Route Origin Authorization
$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/CDA5FAF2C94D11EF82C1AAA5762E951A.roa
File: CDA5FAF2C94D11EF82C1AAA5762E951A.roa (raw, json)
Hash identifier: WsLlFEkqp3njokkostwzYKxr3YcXbCkzGQkRAQJXjqE=
Subject key identifier: F1:17:76:34:3C:FD:91:A7:19:6B:2D:83:45:2A:FF:0B:DE:CA:D1:83
Certificate issuer: /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial: F3A8
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access: rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access: rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/CDA5FAF2C94D11EF82C1AAA5762E951A.roa
Signing time: Thu 02 Jan 2025 21:09:07 +0000
ROA not before: Thu 02 Jan 2025 21:09:03 +0000
ROA not after: Sat 13 Dec 2025 21:09:03 +0000
asID: 984
IP address blocks: 156.225.171.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl
rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.mft
rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.crl
rsync://rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires: Fri 07 Feb 2025 00:26:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 62376 (0xf3a8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=F368F2D0AR
Validity
Not Before: Jan 2 21:09:03 2025 GMT
Not After : Dec 13 21:09:03 2025 GMT
Subject: CN=67770073-aa76
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:ec:a2:bb:f2:0d:be:a7:02:c1:99:62:d8:f4:
97:b7:6b:4a:6e:59:f1:0e:b5:51:d1:8e:4f:8a:4c:
7a:b2:70:c9:f9:8a:16:5a:82:2a:59:b6:1f:f5:3a:
45:32:87:ce:e5:40:20:b4:0e:e0:3c:7b:78:16:57:
b2:a3:bd:bf:26:38:23:79:c7:45:e7:08:89:58:48:
2f:3b:1e:51:65:55:cc:b7:f1:62:9e:40:90:c9:e3:
f4:a8:1f:d5:b4:20:db:c6:5f:25:bc:c7:65:7f:4b:
bd:fa:a5:36:08:c7:bb:38:4a:a2:5c:b3:bd:66:9a:
f3:52:89:7c:db:f4:b8:7a:42:a6:40:1d:28:4a:cf:
d5:30:4a:6f:a7:7a:07:15:4a:5d:cc:93:f2:33:7e:
6f:43:bc:df:b2:6c:0e:71:97:9f:23:07:9a:91:23:
36:08:ce:64:ae:06:50:79:ff:e6:71:bf:f5:16:84:
09:68:f1:69:46:f5:56:7a:fb:30:44:d2:bf:bb:51:
f9:74:29:da:a4:9e:cc:6b:16:f2:4c:c9:e8:13:98:
f2:ba:da:4f:2c:36:70:5c:94:a3:ad:0b:6e:59:76:
dc:78:7e:80:7d:a4:b3:ef:31:37:33:fc:36:db:d3:
59:1a:e3:78:f2:d1:57:f1:79:12:54:14:1d:4e:51:
ac:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:17:76:34:3C:FD:91:A7:19:6B:2D:83:45:2A:FF:0B:DE:CA:D1:83
X509v3 Authority Key Identifier:
keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://rpki.afrinic.net/policy/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/CDA5FAF2C94D11EF82C1AAA5762E951A.roa
RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
156.225.171.0/24
Signature Algorithm: sha256WithRSAEncryption
05:01:d7:c2:93:c3:8b:7c:f7:06:08:d5:b4:d8:e3:9f:ee:77:
7f:9e:b9:5d:95:a0:62:9e:45:7f:ea:71:f1:4b:d6:f1:5d:9a:
9d:38:69:bc:4f:a2:ee:95:07:a1:7a:34:58:6c:59:96:aa:66:
2c:99:b2:9a:a0:57:fe:a4:63:a8:a4:24:c3:0a:92:f4:c1:8f:
40:fe:21:f4:fb:8b:f6:d0:be:0c:f1:51:15:1d:3d:f0:2f:ab:
00:c2:30:ac:a6:60:92:c0:77:28:0d:5e:2a:70:e7:90:c5:73:
3f:c6:ab:79:d9:01:44:88:ca:7f:a4:15:ce:23:0d:51:fc:62:
21:b8:c7:38:e2:4f:a1:bb:b8:42:6b:66:2e:96:22:14:98:a2:
bf:c3:d6:b6:da:a1:ba:71:d0:c5:18:d4:3a:8f:84:ac:4e:53:
95:49:54:50:3f:2b:b4:9d:77:ae:f0:bb:89:f0:9c:2d:ba:c5:
3d:36:56:34:8b:b9:61:03:99:48:11:12:4b:23:f6:7f:64:fd:
5e:49:77:ca:05:54:e5:88:a0:f8:20:d3:60:d1:26:37:96:cd:
49:97:78:57:65:24:09:12:40:55:51:93:98:e7:f5:cd:6d:ec:
73:4c:a8:fb:55:63:b2:8f:66:03:aa:e0:58:67:90:69:85:ca:
10:3d:cc:b6
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIDAPOoMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjUwMTAyMjEwOTAzWhcNMjUxMjEzMjEwOTAzWjAYMRYw
FAYDVQQDEw02Nzc3MDA3My1hYTc2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAweyiu/INvqcCwZli2PSXt2tKblnxDrVR0Y5Pikx6snDJ+YoWWoIqWbYf
9TpFMofO5UAgtA7gPHt4Fleyo72/JjgjecdF5wiJWEgvOx5RZVXMt/FinkCQyeP0
qB/VtCDbxl8lvMdlf0u9+qU2CMe7OEqiXLO9ZprzUol82/S4ekKmQB0oSs/VMEpv
p3oHFUpdzJPyM35vQ7zfsmwOcZefIweakSM2CM5krgZQef/mcb/1FoQJaPFpRvVW
evswRNK/u1H5dCnapJ7MaxbyTMnoE5jyutpPLDZwXJSjrQtuWXbceH6AfaSz7zE3
M/w229NZGuN48tFX8XkSVBQdTlGsZQIDAQABo4ICojCCAp4wHQYDVR0OBBYEFPEX
djQ8/ZGnGWstg0Uq/wveytGDMB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC9DREE1RkFGMkM5NEQxMUVGODJDMUFBQTU3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnOGrMA0GCSqGSIb3DQEBCwUA
A4IBAQAFAdfCk8OLfPcGCNW02OOf7nd/nrldlaBinkV/6nHxS9bxXZqdOGm8T6Lu
lQehejRYbFmWqmYsmbKaoFf+pGOopCTDCpL0wY9A/iH0+4v20L4M8VEVHT3wL6sA
wjCspmCSwHcoDV4qcOeQxXM/xqt52QFEiMp/pBXOIw1R/GIhuMc44k+hu7hCa2Yu
liIUmKK/w9a22qG6cdDFGNQ6j4SsTlOVSVRQPyu0nXeu8LuJ8JwtusU9NlY0i7lh
A5lIERJLI/Z/ZP1eSXfKBVTliKD4INNg0SY3ls1Jl3hXZSQJEkBVUZOY5/XNbexz
TKj7VWOyj2YDquBYZ5BphcoQPcy2
-----END CERTIFICATE-----
Generated at Wed Feb 5 09:42:57 2025 by rpki-client