTM5OUYwRTE2
REQyMUU3MzBEMB4XDTI0MDkyNjA5NDM1MloXDTMwMTExNzA5NDM1MlowGDEWMBQG
A1UEAxMNNjZmNTJjZGMtYjE4MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALRDCiMPVTnJxwC3InEl0MV1ugfcMdDRSiL+NpHLUQnRieLhLglscNgAF0lG
HisSjQ12e3hhxyicpKn6q3ia3pUXHtVSdMeA4mrtuPYphI5TTHwv9Ns0cmZzIfv4
OksxV9fSy8a53MMVrPiVIEs56n2kLnet4m7vBByC/b/iBQREatWfXenLJaiLBH22
zUfNXlwjHZQFr42Z9tWwaZM1ApMy5SaJ5ruvU1AGjopeqNoKcVdTn1FRTVfS8/jx
XRbI5PPVK07/6r7myIuLccf3P+00sr1bWzPjHDAbctxyjfd4geHbjMNCRDypyx+Z
P4yqYZ+Uy9twXQf3+WeS3BAvg6kCAwEAAaOCAqUwggKhMB0GA1UdDgQWBBRPAuVl
bB3ypnE3peLMQhWA/PWxfDAfBgNVHSMEGDAWgBTjiTfeN3oYOCIwi+OZ8OFt0h5z
DTAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2QjM1QjcvODZBN0Y5OTA3M0YxMTFFRjkzNTY5NTY3NzYyRTk1MUEvNDRrMzNq
ZDZHRGdpTUl2am1mRGhiZEllY3cwLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvNDRrMzNqZDZHRGdpTUl2am1mRGhiZEllY3cwLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2QjM1QjcvODZBN0Y5OTA3M0YxMTFFRjkzNTY5NTY3NzYy
RTk1MUEvRDhGMjhGRDg3QkVCMTFFRkIyQ0VDMzk5NzYyRTk1MUEucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAGaliDANBgkqhkiG9w0BAQsF
AAOCAQEAarC8Ln9IByYx4+OnMU3QCZvjE6AtOHwLJaEpkdn0qKqDh1ER7LhlrqWf
GJe55R5JnzxPTik/itU7Q1tz71NqCkLBnYp/yMSiVezTAdAbFPGu44ALOA/BDTKz
TvN5qveNmr1P9T60Sh/PCHXteKb8T3qPpzXIEFGUUl10ApU8VxA+waWCt9SxeBfR
G07Ea+2f24ElE61rnJwLcB/F89iPJfzLj1pkiyzzEZaagrZ1uprK5fZRIAel3Y5S
n+XsTJOAqlAo6i4UBCoIcyLo8KLgI+Dw+xo/K1TNtzTRG4zFBYutBfXPe4uq2ssI
g8XJrHjK6ZZ9OQEwlfN7azTJInelSw==
-----END CERTIFICATE-----