Route Origin Authorization
$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3641110/59627DEC193711F18063378ADAE4EC9C/CBEEA3561E2B11F1961C59ADDAE4EC9C.roa
File: CBEEA3561E2B11F1961C59ADDAE4EC9C.roa (raw, json)
Hash identifier: pvY9TQ8JUnIxht52zhSA0rWfrxaSQC/iSnp5NKbibUM=
Subject key identifier: 6C:34:1B:2A:7E:87:F2:3B:AF:98:C5:3E:69:3A:75:CC:8F:7E:BE:95
Certificate issuer: /CN=F3641110AF/serialNumber=0F891D2FD154785DC3E6B3C79667646C0BB4F56D
Certificate serial: 1C
Authority key identifier: 0F:89:1D:2F:D1:54:78:5D:C3:E6:B3:C7:96:67:64:6C:0B:B4:F5:6D
Authority info access: rsync://rpki.afrinic.net/repository/afrinic/D4kdL9FUeF3D5rPHlmdkbAu09W0.cer
Subject info access: rsync://rpki.afrinic.net/repository/member_repository/F3641110/59627DEC193711F18063378ADAE4EC9C/CBEEA3561E2B11F1961C59ADDAE4EC9C.roa
Signing time: Thu 12 Mar 2026 15:54:48 +0000
ROA not before: Thu 12 Mar 2026 15:54:44 +0000
ROA not after: Mon 31 Mar 2036 15:54:44 +0000
asID: 43256
IP address blocks: 197.215.222.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.afrinic.net/repository/member_repository/F3641110/59627DEC193711F18063378ADAE4EC9C/D4kdL9FUeF3D5rPHlmdkbAu09W0.crl
rsync://rpki.afrinic.net/repository/member_repository/F3641110/59627DEC193711F18063378ADAE4EC9C/D4kdL9FUeF3D5rPHlmdkbAu09W0.mft
rsync://rpki.afrinic.net/repository/afrinic/D4kdL9FUeF3D5rPHlmdkbAu09W0.cer
rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires: Wed 25 Mar 2026 00:06:55 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28 (0x1c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=F3641110AF, serialNumber=0F891D2FD154785DC3E6B3C79667646C0BB4F56D
Validity
Not Before: Mar 12 15:54:44 2026 GMT
Not After : Mar 31 15:54:44 2036 GMT
Subject: CN=69b2e1c8-26e0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:59:8d:d0:6c:f1:47:e7:9c:af:6f:b7:3d:e6:
52:db:e6:f1:d3:c3:45:0a:bc:d7:f9:d6:83:4f:af:
f1:eb:0c:bf:ae:2d:cd:31:85:6f:85:55:53:b2:9b:
07:1b:10:9c:72:94:36:99:72:77:95:fa:be:a7:d4:
74:7b:8f:67:78:3c:3d:e9:3e:36:65:ca:d4:21:3b:
3e:27:d7:a7:f8:e5:fe:cf:ca:47:bc:77:f4:8e:99:
34:93:38:63:b3:36:f1:c6:87:a4:41:62:a1:f6:54:
ec:0d:86:cc:4c:c6:ed:64:57:53:42:c2:0b:e3:4a:
30:f9:28:4f:8f:5a:a8:bf:41:ba:87:aa:4e:e9:fd:
81:31:bb:0a:91:71:0d:2f:bf:e8:a2:07:65:c2:20:
24:9d:03:5e:44:0e:28:ca:aa:c5:e7:39:18:1e:fe:
a4:99:3e:23:61:1c:c1:f5:a0:81:f7:5b:6f:82:2b:
fe:c2:e4:89:4c:2e:85:86:3c:05:21:1e:f6:d8:46:
49:51:76:a2:13:02:3d:5b:8b:76:95:56:3a:4f:4c:
f4:0d:50:fd:1c:cc:cf:66:22:35:67:60:6f:ca:0b:
b0:4c:12:d3:1c:b4:9b:f9:6a:5e:fe:b7:fa:22:7e:
bb:cb:ee:e0:73:40:f3:c3:1c:d8:48:98:24:e5:94:
fc:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:34:1B:2A:7E:87:F2:3B:AF:98:C5:3E:69:3A:75:CC:8F:7E:BE:95
X509v3 Authority Key Identifier:
keyid:0F:89:1D:2F:D1:54:78:5D:C3:E6:B3:C7:96:67:64:6C:0B:B4:F5:6D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.afrinic.net/repository/member_repository/F3641110/59627DEC193711F18063378ADAE4EC9C/D4kdL9FUeF3D5rPHlmdkbAu09W0.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/D4kdL9FUeF3D5rPHlmdkbAu09W0.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://rpki.afrinic.net/policy/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3641110/59627DEC193711F18063378ADAE4EC9C/CBEEA3561E2B11F1961C59ADDAE4EC9C.roa
RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
197.215.222.0/24
Signature Algorithm: sha256WithRSAEncryption
04:40:33:2a:c4:08:33:c9:55:2b:de:24:58:75:10:c7:ab:e0:
dd:c7:50:fe:a0:2d:42:cb:b3:6e:21:1d:0a:a3:e6:b1:28:8e:
1a:fc:47:87:9d:28:9c:39:c1:1d:7b:d9:57:37:46:c7:2a:db:
42:2f:63:8c:08:1e:26:72:04:a4:82:b5:53:36:35:fe:4d:a6:
4b:9c:51:44:77:e4:57:c1:b2:3d:78:89:1c:fc:7f:eb:d2:8e:
7e:42:35:2f:20:e1:dc:9e:12:22:c0:2b:fd:32:dd:95:51:89:
de:41:b3:c1:cd:bf:15:59:7d:a4:2c:4e:98:b3:cf:e5:b4:c9:
4e:eb:0a:88:42:0d:19:08:21:a8:11:83:cd:07:4e:17:9f:b3:
17:3f:55:4d:be:c3:7b:61:6c:11:ce:64:58:3f:ad:31:ad:72:
da:26:39:06:29:18:80:a5:3c:ef:1a:8c:68:7f:89:4c:fb:a8:
5d:0f:a4:6e:87:3a:11:51:88:e5:a8:33:70:2a:bc:bc:fe:a8:
e9:95:20:da:03:4b:a9:4f:9d:b5:26:38:51:39:e9:41:c2:28:
7c:20:86:57:b5:18:00:d0:e9:ee:e7:38:3c:a8:77:a4:db:38:
67:ae:04:55:1a:c4:75:4e:d2:bc:9d:18:4e:c3:87:fa:67:5c:
0b:5d:96:2b
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBHDANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzY0
MTExMEFGMTEwLwYDVQQFEygwRjg5MUQyRkQxNTQ3ODVEQzNFNkIzQzc5NjY3NjQ2
QzBCQjRGNTZEMB4XDTI2MDMxMjE1NTQ0NFoXDTM2MDMzMTE1NTQ0NFowGDEWMBQG
A1UEAxMNNjliMmUxYzgtMjZlMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOxZjdBs8UfnnK9vtz3mUtvm8dPDRQq81/nWg0+v8esMv64tzTGFb4VVU7Kb
BxsQnHKUNplyd5X6vqfUdHuPZ3g8Pek+NmXK1CE7PifXp/jl/s/KR7x39I6ZNJM4
Y7M28caHpEFiofZU7A2GzEzG7WRXU0LCC+NKMPkoT49aqL9BuoeqTun9gTG7CpFx
DS+/6KIHZcIgJJ0DXkQOKMqqxec5GB7+pJk+I2EcwfWggfdbb4Ir/sLkiUwuhYY8
BSEe9thGSVF2ohMCPVuLdpVWOk9M9A1Q/RzMz2YiNWdgb8oLsEwS0xy0m/lqXv63
+iJ+u8vu4HNA88Mc2EiYJOWU/F0CAwEAAaOCAqUwggKhMB0GA1UdDgQWBBRsNBsq
fofyO6+YxT5pOnXMj36+lTAfBgNVHSMEGDAWgBQPiR0v0VR4XcPms8eWZ2RsC7T1
bTAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2NDExMTAvNTk2MjdERUMxOTM3MTFGMTgwNjMzNzhBREFFNEVDOUMvRDRrZEw5
RlVlRjNENXJQSGxtZGtiQXUwOVcwLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvRDRrZEw5RlVlRjNENXJQSGxtZGtiQXUwOVcwLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2NDExMTAvNTk2MjdERUMxOTM3MTFGMTgwNjMzNzhBREFF
NEVDOUMvQ0JFRUEzNTYxRTJCMTFGMTk2MUM1OUFEREFFNEVDOUMucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMXX3jANBgkqhkiG9w0BAQsF
AAOCAQEABEAzKsQIM8lVK94kWHUQx6vg3cdQ/qAtQsuzbiEdCqPmsSiOGvxHh50o
nDnBHXvZVzdGxyrbQi9jjAgeJnIEpIK1UzY1/k2mS5xRRHfkV8GyPXiJHPx/69KO
fkI1LyDh3J4SIsAr/TLdlVGJ3kGzwc2/FVl9pCxOmLPP5bTJTusKiEINGQghqBGD
zQdOF5+zFz9VTb7De2FsEc5kWD+tMa1y2iY5BikYgKU87xqMaH+JTPuoXQ+kboc6
EVGI5agzcCq8vP6o6ZUg2gNLqU+dtSY4UTnpQcIofCCGV7UYANDp7uc4PKh3pNs4
Z64EVRrEdU7SvJ0YTsOH+mdcC12WKw==
-----END CERTIFICATE-----
Generated at Mon Mar 23 11:49:53 2026 by rpki-client