Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/78D37B0045FA11F1822295E9CE1D38B0.roa
File:                     78D37B0045FA11F1822295E9CE1D38B0.roa (raw, json)
Hash identifier:          BWUkhCinHC8a3HTueA1swU5tq6Uj0vCjELUlCtClybI=
Subject key identifier:   1D:F9:D4:11:43:02:5C:F9:F6:CB:45:B3:A1:CC:84:CB:66:E6:63:CF
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       01C90A
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/78D37B0045FA11F1822295E9CE1D38B0.roa
Signing time:             Sat 02 May 2026 07:42:30 +0000
ROA not before:           Sat 02 May 2026 07:42:23 +0000
ROA not after:            Mon 08 Jun 2026 07:42:23 +0000
asID:                     198243
IP address blocks:        154.222.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
                          rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Mon 11 May 2026 00:07:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 117002 (0x1c90a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF, serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: May  2 07:42:23 2026 GMT
            Not After : Jun  8 07:42:23 2026 GMT
        Subject: CN=69f5aae6-3663
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:62:fc:0a:32:6a:d9:19:ee:bd:5f:fb:11:99:
                    c8:c1:f6:e5:61:ea:38:74:08:12:ea:49:b7:81:d0:
                    74:7d:93:a3:43:e1:81:0e:db:62:1c:4f:89:9a:17:
                    cb:36:35:7d:ed:5d:23:14:0e:f2:b4:ba:e0:7a:42:
                    0c:55:2e:8b:b2:14:7f:23:b0:0c:a3:f4:f9:f7:dc:
                    20:1f:27:0e:ce:43:00:bf:f8:ae:08:75:ee:a1:93:
                    dc:e5:ea:2c:bb:a3:01:1c:1f:fe:bb:2a:e2:05:de:
                    b8:77:a2:aa:16:39:f7:6e:18:7c:08:f8:dd:b4:56:
                    7c:a8:1c:c2:6a:77:28:a7:2e:7f:ae:91:b4:16:4a:
                    ec:43:1d:df:69:13:17:08:36:f9:ed:56:79:f4:d2:
                    5e:24:3d:69:ae:80:7f:66:43:77:42:74:37:1d:59:
                    9e:59:f3:7f:e4:2c:ab:77:7b:d7:8b:0f:27:ec:23:
                    fb:49:6d:1f:68:79:bf:4a:e4:c0:47:2f:b1:44:9a:
                    de:e5:64:3f:ca:eb:4e:1e:ef:ab:ee:68:73:cb:e1:
                    d6:d4:01:10:fe:27:68:fc:c1:7d:2e:20:9b:0e:b8:
                    00:4e:e1:14:30:12:e2:23:30:27:53:41:1d:27:11:
                    ef:72:a2:ec:77:68:96:a7:99:23:80:4e:a2:0c:d4:
                    ca:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:F9:D4:11:43:02:5C:F9:F6:CB:45:B3:A1:CC:84:CB:66:E6:63:CF
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/78D37B0045FA11F1822295E9CE1D38B0.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.222.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:5d:d1:50:50:d2:59:b5:7c:62:6d:71:8d:2a:b0:a2:1b:25:
         85:05:ee:d7:4f:c4:fb:e3:07:59:51:72:1e:4f:d8:72:bb:f5:
         ff:ce:8d:1c:03:6e:f1:7f:74:1d:fb:cc:9a:40:e0:90:c5:71:
         08:f7:64:2c:6c:e8:84:14:27:ff:4a:60:05:e3:d3:b3:14:92:
         52:ad:c7:0d:da:01:4b:92:1f:c0:c7:ef:a4:8d:0a:8c:20:60:
         bb:89:37:88:dc:a0:f0:ec:5f:74:0d:17:75:25:25:69:cf:a5:
         0e:19:5c:79:d1:00:89:4e:fb:30:35:01:57:0b:47:76:c6:ba:
         21:68:f6:2e:27:38:48:aa:1e:a2:f1:09:56:ae:2d:ae:ec:3a:
         a2:3b:fd:a6:00:64:78:58:db:98:0a:39:15:cf:a6:6b:4d:0e:
         83:c9:cb:aa:ad:38:95:47:d0:1a:6c:3e:44:e6:b9:0f:b0:89:
         b2:8c:11:fa:95:49:cd:f3:d3:8e:3b:5a:b8:c9:b9:a9:ae:e3:
         c2:4d:ec:59:e7:28:3a:05:c1:06:fa:bb:ae:14:d4:de:78:3d:
         9d:bd:97:5b:8b:82:5f:4a:10:90:44:26:e8:a7:4b:62:77:af:
         34:08:f8:10:a9:1f:93:21:f0:36:74:da:bd:67:53:a7:75:e8:
         5f:77:64:e2
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDAckKMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjYwNTAyMDc0MjIzWhcNMjYwNjA4MDc0MjIzWjAYMRYw
FAYDVQQDEw02OWY1YWFlNi0zNjYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAqmL8CjJq2RnuvV/7EZnIwfblYeo4dAgS6km3gdB0fZOjQ+GBDttiHE+J
mhfLNjV97V0jFA7ytLrgekIMVS6LshR/I7AMo/T599wgHycOzkMAv/iuCHXuoZPc
5eosu6MBHB/+uyriBd64d6KqFjn3bhh8CPjdtFZ8qBzCancopy5/rpG0FkrsQx3f
aRMXCDb57VZ59NJeJD1proB/ZkN3QnQ3HVmeWfN/5Cyrd3vXiw8n7CP7SW0faHm/
SuTARy+xRJre5WQ/yutOHu+r7mhzy+HW1AEQ/ido/MF9LiCbDrgATuEUMBLiIzAn
U0EdJxHvcqLsd2iWp5kjgE6iDNTKTwIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFB35
1BFDAlz59stFs6HMhMtm5mPPMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC83OEQzN0IwMDQ1RkExMUYxODIyMjk1RTlDRTFEMzhCMC5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmt5WMA0GCSqGSIb3DQEB
CwUAA4IBAQAdXdFQUNJZtXxibXGNKrCiGyWFBe7XT8T74wdZUXIeT9hyu/X/zo0c
A27xf3Qd+8yaQOCQxXEI92QsbOiEFCf/SmAF49OzFJJSrccN2gFLkh/Ax++kjQqM
IGC7iTeI3KDw7F90DRd1JSVpz6UOGVx50QCJTvswNQFXC0d2xrohaPYuJzhIqh6i
8QlWri2u7DqiO/2mAGR4WNuYCjkVz6ZrTQ6DycuqrTiVR9AabD5E5rkPsImyjBH6
lUnN89OOO1q4ybmpruPCTexZ5yg6BcEG+ruuFNTeeD2dvZdbi4JfShCQRCbop0ti
d680CPgQqR+TIfA2dNq9Z1Ondehfd2Ti
-----END CERTIFICATE-----