Route Origin Authorization
$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3682615/77460900249E11EDA48F0988F1222468/BF7C71D2253511F1A2DF32BADAE4EC9C.roa
File: BF7C71D2253511F1A2DF32BADAE4EC9C.roa (raw, json)
Hash identifier: xDxj7jLAbLHTvk85XMXUrzpTx4HuVnCWuPgoavUsJzg=
Subject key identifier: 9E:17:A2:87:CC:5E:77:B6:06:CC:0E:88:61:02:98:B2:7A:80:18:6B
Certificate issuer: /CN=F3682615AF/serialNumber=5D0D636F51594E6367F9CAB2D1438FD3A1C5DDEF
Certificate serial: 0544
Authority key identifier: 5D:0D:63:6F:51:59:4E:63:67:F9:CA:B2:D1:43:8F:D3:A1:C5:DD:EF
Authority info access: rsync://rpki.afrinic.net/repository/afrinic/XQ1jb1FZTmNn-cqy0UOP06HF3e8.cer
Subject info access: rsync://rpki.afrinic.net/repository/member_repository/F3682615/77460900249E11EDA48F0988F1222468/BF7C71D2253511F1A2DF32BADAE4EC9C.roa
Signing time: Sat 21 Mar 2026 14:53:41 +0000
ROA not before: Sat 21 Mar 2026 14:53:35 +0000
ROA not after: Fri 31 Mar 2028 14:53:35 +0000
asID: 328835
IP address blocks: 102.220.168.0/22 maxlen: 24
2c0f:3a00::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.afrinic.net/repository/member_repository/F3682615/77460900249E11EDA48F0988F1222468/XQ1jb1FZTmNn-cqy0UOP06HF3e8.crl
rsync://rpki.afrinic.net/repository/member_repository/F3682615/77460900249E11EDA48F0988F1222468/XQ1jb1FZTmNn-cqy0UOP06HF3e8.mft
rsync://rpki.afrinic.net/repository/afrinic/XQ1jb1FZTmNn-cqy0UOP06HF3e8.cer
rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires: Sat 28 Mar 2026 00:07:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1348 (0x544)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=F3682615AF, serialNumber=5D0D636F51594E6367F9CAB2D1438FD3A1C5DDEF
Validity
Not Before: Mar 21 14:53:35 2026 GMT
Not After : Mar 31 14:53:35 2028 GMT
Subject: CN=69beb0f4-0f5e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:52:d1:da:ad:0a:8e:a2:e0:ac:69:99:43:86:
4e:7c:f9:02:e7:77:df:e1:8b:a9:45:49:5b:c4:8e:
7a:9c:27:90:e3:70:cf:70:b9:4c:24:22:64:bf:21:
11:1a:df:1b:74:54:2b:e3:86:0b:2b:04:a4:28:bf:
01:f4:7c:51:a4:ee:fd:06:0a:e3:13:c9:20:04:8a:
44:b5:7c:3c:10:8e:96:cf:fa:a0:b1:81:4c:5b:e2:
08:94:30:50:fe:d4:41:d0:ae:ac:cd:f6:4e:f3:d6:
8d:0b:ab:67:6b:5c:cc:87:0a:23:33:75:84:22:8d:
56:ce:c8:24:9c:e4:ce:e3:0e:31:30:e3:97:83:16:
f4:89:33:40:f9:ea:ee:9e:44:da:7e:f5:fc:7b:8c:
ef:66:96:43:de:f6:84:d8:53:08:4b:f2:f2:bd:4a:
a7:69:95:1b:c4:31:21:76:3a:48:60:09:4d:41:a0:
10:55:0d:15:d8:51:9a:ef:15:17:e1:0b:32:ea:7a:
82:12:28:95:d8:11:1c:bb:62:1d:57:a5:28:2e:eb:
c8:de:96:49:1e:37:cf:bb:0a:e3:5d:a4:95:ff:3b:
e9:02:97:fd:32:2f:49:89:f8:31:94:14:20:97:a9:
e9:d4:36:1f:4c:97:6f:9a:64:94:4b:61:09:c1:4e:
e6:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:17:A2:87:CC:5E:77:B6:06:CC:0E:88:61:02:98:B2:7A:80:18:6B
X509v3 Authority Key Identifier:
keyid:5D:0D:63:6F:51:59:4E:63:67:F9:CA:B2:D1:43:8F:D3:A1:C5:DD:EF
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.afrinic.net/repository/member_repository/F3682615/77460900249E11EDA48F0988F1222468/XQ1jb1FZTmNn-cqy0UOP06HF3e8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/XQ1jb1FZTmNn-cqy0UOP06HF3e8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://rpki.afrinic.net/policy/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3682615/77460900249E11EDA48F0988F1222468/BF7C71D2253511F1A2DF32BADAE4EC9C.roa
RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
102.220.168.0/22
IPv6:
2c0f:3a00::/32
Signature Algorithm: sha256WithRSAEncryption
86:17:45:f2:39:ad:0a:76:a8:17:5a:3b:5b:79:75:26:cd:03:
f0:4b:4e:9c:e1:4e:ec:2f:dd:24:67:5d:d9:2f:27:00:2b:e8:
a3:34:73:62:3a:d5:6f:7d:70:44:36:7f:04:28:89:b5:44:ee:
a2:a6:b5:b5:98:03:56:0e:aa:33:87:8d:79:d0:5c:2f:25:d8:
ca:9f:aa:40:2b:05:fb:60:1a:d4:25:43:ca:34:a5:01:c9:7e:
f9:05:84:99:c8:92:eb:ab:ac:d5:8a:ec:db:b1:0d:6b:0b:38:
96:3e:8e:e6:2a:63:b8:07:ca:53:1a:82:3a:f5:c4:21:aa:d2:
76:02:9b:51:10:a7:13:b1:7f:f3:00:b6:1e:de:c9:0d:b3:c0:
f6:7d:b8:8b:17:01:d8:38:1c:2f:bc:28:23:35:ab:c3:d5:34:
30:c2:db:4c:f6:c6:65:f4:f2:6c:c2:e0:12:61:28:99:09:dc:
cc:b5:07:6f:ca:55:9b:c5:4c:d9:4b:84:cf:e1:8a:fd:2d:b6:
8d:c6:7e:2c:36:36:39:44:11:34:de:dd:ad:25:4a:c4:8c:ff:
fd:d2:80:b3:90:23:75:77:de:0f:76:13:5b:bb:22:9f:6d:db:
dc:55:5e:f4:ea:2f:5d:5a:a8:f2:a0:ef:d8:f1:02:d4:a4:39:
d9:b2:4b:f4
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICBUQwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
ODI2MTVBRjExMC8GA1UEBRMoNUQwRDYzNkY1MTU5NEU2MzY3RjlDQUIyRDE0MzhG
RDNBMUM1RERFRjAeFw0yNjAzMjExNDUzMzVaFw0yODAzMzExNDUzMzVaMBgxFjAU
BgNVBAMTDTY5YmViMGY0LTBmNWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCsUtHarQqOouCsaZlDhk58+QLnd9/hi6lFSVvEjnqcJ5DjcM9wuUwkImS/
IREa3xt0VCvjhgsrBKQovwH0fFGk7v0GCuMTySAEikS1fDwQjpbP+qCxgUxb4giU
MFD+1EHQrqzN9k7z1o0Lq2drXMyHCiMzdYQijVbOyCSc5M7jDjEw45eDFvSJM0D5
6u6eRNp+9fx7jO9mlkPe9oTYUwhL8vK9SqdplRvEMSF2OkhgCU1BoBBVDRXYUZrv
FRfhCzLqeoISKJXYERy7Yh1XpSgu68jelkkeN8+7CuNdpJX/O+kCl/0yL0mJ+DGU
FCCXqenUNh9Ml2+aZJRLYQnBTuZdAgMBAAGjggK0MIICsDAdBgNVHQ4EFgQUnhei
h8xed7YGzA6IYQKYsnqAGGswHwYDVR0jBBgwFoAUXQ1jb1FZTmNn+cqy0UOP06HF
3e8wDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjgyNjE1Lzc3NDYwOTAwMjQ5RTExRURBNDhGMDk4OEYxMjIyNDY4L1hRMWpi
MUZaVG1Obi1jcXkwVU9QMDZIRjNlOC5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL1hRMWpiMUZaVG1Obi1jcXkwVU9QMDZIRjNlOC5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjgyNjE1Lzc3NDYwOTAwMjQ5RTExRURBNDhGMDk4OEYx
MjIyNDY4L0JGN0M3MUQyMjUzNTExRjFBMkRGMzJCQURBRTRFQzlDLnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAJm3KgwDQQCAAIwBwMFACwP
OgAwDQYJKoZIhvcNAQELBQADggEBAIYXRfI5rQp2qBdaO1t5dSbNA/BLTpzhTuwv
3SRnXdkvJwAr6KM0c2I61W99cEQ2fwQoibVE7qKmtbWYA1YOqjOHjXnQXC8l2Mqf
qkArBftgGtQlQ8o0pQHJfvkFhJnIkuurrNWK7NuxDWsLOJY+juYqY7gHylMagjr1
xCGq0nYCm1EQpxOxf/MAth7eyQ2zwPZ9uIsXAdg4HC+8KCM1q8PVNDDC20z2xmX0
8mzC4BJhKJkJ3My1B2/KVZvFTNlLhM/hiv0tto3Gfiw2NjlEETTe3a0lSsSM//3S
gLOQI3V33g92E1u7Ip9t29xVXvTqL11aqPKg79jxAtSkOdmyS/Q=
-----END CERTIFICATE-----
Generated at Fri Mar 27 02:29:00 2026 by rpki-client