Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F367DFA4/08B8D82093AC11EBB1D2A832F8AEA228/6643EED69AA911F08149169FDAE4EC9C.roa
File:                     6643EED69AA911F08149169FDAE4EC9C.roa (raw, json)
Hash identifier:          nD/BFXfthY2J+wM0mgxXRU1qzVpsG1Kjd7lO67sgUh8=
Subject key identifier:   47:7B:EB:54:13:4E:5B:BA:36:D9:8D:E4:AA:90:F0:DA:0F:DE:C1:1E
Certificate issuer:       /CN=F367DFA4AF/serialNumber=97C90E25212D887CF9E1DE6FDDF551BA812FA139
Certificate serial:       07B4
Authority key identifier: 97:C9:0E:25:21:2D:88:7C:F9:E1:DE:6F:DD:F5:51:BA:81:2F:A1:39
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/l8kOJSEtiHz54d5v3fVRuoEvoTk.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F367DFA4/08B8D82093AC11EBB1D2A832F8AEA228/6643EED69AA911F08149169FDAE4EC9C.roa
Signing time:             Fri 26 Sep 2025 07:21:21 +0000
ROA not before:           Fri 26 Sep 2025 07:21:16 +0000
ROA not after:            Thu 30 Oct 2025 07:21:16 +0000
asID:                     22724
IP address blocks:        102.177.160.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.afrinic.net/repository/member_repository/F367DFA4/08B8D82093AC11EBB1D2A832F8AEA228/l8kOJSEtiHz54d5v3fVRuoEvoTk.crl
                          rsync://rpki.afrinic.net/repository/member_repository/F367DFA4/08B8D82093AC11EBB1D2A832F8AEA228/l8kOJSEtiHz54d5v3fVRuoEvoTk.mft
                          rsync://rpki.afrinic.net/repository/afrinic/l8kOJSEtiHz54d5v3fVRuoEvoTk.cer
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
                          rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
                          rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
                          rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires:   Wed 22 Oct 2025 00:06:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1972 (0x7b4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F367DFA4AF, serialNumber=97C90E25212D887CF9E1DE6FDDF551BA812FA139
        Validity
            Not Before: Sep 26 07:21:16 2025 GMT
            Not After : Oct 30 07:21:16 2025 GMT
        Subject: CN=68d63ef1-4b11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f9:0a:d9:82:fd:9b:b0:95:d4:41:e3:2d:e6:
                    08:6c:b1:75:7d:d6:09:41:63:e1:6f:95:9d:da:9d:
                    91:8e:2e:21:ab:e1:c4:12:d7:3e:80:09:75:c8:45:
                    a9:7e:0d:9e:40:f1:9c:02:8d:c6:10:3e:80:9d:0a:
                    52:61:78:96:39:05:90:0c:c6:fb:1c:7b:2b:46:cc:
                    b8:98:13:68:e1:7c:d4:b3:54:94:47:5e:47:a9:85:
                    36:84:d3:70:bf:f6:03:01:11:5c:a5:9c:3d:e4:91:
                    39:25:6d:c2:fe:53:0b:21:b2:df:8e:c5:18:99:8e:
                    50:a0:e5:47:d0:9f:25:1d:4f:57:43:22:56:14:db:
                    43:6d:b5:56:a6:21:84:b6:1d:4f:80:6b:39:c0:4b:
                    67:06:86:1d:8f:1b:52:65:f9:d8:b6:48:3b:bd:e9:
                    9e:52:e7:fe:dc:41:7a:3b:f3:0a:de:b2:ba:bf:8c:
                    19:25:96:e2:eb:86:d7:ae:2f:bc:67:89:51:52:e1:
                    10:1b:c4:77:57:30:26:1d:7f:30:db:97:0e:65:30:
                    9f:01:bc:ed:35:1b:35:3c:0e:8f:e4:d6:a7:7c:f3:
                    16:ed:c1:34:f9:f8:a3:7c:f0:3e:da:f5:f0:83:f3:
                    4f:d4:8d:19:a6:49:07:0c:e8:b2:db:a5:99:6d:76:
                    26:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:7B:EB:54:13:4E:5B:BA:36:D9:8D:E4:AA:90:F0:DA:0F:DE:C1:1E
            X509v3 Authority Key Identifier:
                keyid:97:C9:0E:25:21:2D:88:7C:F9:E1:DE:6F:DD:F5:51:BA:81:2F:A1:39

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F367DFA4/08B8D82093AC11EBB1D2A832F8AEA228/l8kOJSEtiHz54d5v3fVRuoEvoTk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/l8kOJSEtiHz54d5v3fVRuoEvoTk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F367DFA4/08B8D82093AC11EBB1D2A832F8AEA228/6643EED69AA911F08149169FDAE4EC9C.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.177.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8f:10:d6:75:b9:03:66:80:3a:da:97:5e:b4:69:c0:a1:4d:0b:
         d8:e4:2b:09:f2:ff:0f:d7:ac:09:72:fe:77:d2:0e:45:9a:c4:
         c8:08:80:84:95:e3:58:ff:dd:dd:57:37:f2:ee:d4:ab:33:5e:
         35:2f:78:9b:73:98:cd:39:97:83:b8:4d:bc:08:6e:3d:1a:a2:
         0e:1e:50:26:fd:8a:4b:c2:21:ff:37:66:f4:90:b4:6a:01:e5:
         46:7f:23:d7:63:99:9d:25:14:10:37:a5:99:aa:fd:25:72:93:
         5e:63:3e:92:5b:39:e4:5e:f2:d5:20:b3:fa:bc:d3:10:f8:93:
         98:2f:ff:95:79:fb:31:22:35:cd:1e:0a:70:09:0e:99:49:ef:
         2b:f5:fd:66:82:bc:2d:bd:fd:8f:e0:41:bb:07:d1:5d:f6:fb:
         2d:3d:86:0c:2c:35:dc:69:52:27:d2:17:14:05:50:ac:4c:89:
         bf:5d:b1:c5:27:78:04:60:eb:8b:ad:4b:3e:f3:ac:04:13:28:
         82:d8:6a:0d:0b:9f:54:d0:f2:f2:7e:10:45:70:3b:32:1f:5a:
         a4:7f:e6:4a:78:4d:95:f7:88:db:04:aa:6a:7a:41:23:1b:64:
         3f:42:05:dc:ef:9d:1e:65:56:4b:48:e0:62:fb:51:25:ba:16:
         e9:1e:c8:a3
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICB7QwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
N0RGQTRBRjExMC8GA1UEBRMoOTdDOTBFMjUyMTJEODg3Q0Y5RTFERTZGRERGNTUx
QkE4MTJGQTEzOTAeFw0yNTA5MjYwNzIxMTZaFw0yNTEwMzAwNzIxMTZaMBgxFjAU
BgNVBAMTDTY4ZDYzZWYxLTRiMTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCo+QrZgv2bsJXUQeMt5ghssXV91glBY+FvlZ3anZGOLiGr4cQS1z6ACXXI
Ral+DZ5A8ZwCjcYQPoCdClJheJY5BZAMxvsceytGzLiYE2jhfNSzVJRHXkephTaE
03C/9gMBEVylnD3kkTklbcL+Uwshst+OxRiZjlCg5UfQnyUdT1dDIlYU20NttVam
IYS2HU+AaznAS2cGhh2PG1Jl+di2SDu96Z5S5/7cQXo78wresrq/jBklluLrhteu
L7xniVFS4RAbxHdXMCYdfzDblw5lMJ8BvO01GzU8Do/k1qd88xbtwTT5+KN88D7a
9fCD80/UjRmmSQcM6LLbpZltdiYZAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQUR3vr
VBNOW7o22Y3kqpDw2g/ewR4wHwYDVR0jBBgwFoAUl8kOJSEtiHz54d5v3fVRuoEv
oTkwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjdERkE0LzA4QjhEODIwOTNBQzExRUJCMUQyQTgzMkY4QUVBMjI4L2w4a09K
U0V0aUh6NTRkNXYzZlZSdW9Fdm9Uay5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL2w4a09KU0V0aUh6NTRkNXYzZlZSdW9Fdm9Uay5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjdERkE0LzA4QjhEODIwOTNBQzExRUJCMUQyQTgzMkY4
QUVBMjI4LzY2NDNFRUQ2OUFBOTExRjA4MTQ5MTY5RkRBRTRFQzlDLnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBARmsaAwDQYJKoZIhvcNAQEL
BQADggEBAI8Q1nW5A2aAOtqXXrRpwKFNC9jkKwny/w/XrAly/nfSDkWaxMgIgISV
41j/3d1XN/Lu1KszXjUveJtzmM05l4O4TbwIbj0aog4eUCb9ikvCIf83ZvSQtGoB
5UZ/I9djmZ0lFBA3pZmq/SVyk15jPpJbOeRe8tUgs/q80xD4k5gv/5V5+zEiNc0e
CnAJDplJ7yv1/WaCvC29/Y/gQbsH0V32+y09hgwsNdxpUifSFxQFUKxMib9dscUn
eARg64utSz7zrAQTKILYag0Ln1TQ8vJ+EEVwOzIfWqR/5kp4TZX3iNsEqmp6QSMb
ZD9CBdzvnR5lVktI4GL7USW6FukeyKM=
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:50:41 2025 by rpki-client