Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/384EB820581411F18F36B40BCF1D38B0.roa
File:                     384EB820581411F18F36B40BCF1D38B0.roa (raw, json)
Hash identifier:          VRzZ/ZY7h2V6b6uBd+qCnwjq6e7qHRvZ8fRTC9U+vz8=
Subject key identifier:   EF:FE:0C:64:72:1B:2B:99:F8:FA:51:B0:E8:EA:EE:1A:C3:80:D3:06
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       01CF43
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/384EB820581411F18F36B40BCF1D38B0.roa
Signing time:             Mon 25 May 2026 08:32:15 +0000
ROA not before:           Mon 25 May 2026 08:32:05 +0000
ROA not after:            Sat 06 Jun 2026 08:32:05 +0000
asID:                     140227
IP address blocks:        154.86.16.0/23 maxlen: 24
                          154.86.21.0/24 maxlen: 24
                          154.86.22.0/24 maxlen: 24
                          154.86.23.0/24 maxlen: 24
                          154.86.24.0/24 maxlen: 24
                          154.86.25.0/24 maxlen: 24
                          154.86.26.0/24 maxlen: 24
                          154.86.27.0/24 maxlen: 24
                          154.86.28.0/24 maxlen: 24
                          154.86.29.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 118595 (0x1cf43)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF, serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: May 25 08:32:05 2026 GMT
            Not After : Jun  6 08:32:05 2026 GMT
        Subject: CN=6a14090f-ce29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:28:b3:df:f6:58:6b:8f:22:3e:82:8f:d8:41:
                    91:b9:36:66:8c:eb:2e:dd:aa:51:12:bd:b7:88:04:
                    3f:56:59:8a:4b:8c:aa:47:f9:43:45:dc:1e:47:dd:
                    fe:b4:4e:eb:08:95:35:e5:8c:9e:04:25:46:b6:ed:
                    b7:54:c5:1c:5c:78:00:f4:a5:03:32:c3:48:b7:51:
                    e1:d1:bf:1b:06:c7:42:44:3d:37:39:d1:c3:f6:39:
                    a2:1b:04:ae:3c:00:7f:d7:5f:12:66:66:5e:8e:3b:
                    9e:b9:10:b9:3c:29:2b:54:9e:2a:e3:a9:ae:d4:3b:
                    42:c0:68:58:16:3a:65:fc:e4:60:95:e9:5c:d6:0b:
                    4e:4e:35:bd:27:8f:bc:52:30:79:b7:35:fa:20:34:
                    9c:04:1c:d7:ce:a4:51:15:23:47:2f:29:d4:b3:f7:
                    01:b8:ef:14:c9:a2:c2:51:a1:5e:25:ae:a5:83:31:
                    28:90:42:58:f3:64:5a:1e:6e:25:d8:9a:e3:e8:23:
                    13:84:f8:b3:9d:77:62:53:8e:5d:1b:97:3a:33:ed:
                    ff:96:61:e1:ca:27:a9:44:ee:d6:9b:b1:f8:65:22:
                    bd:fc:4e:e7:74:f4:18:10:fe:9a:f5:cc:bc:51:97:
                    00:c3:5b:9f:69:42:2d:6b:f4:f8:30:5b:93:8a:54:
                    28:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:FE:0C:64:72:1B:2B:99:F8:FA:51:B0:E8:EA:EE:1A:C3:80:D3:06
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/384EB820581411F18F36B40BCF1D38B0.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.86.16.0/23
                  154.86.21.0-154.86.29.255

    Signature Algorithm: sha256WithRSAEncryption
         bb:ee:7f:66:17:24:01:c6:7d:11:67:82:9e:01:2c:07:e9:6c:
         b3:ad:65:75:73:ae:74:0a:2a:b8:de:aa:e7:ec:79:4b:78:ea:
         88:78:71:35:a7:ef:3d:0d:67:93:d6:57:1d:95:6d:72:fb:d2:
         17:88:0f:79:4f:ed:98:b6:79:57:e8:41:93:83:d9:26:d0:3d:
         db:fe:e6:7f:cf:b8:8f:d8:dd:f9:c1:b1:08:d3:1b:5a:65:0f:
         f6:cb:0e:8a:f2:21:42:c8:5e:27:a2:a4:5d:8c:ee:3d:dc:83:
         a8:1a:a4:a5:0e:24:37:80:ba:d6:19:9d:55:a2:01:8d:01:25:
         f2:4b:7c:81:05:f4:73:cd:bb:61:e4:1b:0d:63:07:6c:b8:29:
         52:2f:52:a5:81:74:98:17:6b:2c:c7:55:c4:79:50:81:76:ae:
         9b:1d:dd:5e:1e:4c:fa:b5:a8:3f:6f:7e:1b:82:bc:25:52:cc:
         fa:b7:cd:36:d1:6a:1d:11:c3:de:bd:f1:fe:90:ea:f1:b9:a5:
         1d:ed:d9:5a:bf:74:d3:e2:fb:25:3e:57:8f:e9:fa:8a:ce:36:
         b7:ff:52:df:80:e4:bf:94:89:d9:60:99:3f:2e:fa:35:57:45:
         37:7d:5c:4f:56:6a:1c:96:3b:9e:99:7e:ad:18:9a:35:d5:55:
         c8:ec:f7:91
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgIDAc9DMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjYwNTI1MDgzMjA1WhcNMjYwNjA2MDgzMjA1WjAYMRYw
FAYDVQQDEw02YTE0MDkwZi1jZTI5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAqCiz3/ZYa48iPoKP2EGRuTZmjOsu3apREr23iAQ/VlmKS4yqR/lDRdwe
R93+tE7rCJU15YyeBCVGtu23VMUcXHgA9KUDMsNIt1Hh0b8bBsdCRD03OdHD9jmi
GwSuPAB/118SZmZejjueuRC5PCkrVJ4q46mu1DtCwGhYFjpl/ORglelc1gtOTjW9
J4+8UjB5tzX6IDScBBzXzqRRFSNHLynUs/cBuO8UyaLCUaFeJa6lgzEokEJY82Ra
Hm4l2Jrj6CMThPiznXdiU45dG5c6M+3/lmHhyiepRO7Wm7H4ZSK9/E7ndPQYEP6a
9cy8UZcAw1ufaUIta/T4MFuTilQotQIDAQABo4ICszCCAq8wHQYDVR0OBBYEFO/+
DGRyGyuZ+PpRsOjq7hrDgNMGMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC8zODRFQjgyMDU4MTQxMUYxOEYzNkI0MEJDRjFEMzhCMC5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBmlYQMAwDBACaVhUDBAGa
VhwwDQYJKoZIhvcNAQELBQADggEBALvuf2YXJAHGfRFngp4BLAfpbLOtZXVzrnQK
KrjequfseUt46oh4cTWn7z0NZ5PWVx2VbXL70heID3lP7Zi2eVfoQZOD2SbQPdv+
5n/PuI/Y3fnBsQjTG1plD/bLDoryIULIXieipF2M7j3cg6gapKUOJDeAutYZnVWi
AY0BJfJLfIEF9HPNu2HkGw1jB2y4KVIvUqWBdJgXayzHVcR5UIF2rpsd3V4eTPq1
qD9vfhuCvCVSzPq3zTbRah0Rw9698f6Q6vG5pR3t2Vq/dNPi+yU+V4/p+orONrf/
Ut+A5L+UidlgmT8u+jVXRTd9XE9WahyWO56Zfq0YmjXVVcjs95E=
-----END CERTIFICATE-----