Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F364AE44/22270EFEAF4411EB8C257686F8AEA228/407CDA20B19A11EBA19BD174F8AEA228.roa
File:                     407CDA20B19A11EBA19BD174F8AEA228.roa (raw, json)
Hash identifier:          suXMkJQgGBGMwFXobrIWnR4eDXv7rT1HiLfL6Kpunfk=
Subject key identifier:   49:87:66:58:37:4D:D5:D5:D9:09:20:A8:06:AB:A5:AE:CA:52:09:EE
Certificate issuer:       /CN=F364AE44AF/serialNumber=8F503BD573CE113517CD6B4CFA374A62F15E12C1
Certificate serial:       05
Authority key identifier: 8F:50:3B:D5:73:CE:11:35:17:CD:6B:4C:FA:37:4A:62:F1:5E:12:C1
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/j1A71XPOETUXzWtM-jdKYvFeEsE.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F364AE44/22270EFEAF4411EB8C257686F8AEA228/407CDA20B19A11EBA19BD174F8AEA228.roa
Signing time:             Mon 10 May 2021 14:16:03 +0000
ROA not before:           Mon 10 May 2021 14:15:56 +0000
ROA not after:            Tue 10 May 2022 14:15:56 +0000
asID:                     36925
IP address blocks:        41.87.128.0/19 maxlen: 24
                          41.92.0.0/17 maxlen: 24
                          41.205.192.0/19 maxlen: 24
                          41.214.128.0/17 maxlen: 24
                          102.96.0.0/13 maxlen: 24
                          105.188.0.0/14 maxlen: 24
                          196.112.0.0/12 maxlen: 24
                          197.153.0.0/16 maxlen: 24
                          197.230.0.0/16 maxlen: 24
                          197.247.0.0/16 maxlen: 24
                          197.253.128.0/17 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5 (0x5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F364AE44AF/serialNumber=8F503BD573CE113517CD6B4CFA374A62F15E12C1
        Validity
            Not Before: May 10 14:15:56 2021 GMT
            Not After : May 10 14:15:56 2022 GMT
        Subject: CN=60994023-53ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:42:65:5d:68:c6:b1:50:63:8a:36:9b:51:81:
                    c9:8a:51:9e:4b:e5:0f:8d:38:9b:09:e6:27:fe:4b:
                    78:5a:f7:75:a4:01:d1:5e:48:e7:3b:86:eb:38:89:
                    81:0e:29:f2:89:bf:a1:50:9d:43:70:48:f4:41:b5:
                    74:4d:33:94:dd:fc:13:35:3b:52:f8:70:b8:68:5c:
                    38:be:d0:4f:ed:ad:2a:b9:e8:9e:d7:0c:30:af:05:
                    0a:51:b3:4d:a3:26:ae:e8:ed:4c:18:c3:3c:28:ab:
                    e0:74:da:a1:96:55:c6:c9:f2:18:2d:8e:11:01:58:
                    0e:c7:07:75:01:b4:51:ca:fe:17:9f:e0:cd:31:1e:
                    1e:36:ef:1e:9b:ed:83:5f:d1:d7:49:83:94:dc:5f:
                    6e:bc:f1:07:ed:3d:b9:1e:c4:0b:b6:e5:db:dc:06:
                    f9:c2:b6:12:32:45:c6:ad:10:b0:ce:e2:9f:af:62:
                    0f:e9:3f:9b:5d:a9:c9:e9:1e:41:c1:3a:3b:10:de:
                    7d:f1:15:04:8c:42:ab:25:ba:13:bc:f4:40:1f:77:
                    ce:7b:f9:21:87:08:c5:e7:87:e5:9b:ee:38:55:6a:
                    23:59:02:66:9f:a5:5a:11:78:58:1b:c5:b4:82:24:
                    41:aa:be:43:db:fe:ae:cf:12:d5:ea:b7:eb:f4:8d:
                    79:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:87:66:58:37:4D:D5:D5:D9:09:20:A8:06:AB:A5:AE:CA:52:09:EE
            X509v3 Authority Key Identifier:
                keyid:8F:50:3B:D5:73:CE:11:35:17:CD:6B:4C:FA:37:4A:62:F1:5E:12:C1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F364AE44/22270EFEAF4411EB8C257686F8AEA228/j1A71XPOETUXzWtM-jdKYvFeEsE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/j1A71XPOETUXzWtM-jdKYvFeEsE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F364AE44/22270EFEAF4411EB8C257686F8AEA228/407CDA20B19A11EBA19BD174F8AEA228.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  41.87.128.0/19
                  41.92.0.0/17
                  41.205.192.0/19
                  41.214.128.0/17
                  102.96.0.0/13
                  105.188.0.0/14
                  196.112.0.0/12
                  197.153.0.0/16
                  197.230.0.0/16
                  197.247.0.0/16
                  197.253.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         28:03:58:cf:81:d0:3e:89:e4:34:7b:13:f5:f2:9c:44:a4:0f:
         4f:0f:df:06:f4:be:22:91:ed:a3:e1:e5:bc:b7:f8:f6:68:23:
         2f:c2:e5:57:62:fb:cf:65:18:71:44:cd:a5:04:50:f9:bb:3b:
         fe:5b:6d:9a:57:0a:20:26:0a:41:ae:ea:85:93:99:9b:29:93:
         4b:43:24:04:d2:ea:8e:7e:0b:ab:04:d9:9c:d7:fb:d3:af:20:
         2f:de:cd:e9:23:19:24:a7:e7:8f:6b:08:e9:03:44:02:70:47:
         f9:b2:08:55:1a:91:93:b2:ed:69:9f:3f:bf:f2:25:b4:9a:64:
         72:e6:e1:2d:62:87:42:be:d8:91:6d:17:5f:26:f9:a7:dd:f3:
         a3:48:60:d5:fb:dc:78:17:17:4a:96:08:1f:2f:6c:7b:a7:db:
         59:47:19:d4:70:bc:1d:bc:b9:95:4d:29:5e:9e:3d:52:8d:08:
         93:83:fe:20:9e:fe:3f:d7:c2:39:e4:cc:83:ec:9a:d7:7f:f0:
         1d:50:d2:da:78:21:2b:8c:7c:03:a1:cf:0e:7b:96:e6:ec:92:
         0d:63:a0:2f:97:17:10:f2:0d:0b:c1:b0:c6:66:0e:d0:f8:ed:
         f4:bc:48:03:ad:ac:5d:e5:f2:aa:61:a1:0f:f1:3c:83:1d:6a:
         94:44:81:72
-----BEGIN CERTIFICATE-----
MIIFuDCCBKCgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBIMRMwEQYDVQQDEwpGMzY0
QUU0NEFGMTEwLwYDVQQFEyg4RjUwM0JENTczQ0UxMTM1MTdDRDZCNENGQTM3NEE2
MkYxNUUxMkMxMB4XDTIxMDUxMDE0MTU1NloXDTIyMDUxMDE0MTU1NlowGDEWMBQG
A1UEAxMNNjA5OTQwMjMtNTNhYzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMFCZV1oxrFQY4o2m1GByYpRnkvlD404mwnmJ/5LeFr3daQB0V5I5zuG6ziJ
gQ4p8om/oVCdQ3BI9EG1dE0zlN38EzU7UvhwuGhcOL7QT+2tKrnontcMMK8FClGz
TaMmrujtTBjDPCir4HTaoZZVxsnyGC2OEQFYDscHdQG0Ucr+F5/gzTEeHjbvHpvt
g1/R10mDlNxfbrzxB+09uR7EC7bl29wG+cK2EjJFxq0QsM7in69iD+k/m12pyeke
QcE6OxDeffEVBIxCqyW6E7z0QB93znv5IYcIxeeH5ZvuOFVqI1kCZp+lWhF4WBvF
tIIkQaq+Q9v+rs8S1eq36/SNeacCAwEAAaOCAtswggLXMB0GA1UdDgQWBBRJh2ZY
N03V1dkJIKgGq6WuylIJ7jAfBgNVHSMEGDAWgBSPUDvVc84RNRfNa0z6N0pi8V4S
wTAOBgNVHQ8BAf8EBAMCB4AwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2NEFFNDQvMjIyNzBFRkVBRjQ0MTFFQjhDMjU3Njg2RjhBRUEyMjgvajFBNzFY
UE9FVFVYeld0TS1qZEtZdkZlRXNFLmNybDBnBggrBgEFBQcBAQRbMFkwVwYIKwYB
BQUHMAKGS3JzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L2Fmcmlu
aWMvajFBNzFYUE9FVFVYeld0TS1qZEtZdkZlRXNFLmNlcjBPBgNVHSABAf8ERTBD
MEEGCCsGAQUFBw4CMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vcnBraS5hZnJpbmlj
Lm5ldC9wb2xpY3kvQ1BTLnBkZjCB2wYIKwYBBQUHAQsEgc4wgcswgZEGCCsGAQUF
BzALhoGEcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVy
X3JlcG9zaXRvcnkvRjM2NEFFNDQvMjIyNzBFRkVBRjQ0MTFFQjhDMjU3Njg2RjhB
RUEyMjgvNDA3Q0RBMjBCMTlBMTFFQkExOUJEMTc0RjhBRUEyMjgucm9hMDUGCCsG
AQUFBzANhilodHRwczovL3JyZHAuYWZyaW5pYy5uZXQvbm90aWZpY2F0aW9uLnht
bDBVBggrBgEFBQcBBwEB/wRGMEQwQgQCAAEwPAMEBSlXgAMEBylcAAMEBSnNwAME
BynWgAMDA2ZgAwMCabwDAwTEcAMDAMWZAwMAxeYDAwDF9wMEB8X9gDANBgkqhkiG
9w0BAQsFAAOCAQEAKANYz4HQPonkNHsT9fKcRKQPTw/fBvS+IpHto+HlvLf49mgj
L8LlV2L7z2UYcUTNpQRQ+bs7/lttmlcKICYKQa7qhZOZmymTS0MkBNLqjn4LqwTZ
nNf7068gL97N6SMZJKfnj2sI6QNEAnBH+bIIVRqRk7LtaZ8/v/IltJpkcubhLWKH
Qr7YkW0XXyb5p93zo0hg1fvceBcXSpYIHy9se6fbWUcZ1HC8Hby5lU0pXp49Uo0I
k4P+IJ7+P9fCOeTMg+ya13/wHVDS2nghK4x8A6HPDnuW5uySDWOgL5cXEPINC8Gw
xmYO0Pjt9LxIA62sXeXyqmGhD/E8gx1qlESBcg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:47:08 2024 by rpki-client on console-fra.rpki-client.org