Route Origin Authorization
$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/648A1B74CDA911EFA0FD936B762E951A.roa
File: 648A1B74CDA911EFA0FD936B762E951A.roa (raw, json)
Hash identifier: zJ2kE/UCbvYnFvdnydreL0r2NLi8K9pIJJ5L1E84Odk=
Subject key identifier: 20:3C:E0:78:2C:91:72:12:70:6B:A9:93:C0:FC:62:4F:18:4F:AD:49
Certificate issuer: /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial: 010143
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access: rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access: rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/648A1B74CDA911EFA0FD936B762E951A.roa
Signing time: Wed 08 Jan 2025 10:14:49 +0000
ROA not before: Wed 08 Jan 2025 10:14:46 +0000
ROA not after: Sat 13 Dec 2025 10:14:46 +0000
asID: 984
IP address blocks: 156.255.36.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl
rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.mft
rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires: Fri 07 Feb 2025 00:26:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 65859 (0x10143)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=F368F2D0AR
Validity
Not Before: Jan 8 10:14:46 2025 GMT
Not After : Dec 13 10:14:46 2025 GMT
Subject: CN=677e5019-39df
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:1c:35:cc:31:d2:39:8d:1a:40:94:cf:cd:be:
88:6a:a9:c5:f6:96:90:d9:ab:c6:be:fd:3f:b4:33:
62:72:7e:7d:fc:80:c1:78:79:70:4e:cc:4b:b6:31:
46:d1:38:0d:66:ea:f2:69:e2:89:2c:f2:4e:2a:7e:
6d:f5:c3:66:97:4f:3a:be:49:89:fe:4a:02:1f:30:
b7:0e:5f:eb:a3:ef:72:46:f3:19:78:f5:82:c9:a3:
86:39:19:ac:49:cb:cd:74:96:f1:84:b3:18:a1:ad:
32:a8:19:99:1f:76:4d:4f:a2:f3:1d:79:86:da:b0:
20:65:59:92:f1:6f:2b:70:ac:48:f7:50:5d:f9:f7:
04:a3:6e:f2:9a:3e:bd:1d:94:46:03:4b:51:6c:9d:
48:83:b4:36:a7:42:c4:d8:86:3f:20:08:cc:bd:a3:
31:74:45:7d:ed:b6:59:9b:5a:5f:87:fe:3f:32:1a:
bf:c3:2e:21:53:f6:40:88:e3:51:bf:71:4b:2d:81:
3f:ca:ef:da:8e:ca:c3:d8:fc:52:fa:a9:91:bf:28:
77:83:64:17:ee:cb:d7:05:71:ab:ed:cb:71:ec:2c:
5d:7b:12:d3:70:20:93:db:bf:99:7c:f3:b5:25:ef:
e0:48:99:34:00:0c:dd:81:b7:ea:1b:fa:8d:3b:51:
e8:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:3C:E0:78:2C:91:72:12:70:6B:A9:93:C0:FC:62:4F:18:4F:AD:49
X509v3 Authority Key Identifier:
keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://rpki.afrinic.net/policy/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/648A1B74CDA911EFA0FD936B762E951A.roa
RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
156.255.36.0/24
Signature Algorithm: sha256WithRSAEncryption
3f:a8:5f:02:a6:97:1d:8e:b6:36:49:d8:dc:47:79:c3:43:85:
eb:4a:98:d8:86:c4:3e:ba:8d:40:df:1b:83:34:9c:db:13:d5:
78:e8:c6:30:b6:48:2e:d7:0b:09:b1:36:bb:d3:ac:ab:ee:6c:
e7:28:99:69:19:04:f6:18:92:58:e8:f8:ae:fb:09:94:6e:b6:
40:89:83:0d:0d:74:6e:b9:96:39:9b:9c:c3:40:80:fd:11:03:
e1:76:e2:81:59:cc:d0:b8:f5:af:c4:95:ca:81:bf:eb:22:b1:
7a:14:32:bf:59:e0:ed:1a:ce:34:26:31:dc:6a:bb:46:48:6d:
1d:4d:98:cf:c6:f4:96:11:d9:39:75:5a:bf:e0:9d:82:a6:bb:
f5:ac:7a:f0:72:2a:b5:5e:ab:26:e0:09:3a:fc:f7:56:08:39:
bd:f8:4a:33:7d:ad:f6:2f:4d:59:a9:42:61:87:3b:4e:df:0d:
51:85:ff:73:7e:2f:48:48:94:2d:4f:21:aa:7d:59:d4:42:2b:
5f:be:d6:24:55:e8:13:89:05:b4:0a:a2:ec:e6:ff:33:11:f1:
9b:45:b0:7c:cc:73:39:b8:00:b6:89:f5:b4:96:22:47:e5:52:
93:53:01:f9:c3:f3:8c:23:ac:48:c0:4e:24:b1:8a:79:22:b8:
86:0d:f0:6d
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIDAQFDMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjUwMTA4MTAxNDQ2WhcNMjUxMjEzMTAxNDQ2WjAYMRYw
FAYDVQQDEw02NzdlNTAxOS0zOWRmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAxRw1zDHSOY0aQJTPzb6IaqnF9paQ2avGvv0/tDNicn59/IDBeHlwTsxL
tjFG0TgNZuryaeKJLPJOKn5t9cNml086vkmJ/koCHzC3Dl/ro+9yRvMZePWCyaOG
ORmsScvNdJbxhLMYoa0yqBmZH3ZNT6LzHXmG2rAgZVmS8W8rcKxI91Bd+fcEo27y
mj69HZRGA0tRbJ1Ig7Q2p0LE2IY/IAjMvaMxdEV97bZZm1pfh/4/Mhq/wy4hU/ZA
iONRv3FLLYE/yu/ajsrD2PxS+qmRvyh3g2QX7svXBXGr7ctx7CxdexLTcCCT27+Z
fPO1Je/gSJk0AAzdgbfqG/qNO1Ho5wIDAQABo4ICojCCAp4wHQYDVR0OBBYEFCA8
4HgskXIScGupk8D8Yk8YT61JMB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC82NDhBMUI3NENEQTkxMUVGQTBGRDkzNkI3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnP8kMA0GCSqGSIb3DQEBCwUA
A4IBAQA/qF8CppcdjrY2SdjcR3nDQ4XrSpjYhsQ+uo1A3xuDNJzbE9V46MYwtkgu
1wsJsTa706yr7mznKJlpGQT2GJJY6Piu+wmUbrZAiYMNDXRuuZY5m5zDQID9EQPh
duKBWczQuPWvxJXKgb/rIrF6FDK/WeDtGs40JjHcartGSG0dTZjPxvSWEdk5dVq/
4J2Cprv1rHrwciq1Xqsm4Ak6/PdWCDm9+Eozfa32L01ZqUJhhztO3w1Rhf9zfi9I
SJQtTyGqfVnUQitfvtYkVegTiQW0CqLs5v8zEfGbRbB8zHM5uAC2ifW0liJH5VKT
UwH5w/OMI6xIwE4ksYp5IriGDfBt
-----END CERTIFICATE-----
Generated at Wed Feb 5 09:57:24 2025 by rpki-client