Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36D5F5A/2173E83ADAA611ED8227D4C42F6D8C1D/206EB5B06BB811EFA3A657BD762E951A.roa
File:                     206EB5B06BB811EFA3A657BD762E951A.roa (raw, json)
Hash identifier:          czmJFv34EAmQsXlSqGfVmb1GkexMrL0r0Kbk+I3civs=
Subject key identifier:   86:1D:27:06:68:22:1A:D5:72:D9:48:39:CB:A8:2A:65:F4:F2:82:97
Certificate issuer:       /CN=F36D5F5AAF/serialNumber=28293436D4D6DA3A93A60ECA3FBEC77D8DC38F61
Certificate serial:       0214
Authority key identifier: 28:29:34:36:D4:D6:DA:3A:93:A6:0E:CA:3F:BE:C7:7D:8D:C3:8F:61
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/KCk0NtTW2jqTpg7KP77HfY3Dj2E.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36D5F5A/2173E83ADAA611ED8227D4C42F6D8C1D/206EB5B06BB811EFA3A657BD762E951A.roa
Signing time:             Thu 05 Sep 2024 18:53:23 +0000
ROA not before:           Thu 05 Sep 2024 18:53:20 +0000
ROA not after:            Fri 05 Sep 2025 18:53:20 +0000
asID:                     37276
IP address blocks:        41.75.96.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36D5F5A/2173E83ADAA611ED8227D4C42F6D8C1D/KCk0NtTW2jqTpg7KP77HfY3Dj2E.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36D5F5A/2173E83ADAA611ED8227D4C42F6D8C1D/KCk0NtTW2jqTpg7KP77HfY3Dj2E.mft
                          rsync://rpki.afrinic.net/repository/afrinic/KCk0NtTW2jqTpg7KP77HfY3Dj2E.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sun 24 Nov 2024 00:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 532 (0x214)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36D5F5AAF/serialNumber=28293436D4D6DA3A93A60ECA3FBEC77D8DC38F61
        Validity
            Not Before: Sep  5 18:53:20 2024 GMT
            Not After : Sep  5 18:53:20 2025 GMT
        Subject: CN=66d9fe23-4c7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:04:3a:d1:07:87:1f:50:0c:bf:09:b0:67:44:
                    a3:a4:5e:d7:63:0e:62:11:86:5d:31:2b:59:cf:5a:
                    d0:25:81:4b:3a:ad:ec:5e:20:8d:64:13:86:22:ae:
                    ce:60:ec:15:d3:0e:2f:17:0e:53:f0:9c:30:32:3a:
                    a2:c6:67:45:9f:19:fb:af:aa:32:b2:b3:c7:0f:33:
                    fb:00:39:e9:cc:57:9d:fb:e3:33:22:ec:ab:e6:6f:
                    6b:c6:0f:8e:6c:ae:5b:49:3f:7c:d8:7f:86:58:f4:
                    3a:74:c7:44:22:43:59:c5:68:88:b7:06:a1:cc:b5:
                    10:15:ed:59:e2:ea:8c:13:c9:8e:b2:c2:d2:03:89:
                    61:47:56:f2:12:a0:fa:68:6a:7e:b7:c0:13:4b:d0:
                    8a:57:2d:70:8d:7e:d3:b2:fe:92:46:33:54:f7:82:
                    09:27:c9:27:9a:b2:93:8f:f4:5a:49:13:00:4a:8b:
                    fd:b2:64:4f:1e:0e:4c:d7:e4:b5:53:07:fb:bf:d0:
                    45:73:f7:09:0a:d4:49:9c:91:06:b3:6f:a9:84:e4:
                    23:0a:7e:db:5e:8e:0b:42:cf:45:49:ce:9e:8f:be:
                    13:8c:0a:dc:37:aa:d3:a5:dc:ad:54:96:23:88:ad:
                    a2:f3:9b:88:f2:b1:7c:6d:23:de:15:6b:14:31:43:
                    09:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:1D:27:06:68:22:1A:D5:72:D9:48:39:CB:A8:2A:65:F4:F2:82:97
            X509v3 Authority Key Identifier:
                keyid:28:29:34:36:D4:D6:DA:3A:93:A6:0E:CA:3F:BE:C7:7D:8D:C3:8F:61

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36D5F5A/2173E83ADAA611ED8227D4C42F6D8C1D/KCk0NtTW2jqTpg7KP77HfY3Dj2E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/KCk0NtTW2jqTpg7KP77HfY3Dj2E.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36D5F5A/2173E83ADAA611ED8227D4C42F6D8C1D/206EB5B06BB811EFA3A657BD762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  41.75.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         24:b5:55:89:b3:90:be:02:f6:65:83:71:3d:a8:71:0d:17:7a:
         45:e9:42:53:8d:4a:e6:f3:66:b3:3c:e1:6b:2c:90:ab:64:8e:
         6b:fa:17:ba:70:21:e4:d0:ee:1e:23:0d:ef:f1:6b:88:a1:8d:
         fa:39:68:7f:8c:db:be:2c:37:62:17:31:55:39:6f:67:97:ed:
         8f:4c:8a:df:14:a7:f0:d7:cd:4c:7f:42:18:f8:39:19:3b:0c:
         6c:59:11:67:b5:eb:f9:58:f5:70:cc:4e:bc:50:4f:7a:d6:39:
         6b:34:2d:4f:7f:dc:53:a0:a1:49:30:21:b0:3d:80:d1:ce:ef:
         9e:81:48:22:a2:05:f7:0f:6f:e7:de:b4:d4:a8:cc:e3:9c:f2:
         d0:42:e3:db:cf:f5:be:79:c9:60:b9:10:15:a1:42:d7:6e:c9:
         b9:8c:d7:65:f6:d0:a6:06:48:4b:34:ff:ce:4a:bc:3e:e5:fe:
         de:47:6c:0c:74:48:04:db:86:0a:69:b7:95:5c:3e:0f:ff:27:
         1f:9b:44:8c:51:4d:3d:c7:74:d6:00:ff:04:38:3d:c8:06:9b:
         fa:ea:6e:16:3c:67:c7:59:2c:eb:49:d0:79:26:a9:12:89:75:
         cd:54:d3:5e:93:63:7e:fc:33:f5:7a:de:8e:66:76:2f:3f:fb:
         13:32:79:5d
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICAhQwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
RDVGNUFBRjExMC8GA1UEBRMoMjgyOTM0MzZENEQ2REEzQTkzQTYwRUNBM0ZCRUM3
N0Q4REMzOEY2MTAeFw0yNDA5MDUxODUzMjBaFw0yNTA5MDUxODUzMjBaMBgxFjAU
BgNVBAMTDTY2ZDlmZTIzLTRjN2QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCsBDrRB4cfUAy/CbBnRKOkXtdjDmIRhl0xK1nPWtAlgUs6rexeII1kE4Yi
rs5g7BXTDi8XDlPwnDAyOqLGZ0WfGfuvqjKys8cPM/sAOenMV5374zMi7Kvmb2vG
D45srltJP3zYf4ZY9Dp0x0QiQ1nFaIi3BqHMtRAV7Vni6owTyY6ywtIDiWFHVvIS
oPpoan63wBNL0IpXLXCNftOy/pJGM1T3ggknySeaspOP9FpJEwBKi/2yZE8eDkzX
5LVTB/u/0EVz9wkK1EmckQazb6mE5CMKfttejgtCz0VJzp6PvhOMCtw3qtOl3K1U
liOIraLzm4jysXxtI94VaxQxQwllAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQUhh0n
BmgiGtVy2Ug5y6gqZfTygpcwHwYDVR0jBBgwFoAUKCk0NtTW2jqTpg7KP77HfY3D
j2EwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNkQ1RjVBLzIxNzNFODNBREFBNjExRUQ4MjI3RDRDNDJGNkQ4QzFEL0tDazBO
dFRXMmpxVHBnN0tQNzdIZlkzRGoyRS5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL0tDazBOdFRXMmpxVHBnN0tQNzdIZlkzRGoyRS5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNkQ1RjVBLzIxNzNFODNBREFBNjExRUQ4MjI3RDRDNDJG
NkQ4QzFELzIwNkVCNUIwNkJCODExRUZBM0E2NTdCRDc2MkU5NTFBLnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAQpS2AwDQYJKoZIhvcNAQEL
BQADggEBACS1VYmzkL4C9mWDcT2ocQ0XekXpQlONSubzZrM84WsskKtkjmv6F7pw
IeTQ7h4jDe/xa4ihjfo5aH+M274sN2IXMVU5b2eX7Y9Mit8Up/DXzUx/Qhj4ORk7
DGxZEWe16/lY9XDMTrxQT3rWOWs0LU9/3FOgoUkwIbA9gNHO756BSCKiBfcPb+fe
tNSozOOc8tBC49vP9b55yWC5EBWhQtduybmM12X20KYGSEs0/85KvD7l/t5HbAx0
SATbhgppt5VcPg//Jx+bRIxRTT3HdNYA/wQ4PcgGm/rqbhY8Z8dZLOtJ0HkmqRKJ
dc1U016TY378M/V63o5mdi8/+xMyeV0=
-----END CERTIFICATE-----