Route Origin Authorization
$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/D9EE54BA7E7111F0A329C199DAE4EC9C.roa
File: D9EE54BA7E7111F0A329C199DAE4EC9C.roa (raw, json)
Hash identifier: K+m3CSmEI7v0/OVkXVcnokfBx2r78fLsrKiSaurKQeE=
Subject key identifier: F7:EC:B0:9A:38:B5:49:5C:FF:00:97:12:44:05:98:DD:E1:16:93:8B
Certificate issuer: /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial: 019309
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access: rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access: rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/D9EE54BA7E7111F0A329C199DAE4EC9C.roa
Signing time: Thu 21 Aug 2025 09:33:10 +0000
ROA not before: Thu 21 Aug 2025 09:33:06 +0000
ROA not after: Sat 08 Nov 2025 09:33:06 +0000
asID: 137443
IP address blocks: 154.223.168.0/22 maxlen: 24
154.223.176.0/22 maxlen: 24
154.223.180.0/22 maxlen: 24
154.223.188.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.mft
rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires: Sun 24 Aug 2025 09:34:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 103177 (0x19309)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=F368F2D0AF, serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Validity
Not Before: Aug 21 09:33:06 2025 GMT
Not After : Nov 8 09:33:06 2025 GMT
Subject: CN=68a6e7d6-b912
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:34:a0:cc:31:e5:d0:99:79:19:e3:32:15:87:
74:3d:c4:6a:ab:94:8a:01:ed:73:16:9a:f9:34:ed:
89:9a:f6:0b:97:1e:cd:40:8c:cf:6a:cb:ed:4a:b3:
3a:42:14:34:3b:a0:e8:bd:f0:00:36:02:21:17:1d:
72:cc:55:b5:cb:c8:4c:6c:2a:66:72:df:c9:f9:39:
6e:e4:b3:b9:e0:62:e4:fb:db:41:00:5b:37:c6:9a:
5d:b6:19:61:0a:98:59:71:23:df:7b:e9:92:d8:48:
38:3a:3a:04:78:e4:21:01:fe:35:d3:80:58:9f:e6:
0a:22:44:58:5f:a8:ba:74:f1:71:4f:e6:2b:ef:1f:
ab:1b:11:22:a3:fa:c2:93:28:67:df:87:08:48:35:
99:1a:41:a9:f6:18:eb:88:14:b9:a7:5c:fa:fd:62:
ae:8a:e5:92:c0:6a:a8:d5:57:bf:4a:8a:0b:75:3d:
3a:14:94:b8:73:4a:0a:3b:e4:49:13:66:8d:be:32:
8b:c2:ea:f9:f6:d3:39:0d:3b:e5:d1:36:9d:66:29:
5d:10:39:2b:e9:0f:f8:e2:2d:e9:35:41:23:49:aa:
b2:0d:73:d4:3a:fb:cc:0c:f2:46:b7:ef:56:ba:61:
ca:d8:22:a5:7f:23:c3:06:15:bf:e8:01:3a:ea:42:
68:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:EC:B0:9A:38:B5:49:5C:FF:00:97:12:44:05:98:DD:E1:16:93:8B
X509v3 Authority Key Identifier:
keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://rpki.afrinic.net/policy/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/D9EE54BA7E7111F0A329C199DAE4EC9C.roa
RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
154.223.168.0/22
154.223.176.0/21
154.223.188.0/22
Signature Algorithm: sha256WithRSAEncryption
33:f2:3b:64:b7:00:1b:52:66:96:65:4a:a7:08:e7:7f:30:cd:
e6:87:b3:48:7f:6a:0a:5a:b5:f5:b2:5d:9e:31:6a:f1:5c:1e:
03:3e:93:30:f7:db:af:93:b7:91:af:c8:e4:c8:5e:30:cc:0a:
04:55:5d:59:3e:30:e1:fd:a1:49:c5:6e:df:c9:a2:14:81:3a:
1d:ca:ca:61:e3:23:8c:c2:87:e2:b1:9f:c5:86:20:b9:c9:4d:
56:b8:0d:1a:63:7c:f2:95:4a:2b:80:df:f6:32:bf:5b:ba:b9:
6e:17:43:9d:ae:a0:bb:e1:01:6a:96:49:c1:d9:fa:32:b2:21:
d3:c8:4d:c2:c4:c0:84:47:57:4e:e8:bd:7c:b4:e3:43:f3:22:
3b:cc:95:91:59:b8:04:11:12:49:ec:b5:38:e2:82:35:56:20:
e6:ed:08:2b:42:00:90:41:40:dc:37:ae:53:8b:78:6d:31:9f:
c2:a0:21:77:62:1a:22:ea:1b:b0:5e:a4:e2:75:d2:19:26:89:
51:83:b0:92:00:dd:a3:6a:f5:f6:ba:36:84:82:16:9e:e0:e8:
47:15:fa:44:04:9c:65:44:bd:22:eb:c0:df:c4:46:c8:90:4f:
4d:3a:6d:d3:05:19:ec:94:c8:b5:c9:df:2e:26:d8:9c:98:e7:
63:3e:c2:a6
-----BEGIN CERTIFICATE-----
MIIFkDCCBHigAwIBAgIDAZMJMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwODIxMDkzMzA2WhcNMjUxMTA4MDkzMzA2WjAYMRYw
FAYDVQQDEw02OGE2ZTdkNi1iOTEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAyDSgzDHl0Jl5GeMyFYd0PcRqq5SKAe1zFpr5NO2JmvYLlx7NQIzPasvt
SrM6QhQ0O6DovfAANgIhFx1yzFW1y8hMbCpmct/J+Tlu5LO54GLk+9tBAFs3xppd
thlhCphZcSPfe+mS2Eg4OjoEeOQhAf4104BYn+YKIkRYX6i6dPFxT+Yr7x+rGxEi
o/rCkyhn34cISDWZGkGp9hjriBS5p1z6/WKuiuWSwGqo1Ve/SooLdT06FJS4c0oK
O+RJE2aNvjKLwur59tM5DTvl0TadZildEDkr6Q/44i3pNUEjSaqyDXPUOvvMDPJG
t+9WumHK2CKlfyPDBhW/6AE66kJoqQIDAQABo4ICsTCCAq0wHQYDVR0OBBYEFPfs
sJo4tUlc/wCXEkQFmN3hFpOLMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC9EOUVFNTRCQTdFNzExMUYwQTMyOUMxOTlEQUU0RUM5Qy5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCmt+oAwQDmt+wAwQCmt+8
MA0GCSqGSIb3DQEBCwUAA4IBAQAz8jtktwAbUmaWZUqnCOd/MM3mh7NIf2oKWrX1
sl2eMWrxXB4DPpMw99uvk7eRr8jkyF4wzAoEVV1ZPjDh/aFJxW7fyaIUgTodysph
4yOMwofisZ/FhiC5yU1WuA0aY3zylUorgN/2Mr9burluF0OdrqC74QFqlknB2foy
siHTyE3CxMCER1dO6L18tOND8yI7zJWRWbgEERJJ7LU44oI1ViDm7QgrQgCQQUDc
N65Ti3htMZ/CoCF3Yhoi6huwXqTiddIZJolRg7CSAN2javX2ujaEghae4OhHFfpE
BJxlRL0i68DfxEbIkE9NOm3TBRnslMi1yd8uJticmOdjPsKm
-----END CERTIFICATE-----
Generated at Fri Aug 22 23:21:12 2025 by rpki-client