Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36FDDEE/214C5AECB49B11EAA3F61F0FF8AEA228/F7D8787848AB11EEADAF4F784AD9E6FC.roa
File:                     F7D8787848AB11EEADAF4F784AD9E6FC.roa (raw, json)
Hash identifier:          BlPqUJdFk7PaeN09GKNIO2ahqGdvXILNOufI5zoiIug=
Subject key identifier:   8E:B3:48:59:1B:93:BD:1F:55:02:E9:5E:B3:B2:46:C9:3F:2D:A6:A3
Certificate issuer:       /CN=F36FDDEEAF/serialNumber=2CD31C3C251F5EDA183F938E7FCB3A4A1DBA89DD
Certificate serial:       04B8
Authority key identifier: 2C:D3:1C:3C:25:1F:5E:DA:18:3F:93:8E:7F:CB:3A:4A:1D:BA:89:DD
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/LNMcPCUfXtoYP5OOf8s6Sh26id0.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36FDDEE/214C5AECB49B11EAA3F61F0FF8AEA228/F7D8787848AB11EEADAF4F784AD9E6FC.roa
Signing time:             Fri 01 Sep 2023 09:43:13 +0000
ROA not before:           Fri 01 Sep 2023 09:43:10 +0000
ROA not after:            Sun 22 Jun 2025 09:43:10 +0000
asID:                     19905
IP address blocks:        102.88.0.0/13 maxlen: 13

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36FDDEE/214C5AECB49B11EAA3F61F0FF8AEA228/LNMcPCUfXtoYP5OOf8s6Sh26id0.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36FDDEE/214C5AECB49B11EAA3F61F0FF8AEA228/LNMcPCUfXtoYP5OOf8s6Sh26id0.mft
                          rsync://rpki.afrinic.net/repository/afrinic/LNMcPCUfXtoYP5OOf8s6Sh26id0.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Sat 04 May 2024 00:58:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1208 (0x4b8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36FDDEEAF/serialNumber=2CD31C3C251F5EDA183F938E7FCB3A4A1DBA89DD
        Validity
            Not Before: Sep  1 09:43:10 2023 GMT
            Not After : Jun 22 09:43:10 2025 GMT
        Subject: CN=64f1b231-517f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:49:f4:f2:55:0d:3c:5e:28:f9:58:3e:99:b3:
                    b3:37:21:11:f5:81:57:14:0c:38:e8:2a:98:ac:9d:
                    af:6d:6c:d5:43:11:f7:43:b6:07:c3:3d:bb:54:73:
                    46:e8:48:a5:ce:c8:56:1f:23:7e:37:fb:79:16:ca:
                    ab:c1:41:5a:d8:81:b6:5b:18:e1:bb:af:97:3a:09:
                    7d:92:58:34:3f:5e:8e:94:4d:4a:92:14:e7:fd:7f:
                    5c:a6:b9:09:46:da:c1:47:7c:0e:60:1e:26:39:dd:
                    62:3a:a3:22:da:88:f4:22:cf:15:2e:02:33:d8:f4:
                    3d:11:a9:39:91:04:bf:fa:c0:5d:3a:1f:7c:61:fd:
                    5c:a9:ac:77:14:01:be:dd:7f:1f:d4:a0:20:90:22:
                    27:b1:53:20:9b:a4:c6:63:0d:56:12:d9:b8:99:af:
                    d7:b0:b1:16:04:10:78:dd:fc:df:60:eb:b0:19:61:
                    68:78:3e:77:69:a7:d6:10:4d:f6:02:98:cf:89:7b:
                    e1:db:c5:98:b6:1c:41:79:02:c4:c4:18:19:b7:bc:
                    16:e2:49:d8:8e:fc:2b:b5:ee:ac:43:c1:d0:0d:68:
                    7b:75:d7:8d:5a:e6:7f:3e:cb:2c:ea:b2:d8:02:ce:
                    21:b9:bf:4b:da:02:92:52:00:1b:74:fd:21:24:b2:
                    41:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:B3:48:59:1B:93:BD:1F:55:02:E9:5E:B3:B2:46:C9:3F:2D:A6:A3
            X509v3 Authority Key Identifier:
                keyid:2C:D3:1C:3C:25:1F:5E:DA:18:3F:93:8E:7F:CB:3A:4A:1D:BA:89:DD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36FDDEE/214C5AECB49B11EAA3F61F0FF8AEA228/LNMcPCUfXtoYP5OOf8s6Sh26id0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/LNMcPCUfXtoYP5OOf8s6Sh26id0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36FDDEE/214C5AECB49B11EAA3F61F0FF8AEA228/F7D8787848AB11EEADAF4F784AD9E6FC.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.88.0.0/13

    Signature Algorithm: sha256WithRSAEncryption
         21:2e:26:bd:6c:b7:b5:e0:78:0b:f3:df:66:3b:6d:ce:97:bd:
         f4:8b:41:d3:32:40:16:e9:e1:6a:27:70:62:06:e4:44:a5:6c:
         e4:7f:15:62:e4:4d:2f:13:1c:65:58:21:cb:ed:8c:1b:3d:6e:
         f5:2d:ac:43:ad:69:b0:27:1e:3e:13:a8:3b:30:75:55:45:3d:
         ae:84:d2:d6:ff:6a:16:bf:0b:52:25:d1:61:af:c5:56:b2:f6:
         0f:d6:1f:dd:5c:aa:a3:f7:96:8d:ad:9d:5b:66:e0:79:d4:dd:
         6b:fa:10:8e:61:3f:54:eb:f1:da:a0:a0:e7:f6:b6:ce:c1:a3:
         e5:d5:92:01:a9:7f:84:5e:36:38:b6:66:cc:22:ce:70:8a:59:
         09:11:30:09:b2:63:be:fe:a0:35:e4:f0:95:f5:c0:3b:74:e1:
         cd:14:c8:c0:d2:74:65:ea:30:a7:9a:28:81:48:0d:e5:3b:72:
         b2:7f:03:e9:e7:a1:7d:f7:85:b4:1f:9f:cb:57:1a:f4:88:6a:
         8b:e0:76:77:4d:d1:34:91:7d:d0:b3:91:ea:01:4f:1b:f7:24:
         1f:b5:64:6d:0f:44:ff:56:91:76:7b:9b:4e:77:e8:ff:1e:71:
         c7:f6:62:d9:69:d1:ba:cf:38:54:5e:eb:27:f5:b3:70:9d:a0:
         10:6e:a0:fd
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICBLgwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAwwKRjM2
RkRERUVBRjExMC8GA1UEBRMoMkNEMzFDM0MyNTFGNUVEQTE4M0Y5MzhFN0ZDQjNB
NEExREJBODlERDAeFw0yMzA5MDEwOTQzMTBaFw0yNTA2MjIwOTQzMTBaMBgxFjAU
BgNVBAMTDTY0ZjFiMjMxLTUxN2YwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC6SfTyVQ08Xij5WD6Zs7M3IRH1gVcUDDjoKpisna9tbNVDEfdDtgfDPbtU
c0boSKXOyFYfI343+3kWyqvBQVrYgbZbGOG7r5c6CX2SWDQ/Xo6UTUqSFOf9f1ym
uQlG2sFHfA5gHiY53WI6oyLaiPQizxUuAjPY9D0RqTmRBL/6wF06H3xh/VyprHcU
Ab7dfx/UoCCQIiexUyCbpMZjDVYS2biZr9ewsRYEEHjd/N9g67AZYWh4Pndpp9YQ
TfYCmM+Je+HbxZi2HEF5AsTEGBm3vBbiSdiO/Cu17qxDwdANaHt1141a5n8+yyzq
stgCziG5v0vaApJSABt0/SEkskGZAgMBAAGjggKkMIICoDAdBgNVHQ4EFgQUjrNI
WRuTvR9VAules7JGyT8tpqMwHwYDVR0jBBgwFoAULNMcPCUfXtoYP5OOf8s6Sh26
id0wDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNkZEREVFLzIxNEM1QUVDQjQ5QjExRUFBM0Y2MUYwRkY4QUVBMjI4L0xOTWNQ
Q1VmWHRvWVA1T09mOHM2U2gyNmlkMC5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL0xOTWNQQ1VmWHRvWVA1T09mOHM2U2gyNmlkMC5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNkZEREVFLzIxNEM1QUVDQjQ5QjExRUFBM0Y2MUYwRkY4
QUVBMjI4L0Y3RDg3ODc4NDhBQjExRUVBREFGNEY3ODRBRDlFNkZDLnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUDAwNmWDANBgkqhkiG9w0BAQsF
AAOCAQEAIS4mvWy3teB4C/PfZjttzpe99ItB0zJAFunhaidwYgbkRKVs5H8VYuRN
LxMcZVghy+2MGz1u9S2sQ61psCcePhOoOzB1VUU9roTS1v9qFr8LUiXRYa/FVrL2
D9Yf3Vyqo/eWja2dW2bgedTda/oQjmE/VOvx2qCg5/a2zsGj5dWSAal/hF42OLZm
zCLOcIpZCREwCbJjvv6gNeTwlfXAO3ThzRTIwNJ0Zeowp5oogUgN5Ttysn8D6eeh
ffeFtB+fy1ca9Ihqi+B2d03RNJF90LOR6gFPG/ckH7VkbQ9E/1aRdnubTnfo/x5x
x/Zi2WnRus84VF7rJ/WzcJ2gEG6g/Q==
-----END CERTIFICATE-----