Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/4187138C56DF11F19C3C37A9CE1D38B0.roa
File:                     4187138C56DF11F19C3C37A9CE1D38B0.roa (raw, json)
Hash identifier:          i6Q5Jib87n2U4s3GMIIQvL0SuZahaYn0J/M+9yJOd50=
Subject key identifier:   4F:8B:28:78:53:60:42:22:1E:93:D3:47:DB:A3:32:75:C1:07:39:BD
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       01CEA0
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/4187138C56DF11F19C3C37A9CE1D38B0.roa
Signing time:             Sat 23 May 2026 19:40:30 +0000
ROA not before:           Sat 23 May 2026 19:40:26 +0000
ROA not after:            Tue 30 Jun 2026 19:40:26 +0000
asID:                     401696
IP address blocks:        154.201.64.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Thu 04 Jun 2026 00:07:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 118432 (0x1cea0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF, serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: May 23 19:40:26 2026 GMT
            Not After : Jun 30 19:40:26 2026 GMT
        Subject: CN=6a1202ae-0caf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:32:18:04:43:27:8e:30:c9:9b:5f:b5:64:26:
                    b8:32:cc:b9:f4:c0:7e:66:e9:a7:b5:37:4a:57:75:
                    5c:3a:bb:a5:c6:06:ee:21:e3:d1:2e:3d:f1:9b:f4:
                    9c:af:4a:7a:af:85:c4:67:27:dd:30:fa:87:c0:b0:
                    08:9c:9a:75:3d:32:9a:2c:aa:e5:f2:0b:f4:81:2c:
                    e3:f7:c1:bb:ef:fc:80:a7:c0:4a:fc:e3:94:96:e2:
                    38:ef:93:9c:84:ff:5a:cf:e3:6e:f9:e9:9d:2e:d7:
                    f0:bf:5d:81:07:44:e1:b9:57:ae:13:2d:d4:cd:2b:
                    25:58:fb:6d:fd:e3:8e:07:30:79:ad:b4:be:5c:a1:
                    d4:92:f5:7c:fa:75:c3:5f:d8:4b:0e:4d:fc:e2:65:
                    7a:91:e5:d4:4a:90:c5:0a:8c:cb:6b:87:ac:f6:7a:
                    fb:30:e4:42:d3:9f:f2:52:eb:bc:7b:99:0e:40:95:
                    39:82:b5:fb:7d:5a:55:84:ef:8e:0a:c7:6d:69:f9:
                    7d:10:27:a5:52:cf:30:0f:4c:e0:05:03:30:b3:3d:
                    7e:67:d8:99:13:57:ae:72:1c:ca:f6:16:7d:69:f0:
                    e3:21:ab:60:8a:d3:43:f7:ef:8a:ab:2f:d2:1f:01:
                    f7:b7:55:52:1f:04:48:0e:f5:30:91:40:a5:cc:b7:
                    66:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:8B:28:78:53:60:42:22:1E:93:D3:47:DB:A3:32:75:C1:07:39:BD
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/4187138C56DF11F19C3C37A9CE1D38B0.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.201.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         95:87:1f:29:99:e2:09:93:b7:03:48:39:59:d7:54:73:37:82:
         bb:0d:2e:f7:f5:56:5d:cb:a4:f4:16:cb:0c:91:56:c4:e2:4a:
         ef:49:db:9e:b1:08:c9:1b:b4:a7:f1:89:b8:76:04:85:1c:8c:
         44:cd:41:83:c7:b8:d3:0b:8e:4b:29:77:89:a0:77:8b:be:90:
         c6:dd:78:8b:b6:6f:04:83:aa:63:d3:57:50:9f:df:91:a2:56:
         90:83:5c:2e:80:9a:ff:83:9d:29:87:01:1e:b0:4a:74:c5:68:
         19:0e:39:14:74:f6:a5:d5:96:4f:a3:2b:51:43:c0:79:a2:75:
         44:4f:45:e8:b2:09:cf:db:97:5e:6d:ec:7d:9e:f1:9d:99:a1:
         98:a1:bf:b0:c3:3f:32:b1:fb:36:2c:ad:17:5d:24:18:a8:d3:
         b5:16:57:b8:41:ba:b9:86:f8:5c:7d:f4:38:ff:ed:9b:37:b4:
         75:c3:6b:e8:51:ce:3a:63:1c:e1:ba:e0:4c:27:74:4a:2f:35:
         1c:4a:6c:62:f2:eb:09:7d:eb:18:00:22:19:25:51:8e:c5:4a:
         89:75:75:49:d1:6b:20:8e:ae:e7:ac:6c:39:4e:45:50:e3:47:
         e4:eb:31:12:09:e2:af:92:71:9e:61:ce:74:81:ad:3f:5f:4b:
         28:4c:fb:8d
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDAc6gMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjYwNTIzMTk0MDI2WhcNMjYwNjMwMTk0MDI2WjAYMRYw
FAYDVQQDEw02YTEyMDJhZS0wY2FmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAwjIYBEMnjjDJm1+1ZCa4Msy59MB+ZumntTdKV3VcOrulxgbuIePRLj3x
m/Scr0p6r4XEZyfdMPqHwLAInJp1PTKaLKrl8gv0gSzj98G77/yAp8BK/OOUluI4
75OchP9az+Nu+emdLtfwv12BB0ThuVeuEy3UzSslWPtt/eOOBzB5rbS+XKHUkvV8
+nXDX9hLDk384mV6keXUSpDFCozLa4es9nr7MORC05/yUuu8e5kOQJU5grX7fVpV
hO+OCsdtafl9ECelUs8wD0zgBQMwsz1+Z9iZE1euchzK9hZ9afDjIatgitND9++K
qy/SHwH3t1VSHwRIDvUwkUClzLdmJQIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFE+L
KHhTYEIiHpPTR9ujMnXBBzm9MB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC80MTg3MTM4QzU2REYxMUYxOUMzQzM3QTlDRTFEMzhCMC5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFmslAMA0GCSqGSIb3DQEB
CwUAA4IBAQCVhx8pmeIJk7cDSDlZ11RzN4K7DS739VZdy6T0FssMkVbE4krvSdue
sQjJG7Sn8Ym4dgSFHIxEzUGDx7jTC45LKXeJoHeLvpDG3XiLtm8Eg6pj01dQn9+R
olaQg1wugJr/g50phwEesEp0xWgZDjkUdPal1ZZPoytRQ8B5onVET0XosgnP25de
bex9nvGdmaGYob+wwz8ysfs2LK0XXSQYqNO1Fle4Qbq5hvhcffQ4/+2bN7R1w2vo
Uc46YxzhuuBMJ3RKLzUcSmxi8usJfesYACIZJVGOxUqJdXVJ0Wsgjq7nrGw5TkVQ
40fk6zESCeKvknGeYc50ga0/X0soTPuN
-----END CERTIFICATE-----