Route Origin Authorization
$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/843A6E20D4B511EF9DBD164A762E951A.roa
File: 843A6E20D4B511EF9DBD164A762E951A.roa (raw, json)
Hash identifier: UBB2NO/PVfxf6szPd1KG8WJFTXlXlJQIz+z0CKvDicI=
Subject key identifier: 31:11:29:25:EB:CC:DA:71:3D:99:A9:1B:F5:2A:9F:C7:1D:B4:90:B1
Certificate issuer: /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial: 010959
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access: rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access: rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/843A6E20D4B511EF9DBD164A762E951A.roa
Signing time: Fri 17 Jan 2025 09:29:14 +0000
ROA not before: Fri 17 Jan 2025 09:29:11 +0000
ROA not after: Sun 14 Dec 2025 09:29:11 +0000
asID: 4809
IP address blocks: 156.242.4.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl
rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.mft
rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires: Fri 21 Feb 2025 00:26:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 67929 (0x10959)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=F368F2D0AR
Validity
Not Before: Jan 17 09:29:11 2025 GMT
Not After : Dec 14 09:29:11 2025 GMT
Subject: CN=678a22ea-6777
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:69:bb:e9:52:7b:ee:95:3a:b8:f2:06:40:cb:
64:ae:13:83:d8:c0:78:bc:44:b4:a2:9e:8f:34:a2:
50:f1:7a:2c:56:86:07:f7:48:41:c5:f0:13:de:76:
e9:08:de:6b:6b:57:16:b5:34:b8:01:4a:ba:37:9b:
91:9c:be:be:22:db:17:49:e7:f4:e7:92:a3:72:a6:
8d:4c:68:ca:11:b7:5d:15:9a:78:bf:bc:4b:86:56:
1d:c1:6a:6c:13:ea:18:b4:c9:b6:85:d3:d4:6b:7a:
79:f0:3a:fb:78:d6:9c:1d:8d:fc:23:55:b5:bc:d8:
26:20:6e:98:bd:bc:1a:78:4c:bd:eb:3a:c7:37:56:
48:02:6b:a4:78:52:2d:c5:13:64:5b:ee:9d:b1:16:
ae:08:11:41:db:ad:8b:41:83:18:ae:6d:ad:7d:a3:
6c:64:fd:e2:56:04:2b:4e:0d:c7:ed:cc:2b:b7:c4:
f8:17:97:01:25:14:37:2a:1f:51:4d:96:9c:34:5b:
34:50:41:0f:94:da:aa:35:9b:da:8f:87:c3:62:28:
57:eb:9a:67:8f:f1:36:06:40:9c:fd:9b:3d:c4:ff:
ed:32:8d:91:19:4c:04:35:3e:c6:40:a0:ff:c6:64:
cb:fb:60:9d:29:82:c6:eb:30:9e:27:d3:70:88:a6:
4d:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:11:29:25:EB:CC:DA:71:3D:99:A9:1B:F5:2A:9F:C7:1D:B4:90:B1
X509v3 Authority Key Identifier:
keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://rpki.afrinic.net/policy/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/843A6E20D4B511EF9DBD164A762E951A.roa
RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
156.242.4.0/24
Signature Algorithm: sha256WithRSAEncryption
68:a7:9a:89:ba:6f:c1:93:31:bf:3b:18:03:1e:8e:65:61:af:
d6:4a:b2:e9:6b:84:38:4c:40:61:16:f5:18:a1:cf:50:f8:18:
ce:48:6b:49:67:51:3b:f4:2a:3a:2a:c1:13:61:37:c5:27:f5:
fd:94:b1:99:65:63:3c:87:4b:9d:90:d2:45:2a:52:de:7c:3b:
db:e7:0e:a2:e6:48:70:ed:f5:b2:bf:a6:de:18:1a:8b:2e:fc:
c6:af:bf:36:df:ae:ff:80:02:70:d8:45:17:1d:fb:39:82:3d:
72:71:43:10:c8:03:f8:b4:d0:fd:b3:c0:80:a4:a6:08:98:f0:
6b:48:2f:8b:ac:dc:73:0a:77:a0:c5:8c:d5:d4:2d:34:0c:de:
cc:72:41:ef:8c:f5:39:59:1e:de:d5:83:f7:4d:1a:cd:8e:ae:
a9:4f:2f:81:d5:4f:d9:53:7f:f1:d5:90:f1:57:bd:36:7a:d9:
49:0f:85:03:96:2a:3e:d2:fd:30:11:93:b4:dc:4c:d9:8d:ba:
63:84:da:73:df:89:fc:46:87:02:f9:d0:0f:2f:ab:84:88:d0:
54:cf:f6:3b:07:23:d3:4e:7d:bd:17:19:50:3f:76:32:98:75:
1e:66:ba:23:e1:d3:f2:1e:9d:d0:fb:f9:73:71:17:9a:76:34:
e6:5f:8b:18
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIDAQlZMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjUwMTE3MDkyOTExWhcNMjUxMjE0MDkyOTExWjAYMRYw
FAYDVQQDEw02NzhhMjJlYS02Nzc3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAu2m76VJ77pU6uPIGQMtkrhOD2MB4vES0op6PNKJQ8XosVoYH90hBxfAT
3nbpCN5ra1cWtTS4AUq6N5uRnL6+ItsXSef055KjcqaNTGjKEbddFZp4v7xLhlYd
wWpsE+oYtMm2hdPUa3p58Dr7eNacHY38I1W1vNgmIG6YvbwaeEy96zrHN1ZIAmuk
eFItxRNkW+6dsRauCBFB262LQYMYrm2tfaNsZP3iVgQrTg3H7cwrt8T4F5cBJRQ3
Kh9RTZacNFs0UEEPlNqqNZvaj4fDYihX65pnj/E2BkCc/Zs9xP/tMo2RGUwENT7G
QKD/xmTL+2CdKYLG6zCeJ9NwiKZNJwIDAQABo4ICojCCAp4wHQYDVR0OBBYEFDER
KSXrzNpxPZmpG/Uqn8cdtJCxMB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC84NDNBNkUyMEQ0QjUxMUVGOURCRDE2NEE3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnPIEMA0GCSqGSIb3DQEBCwUA
A4IBAQBop5qJum/BkzG/OxgDHo5lYa/WSrLpa4Q4TEBhFvUYoc9Q+BjOSGtJZ1E7
9Co6KsETYTfFJ/X9lLGZZWM8h0udkNJFKlLefDvb5w6i5khw7fWyv6beGBqLLvzG
r782367/gAJw2EUXHfs5gj1ycUMQyAP4tND9s8CApKYImPBrSC+LrNxzCnegxYzV
1C00DN7MckHvjPU5WR7e1YP3TRrNjq6pTy+B1U/ZU3/x1ZDxV702etlJD4UDlio+
0v0wEZO03EzZjbpjhNpz34n8RocC+dAPL6uEiNBUz/Y7ByPTTn29FxlQP3YymHUe
Zroj4dPyHp3Q+/lzcReadjTmX4sY
-----END CERTIFICATE-----
Generated at Wed Feb 19 20:45:07 2025 by rpki-client