Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36FE1EA/0781C770806F11EEADC9ED584AD9E6FC/4EAB40AC807611EEA2E8966F4AD9E6FC.roa
File:                     4EAB40AC807611EEA2E8966F4AD9E6FC.roa (raw, json)
Hash identifier:          zIgDIvB6Gxwg/+n8hoQHWEVQwYNf/V40+da0oZ0QOpQ=
Subject key identifier:   F5:6B:93:BC:9C:81:AC:EE:CA:32:C8:82:1D:B0:E9:B3:90:2C:0D:82
Certificate issuer:       /CN=F36FE1EAAF/serialNumber=07B87D94F04489356641339DE69164477D8FFA43
Certificate serial:       03
Authority key identifier: 07:B8:7D:94:F0:44:89:35:66:41:33:9D:E6:91:64:47:7D:8F:FA:43
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/B7h9lPBEiTVmQTOd5pFkR32P-kM.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36FE1EA/0781C770806F11EEADC9ED584AD9E6FC/4EAB40AC807611EEA2E8966F4AD9E6FC.roa
Signing time:             Sat 11 Nov 2023 09:40:11 +0000
ROA not before:           Sat 11 Nov 2023 09:40:08 +0000
ROA not after:            Wed 30 Nov 2033 09:40:08 +0000
asID:                     328427
IP address blocks:        102.68.136.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F36FE1EA/0781C770806F11EEADC9ED584AD9E6FC/B7h9lPBEiTVmQTOd5pFkR32P-kM.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F36FE1EA/0781C770806F11EEADC9ED584AD9E6FC/B7h9lPBEiTVmQTOd5pFkR32P-kM.mft
                          rsync://rpki.afrinic.net/repository/afrinic/B7h9lPBEiTVmQTOd5pFkR32P-kM.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Tue 26 Nov 2024 00:05:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3 (0x3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36FE1EAAF/serialNumber=07B87D94F04489356641339DE69164477D8FFA43
        Validity
            Not Before: Nov 11 09:40:08 2023 GMT
            Not After : Nov 30 09:40:08 2033 GMT
        Subject: CN=654f4bfb-4997
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:7c:5a:98:36:f0:62:19:5f:40:b8:fc:5d:7b:
                    5d:79:07:03:1c:74:08:55:70:bf:e5:93:44:36:06:
                    59:ca:8c:95:b4:c0:ae:16:5a:2d:f5:d3:56:52:66:
                    cd:83:2e:0e:51:c1:89:f0:73:d5:3f:2e:03:e3:23:
                    8e:a6:d0:c0:13:96:95:3e:c1:a1:e2:ff:18:1f:8e:
                    21:be:d7:11:0d:15:a5:a8:41:8c:b3:dd:9d:b5:e4:
                    91:ff:cf:78:5d:ec:45:d8:fd:d7:9c:a0:13:fb:8e:
                    20:f7:ff:6f:59:8e:56:dc:29:8a:32:4e:ad:ed:4c:
                    0e:c4:c9:f4:3a:0c:0a:3d:1a:dc:f3:db:69:4f:4f:
                    cf:aa:9a:f9:3d:16:b9:4e:fb:43:f5:ca:e5:b8:8b:
                    62:4d:39:43:ad:b8:5a:98:30:69:14:00:5e:a1:25:
                    d2:25:ed:e2:de:ba:8b:19:ba:44:f4:ad:5e:9e:f6:
                    e5:ec:cd:c5:82:bc:b6:fd:55:e2:04:99:86:68:50:
                    33:5f:3a:ad:ef:18:0d:06:76:74:1b:a6:a7:c3:07:
                    6a:6a:a4:fe:f8:9b:a9:34:ce:52:24:51:dd:2e:d9:
                    72:86:b7:60:70:1e:66:8a:25:53:b5:81:b9:04:4a:
                    5b:30:5a:16:1d:86:dc:c5:86:22:91:42:7d:47:3e:
                    06:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:6B:93:BC:9C:81:AC:EE:CA:32:C8:82:1D:B0:E9:B3:90:2C:0D:82
            X509v3 Authority Key Identifier:
                keyid:07:B8:7D:94:F0:44:89:35:66:41:33:9D:E6:91:64:47:7D:8F:FA:43

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36FE1EA/0781C770806F11EEADC9ED584AD9E6FC/B7h9lPBEiTVmQTOd5pFkR32P-kM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/B7h9lPBEiTVmQTOd5pFkR32P-kM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36FE1EA/0781C770806F11EEADC9ED584AD9E6FC/4EAB40AC807611EEA2E8966F4AD9E6FC.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.68.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:ba:d4:23:ca:b7:a1:91:b0:2c:2d:c5:55:e6:08:19:82:89:
         83:85:3f:45:0e:2b:7c:e5:51:ae:50:2f:a6:8f:cb:52:4a:52:
         59:69:e9:91:ee:f6:4c:22:9e:34:83:b3:fe:3b:8f:64:b3:06:
         70:fd:e3:03:d3:f9:46:22:c2:ec:12:78:64:9c:57:c9:a6:f1:
         fe:35:cf:8d:93:ad:8d:12:68:06:e2:77:b1:ce:56:6e:04:ee:
         cb:53:64:4b:bb:1f:9b:e0:ea:4b:e8:1c:38:8a:28:6b:de:ba:
         25:93:a7:b3:aa:18:67:be:3d:dd:34:35:08:db:21:58:89:f8:
         72:80:83:84:16:67:9c:93:13:94:f5:76:38:ce:ef:a1:b1:6f:
         a8:07:30:cf:cd:a3:ca:54:6a:42:2d:b8:48:4b:e4:5f:1d:88:
         ed:6a:b6:2c:1b:64:4c:f1:87:92:dd:96:66:4b:a0:d4:ab:56:
         b5:53:cf:f7:3f:b5:9c:e5:82:3f:b8:4c:e6:a3:c9:71:52:c6:
         72:6b:5a:4c:0f:5a:8e:3b:23:25:a7:e5:d9:3b:99:59:57:2d:
         29:2f:30:3a:29:d1:86:f5:f5:cf:91:5f:a1:74:8d:fb:a4:bc:
         f2:4c:37:7f:59:51:7a:de:14:2f:19:f6:f8:7f:b6:81:71:9b:
         42:a2:35:cb
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzZG
RTFFQUFGMTEwLwYDVQQFEygwN0I4N0Q5NEYwNDQ4OTM1NjY0MTMzOURFNjkxNjQ0
NzdEOEZGQTQzMB4XDTIzMTExMTA5NDAwOFoXDTMzMTEzMDA5NDAwOFowGDEWMBQG
A1UEAxMNNjU0ZjRiZmItNDk5NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKp8Wpg28GIZX0C4/F17XXkHAxx0CFVwv+WTRDYGWcqMlbTArhZaLfXTVlJm
zYMuDlHBifBz1T8uA+MjjqbQwBOWlT7BoeL/GB+OIb7XEQ0VpahBjLPdnbXkkf/P
eF3sRdj915ygE/uOIPf/b1mOVtwpijJOre1MDsTJ9DoMCj0a3PPbaU9Pz6qa+T0W
uU77Q/XK5biLYk05Q624WpgwaRQAXqEl0iXt4t66ixm6RPStXp725ezNxYK8tv1V
4gSZhmhQM186re8YDQZ2dBump8MHamqk/vibqTTOUiRR3S7Zcoa3YHAeZoolU7WB
uQRKWzBaFh2G3MWGIpFCfUc+BsUCAwEAAaOCAqUwggKhMB0GA1UdDgQWBBT1a5O8
nIGs7soyyIIdsOmzkCwNgjAfBgNVHSMEGDAWgBQHuH2U8ESJNWZBM53mkWRHfY/6
QzAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2RkUxRUEvMDc4MUM3NzA4MDZGMTFFRUFEQzlFRDU4NEFEOUU2RkMvQjdoOWxQ
QkVpVFZtUVRPZDVwRmtSMzJQLWtNLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvQjdoOWxQQkVpVFZtUVRPZDVwRmtSMzJQLWtNLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2RkUxRUEvMDc4MUM3NzA4MDZGMTFFRUFEQzlFRDU4NEFE
OUU2RkMvNEVBQjQwQUM4MDc2MTFFRUEyRTg5NjZGNEFEOUU2RkMucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAmZEiDANBgkqhkiG9w0BAQsF
AAOCAQEADLrUI8q3oZGwLC3FVeYIGYKJg4U/RQ4rfOVRrlAvpo/LUkpSWWnpke72
TCKeNIOz/juPZLMGcP3jA9P5RiLC7BJ4ZJxXyabx/jXPjZOtjRJoBuJ3sc5WbgTu
y1NkS7sfm+DqS+gcOIooa966JZOns6oYZ7493TQ1CNshWIn4coCDhBZnnJMTlPV2
OM7vobFvqAcwz82jylRqQi24SEvkXx2I7Wq2LBtkTPGHkt2WZkug1KtWtVPP9z+1
nOWCP7hM5qPJcVLGcmtaTA9ajjsjJafl2TuZWVctKS8wOinRhvX1z5FfoXSN+6S8
8kw3f1lRet4ULxn2+H+2gXGbQqI1yw==
-----END CERTIFICATE-----