Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36F18B8/E21BF354498411EAAC42AA52F8AEA228/5C5FDF40498511EA92A20A53F8AEA228.roa
File:                     5C5FDF40498511EA92A20A53F8AEA228.roa (raw, json)
Hash identifier:          xsQiPdSl+w9J+k6KG8KqiILkw0rtSox5Rr9IOhOA934=
Subject key identifier:   7D:55:74:B0:80:3C:86:68:1A:93:0A:73:8F:FA:E1:C3:4D:8D:4B:32
Certificate issuer:       /CN=F36F18B8AF/serialNumber=3E887E856814833141F8D0F664ACAF6C4A305D43
Certificate serial:       02
Authority key identifier: 3E:88:7E:85:68:14:83:31:41:F8:D0:F6:64:AC:AF:6C:4A:30:5D:43
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/Poh-hWgUgzFB-ND2ZKyvbEowXUM.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36F18B8/E21BF354498411EAAC42AA52F8AEA228/5C5FDF40498511EA92A20A53F8AEA228.roa
Signing time:             Fri 07 Feb 2020 08:39:32 +0000
ROA not before:           Fri 07 Feb 2020 08:39:27 +0000
ROA not after:            Wed 01 Feb 2040 08:39:27 +0000
asID:                     328242
IP address blocks:        102.23.168.0/21 maxlen: 24
                          2c0f:f1f0::/32 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36F18B8/E21BF354498411EAAC42AA52F8AEA228/Poh-hWgUgzFB-ND2ZKyvbEowXUM.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36F18B8/E21BF354498411EAAC42AA52F8AEA228/Poh-hWgUgzFB-ND2ZKyvbEowXUM.mft
                          rsync://rpki.afrinic.net/repository/afrinic/Poh-hWgUgzFB-ND2ZKyvbEowXUM.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sat 27 Apr 2024 00:04:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36F18B8AF/serialNumber=3E887E856814833141F8D0F664ACAF6C4A305D43
        Validity
            Not Before: Feb  7 08:39:27 2020 GMT
            Not After : Feb  1 08:39:27 2040 GMT
        Subject: CN=5e3d2244-987c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:8e:ff:af:2e:ac:07:c3:e4:cd:91:bd:0b:e1:
                    b2:30:77:bf:74:70:27:5c:a3:f8:12:83:0c:3b:4e:
                    5a:97:20:dd:79:36:c2:8f:1a:6d:d3:a5:41:8a:c3:
                    f7:bd:96:b2:23:5d:a4:1c:a5:6b:63:98:a6:01:2c:
                    65:f6:96:74:28:0f:b9:ab:97:b6:18:2a:a5:15:16:
                    fe:2b:dc:36:07:57:66:6e:e3:5c:2f:d7:aa:2e:17:
                    84:15:d4:b3:d1:d5:1b:22:5b:a2:0b:a7:3a:0a:60:
                    b9:2d:e8:f9:19:18:eb:ef:b0:54:bc:bb:0f:0d:b4:
                    7a:fd:4e:86:0d:da:b8:57:e1:7c:07:fc:67:fa:d2:
                    ba:54:79:71:ac:fb:a1:82:b6:ce:56:92:d3:75:9d:
                    73:9f:35:f8:1a:8b:82:6a:22:9a:27:8a:1a:ec:be:
                    6a:52:2f:1e:80:6c:ee:45:b7:4f:16:b5:06:47:85:
                    a8:b7:d6:98:3b:90:e3:b1:1f:cf:a7:0a:ca:d2:9a:
                    03:fd:a0:75:0d:47:4a:b0:33:5e:1b:fe:86:f0:6d:
                    5a:14:9a:66:f3:12:4e:52:9f:28:08:61:5b:62:59:
                    eb:1e:76:d8:56:54:d1:51:25:c5:7b:41:a1:10:30:
                    31:0c:db:71:9e:2d:50:42:68:86:7c:27:ec:fa:f0:
                    aa:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:55:74:B0:80:3C:86:68:1A:93:0A:73:8F:FA:E1:C3:4D:8D:4B:32
            X509v3 Authority Key Identifier:
                keyid:3E:88:7E:85:68:14:83:31:41:F8:D0:F6:64:AC:AF:6C:4A:30:5D:43

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36F18B8/E21BF354498411EAAC42AA52F8AEA228/Poh-hWgUgzFB-ND2ZKyvbEowXUM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/Poh-hWgUgzFB-ND2ZKyvbEowXUM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36F18B8/E21BF354498411EAAC42AA52F8AEA228/5C5FDF40498511EA92A20A53F8AEA228.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.23.168.0/21
                IPv6:
                  2c0f:f1f0::/32

    Signature Algorithm: sha256WithRSAEncryption
         1c:b1:47:4a:c7:28:cf:4c:a8:8d:77:b9:91:a1:8b:d5:79:1b:
         61:33:ed:14:9e:9d:c1:a6:ef:05:dc:4c:35:2e:16:e4:78:d3:
         ce:67:74:10:74:a0:41:2b:c7:fa:b0:4b:a4:94:bb:da:25:91:
         d3:d7:e6:dc:4a:eb:a3:12:34:8f:6e:e8:e7:37:ee:28:ce:1e:
         b2:b1:ac:3c:83:94:0f:2d:e3:7b:1e:0f:38:2d:0b:7b:b9:77:
         9e:7b:84:21:e0:c4:b7:c4:b2:f5:54:77:9b:3c:d1:b7:17:18:
         d3:2f:ee:8b:3e:fd:35:8a:ff:d1:c1:b2:09:e9:a6:27:02:36:
         1f:1c:66:d9:de:00:da:af:43:56:0c:53:c6:82:99:c6:41:8d:
         08:de:59:02:f8:5a:2f:a6:a3:32:b3:46:83:a3:58:c3:4c:59:
         66:f6:37:18:8f:b6:68:0e:55:57:3e:89:0e:7f:8f:68:bd:1a:
         3b:ac:8a:45:a2:0e:92:a6:3f:43:a9:ac:e3:33:25:9e:e6:34:
         5a:b4:d0:83:b2:00:16:6d:ab:e3:16:78:aa:f2:a3:61:f3:4d:
         80:33:ff:11:c3:83:97:58:05:2a:4d:6e:3b:65:18:f6:ca:72:
         20:ce:89:6b:ed:25:a6:fc:d9:3b:52:f1:f3:16:df:54:91:9b:
         9f:3d:a6:85
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzZG
MThCOEFGMTEwLwYDVQQFEygzRTg4N0U4NTY4MTQ4MzMxNDFGOEQwRjY2NEFDQUY2
QzRBMzA1RDQzMB4XDTIwMDIwNzA4MzkyN1oXDTQwMDIwMTA4MzkyN1owGDEWMBQG
A1UEAxMNNWUzZDIyNDQtOTg3YzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALyO/68urAfD5M2RvQvhsjB3v3RwJ1yj+BKDDDtOWpcg3Xk2wo8abdOlQYrD
972WsiNdpByla2OYpgEsZfaWdCgPuauXthgqpRUW/ivcNgdXZm7jXC/Xqi4XhBXU
s9HVGyJbogunOgpguS3o+RkY6++wVLy7Dw20ev1Ohg3auFfhfAf8Z/rSulR5caz7
oYK2zlaS03Wdc581+BqLgmoimieKGuy+alIvHoBs7kW3Txa1BkeFqLfWmDuQ47Ef
z6cKytKaA/2gdQ1HSrAzXhv+hvBtWhSaZvMSTlKfKAhhW2JZ6x522FZU0VElxXtB
oRAwMQzbcZ4tUEJohnwn7Prwql8CAwEAAaOCAn0wggJ5MB0GA1UdDgQWBBR9VXSw
gDyGaBqTCnOP+uHDTY1LMjAfBgNVHSMEGDAWgBQ+iH6FaBSDMUH40PZkrK9sSjBd
QzAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2RjE4QjgvRTIxQkYzNTQ0OTg0MTFFQUFDNDJBQTUyRjhBRUEyMjgvUG9oLWhX
Z1VnekZCLU5EMlpLeXZiRW93WFVNLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvUG9oLWhXZ1VnekZCLU5EMlpLeXZiRW93WFVNLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCBpAYIKwYBBQUHAQsEgZcwgZQwgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2RjE4QjgvRTIxQkYzNTQ0OTg0MTFFQUFDNDJBQTUyRjhB
RUEyMjgvNUM1RkRGNDA0OTg1MTFFQTkyQTIwQTUzRjhBRUEyMjgucm9hMC4GCCsG
AQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDZheoMA0EAgACMAcDBQAsD/HwMA0GCSqG
SIb3DQEBCwUAA4IBAQAcsUdKxyjPTKiNd7mRoYvVeRthM+0Unp3Bpu8F3Ew1Lhbk
eNPOZ3QQdKBBK8f6sEuklLvaJZHT1+bcSuujEjSPbujnN+4ozh6ysaw8g5QPLeN7
Hg84LQt7uXeee4Qh4MS3xLL1VHebPNG3FxjTL+6LPv01iv/RwbIJ6aYnAjYfHGbZ
3gDar0NWDFPGgpnGQY0I3lkC+FovpqMys0aDo1jDTFlm9jcYj7ZoDlVXPokOf49o
vRo7rIpFog6Spj9DqazjMyWe5jRatNCDsgAWbavjFniq8qNh802AM/8Rw4OXWAUq
TW47ZRj2ynIgzolr7SWm/Nk7UvHzFt9UkZufPaaF
-----END CERTIFICATE-----