Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36DB735/4C51B77057A211E995DBB273F8AEA228/ECE652CC57A211E983F84274F8AEA228.roa
File:                     ECE652CC57A211E983F84274F8AEA228.roa (raw, json)
Hash identifier:          PvTpFnTUW5owha8oV/cdl6xRQsqx1W1UB5KJjdzCL08=
Subject key identifier:   CD:A5:7C:ED:6A:84:01:9A:DB:EF:C7:04:C7:40:A7:F1:02:67:A9:25
Certificate issuer:       /CN=F36DB735AF/serialNumber=3B694023778DBF614F6BC6536446270FD1BB8321
Certificate serial:       02
Authority key identifier: 3B:69:40:23:77:8D:BF:61:4F:6B:C6:53:64:46:27:0F:D1:BB:83:21
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/O2lAI3eNv2FPa8ZTZEYnD9G7gyE.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36DB735/4C51B77057A211E995DBB273F8AEA228/ECE652CC57A211E983F84274F8AEA228.roa
Signing time:             Fri 05 Apr 2019 13:01:29 +0000
ROA not before:           Fri 05 Apr 2019 13:01:23 +0000
ROA not after:            Thu 05 Apr 2029 13:01:23 +0000
asID:                     328391
IP address blocks:        102.130.236.0/22 maxlen: 24
                          2c0f:ec18::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36DB735/4C51B77057A211E995DBB273F8AEA228/O2lAI3eNv2FPa8ZTZEYnD9G7gyE.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36DB735/4C51B77057A211E995DBB273F8AEA228/O2lAI3eNv2FPa8ZTZEYnD9G7gyE.mft
                          rsync://rpki.afrinic.net/repository/afrinic/O2lAI3eNv2FPa8ZTZEYnD9G7gyE.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Mon 06 May 2024 00:04:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36DB735AF/serialNumber=3B694023778DBF614F6BC6536446270FD1BB8321
        Validity
            Not Before: Apr  5 13:01:23 2019 GMT
            Not After : Apr  5 13:01:23 2029 GMT
        Subject: CN=5ca751a8-61a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:7f:65:a9:5c:67:30:8f:38:ce:35:15:0c:23:
                    d8:3f:fd:15:6f:f1:43:09:b1:bf:ba:3f:4f:23:b4:
                    58:c5:9a:74:6e:6c:a1:a6:ec:20:f0:8d:26:d9:39:
                    57:0b:d7:f5:f1:ad:d8:05:e7:05:2f:ce:3d:02:86:
                    5f:cd:31:c8:fc:08:34:40:2c:4f:7f:e9:86:69:a8:
                    ba:53:de:6c:3d:cc:a2:c4:a2:fb:80:2c:d7:f3:2c:
                    0e:69:ae:0c:32:00:34:4b:0e:ee:cd:79:68:33:21:
                    0b:a5:ca:36:77:0f:6e:d5:5d:10:0a:07:54:64:05:
                    79:44:75:55:3b:c1:05:ed:f0:1b:30:26:28:87:0e:
                    11:bd:8d:8d:56:bc:75:44:03:2b:b9:61:b4:6d:bc:
                    b4:c4:99:0c:c8:55:13:d6:c7:ac:3a:17:cd:f8:35:
                    5f:b4:a0:2f:f2:0f:f4:35:7a:3e:ef:fc:36:be:81:
                    d8:9c:e0:03:86:89:88:b9:ea:de:23:ef:a0:bc:b4:
                    fc:b3:b0:d3:46:93:aa:93:61:8d:bc:0d:aa:7e:50:
                    5d:3d:28:f3:af:5a:0d:f1:11:42:9e:bb:71:29:6a:
                    09:12:66:f2:16:2c:53:1d:4f:2e:a9:6b:66:c5:06:
                    04:58:79:31:b5:6f:a1:56:fc:3d:9d:6b:5e:70:37:
                    70:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:A5:7C:ED:6A:84:01:9A:DB:EF:C7:04:C7:40:A7:F1:02:67:A9:25
            X509v3 Authority Key Identifier:
                keyid:3B:69:40:23:77:8D:BF:61:4F:6B:C6:53:64:46:27:0F:D1:BB:83:21

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36DB735/4C51B77057A211E995DBB273F8AEA228/O2lAI3eNv2FPa8ZTZEYnD9G7gyE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/O2lAI3eNv2FPa8ZTZEYnD9G7gyE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36DB735/4C51B77057A211E995DBB273F8AEA228/ECE652CC57A211E983F84274F8AEA228.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.130.236.0/22
                IPv6:
                  2c0f:ec18::/32

    Signature Algorithm: sha256WithRSAEncryption
         61:4d:c0:c0:5f:85:62:01:fb:71:af:b7:d8:fe:52:b0:e0:e3:
         27:55:4a:5f:b1:33:62:24:6e:a8:cc:46:05:ea:bc:13:1f:a1:
         63:9c:37:36:3a:12:3d:21:64:a0:8f:3b:37:a2:a4:fc:8f:a8:
         8a:cd:f1:c8:08:86:c3:ec:a8:a1:2b:72:1e:f3:99:b4:e1:80:
         aa:77:2e:a7:e2:34:4f:59:91:1a:c9:2a:df:d6:22:73:bb:4a:
         e3:83:bb:e2:6d:ab:17:2e:80:4c:06:45:4d:b0:87:d5:d0:79:
         d6:8f:f8:8d:cb:b4:07:bf:05:75:35:9c:45:06:27:7a:47:2a:
         8f:b0:95:08:26:3c:76:43:91:64:23:f9:25:75:20:36:78:f5:
         11:f1:f0:8c:ef:e0:48:2b:cc:31:37:f7:11:43:e7:af:9f:61:
         ff:be:6b:78:ad:d6:23:a2:7a:2d:9e:42:f0:30:a3:b4:72:80:
         37:a1:52:16:cb:f5:24:de:d7:8b:1a:21:4f:f4:01:3c:3e:00:
         d5:f5:8a:1f:16:e1:c6:98:f4:09:db:1c:00:68:94:47:ef:a9:
         7e:da:35:9e:9e:9d:f8:9b:8f:4e:96:7d:80:a6:3a:df:5d:c4:
         ee:43:04:4e:db:b1:c4:5a:72:dc:3d:d0:15:ac:bd:22:84:fb:
         72:c1:cf:52
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzZE
QjczNUFGMTEwLwYDVQQFEygzQjY5NDAyMzc3OERCRjYxNEY2QkM2NTM2NDQ2Mjcw
RkQxQkI4MzIxMB4XDTE5MDQwNTEzMDEyM1oXDTI5MDQwNTEzMDEyM1owGDEWMBQG
A1UEAxMNNWNhNzUxYTgtNjFhODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKp/ZalcZzCPOM41FQwj2D/9FW/xQwmxv7o/TyO0WMWadG5soabsIPCNJtk5
VwvX9fGt2AXnBS/OPQKGX80xyPwINEAsT3/phmmoulPebD3MosSi+4As1/MsDmmu
DDIANEsO7s15aDMhC6XKNncPbtVdEAoHVGQFeUR1VTvBBe3wGzAmKIcOEb2NjVa8
dUQDK7lhtG28tMSZDMhVE9bHrDoXzfg1X7SgL/IP9DV6Pu/8Nr6B2JzgA4aJiLnq
3iPvoLy0/LOw00aTqpNhjbwNqn5QXT0o869aDfERQp67cSlqCRJm8hYsUx1PLqlr
ZsUGBFh5MbVvoVb8PZ1rXnA3cOkCAwEAAaOCAn0wggJ5MB0GA1UdDgQWBBTNpXzt
aoQBmtvvxwTHQKfxAmepJTAfBgNVHSMEGDAWgBQ7aUAjd42/YU9rxlNkRicP0buD
ITAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2REI3MzUvNEM1MUI3NzA1N0EyMTFFOTk1REJCMjczRjhBRUEyMjgvTzJsQUkz
ZU52MkZQYThaVFpFWW5EOUc3Z3lFLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvTzJsQUkzZU52MkZQYThaVFpFWW5EOUc3Z3lFLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCBpAYIKwYBBQUHAQsEgZcwgZQwgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2REI3MzUvNEM1MUI3NzA1N0EyMTFFOTk1REJCMjczRjhB
RUEyMjgvRUNFNjUyQ0M1N0EyMTFFOTgzRjg0Mjc0RjhBRUEyMjgucm9hMC4GCCsG
AQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCZoLsMA0EAgACMAcDBQAsD+wYMA0GCSqG
SIb3DQEBCwUAA4IBAQBhTcDAX4ViAftxr7fY/lKw4OMnVUpfsTNiJG6ozEYF6rwT
H6FjnDc2OhI9IWSgjzs3oqT8j6iKzfHICIbD7KihK3Ie85m04YCqdy6n4jRPWZEa
ySrf1iJzu0rjg7vibasXLoBMBkVNsIfV0HnWj/iNy7QHvwV1NZxFBid6RyqPsJUI
Jjx2Q5FkI/kldSA2ePUR8fCM7+BIK8wxN/cRQ+evn2H/vmt4rdYjonotnkLwMKO0
coA3oVIWy/Uk3teLGiFP9AE8PgDV9YofFuHGmPQJ2xwAaJRH76l+2jWenp34m49O
ln2ApjrfXcTuQwRO27HEWnLcPdAVrL0ihPtywc9S
-----END CERTIFICATE-----