Route Origin Authorization
$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F367CD72/0951C17ECEA511EF93B45BAD762E951A/4608FD7CF36111EFB87F7D4F762E951A.roa
File: 4608FD7CF36111EFB87F7D4F762E951A.roa (raw, json)
Hash identifier: q4VUHmXqhQLvC4tfCUsaK0VJ9DqAe9PMwDnLK46jh+k=
Subject key identifier: A3:87:74:CB:1C:50:EF:2B:CC:58:E4:43:74:BE:D4:E0:11:76:F4:82
Certificate issuer: /CN=F367CD72AF/serialNumber=7708E66F1C07C1D7670AEBDBAE186DA42BCB30C7
Certificate serial: 73
Authority key identifier: 77:08:E6:6F:1C:07:C1:D7:67:0A:EB:DB:AE:18:6D:A4:2B:CB:30:C7
Authority info access: rsync://rpki.afrinic.net/repository/afrinic/dwjmbxwHwddnCuvbrhhtpCvLMMc.cer
Subject info access: rsync://rpki.afrinic.net/repository/member_repository/F367CD72/0951C17ECEA511EF93B45BAD762E951A/4608FD7CF36111EFB87F7D4F762E951A.roa
Signing time: Tue 25 Feb 2025 10:14:18 +0000
ROA not before: Tue 25 Feb 2025 10:14:14 +0000
ROA not after: Sun 31 Dec 2028 10:14:14 +0000
asID: 30985
IP address blocks: 102.213.136.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.afrinic.net/repository/member_repository/F367CD72/0951C17ECEA511EF93B45BAD762E951A/dwjmbxwHwddnCuvbrhhtpCvLMMc.crl
rsync://rpki.afrinic.net/repository/member_repository/F367CD72/0951C17ECEA511EF93B45BAD762E951A/dwjmbxwHwddnCuvbrhhtpCvLMMc.mft
rsync://rpki.afrinic.net/repository/afrinic/dwjmbxwHwddnCuvbrhhtpCvLMMc.cer
rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires: Tue 29 Apr 2025 00:06:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 115 (0x73)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=F367CD72AF, serialNumber=7708E66F1C07C1D7670AEBDBAE186DA42BCB30C7
Validity
Not Before: Feb 25 10:14:14 2025 GMT
Not After : Dec 31 10:14:14 2028 GMT
Subject: CN=67bd97fa-8ddd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:d2:7f:f5:9c:25:f2:d7:78:32:bb:ef:5e:63:
3c:4c:82:6f:3a:07:67:f6:2f:c2:41:b1:2a:af:9b:
8f:81:8e:05:b7:99:e2:2c:b9:96:06:34:60:0a:c9:
2b:48:cf:34:52:4b:40:d6:47:97:d4:a4:56:e9:a9:
a5:c4:b8:f6:32:d4:1a:5f:d0:66:7e:1c:40:5a:e8:
84:f2:0a:21:fc:42:8a:23:c5:46:c6:0d:76:02:38:
af:34:f7:86:4b:24:c2:18:71:1d:50:60:5d:9e:8b:
9a:73:16:b3:0a:d8:86:0c:9f:27:a1:68:fe:c7:7c:
35:12:01:39:c2:63:d4:d2:b5:9b:d8:14:1e:bb:79:
f2:3c:40:b6:ea:df:17:b2:95:e3:92:7a:69:62:8c:
7c:5e:2c:71:ad:20:2e:69:2c:b3:67:1e:97:89:8a:
9c:62:88:ca:ed:9b:76:fb:e3:97:ef:20:d9:dd:cb:
66:a5:7e:93:ae:ac:18:ff:29:41:76:41:54:43:2e:
9f:6d:f2:ee:3c:08:43:94:4f:c3:8f:8d:a8:18:34:
84:98:3c:2f:c7:9c:95:5c:2b:94:03:65:7b:5a:5c:
f0:2e:c2:68:f1:b0:13:1d:0a:6a:d8:f4:cf:eb:da:
70:a9:de:82:ea:68:ec:79:dc:7c:86:25:a6:db:63:
b7:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:87:74:CB:1C:50:EF:2B:CC:58:E4:43:74:BE:D4:E0:11:76:F4:82
X509v3 Authority Key Identifier:
keyid:77:08:E6:6F:1C:07:C1:D7:67:0A:EB:DB:AE:18:6D:A4:2B:CB:30:C7
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.afrinic.net/repository/member_repository/F367CD72/0951C17ECEA511EF93B45BAD762E951A/dwjmbxwHwddnCuvbrhhtpCvLMMc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/dwjmbxwHwddnCuvbrhhtpCvLMMc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://rpki.afrinic.net/policy/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F367CD72/0951C17ECEA511EF93B45BAD762E951A/4608FD7CF36111EFB87F7D4F762E951A.roa
RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
102.213.136.0/22
Signature Algorithm: sha256WithRSAEncryption
60:2a:ea:2b:b0:a3:f0:94:be:21:7a:c0:4b:5e:8f:f5:84:35:
22:e3:da:72:bf:8f:3d:92:6e:1c:0c:c9:30:2d:d2:74:88:d8:
e6:0c:0d:79:58:0e:bf:d0:a6:41:c9:cf:ca:d7:0e:f2:f7:e2:
3f:66:d9:12:0e:b8:dc:f3:c7:f9:64:c6:bf:b0:c9:ac:54:a8:
40:42:df:21:9c:07:10:fe:0e:1a:74:cc:d3:8f:13:9a:ed:62:
09:d0:e0:0b:dd:05:43:47:89:a1:dd:dc:7d:a9:16:24:e4:6b:
07:03:eb:e3:e5:8b:5b:6a:0a:01:a2:2d:ad:01:47:0d:f1:ce:
a1:14:51:d0:e7:72:6a:d9:cb:31:ea:7a:63:eb:be:8f:d2:7b:
5f:f0:44:d1:ac:4b:80:a8:95:54:d0:78:5d:d9:a3:6a:e9:61:
c0:0f:c6:8e:5a:63:63:39:9e:d4:04:e1:8a:9c:d5:c9:46:96:
b8:e8:80:13:d9:36:da:d9:42:6d:1c:37:91:70:de:33:96:67:
15:35:e3:87:cd:01:71:80:03:0c:25:ef:6b:7e:3c:41:be:fb:
3c:1b:a3:92:3d:ff:5f:6b:ae:40:d7:21:3c:96:04:e7:2b:3c:
6a:58:29:f6:5b:18:34:48:b9:c6:6d:dc:f8:c7:0e:3d:f1:48:
1c:2a:86:de
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBczANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzY3
Q0Q3MkFGMTEwLwYDVQQFEyg3NzA4RTY2RjFDMDdDMUQ3NjcwQUVCREJBRTE4NkRB
NDJCQ0IzMEM3MB4XDTI1MDIyNTEwMTQxNFoXDTI4MTIzMTEwMTQxNFowGDEWMBQG
A1UEAxMNNjdiZDk3ZmEtOGRkZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALvSf/WcJfLXeDK7715jPEyCbzoHZ/YvwkGxKq+bj4GOBbeZ4iy5lgY0YArJ
K0jPNFJLQNZHl9SkVumppcS49jLUGl/QZn4cQFrohPIKIfxCiiPFRsYNdgI4rzT3
hkskwhhxHVBgXZ6LmnMWswrYhgyfJ6Fo/sd8NRIBOcJj1NK1m9gUHrt58jxAturf
F7KV45J6aWKMfF4sca0gLmkss2cel4mKnGKIyu2bdvvjl+8g2d3LZqV+k66sGP8p
QXZBVEMun23y7jwIQ5RPw4+NqBg0hJg8L8eclVwrlANle1pc8C7CaPGwEx0Katj0
z+vacKnegupo7HncfIYlpttjt7sCAwEAAaOCAqUwggKhMB0GA1UdDgQWBBSjh3TL
HFDvK8xY5EN0vtTgEXb0gjAfBgNVHSMEGDAWgBR3COZvHAfB12cK69uuGG2kK8sw
xzAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2N0NENzIvMDk1MUMxN0VDRUE1MTFFRjkzQjQ1QkFENzYyRTk1MUEvZHdqbWJ4
d0h3ZGRuQ3V2YnJoaHRwQ3ZMTU1jLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvZHdqbWJ4d0h3ZGRuQ3V2YnJoaHRwQ3ZMTU1jLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2N0NENzIvMDk1MUMxN0VDRUE1MTFFRjkzQjQ1QkFENzYy
RTk1MUEvNDYwOEZEN0NGMzYxMTFFRkI4N0Y3RDRGNzYyRTk1MUEucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAmbViDANBgkqhkiG9w0BAQsF
AAOCAQEAYCrqK7Cj8JS+IXrAS16P9YQ1IuPacr+PPZJuHAzJMC3SdIjY5gwNeVgO
v9CmQcnPytcO8vfiP2bZEg643PPH+WTGv7DJrFSoQELfIZwHEP4OGnTM048Tmu1i
CdDgC90FQ0eJod3cfakWJORrBwPr4+WLW2oKAaItrQFHDfHOoRRR0OdyatnLMep6
Y+u+j9J7X/BE0axLgKiVVNB4XdmjaulhwA/GjlpjYzme1AThipzVyUaWuOiAE9k2
2tlCbRw3kXDeM5ZnFTXjh80BcYADDCXva348Qb77PBujkj3/X2uuQNchPJYE5ys8
algp9lsYNEi5xm3c+McOPfFIHCqG3g==
-----END CERTIFICATE-----
Generated at Mon Apr 28 00:47:14 2025 by rpki-client