Route Origin Authorization
$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F365958D/9CFE89C8EF0E11EFB212E46B762E951A/2B0D0D36F44411EF9C7CC663762E951A.roa
File: 2B0D0D36F44411EF9C7CC663762E951A.roa (raw, json)
Hash identifier: 2Q8qL5N57SGyAwSmdLGbK9RkrcemAnA+9vfe4IdCPTs=
Subject key identifier: 85:C9:47:4A:4E:CF:C6:65:68:40:48:10:8A:7D:F0:17:D6:3F:6B:11
Certificate issuer: /CN=F365958DAF/serialNumber=178DDEF8BB3CFE4FBE013B923BC8AE22D645B302
Certificate serial: 21
Authority key identifier: 17:8D:DE:F8:BB:3C:FE:4F:BE:01:3B:92:3B:C8:AE:22:D6:45:B3:02
Authority info access: rsync://rpki.afrinic.net/repository/afrinic/F43e-Ls8_k--ATuSO8iuItZFswI.cer
Subject info access: rsync://rpki.afrinic.net/repository/member_repository/F365958D/9CFE89C8EF0E11EFB212E46B762E951A/2B0D0D36F44411EF9C7CC663762E951A.roa
Signing time: Wed 26 Feb 2025 13:18:29 +0000
ROA not before: Wed 26 Feb 2025 13:18:25 +0000
ROA not after: Sat 26 Feb 2028 13:18:25 +0000
asID: 37284
IP address blocks: 102.221.8.0/22 maxlen: 22
102.221.8.0/24 maxlen: 24
102.221.9.0/24 maxlen: 24
102.221.10.0/24 maxlen: 24
102.221.11.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.afrinic.net/repository/member_repository/F365958D/9CFE89C8EF0E11EFB212E46B762E951A/F43e-Ls8_k--ATuSO8iuItZFswI.crl
rsync://rpki.afrinic.net/repository/member_repository/F365958D/9CFE89C8EF0E11EFB212E46B762E951A/F43e-Ls8_k--ATuSO8iuItZFswI.mft
rsync://rpki.afrinic.net/repository/afrinic/F43e-Ls8_k--ATuSO8iuItZFswI.cer
rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires: Sun 06 Apr 2025 00:06:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 33 (0x21)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=F365958DAF
Validity
Not Before: Feb 26 13:18:25 2025 GMT
Not After : Feb 26 13:18:25 2028 GMT
Subject: CN=67bf14a5-9382
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:37:2d:2d:a4:98:95:27:7f:b5:5a:2a:4b:45:
11:11:9b:59:01:37:79:47:fd:04:7e:78:a8:34:5d:
93:0f:03:eb:49:fe:f4:a0:47:f7:61:53:39:08:51:
24:9f:9f:fa:31:29:6f:f5:c0:79:33:da:c3:59:f4:
06:a9:8e:db:e5:52:5f:27:46:50:b1:9c:75:8f:69:
fe:09:4b:01:23:51:60:89:30:ca:fc:35:ab:7f:f4:
51:c5:b2:6d:0d:99:a7:13:18:e0:46:f3:60:88:3b:
a3:4b:27:c8:a2:dd:db:d8:55:6c:a7:7c:d2:0c:06:
88:0a:0c:03:99:ae:45:15:f7:8f:1a:38:91:f8:cf:
ca:55:95:b6:2c:0b:1a:11:62:39:69:6b:81:a7:c6:
8e:f7:9f:e4:14:4f:d7:76:a8:37:ce:b7:22:73:52:
8d:10:b6:93:0f:f6:1f:8a:52:42:de:f5:6f:a3:47:
aa:86:7a:42:30:bd:8e:8f:91:39:5e:81:96:21:68:
81:cb:69:b2:29:50:8b:d8:51:fa:d0:14:3f:b2:f9:
42:0f:7e:b7:be:4c:16:22:ad:ff:70:b5:df:02:5c:
75:96:19:b8:5a:dd:c7:3e:54:a0:90:61:c7:51:29:
4a:e2:a8:a8:b4:68:51:20:f1:d0:11:95:c8:ea:8d:
e7:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:C9:47:4A:4E:CF:C6:65:68:40:48:10:8A:7D:F0:17:D6:3F:6B:11
X509v3 Authority Key Identifier:
keyid:17:8D:DE:F8:BB:3C:FE:4F:BE:01:3B:92:3B:C8:AE:22:D6:45:B3:02
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.afrinic.net/repository/member_repository/F365958D/9CFE89C8EF0E11EFB212E46B762E951A/F43e-Ls8_k--ATuSO8iuItZFswI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/F43e-Ls8_k--ATuSO8iuItZFswI.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://rpki.afrinic.net/policy/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F365958D/9CFE89C8EF0E11EFB212E46B762E951A/2B0D0D36F44411EF9C7CC663762E951A.roa
RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
102.221.8.0/22
Signature Algorithm: sha256WithRSAEncryption
2c:2b:c0:66:46:bc:0a:67:c6:c7:45:dd:7d:02:41:26:48:e5:
40:49:c1:44:ef:2a:f3:98:c9:13:7d:b9:97:65:21:85:5f:bd:
9c:af:d2:51:a5:a6:9d:74:9f:df:9a:87:ba:7e:c4:cc:2b:5f:
63:db:eb:97:70:b2:db:75:77:bb:e4:55:eb:85:fa:2e:3c:33:
57:09:04:97:44:6e:fa:0a:10:f9:72:81:25:1a:ed:78:3b:be:
3f:f8:8f:e4:f6:83:36:cc:17:be:3a:02:b3:c3:3a:f1:8a:46:
2e:5a:bb:55:6c:98:32:c8:34:06:06:e0:f3:27:88:0d:dd:73:
02:92:67:c7:7d:f2:18:e2:5c:3f:46:80:f9:92:6e:2b:6b:32:
f4:84:30:86:89:a4:14:89:14:e6:a3:1a:7b:e9:f1:1c:be:3b:
2d:6d:c8:ee:34:54:15:07:10:e7:68:01:d7:30:62:58:a1:00:
e6:4f:8e:0e:e4:31:85:de:33:2e:34:94:05:9c:fa:6f:f1:09:
5e:c2:45:54:20:ba:4b:21:83:98:75:c7:a3:a7:9b:87:4b:0b:
6b:51:78:86:3f:25:79:bd:e8:40:7e:cd:d4:01:06:ee:e3:0f:
62:ae:2c:c7:e7:69:06:99:f5:89:3c:07:31:5c:74:2c:a9:5c:
e6:51:6e:a3
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBITANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzY1
OTU4REFGMTEwLwYDVQQFEygxNzhEREVGOEJCM0NGRTRGQkUwMTNCOTIzQkM4QUUy
MkQ2NDVCMzAyMB4XDTI1MDIyNjEzMTgyNVoXDTI4MDIyNjEzMTgyNVowGDEWMBQG
A1UEAxMNNjdiZjE0YTUtOTM4MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM03LS2kmJUnf7VaKktFERGbWQE3eUf9BH54qDRdkw8D60n+9KBH92FTOQhR
JJ+f+jEpb/XAeTPaw1n0BqmO2+VSXydGULGcdY9p/glLASNRYIkwyvw1q3/0UcWy
bQ2ZpxMY4EbzYIg7o0snyKLd29hVbKd80gwGiAoMA5muRRX3jxo4kfjPylWVtiwL
GhFiOWlrgafGjvef5BRP13aoN863InNSjRC2kw/2H4pSQt71b6NHqoZ6QjC9jo+R
OV6BliFogctpsilQi9hR+tAUP7L5Qg9+t75MFiKt/3C13wJcdZYZuFrdxz5UoJBh
x1EpSuKoqLRoUSDx0BGVyOqN510CAwEAAaOCAqUwggKhMB0GA1UdDgQWBBSFyUdK
Ts/GZWhASBCKffAX1j9rETAfBgNVHSMEGDAWgBQXjd74uzz+T74BO5I7yK4i1kWz
AjAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2NTk1OEQvOUNGRTg5QzhFRjBFMTFFRkIyMTJFNDZCNzYyRTk1MUEvRjQzZS1M
czhfay0tQVR1U084aXVJdFpGc3dJLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvRjQzZS1Mczhfay0tQVR1U084aXVJdFpGc3dJLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2NTk1OEQvOUNGRTg5QzhFRjBFMTFFRkIyMTJFNDZCNzYy
RTk1MUEvMkIwRDBEMzZGNDQ0MTFFRjlDN0NDNjYzNzYyRTk1MUEucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAmbdCDANBgkqhkiG9w0BAQsF
AAOCAQEALCvAZka8CmfGx0XdfQJBJkjlQEnBRO8q85jJE325l2UhhV+9nK/SUaWm
nXSf35qHun7EzCtfY9vrl3Cy23V3u+RV64X6LjwzVwkEl0Ru+goQ+XKBJRrteDu+
P/iP5PaDNswXvjoCs8M68YpGLlq7VWyYMsg0Bgbg8yeIDd1zApJnx33yGOJcP0aA
+ZJuK2sy9IQwhomkFIkU5qMae+nxHL47LW3I7jRUFQcQ52gB1zBiWKEA5k+ODuQx
hd4zLjSUBZz6b/EJXsJFVCC6SyGDmHXHo6ebh0sLa1F4hj8leb3oQH7N1AEG7uMP
Yq4sx+dpBpn1iTwHMVx0LKlc5lFuow==
-----END CERTIFICATE-----
Generated at Fri Apr 4 10:44:16 2025 by rpki-client