Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36B70EF/8F798B325A6611EABB216F4BF8AEA228/B217A2825A6611EAB1529D4BF8AEA228.roa
File:                     B217A2825A6611EAB1529D4BF8AEA228.roa (raw, json)
Hash identifier:          vzveyzJlprOUydarhesuSRbAJ+Ui96qsAven0yoHfa4=
Subject key identifier:   23:22:A3:78:7B:0C:8F:F3:5D:BF:78:74:61:8B:02:B4:B0:71:DD:BC
Certificate issuer:       /CN=F36B70EFAF/serialNumber=D0BE67D045B33F05A5871510399E709C98F6D77D
Certificate serial:       02
Authority key identifier: D0:BE:67:D0:45:B3:3F:05:A5:87:15:10:39:9E:70:9C:98:F6:D7:7D
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/0L5n0EWzPwWlhxUQOZ5wnJj2130.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36B70EF/8F798B325A6611EABB216F4BF8AEA228/B217A2825A6611EAB1529D4BF8AEA228.roa
Signing time:             Fri 28 Feb 2020 20:12:51 +0000
ROA not before:           Fri 28 Feb 2020 20:12:47 +0000
ROA not after:            Thu 28 Feb 2030 20:12:47 +0000
asID:                     328337
IP address blocks:        102.134.64.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36B70EF/8F798B325A6611EABB216F4BF8AEA228/0L5n0EWzPwWlhxUQOZ5wnJj2130.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36B70EF/8F798B325A6611EABB216F4BF8AEA228/0L5n0EWzPwWlhxUQOZ5wnJj2130.mft
                          rsync://rpki.afrinic.net/repository/afrinic/0L5n0EWzPwWlhxUQOZ5wnJj2130.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36B70EFAF/serialNumber=D0BE67D045B33F05A5871510399E709C98F6D77D
        Validity
            Not Before: Feb 28 20:12:47 2020 GMT
            Not After : Feb 28 20:12:47 2030 GMT
        Subject: CN=5e597443-64a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:22:75:f2:7c:b4:5d:87:74:9e:8c:32:3d:87:
                    34:e3:ef:f7:eb:6d:dd:1d:7b:67:f7:10:9b:05:cb:
                    53:2a:10:c9:ae:f6:bc:4f:14:d6:c3:28:de:94:5d:
                    31:45:0e:b6:1f:de:ad:a6:2f:31:ea:75:9d:bf:d6:
                    8e:27:03:c2:e2:c9:a1:eb:14:a3:a3:03:eb:76:2a:
                    ca:d5:b1:78:f8:ef:96:ba:87:49:d9:d6:8a:88:98:
                    d8:76:ea:7b:f5:4b:28:93:69:19:e6:74:f6:eb:dc:
                    0c:0c:9a:74:90:9c:99:18:f3:81:81:ef:84:19:a6:
                    4f:fc:03:d1:e4:60:fe:77:b6:9f:21:00:d4:a6:03:
                    2f:8c:e1:28:7b:cb:54:d4:00:0e:fa:8b:fc:76:6b:
                    95:dc:f3:1c:b3:f0:21:ff:eb:ff:6e:0f:c5:c7:a6:
                    65:3a:06:4e:5a:31:18:b2:8c:92:27:70:b4:ad:e3:
                    ca:8b:4f:60:c9:85:12:34:27:f5:7c:3d:d4:5b:2c:
                    ee:b5:0c:40:4a:8c:56:2b:53:4f:cb:3c:26:8b:55:
                    6d:c4:1d:de:99:7e:d8:19:01:c0:1e:36:4c:b4:8a:
                    0e:ce:f3:1d:0e:97:8f:08:a5:65:73:d4:3c:74:4a:
                    ab:5f:57:1d:29:07:41:59:57:fd:83:55:0e:34:ed:
                    3a:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:22:A3:78:7B:0C:8F:F3:5D:BF:78:74:61:8B:02:B4:B0:71:DD:BC
            X509v3 Authority Key Identifier:
                keyid:D0:BE:67:D0:45:B3:3F:05:A5:87:15:10:39:9E:70:9C:98:F6:D7:7D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36B70EF/8F798B325A6611EABB216F4BF8AEA228/0L5n0EWzPwWlhxUQOZ5wnJj2130.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/0L5n0EWzPwWlhxUQOZ5wnJj2130.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36B70EF/8F798B325A6611EABB216F4BF8AEA228/B217A2825A6611EAB1529D4BF8AEA228.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.134.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         92:8d:22:a4:3f:e3:77:80:5c:11:bc:41:ed:00:f9:33:d0:45:
         98:a4:d5:e5:fe:09:24:a1:27:48:4e:ba:01:7f:80:2c:db:e2:
         48:09:d8:2e:2e:8e:4c:f2:ff:35:2f:db:4f:aa:b0:37:6d:57:
         72:b0:dc:b9:31:68:16:58:a2:ce:15:6f:7b:9c:3e:b0:fb:d5:
         63:62:12:02:49:03:0e:a6:31:aa:89:cb:7a:51:ce:04:d1:aa:
         28:72:0c:0b:57:26:88:90:9a:b5:70:35:2f:4a:0f:6b:2b:56:
         90:d2:a4:12:05:28:b8:43:33:d7:45:99:47:9f:a3:32:90:56:
         cf:94:9a:3c:35:fc:04:d8:65:39:29:8f:c2:6c:52:e7:b5:12:
         76:d6:a2:72:ab:61:a3:b0:aa:dc:b6:70:fb:dc:98:98:14:97:
         e5:4b:5f:c3:b2:d9:d1:3c:06:ad:ab:9e:5f:a4:a6:db:ba:a3:
         a3:64:50:f5:21:c3:a5:97:2c:c8:13:5f:65:14:35:50:47:9d:
         08:04:59:de:40:ed:22:64:08:c2:0a:72:43:b8:ea:94:be:c8:
         cc:1a:e5:ff:69:6c:7c:c2:37:89:93:ae:d3:d6:21:24:ee:e4:
         9a:39:c9:a7:1e:04:76:ee:f9:21:ee:b5:2e:64:c3:e5:61:ca:
         60:d9:3e:ad
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzZC
NzBFRkFGMTEwLwYDVQQFEyhEMEJFNjdEMDQ1QjMzRjA1QTU4NzE1MTAzOTlFNzA5
Qzk4RjZENzdEMB4XDTIwMDIyODIwMTI0N1oXDTMwMDIyODIwMTI0N1owGDEWMBQG
A1UEAxMNNWU1OTc0NDMtNjRhNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM8idfJ8tF2HdJ6MMj2HNOPv9+tt3R17Z/cQmwXLUyoQya72vE8U1sMo3pRd
MUUOth/eraYvMep1nb/WjicDwuLJoesUo6MD63YqytWxePjvlrqHSdnWioiY2Hbq
e/VLKJNpGeZ09uvcDAyadJCcmRjzgYHvhBmmT/wD0eRg/ne2nyEA1KYDL4zhKHvL
VNQADvqL/HZrldzzHLPwIf/r/24PxcemZToGTloxGLKMkidwtK3jyotPYMmFEjQn
9Xw91Fss7rUMQEqMVitTT8s8JotVbcQd3pl+2BkBwB42TLSKDs7zHQ6XjwilZXPU
PHRKq19XHSkHQVlX/YNVDjTtOmsCAwEAAaOCAm4wggJqMB0GA1UdDgQWBBQjIqN4
ewyP812/eHRhiwK0sHHdvDAfBgNVHSMEGDAWgBTQvmfQRbM/BaWHFRA5nnCcmPbX
fTAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2QjcwRUYvOEY3OThCMzI1QTY2MTFFQUJCMjE2RjRCRjhBRUEyMjgvMEw1bjBF
V3pQd1dsaHhVUU9aNXduSmoyMTMwLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvMEw1bjBFV3pQd1dsaHhVUU9aNXduSmoyMTMwLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCBpAYIKwYBBQUHAQsEgZcwgZQwgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2QjcwRUYvOEY3OThCMzI1QTY2MTFFQUJCMjE2RjRCRjhB
RUEyMjgvQjIxN0EyODI1QTY2MTFFQUIxNTI5RDRCRjhBRUEyMjgucm9hMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDZoZAMA0GCSqGSIb3DQEBCwUAA4IBAQCS
jSKkP+N3gFwRvEHtAPkz0EWYpNXl/gkkoSdITroBf4As2+JICdguLo5M8v81L9tP
qrA3bVdysNy5MWgWWKLOFW97nD6w+9VjYhICSQMOpjGqict6Uc4E0aoocgwLVyaI
kJq1cDUvSg9rK1aQ0qQSBSi4QzPXRZlHn6MykFbPlJo8NfwE2GU5KY/CbFLntRJ2
1qJyq2GjsKrctnD73JiYFJflS1/DstnRPAatq55fpKbbuqOjZFD1IcOllyzIE19l
FDVQR50IBFneQO0iZAjCCnJDuOqUvsjMGuX/aWx8wjeJk67T1iEk7uSaOcmnHgR2
7vkh7rUuZMPlYcpg2T6t
-----END CERTIFICATE-----