Route Origin Authorization
$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36E8DA8/4C970B5E495C11ED9E7604E8F1222468/CC3720D6188111F197F8BFABDAE4EC9C.roa
File: CC3720D6188111F197F8BFABDAE4EC9C.roa (raw, json)
Hash identifier: +QgPl8TD1nfFzmVUj7KB6S1al9ZfPHgMAGHnCFB4BHU=
Subject key identifier: 4B:39:88:E2:D1:94:DE:38:4C:F4:91:1A:F4:43:39:F3:FB:A9:F1:1D
Certificate issuer: /CN=F36E8DA8AF/serialNumber=3E8EB858E6153921ADB0BF5F0BC95B4D06C7C3EF
Certificate serial: 0503
Authority key identifier: 3E:8E:B8:58:E6:15:39:21:AD:B0:BF:5F:0B:C9:5B:4D:06:C7:C3:EF
Authority info access: rsync://rpki.afrinic.net/repository/afrinic/Po64WOYVOSGtsL9fC8lbTQbHw-8.cer
Subject info access: rsync://rpki.afrinic.net/repository/member_repository/F36E8DA8/4C970B5E495C11ED9E7604E8F1222468/CC3720D6188111F197F8BFABDAE4EC9C.roa
Signing time: Thu 05 Mar 2026 10:55:18 +0000
ROA not before: Thu 05 Mar 2026 10:55:14 +0000
ROA not after: Sun 04 Mar 2029 10:55:14 +0000
asID: 328803
IP address blocks: 102.215.20.0/22 maxlen: 24
102.220.232.0/22 maxlen: 24
2c0f:1480::/32 maxlen: 34
Validation: OK
Signature path: rsync://rpki.afrinic.net/repository/member_repository/F36E8DA8/4C970B5E495C11ED9E7604E8F1222468/Po64WOYVOSGtsL9fC8lbTQbHw-8.crl
rsync://rpki.afrinic.net/repository/member_repository/F36E8DA8/4C970B5E495C11ED9E7604E8F1222468/Po64WOYVOSGtsL9fC8lbTQbHw-8.mft
rsync://rpki.afrinic.net/repository/afrinic/Po64WOYVOSGtsL9fC8lbTQbHw-8.cer
rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl
rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.crl
rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/62gPOPXWxxu0sQa4vQZYUBLaMbY.mft
rsync://rpki.afrinic.net/repository/AfriNIC.cer
Signature path expires: Sat 28 Mar 2026 00:07:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1283 (0x503)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=F36E8DA8AF, serialNumber=3E8EB858E6153921ADB0BF5F0BC95B4D06C7C3EF
Validity
Not Before: Mar 5 10:55:14 2026 GMT
Not After : Mar 4 10:55:14 2029 GMT
Subject: CN=69a96116-2f63
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:f5:fc:34:ca:54:c5:a5:e1:3e:e3:c3:89:cb:
66:ee:12:05:15:45:fd:87:1d:bf:86:e3:bd:58:59:
9e:05:52:2e:4f:58:02:36:c4:e9:08:70:e2:46:f5:
b1:5a:54:b0:1b:9a:78:30:9d:5b:29:76:6f:25:99:
4f:76:0a:dd:1a:01:b5:9f:5d:43:10:09:49:8c:c9:
d4:1c:f5:91:ad:2e:44:18:60:f2:c9:d0:c9:75:39:
27:ed:81:39:58:c4:99:dd:0d:a6:14:9a:79:56:f8:
1a:1c:eb:78:a3:28:0d:4d:4d:52:e0:d4:80:14:45:
34:2c:7e:c6:06:df:b4:4a:07:01:49:ce:db:e9:f0:
43:9c:9f:09:61:df:a9:d5:d0:06:13:74:1c:57:0b:
52:5b:06:52:fc:ee:55:1f:31:98:4e:f7:f3:da:a4:
0e:ca:53:96:7b:ce:f6:3e:f7:86:9b:2d:67:f9:0c:
ea:f2:fb:59:93:87:d4:c3:69:13:00:31:72:1f:1e:
c8:c8:38:57:7c:e8:4b:6a:e2:4e:20:30:dc:ee:cb:
a0:8c:04:82:9c:77:4e:56:fb:5c:24:19:b4:fc:c0:
7d:9e:68:19:d7:10:4e:65:ab:4f:79:bb:b2:72:3f:
d3:c1:73:46:68:43:ce:cd:fb:4c:a0:1f:c1:2b:62:
cf:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:39:88:E2:D1:94:DE:38:4C:F4:91:1A:F4:43:39:F3:FB:A9:F1:1D
X509v3 Authority Key Identifier:
keyid:3E:8E:B8:58:E6:15:39:21:AD:B0:BF:5F:0B:C9:5B:4D:06:C7:C3:EF
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.afrinic.net/repository/member_repository/F36E8DA8/4C970B5E495C11ED9E7604E8F1222468/Po64WOYVOSGtsL9fC8lbTQbHw-8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/Po64WOYVOSGtsL9fC8lbTQbHw-8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://rpki.afrinic.net/policy/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36E8DA8/4C970B5E495C11ED9E7604E8F1222468/CC3720D6188111F197F8BFABDAE4EC9C.roa
RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
102.215.20.0/22
102.220.232.0/22
IPv6:
2c0f:1480::/32
Signature Algorithm: sha256WithRSAEncryption
97:37:4c:c1:b4:d0:2f:63:d5:ee:fd:61:4e:f8:7f:1c:9c:bb:
43:43:e8:66:c8:e8:41:31:cf:73:78:f4:28:48:79:07:cd:2d:
c5:46:76:4f:39:15:89:ba:fb:ab:48:bf:8c:9c:a9:32:ee:25:
92:39:e1:e9:3b:7e:04:0f:d5:34:ff:33:4c:88:7b:83:b9:d3:
43:54:a9:97:89:19:1d:45:f3:41:62:d8:f9:93:41:97:66:0a:
ea:81:d1:ed:bd:a8:fc:85:3d:36:36:6b:33:1c:66:2a:99:ac:
e1:72:4f:63:b5:0d:10:42:a6:42:02:38:dc:b2:cb:2b:bb:23:
f1:9f:9a:f7:15:00:6c:4d:d6:72:35:49:7a:00:f1:fd:da:31:
23:44:4c:f2:8e:38:26:5b:0b:c3:38:38:9f:63:d5:15:5d:06:
95:64:8a:23:82:44:db:b6:73:99:1b:09:df:37:94:59:d9:00:
df:0e:a8:6a:6b:a6:57:1b:87:ce:f3:60:da:2a:5c:f9:de:25:
98:96:75:0f:1c:6b:f2:58:77:38:08:9d:9e:2c:92:af:d6:83:
00:fe:8d:d3:3d:4b:e3:60:ba:b3:e0:41:da:b0:d5:ba:04:2f:
14:38:a3:8f:3d:43:2a:72:d4:06:60:a4:ee:8e:00:0f:a8:65:
b7:92:c5:bd
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgICBQMwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
RThEQThBRjExMC8GA1UEBRMoM0U4RUI4NThFNjE1MzkyMUFEQjBCRjVGMEJDOTVC
NEQwNkM3QzNFRjAeFw0yNjAzMDUxMDU1MTRaFw0yOTAzMDQxMDU1MTRaMBgxFjAU
BgNVBAMTDTY5YTk2MTE2LTJmNjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDM9fw0ylTFpeE+48OJy2buEgUVRf2HHb+G471YWZ4FUi5PWAI2xOkIcOJG
9bFaVLAbmngwnVspdm8lmU92Ct0aAbWfXUMQCUmMydQc9ZGtLkQYYPLJ0Ml1OSft
gTlYxJndDaYUmnlW+Boc63ijKA1NTVLg1IAURTQsfsYG37RKBwFJztvp8EOcnwlh
36nV0AYTdBxXC1JbBlL87lUfMZhO9/PapA7KU5Z7zvY+94abLWf5DOry+1mTh9TD
aRMAMXIfHsjIOFd86Etq4k4gMNzuy6CMBIKcd05W+1wkGbT8wH2eaBnXEE5lq095
u7JyP9PBc0ZoQ87N+0ygH8ErYs9nAgMBAAGjggK6MIICtjAdBgNVHQ4EFgQUSzmI
4tGU3jhM9JEa9EM58/up8R0wHwYDVR0jBBgwFoAUPo64WOYVOSGtsL9fC8lbTQbH
w+8wDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNkU4REE4LzRDOTcwQjVFNDk1QzExRUQ5RTc2MDRFOEYxMjIyNDY4L1BvNjRX
T1lWT1NHdHNMOWZDOGxiVFFiSHctOC5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL1BvNjRXT1lWT1NHdHNMOWZDOGxiVFFiSHctOC5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNkU4REE4LzRDOTcwQjVFNDk1QzExRUQ5RTc2MDRFOEYx
MjIyNDY4L0NDMzcyMEQ2MTg4MTExRjE5N0Y4QkZBQkRBRTRFQzlDLnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwNAYIKwYBBQUHAQcBAf8EJTAjMBIEAgABMAwDBAJm1xQDBAJm3OgwDQQCAAIw
BwMFACwPFIAwDQYJKoZIhvcNAQELBQADggEBAJc3TMG00C9j1e79YU74fxycu0ND
6GbI6EExz3N49ChIeQfNLcVGdk85FYm6+6tIv4ycqTLuJZI54ek7fgQP1TT/M0yI
e4O500NUqZeJGR1F80Fi2PmTQZdmCuqB0e29qPyFPTY2azMcZiqZrOFyT2O1DRBC
pkICONyyyyu7I/GfmvcVAGxN1nI1SXoA8f3aMSNETPKOOCZbC8M4OJ9j1RVdBpVk
iiOCRNu2c5kbCd83lFnZAN8OqGprplcbh87zYNoqXPneJZiWdQ8ca/JYdzgInZ4s
kq/WgwD+jdM9S+NgurPgQdqw1boELxQ4o489Qypy1AZgpO6OAA+oZbeSxb0=
-----END CERTIFICATE-----
Generated at Thu Mar 26 13:33:35 2026 by rpki-client