Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36BC80A/472EF5B2E75C11EC9D7F90D8F1222468/332A33CAFFA911EF84F40CB6762E951A.roa
File:                     332A33CAFFA911EF84F40CB6762E951A.roa (raw, json)
Hash identifier:          nAe7SVEbrFBsJsSB2QjjEXejvC3k+OkB22lneTxOJs4=
Subject key identifier:   C3:A4:2C:F4:B0:65:9E:14:A4:27:61:A2:6F:41:6D:46:96:E0:59:F9
Certificate issuer:       /CN=F36BC80AAF/serialNumber=8C8F8CE2AD55B9366BEC6EDF492CD9C1498E0664
Certificate serial:       0457
Authority key identifier: 8C:8F:8C:E2:AD:55:B9:36:6B:EC:6E:DF:49:2C:D9:C1:49:8E:06:64
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/jI-M4q1VuTZr7G7fSSzZwUmOBmQ.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36BC80A/472EF5B2E75C11EC9D7F90D8F1222468/332A33CAFFA911EF84F40CB6762E951A.roa
Signing time:             Thu 13 Mar 2025 01:19:24 +0000
ROA not before:           Thu 13 Mar 2025 01:19:20 +0000
ROA not after:            Sat 31 Mar 2035 01:19:20 +0000
asID:                     59895
IP address blocks:        41.223.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36BC80A/472EF5B2E75C11EC9D7F90D8F1222468/jI-M4q1VuTZr7G7fSSzZwUmOBmQ.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36BC80A/472EF5B2E75C11EC9D7F90D8F1222468/jI-M4q1VuTZr7G7fSSzZwUmOBmQ.mft
                          rsync://rpki.afrinic.net/repository/afrinic/jI-M4q1VuTZr7G7fSSzZwUmOBmQ.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 06 Apr 2025 00:06:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1111 (0x457)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36BC80AAF
        Validity
            Not Before: Mar 13 01:19:20 2025 GMT
            Not After : Mar 31 01:19:20 2035 GMT
        Subject: CN=67d2329c-b0e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:20:25:9b:91:83:d2:ef:af:85:e6:6d:c6:a5:
                    ad:4e:cf:b2:59:3f:0b:f4:30:de:5f:47:bc:74:e5:
                    c3:68:09:bb:7d:24:a9:be:8d:b6:42:d9:fd:d8:fa:
                    78:15:a7:6a:a6:c3:83:0d:bd:18:23:88:d2:05:b3:
                    8d:ba:d2:a9:8a:c4:3f:7a:fa:f2:a8:33:05:9e:b9:
                    f4:15:8e:58:73:03:b0:7b:a6:dc:42:4b:d5:e1:4f:
                    b0:f5:cf:0e:6a:e6:91:77:a9:32:8e:81:1a:d0:7d:
                    dd:e7:84:49:09:6f:c7:f5:8f:c3:fe:af:56:8f:d3:
                    14:c1:1c:56:94:75:77:18:00:57:5b:97:fe:e9:38:
                    eb:5c:c3:c5:c1:a0:b4:9c:3c:cd:da:ba:46:48:ab:
                    c6:50:f0:a2:b8:8f:c6:8a:78:56:77:0b:5d:4b:00:
                    eb:f9:be:fa:2f:45:98:3b:91:07:f1:87:d8:b1:c7:
                    2c:75:da:05:3c:c7:d6:86:f9:65:c9:cc:7d:b1:d8:
                    87:59:51:77:c7:29:c3:d6:c5:03:69:17:53:cf:4e:
                    4b:34:d9:55:bb:cd:6b:0a:cf:a3:c7:6f:cf:df:2f:
                    89:8b:c4:25:27:df:b7:4f:09:eb:f7:45:cf:db:4d:
                    92:2a:af:b8:9a:c6:9b:ab:9e:cf:a1:52:3c:2e:0a:
                    c7:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:A4:2C:F4:B0:65:9E:14:A4:27:61:A2:6F:41:6D:46:96:E0:59:F9
            X509v3 Authority Key Identifier:
                keyid:8C:8F:8C:E2:AD:55:B9:36:6B:EC:6E:DF:49:2C:D9:C1:49:8E:06:64

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36BC80A/472EF5B2E75C11EC9D7F90D8F1222468/jI-M4q1VuTZr7G7fSSzZwUmOBmQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/jI-M4q1VuTZr7G7fSSzZwUmOBmQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36BC80A/472EF5B2E75C11EC9D7F90D8F1222468/332A33CAFFA911EF84F40CB6762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  41.223.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:62:40:3d:71:f2:2c:9c:18:39:c2:1e:56:7a:8e:85:7b:74:
         21:6a:7d:b9:5c:4f:b3:14:45:8f:b0:1e:4f:d8:16:ee:8b:26:
         e3:46:c0:d1:02:ab:78:b6:b3:53:10:ac:a6:0f:05:e7:ec:05:
         23:68:d8:b9:ec:12:0b:fc:b0:a6:40:c9:99:b3:c2:e9:c0:ee:
         e0:fa:17:81:2a:43:06:62:f6:6d:85:c9:2e:4f:c2:d1:bc:ff:
         f3:05:56:6d:c2:ca:ec:01:b8:31:fa:5b:c3:41:ea:81:01:75:
         80:df:f8:ff:d0:ac:66:1c:e3:79:a0:9b:bc:3b:09:25:1d:29:
         08:e1:34:32:10:9d:9a:50:a5:7a:38:50:1c:cc:c9:88:11:a8:
         20:46:b8:66:cf:e9:2f:9e:e9:4d:4d:32:58:49:38:c9:84:a5:
         81:44:03:f5:d6:de:f7:4d:0c:a0:ff:1b:d4:36:5e:41:f4:af:
         23:4b:de:f2:7c:a5:d5:8d:54:92:99:38:42:7a:63:09:ad:c4:
         1c:cc:08:d4:91:ff:b7:32:af:37:04:60:94:b4:64:34:b8:7c:
         f0:e5:a2:2e:62:56:b3:99:9b:2f:75:a4:60:1f:96:a9:9b:e4:
         b6:e3:68:3f:36:cc:8b:16:7e:af:3f:67:f4:48:42:cf:ee:5c:
         62:8a:df:17
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICBFcwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
QkM4MEFBRjExMC8GA1UEBRMoOEM4RjhDRTJBRDU1QjkzNjZCRUM2RURGNDkyQ0Q5
QzE0OThFMDY2NDAeFw0yNTAzMTMwMTE5MjBaFw0zNTAzMzEwMTE5MjBaMBgxFjAU
BgNVBAMTDTY3ZDIzMjljLWIwZTgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDPICWbkYPS76+F5m3Gpa1Oz7JZPwv0MN5fR7x05cNoCbt9JKm+jbZC2f3Y
+ngVp2qmw4MNvRgjiNIFs4260qmKxD96+vKoMwWeufQVjlhzA7B7ptxCS9XhT7D1
zw5q5pF3qTKOgRrQfd3nhEkJb8f1j8P+r1aP0xTBHFaUdXcYAFdbl/7pOOtcw8XB
oLScPM3aukZIq8ZQ8KK4j8aKeFZ3C11LAOv5vvovRZg7kQfxh9ixxyx12gU8x9aG
+WXJzH2x2IdZUXfHKcPWxQNpF1PPTks02VW7zWsKz6PHb8/fL4mLxCUn37dPCev3
Rc/bTZIqr7iaxpurns+hUjwuCsfdAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQUw6Qs
9LBlnhSkJ2Gib0FtRpbgWfkwHwYDVR0jBBgwFoAUjI+M4q1VuTZr7G7fSSzZwUmO
BmQwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNkJDODBBLzQ3MkVGNUIyRTc1QzExRUM5RDdGOTBEOEYxMjIyNDY4L2pJLU00
cTFWdVRacjdHN2ZTU3pad1VtT0JtUS5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL2pJLU00cTFWdVRacjdHN2ZTU3pad1VtT0JtUS5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNkJDODBBLzQ3MkVGNUIyRTc1QzExRUM5RDdGOTBEOEYx
MjIyNDY4LzMzMkEzM0NBRkZBOTExRUY4NEY0MENCNjc2MkU5NTFBLnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAp3zQwDQYJKoZIhvcNAQEL
BQADggEBAJ1iQD1x8iycGDnCHlZ6joV7dCFqfblcT7MURY+wHk/YFu6LJuNGwNEC
q3i2s1MQrKYPBefsBSNo2LnsEgv8sKZAyZmzwunA7uD6F4EqQwZi9m2FyS5PwtG8
//MFVm3CyuwBuDH6W8NB6oEBdYDf+P/QrGYc43mgm7w7CSUdKQjhNDIQnZpQpXo4
UBzMyYgRqCBGuGbP6S+e6U1NMlhJOMmEpYFEA/XW3vdNDKD/G9Q2XkH0ryNL3vJ8
pdWNVJKZOEJ6YwmtxBzMCNSR/7cyrzcEYJS0ZDS4fPDloi5iVrOZmy91pGAflqmb
5LbjaD82zIsWfq8/Z/RIQs/uXGKK3xc=
-----END CERTIFICATE-----