Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36C38D9/74EBC17E66D111EE9135F77D4AD9E6FC/04EB056A6ABE11EE9E4243804AD9E6FC.roa
File:                     04EB056A6ABE11EE9E4243804AD9E6FC.roa (raw, json)
Hash identifier:          EyVlkSGybf5bnAy71sGPmJ47rqIPQfEXtljbaai4c88=
Subject key identifier:   7C:1C:1D:B2:73:06:86:7E:EC:30:59:2E:FE:98:06:66:DF:3C:01:C3
Certificate issuer:       /CN=F36C38D9AF/serialNumber=C993D0F14F35B14961B453097CC3D22FA790DECF
Certificate serial:       0E
Authority key identifier: C9:93:D0:F1:4F:35:B1:49:61:B4:53:09:7C:C3:D2:2F:A7:90:DE:CF
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/yZPQ8U81sUlhtFMJfMPSL6eQ3s8.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36C38D9/74EBC17E66D111EE9135F77D4AD9E6FC/04EB056A6ABE11EE9E4243804AD9E6FC.roa
Signing time:             Sat 14 Oct 2023 18:18:05 +0000
ROA not before:           Sat 14 Oct 2023 18:18:02 +0000
ROA not after:            Sat 14 Oct 2028 18:18:02 +0000
asID:                     329099
IP address blocks:        102.216.236.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36C38D9/74EBC17E66D111EE9135F77D4AD9E6FC/yZPQ8U81sUlhtFMJfMPSL6eQ3s8.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36C38D9/74EBC17E66D111EE9135F77D4AD9E6FC/yZPQ8U81sUlhtFMJfMPSL6eQ3s8.mft
                          rsync://rpki.afrinic.net/repository/afrinic/yZPQ8U81sUlhtFMJfMPSL6eQ3s8.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14 (0xe)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36C38D9AF/serialNumber=C993D0F14F35B14961B453097CC3D22FA790DECF
        Validity
            Not Before: Oct 14 18:18:02 2023 GMT
            Not After : Oct 14 18:18:02 2028 GMT
        Subject: CN=652adb5d-d8ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:3b:51:0d:72:4e:97:21:95:a7:f9:65:3c:6b:
                    42:11:c7:14:11:3c:33:67:4b:d0:e9:06:5f:26:d8:
                    59:e1:aa:b6:3d:30:ce:be:ab:86:35:6e:12:55:ab:
                    4b:39:c1:85:84:11:30:b8:81:f6:ad:1c:d2:46:66:
                    f0:c7:a2:80:a0:4f:49:f9:cf:43:88:13:54:85:38:
                    e7:ff:37:d3:37:28:52:01:8c:32:0c:67:8b:d6:a5:
                    55:41:f7:ec:61:12:6d:50:55:96:38:52:2f:b5:32:
                    31:2d:65:c1:43:52:3f:b0:1f:3f:c2:6c:4f:b0:7e:
                    1f:1e:32:dc:4b:d9:e5:e9:0a:59:45:9b:e6:4d:c6:
                    bc:d3:b3:cc:76:d3:4c:3d:40:f2:78:89:46:d9:97:
                    49:68:cd:03:66:52:29:5b:45:9d:fc:d2:9d:40:26:
                    09:b4:22:a7:20:c4:a3:79:70:fe:b2:e4:d1:ee:90:
                    26:e2:01:88:e3:72:ec:4a:88:5c:e9:53:0e:f0:b0:
                    cd:42:98:da:30:29:9a:96:c1:21:a6:61:3f:8b:38:
                    8a:ef:4b:63:2e:9a:83:c4:f9:13:55:88:1f:cc:0b:
                    11:9a:10:2b:36:ea:33:a2:85:60:96:d7:b9:0e:9d:
                    d7:f4:f3:20:97:5a:f1:0e:cc:d9:ba:c0:dd:92:33:
                    0e:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:1C:1D:B2:73:06:86:7E:EC:30:59:2E:FE:98:06:66:DF:3C:01:C3
            X509v3 Authority Key Identifier:
                keyid:C9:93:D0:F1:4F:35:B1:49:61:B4:53:09:7C:C3:D2:2F:A7:90:DE:CF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36C38D9/74EBC17E66D111EE9135F77D4AD9E6FC/yZPQ8U81sUlhtFMJfMPSL6eQ3s8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/yZPQ8U81sUlhtFMJfMPSL6eQ3s8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36C38D9/74EBC17E66D111EE9135F77D4AD9E6FC/04EB056A6ABE11EE9E4243804AD9E6FC.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.216.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7c:4e:a2:33:85:b9:bf:df:dc:45:53:52:fe:57:d0:89:a3:40:
         a5:1c:f9:c7:07:98:fc:d2:0f:fb:8f:56:f0:63:26:df:c0:93:
         34:a5:f1:46:75:f9:32:cd:a0:75:63:21:a4:ee:5a:35:2b:07:
         01:c2:8e:4d:8c:44:1b:6f:46:47:9c:f3:bd:15:05:49:fb:16:
         be:48:af:f8:66:59:2c:19:fe:61:29:dc:96:60:c5:96:32:8c:
         ec:4f:c5:03:16:a1:9d:04:96:65:cc:05:34:09:79:a6:47:73:
         3b:fd:93:a5:b9:2c:33:5e:b8:fb:9c:e8:a5:f9:cd:6f:81:fa:
         7e:54:9c:13:33:2b:78:86:3e:65:31:95:e4:ec:d0:4c:95:a1:
         70:3a:bb:37:92:a9:e3:cb:37:7c:6c:5d:90:3a:df:3c:bf:26:
         8d:5c:e7:c9:ec:d7:51:fd:ff:44:fb:ec:62:6f:05:20:30:b3:
         66:e3:0b:45:c1:63:43:3d:d5:86:12:83:17:eb:29:a1:6a:ca:
         4f:4c:ae:1d:18:0a:60:31:88:b4:76:3f:06:1d:1d:7e:86:5f:
         04:9e:92:aa:47:96:43:3d:e6:70:e2:41:b6:b2:e2:c0:c6:eb:
         02:d4:43:e1:7e:e2:70:a8:26:84:b0:4e:9c:9c:0c:a5:33:69:
         cc:54:6b:66
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBDjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzZD
MzhEOUFGMTEwLwYDVQQFEyhDOTkzRDBGMTRGMzVCMTQ5NjFCNDUzMDk3Q0MzRDIy
RkE3OTBERUNGMB4XDTIzMTAxNDE4MTgwMloXDTI4MTAxNDE4MTgwMlowGDEWMBQG
A1UEAxMNNjUyYWRiNWQtZDhjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKo7UQ1yTpchlaf5ZTxrQhHHFBE8M2dL0OkGXybYWeGqtj0wzr6rhjVuElWr
SznBhYQRMLiB9q0c0kZm8MeigKBPSfnPQ4gTVIU45/830zcoUgGMMgxni9alVUH3
7GESbVBVljhSL7UyMS1lwUNSP7AfP8JsT7B+Hx4y3EvZ5ekKWUWb5k3GvNOzzHbT
TD1A8niJRtmXSWjNA2ZSKVtFnfzSnUAmCbQipyDEo3lw/rLk0e6QJuIBiONy7EqI
XOlTDvCwzUKY2jApmpbBIaZhP4s4iu9LYy6ag8T5E1WIH8wLEZoQKzbqM6KFYJbX
uQ6d1/TzIJda8Q7M2brA3ZIzDoECAwEAAaOCAqUwggKhMB0GA1UdDgQWBBR8HB2y
cwaGfuwwWS7+mAZm3zwBwzAfBgNVHSMEGDAWgBTJk9DxTzWxSWG0Uwl8w9Ivp5De
zzAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2QzM4RDkvNzRFQkMxN0U2NkQxMTFFRTkxMzVGNzdENEFEOUU2RkMveVpQUThV
ODFzVWxodEZNSmZNUFNMNmVRM3M4LmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMveVpQUThVODFzVWxodEZNSmZNUFNMNmVRM3M4LmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2QzM4RDkvNzRFQkMxN0U2NkQxMTFFRTkxMzVGNzdENEFE
OUU2RkMvMDRFQjA1NkE2QUJFMTFFRTlFNDI0MzgwNEFEOUU2RkMucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAWbY7DANBgkqhkiG9w0BAQsF
AAOCAQEAfE6iM4W5v9/cRVNS/lfQiaNApRz5xweY/NIP+49W8GMm38CTNKXxRnX5
Ms2gdWMhpO5aNSsHAcKOTYxEG29GR5zzvRUFSfsWvkiv+GZZLBn+YSnclmDFljKM
7E/FAxahnQSWZcwFNAl5pkdzO/2TpbksM164+5zopfnNb4H6flScEzMreIY+ZTGV
5OzQTJWhcDq7N5Kp48s3fGxdkDrfPL8mjVznyezXUf3/RPvsYm8FIDCzZuMLRcFj
Qz3VhhKDF+spoWrKT0yuHRgKYDGItHY/Bh0dfoZfBJ6SqkeWQz3mcOJBtrLiwMbr
AtRD4X7icKgmhLBOnJwMpTNpzFRrZg==
-----END CERTIFICATE-----