Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36B95DE/0142933CCA5E11EAAA82C884F8AEA228/5FD871EACA5F11EA8E777586F8AEA228.roa
File:                     5FD871EACA5F11EA8E777586F8AEA228.roa (raw, json)
Hash identifier:          EtblfigLNGF6wfw5nHmJIbAVHju/Amjjjou8s+nuYu4=
Subject key identifier:   F8:36:93:4F:EE:70:79:24:FB:8F:03:50:76:9F:4D:17:48:93:82:4A
Certificate issuer:       /CN=F36B95DEAF/serialNumber=42D85C6FE43CDDD9C342A99123939EF6D10B9661
Certificate serial:       04
Authority key identifier: 42:D8:5C:6F:E4:3C:DD:D9:C3:42:A9:91:23:93:9E:F6:D1:0B:96:61
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/Qthcb-Q83dnDQqmRI5Oe9tELlmE.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36B95DE/0142933CCA5E11EAAA82C884F8AEA228/5FD871EACA5F11EA8E777586F8AEA228.roa
Signing time:             Mon 20 Jul 2020 08:02:37 +0000
ROA not before:           Mon 20 Jul 2020 08:02:32 +0000
ROA not after:            Sat 20 Jul 2030 08:02:32 +0000
asID:                     327849
IP address blocks:        2c0f:f2a0::/32 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36B95DE/0142933CCA5E11EAAA82C884F8AEA228/Qthcb-Q83dnDQqmRI5Oe9tELlmE.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36B95DE/0142933CCA5E11EAAA82C884F8AEA228/Qthcb-Q83dnDQqmRI5Oe9tELlmE.mft
                          rsync://rpki.afrinic.net/repository/afrinic/Qthcb-Q83dnDQqmRI5Oe9tELlmE.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 19 May 2024 00:04:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4 (0x4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36B95DEAF/serialNumber=42D85C6FE43CDDD9C342A99123939EF6D10B9661
        Validity
            Not Before: Jul 20 08:02:32 2020 GMT
            Not After : Jul 20 08:02:32 2030 GMT
        Subject: CN=5f154f9d-e907
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:14:2a:18:c5:d4:9f:7b:87:a5:47:40:11:fe:
                    4c:c1:45:0d:77:1a:5b:16:7b:41:db:8f:bf:87:dd:
                    c6:f1:4b:02:a0:54:b7:4e:16:e3:16:9f:3a:50:bf:
                    ae:b9:f8:38:39:95:f6:05:3c:44:18:8c:f3:cd:d0:
                    bc:fd:de:fb:9d:6b:08:ab:1c:62:9a:ab:45:4b:61:
                    ac:74:87:82:dd:fc:18:4c:b2:4d:22:16:e8:ac:3d:
                    5b:65:9b:60:0e:6f:e1:96:28:00:57:a5:e0:9b:8d:
                    3a:4b:f5:b1:9b:14:b0:14:74:e5:57:95:dc:9e:62:
                    18:a9:27:a2:f2:df:79:20:ea:fb:f2:a1:7e:0a:14:
                    09:d6:85:54:f2:08:a1:76:da:f3:e0:31:bf:49:ab:
                    43:0f:6c:9a:71:82:01:41:17:94:2e:da:08:55:0c:
                    41:97:69:ab:1b:6c:ea:a8:af:2e:b1:8a:c5:a7:74:
                    dd:e3:03:4c:a1:78:48:67:ac:95:9f:9f:f5:93:17:
                    1a:40:4b:20:e6:6f:6a:2e:e3:38:f4:03:fd:bb:e9:
                    bd:6c:4f:30:36:20:22:71:12:1d:1a:46:11:4a:fc:
                    78:c9:23:63:04:2f:e1:a8:82:f2:32:ab:75:7a:bd:
                    fc:0a:4e:33:c5:82:de:cb:68:42:2e:b7:c6:8e:c7:
                    ff:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:36:93:4F:EE:70:79:24:FB:8F:03:50:76:9F:4D:17:48:93:82:4A
            X509v3 Authority Key Identifier:
                keyid:42:D8:5C:6F:E4:3C:DD:D9:C3:42:A9:91:23:93:9E:F6:D1:0B:96:61

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36B95DE/0142933CCA5E11EAAA82C884F8AEA228/Qthcb-Q83dnDQqmRI5Oe9tELlmE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/Qthcb-Q83dnDQqmRI5Oe9tELlmE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36B95DE/0142933CCA5E11EAAA82C884F8AEA228/5FD871EACA5F11EA8E777586F8AEA228.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2c0f:f2a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         74:70:79:35:81:d1:73:0d:80:63:85:d6:32:d5:83:ee:49:e7:
         a1:21:b2:bf:46:83:15:43:f7:8b:6e:ac:a3:73:58:2a:d4:e6:
         7e:84:1a:05:d3:d4:d1:b5:2e:7b:e4:f5:b8:85:07:e4:7e:28:
         64:26:3e:ed:71:a7:eb:74:99:bd:2f:31:e6:26:96:87:05:64:
         6a:90:5d:49:76:52:aa:cb:7e:73:95:e0:25:85:6e:ce:81:82:
         07:bb:ce:6e:66:78:ba:17:f1:92:03:09:f5:60:2e:a8:92:fa:
         c3:e2:06:18:20:bc:fc:87:81:9f:4a:6a:52:d9:37:87:62:02:
         41:f8:21:dc:c9:78:b3:19:28:10:04:89:f7:a4:67:33:d9:83:
         95:fa:e9:93:16:92:a1:b8:ac:15:70:90:6a:fc:5b:33:d3:61:
         3a:da:c5:0f:66:2d:32:27:fc:bc:55:0d:b8:47:5d:67:a3:f8:
         7b:a8:00:81:e1:1e:12:9f:b9:39:45:61:f9:a5:8c:1f:9a:84:
         ec:d7:a5:61:a5:a7:4a:01:c6:28:e3:ed:f5:c0:cc:e7:30:12:
         21:6a:d2:1a:57:41:23:82:b9:da:3a:66:87:73:d1:56:b0:36:
         aa:f6:84:e9:f0:ef:aa:54:4f:fe:0e:c5:35:35:2c:42:6c:93:
         fe:03:cd:c3
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgIBBDANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzZC
OTVERUFGMTEwLwYDVQQFEyg0MkQ4NUM2RkU0M0NEREQ5QzM0MkE5OTEyMzkzOUVG
NkQxMEI5NjYxMB4XDTIwMDcyMDA4MDIzMloXDTMwMDcyMDA4MDIzMlowGDEWMBQG
A1UEAxMNNWYxNTRmOWQtZTkwNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOYUKhjF1J97h6VHQBH+TMFFDXcaWxZ7QduPv4fdxvFLAqBUt04W4xafOlC/
rrn4ODmV9gU8RBiM883QvP3e+51rCKscYpqrRUthrHSHgt38GEyyTSIW6Kw9W2Wb
YA5v4ZYoAFel4JuNOkv1sZsUsBR05VeV3J5iGKknovLfeSDq+/KhfgoUCdaFVPII
oXba8+Axv0mrQw9smnGCAUEXlC7aCFUMQZdpqxts6qivLrGKxad03eMDTKF4SGes
lZ+f9ZMXGkBLIOZvai7jOPQD/bvpvWxPMDYgInESHRpGEUr8eMkjYwQv4aiC8jKr
dXq9/ApOM8WC3stoQi63xo7H/+cCAwEAAaOCAqYwggKiMB0GA1UdDgQWBBT4NpNP
7nB5JPuPA1B2n00XSJOCSjAfBgNVHSMEGDAWgBRC2Fxv5Dzd2cNCqZEjk5720QuW
YTAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2Qjk1REUvMDE0MjkzM0NDQTVFMTFFQUFBODJDODg0RjhBRUEyMjgvUXRoY2It
UTgzZG5EUXFtUkk1T2U5dEVMbG1FLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvUXRoY2ItUTgzZG5EUXFtUkk1T2U5dEVMbG1FLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2Qjk1REUvMDE0MjkzM0NDQTVFMTFFQUFBODJDODg0RjhB
RUEyMjgvNUZEODcxRUFDQTVGMTFFQThFNzc3NTg2RjhBRUEyMjgucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACwP8qAwDQYJKoZIhvcNAQEL
BQADggEBAHRweTWB0XMNgGOF1jLVg+5J56Ehsr9GgxVD94turKNzWCrU5n6EGgXT
1NG1Lnvk9biFB+R+KGQmPu1xp+t0mb0vMeYmlocFZGqQXUl2UqrLfnOV4CWFbs6B
gge7zm5meLoX8ZIDCfVgLqiS+sPiBhggvPyHgZ9KalLZN4diAkH4IdzJeLMZKBAE
ifekZzPZg5X66ZMWkqG4rBVwkGr8WzPTYTraxQ9mLTIn/LxVDbhHXWej+HuoAIHh
HhKfuTlFYfmljB+ahOzXpWGlp0oBxijj7fXAzOcwEiFq0hpXQSOCudo6Zodz0Vaw
Nqr2hOnw76pUT/4OxTU1LEJsk/4DzcM=
-----END CERTIFICATE-----