Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36DE5F0/05A7CBCC892D11EE938A0A154AD9E6FC/5A355A62893511EE97A33A2E4AD9E6FC.roa
File:                     5A355A62893511EE97A33A2E4AD9E6FC.roa (raw, json)
Hash identifier:          kPbY6+n82PzSuYMNz5etY7+wyw41vKBIiDkHhSXp1iU=
Subject key identifier:   7D:3E:55:4B:54:8F:A4:E4:AD:EF:9A:AC:64:25:1E:D8:EB:D6:96:D0
Certificate issuer:       /CN=F36DE5F0AF/serialNumber=BA2F5924438729C5C7BA808073761CEC347E3CBA
Certificate serial:       02
Authority key identifier: BA:2F:59:24:43:87:29:C5:C7:BA:80:80:73:76:1C:EC:34:7E:3C:BA
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/ui9ZJEOHKcXHuoCAc3Yc7DR-PLo.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36DE5F0/05A7CBCC892D11EE938A0A154AD9E6FC/5A355A62893511EE97A33A2E4AD9E6FC.roa
Signing time:             Wed 22 Nov 2023 12:47:53 +0000
ROA not before:           Wed 22 Nov 2023 12:47:50 +0000
ROA not after:            Tue 22 Nov 2033 12:47:50 +0000
asID:                     329325
IP address blocks:        102.211.56.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36DE5F0/05A7CBCC892D11EE938A0A154AD9E6FC/ui9ZJEOHKcXHuoCAc3Yc7DR-PLo.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36DE5F0/05A7CBCC892D11EE938A0A154AD9E6FC/ui9ZJEOHKcXHuoCAc3Yc7DR-PLo.mft
                          rsync://rpki.afrinic.net/repository/afrinic/ui9ZJEOHKcXHuoCAc3Yc7DR-PLo.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Wed 26 Jun 2024 00:05:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36DE5F0AF/serialNumber=BA2F5924438729C5C7BA808073761CEC347E3CBA
        Validity
            Not Before: Nov 22 12:47:50 2023 GMT
            Not After : Nov 22 12:47:50 2033 GMT
        Subject: CN=655df879-0ad5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:21:9e:31:93:5c:7a:7b:58:ca:49:0c:43:3f:
                    fa:5c:14:2a:c3:f4:c1:69:a2:71:36:71:6e:e7:c1:
                    43:67:fc:c3:03:fe:40:24:50:9e:06:f1:b5:eb:99:
                    4e:c2:e2:cc:a4:9e:c4:a6:3b:2c:df:40:a5:18:9a:
                    d1:4a:05:9b:bf:9b:5e:3e:d1:79:b1:f9:ed:a5:db:
                    61:ce:b2:88:25:8e:12:0a:28:9a:51:0b:66:d1:e4:
                    c3:84:75:bc:b2:eb:3f:4d:9e:a4:c2:f8:01:52:c8:
                    38:1e:5d:d0:cb:ab:f2:eb:37:31:a3:4a:86:96:4f:
                    5f:00:4f:74:cb:99:d9:35:3b:bf:52:29:78:e2:b8:
                    9b:72:c7:af:04:43:b9:29:7c:36:30:86:a5:47:c2:
                    23:8b:c4:2f:45:90:c1:1f:2e:d7:08:5e:6a:91:49:
                    80:38:f5:5c:da:e6:4a:ec:d3:3e:67:5d:ac:b9:6d:
                    26:64:45:df:b3:18:5c:d0:1b:63:ff:ae:54:0e:8e:
                    94:00:6a:7c:f0:e6:4b:98:e8:2f:a6:f4:4c:e7:db:
                    5f:58:ab:57:51:f6:39:9c:3f:dc:b4:da:19:12:ef:
                    0e:8c:74:6f:ee:2d:2a:55:0a:b0:ac:8b:a0:93:00:
                    6c:00:19:a2:8a:e4:1d:08:af:86:72:a3:e6:ab:3f:
                    24:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:3E:55:4B:54:8F:A4:E4:AD:EF:9A:AC:64:25:1E:D8:EB:D6:96:D0
            X509v3 Authority Key Identifier:
                keyid:BA:2F:59:24:43:87:29:C5:C7:BA:80:80:73:76:1C:EC:34:7E:3C:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36DE5F0/05A7CBCC892D11EE938A0A154AD9E6FC/ui9ZJEOHKcXHuoCAc3Yc7DR-PLo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/ui9ZJEOHKcXHuoCAc3Yc7DR-PLo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36DE5F0/05A7CBCC892D11EE938A0A154AD9E6FC/5A355A62893511EE97A33A2E4AD9E6FC.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.211.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:b4:0d:7a:2e:6a:1c:8c:0a:74:77:05:2d:ae:37:ca:eb:ba:
         dd:1a:db:39:01:fc:89:dd:21:59:cf:96:d0:8f:39:bd:4a:90:
         2f:aa:27:33:87:08:f4:32:89:31:09:4f:0b:3f:16:b9:17:44:
         18:ce:20:20:0c:ad:96:38:d2:d6:9d:d6:68:33:c2:68:a7:eb:
         be:13:93:4f:fa:af:6f:e5:94:55:ef:2e:5a:32:0e:ee:e6:f9:
         ef:b3:0a:ff:38:98:db:63:00:6f:9e:33:01:a6:79:5c:f2:7f:
         ba:f5:4a:f6:bd:72:a2:ac:ca:99:f2:13:2c:2c:bf:35:6f:5e:
         6c:bb:94:8f:cb:9a:57:39:61:45:d3:b5:f2:33:45:0c:36:99:
         e2:9f:fb:bc:68:35:db:4d:35:48:a2:87:67:a8:36:c7:97:2e:
         d9:c5:87:24:54:51:c6:dc:fb:1a:85:55:c5:bd:6c:31:9b:41:
         65:a6:c7:e2:d3:23:a6:9c:c4:d8:21:b2:57:60:4c:fb:73:14:
         c1:02:5c:df:40:0d:49:73:ef:b7:b8:40:b9:c1:5c:a7:8a:5b:
         41:61:c5:79:92:84:9a:64:f3:14:a8:c0:83:89:42:71:3a:37:
         39:a9:5d:e1:07:43:74:89:d3:6e:54:9b:20:fc:0e:a8:87:f1:
         19:8a:eb:eb
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzZE
RTVGMEFGMTEwLwYDVQQFEyhCQTJGNTkyNDQzODcyOUM1QzdCQTgwODA3Mzc2MUNF
QzM0N0UzQ0JBMB4XDTIzMTEyMjEyNDc1MFoXDTMzMTEyMjEyNDc1MFowGDEWMBQG
A1UEAxMNNjU1ZGY4NzktMGFkNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANYhnjGTXHp7WMpJDEM/+lwUKsP0wWmicTZxbufBQ2f8wwP+QCRQngbxteuZ
TsLizKSexKY7LN9ApRia0UoFm7+bXj7RebH57aXbYc6yiCWOEgoomlELZtHkw4R1
vLLrP02epML4AVLIOB5d0Mur8us3MaNKhpZPXwBPdMuZ2TU7v1IpeOK4m3LHrwRD
uSl8NjCGpUfCI4vEL0WQwR8u1wheapFJgDj1XNrmSuzTPmddrLltJmRF37MYXNAb
Y/+uVA6OlABqfPDmS5joL6b0TOfbX1irV1H2OZw/3LTaGRLvDox0b+4tKlUKsKyL
oJMAbAAZoorkHQivhnKj5qs/JOECAwEAAaOCAqUwggKhMB0GA1UdDgQWBBR9PlVL
VI+k5K3vmqxkJR7Y69aW0DAfBgNVHSMEGDAWgBS6L1kkQ4cpxce6gIBzdhzsNH48
ujAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2REU1RjAvMDVBN0NCQ0M4OTJEMTFFRTkzOEEwQTE1NEFEOUU2RkMvdWk5WkpF
T0hLY1hIdW9DQWMzWWM3RFItUExvLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvdWk5WkpFT0hLY1hIdW9DQWMzWWM3RFItUExvLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2REU1RjAvMDVBN0NCQ0M4OTJEMTFFRTkzOEEwQTE1NEFE
OUU2RkMvNUEzNTVBNjI4OTM1MTFFRTk3QTMzQTJFNEFEOUU2RkMucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAmbTODANBgkqhkiG9w0BAQsF
AAOCAQEAdLQNei5qHIwKdHcFLa43yuu63RrbOQH8id0hWc+W0I85vUqQL6onM4cI
9DKJMQlPCz8WuRdEGM4gIAytljjS1p3WaDPCaKfrvhOTT/qvb+WUVe8uWjIO7ub5
77MK/ziY22MAb54zAaZ5XPJ/uvVK9r1yoqzKmfITLCy/NW9ebLuUj8uaVzlhRdO1
8jNFDDaZ4p/7vGg12001SKKHZ6g2x5cu2cWHJFRRxtz7GoVVxb1sMZtBZabH4tMj
ppzE2CGyV2BM+3MUwQJc30ANSXPvt7hAucFcp4pbQWHFeZKEmmTzFKjAg4lCcTo3
Oald4QdDdInTblSbIPwOqIfxGYrr6w==
-----END CERTIFICATE-----