Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/8D0CBC22FF2311EF8E3DAB68762E951A.roa
File:                     8D0CBC22FF2311EF8E3DAB68762E951A.roa (raw, json)
Hash identifier:          sbNYqTKuexudGlAwofGWN/1+4S30ksjBli6ynuLAEXE=
Subject key identifier:   82:22:5D:DB:F6:5A:D3:CC:B6:DE:1A:0B:5E:A1:C3:E7:5E:94:00:50
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       0173CB
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/8D0CBC22FF2311EF8E3DAB68762E951A.roa
Signing time:             Wed 12 Mar 2025 09:22:43 +0000
ROA not before:           Wed 12 Mar 2025 09:22:38 +0000
ROA not after:            Mon 31 Mar 2025 09:22:38 +0000
asID:                     5065
IP address blocks:        154.198.20.0/24 maxlen: 24
                          154.198.21.0/24 maxlen: 24
                          154.198.22.0/24 maxlen: 24
                          154.198.23.0/24 maxlen: 24
                          154.205.49.0/24 maxlen: 24
                          154.212.20.0/22 maxlen: 24
                          154.212.26.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 95179 (0x173cb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF, serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: Mar 12 09:22:38 2025 GMT
            Not After : Mar 31 09:22:38 2025 GMT
        Subject: CN=67d15263-052b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:a4:05:04:1b:08:31:69:00:ed:96:79:d6:63:
                    03:26:4b:6d:a9:9e:69:72:2b:83:09:39:42:96:10:
                    a5:19:5d:cf:e1:28:95:14:23:60:65:d6:08:fa:45:
                    c3:07:5e:06:82:ac:f0:d6:96:63:6f:ee:7e:78:30:
                    be:ea:d2:3a:67:f6:d6:c3:dd:33:55:fd:23:69:64:
                    e2:f7:8f:6e:f7:1d:bd:f0:4c:dd:e7:ed:75:de:d1:
                    6a:13:ca:3f:d3:27:c5:0f:c4:23:44:f4:1b:54:c8:
                    93:12:6b:91:3a:1d:50:a0:50:01:1f:f3:69:b8:cb:
                    4c:06:36:95:16:a8:50:48:9b:29:df:63:33:c1:95:
                    e0:c3:2c:6a:44:d5:56:4a:56:b8:d1:a0:fa:72:2b:
                    79:b9:04:b4:ce:17:69:33:c8:6e:9b:67:44:4a:47:
                    79:65:0a:51:ec:e8:3b:7d:a6:e0:bd:9a:32:b1:0d:
                    8b:3a:96:36:24:3b:ce:32:3b:42:c5:5d:19:77:78:
                    7e:96:7d:e5:ad:52:af:c4:77:88:ae:ad:45:1b:05:
                    24:74:04:e0:89:ae:d1:ef:a2:8a:60:ee:f3:f6:cb:
                    d2:16:3b:0b:a2:51:98:bf:61:5e:19:68:7c:f0:db:
                    92:27:38:21:b1:60:f3:e7:f5:31:1b:f1:c3:f7:95:
                    c1:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:22:5D:DB:F6:5A:D3:CC:B6:DE:1A:0B:5E:A1:C3:E7:5E:94:00:50
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/8D0CBC22FF2311EF8E3DAB68762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.198.20.0/22
                  154.205.49.0/24
                  154.212.20.0/22
                  154.212.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:1a:a9:48:84:19:e8:9c:46:e3:13:ce:4b:c4:ff:b7:74:49:
         1c:eb:d5:eb:10:eb:69:35:7f:f5:50:a4:0f:a8:9f:ea:1b:a8:
         6d:72:0d:4b:d1:db:ec:84:ac:8f:b8:f2:eb:b9:db:ef:70:31:
         95:64:42:12:d1:d4:58:a5:a0:a4:71:0b:52:16:54:83:e6:b3:
         99:3a:af:71:62:0e:d0:d1:bc:10:81:ae:0e:61:c6:38:06:5c:
         6a:01:3b:8e:83:ce:e7:3d:91:e4:b6:20:48:cf:48:7b:dd:33:
         8c:a0:d7:b3:9a:27:f5:60:b7:3f:89:2d:ba:6f:a1:e3:71:93:
         dc:7f:36:b9:00:ec:43:78:72:9d:7a:d0:8e:d1:72:d7:1a:20:
         ae:a7:03:97:08:fa:ed:bc:59:79:48:06:10:58:3b:74:1b:8e:
         66:ad:2f:53:96:b8:7d:e4:8b:ff:f5:ba:f6:e6:64:c6:65:c8:
         06:16:c7:7d:40:53:65:10:3c:29:5b:e2:b5:84:2c:8c:20:e3:
         ca:bf:af:0d:c8:3b:ce:e7:3f:7d:87:bd:b6:fe:a3:28:bc:d4:
         e5:1a:ab:38:25:68:f4:33:56:e0:00:7e:b6:89:2c:2f:49:fc:
         22:bf:b3:87:75:22:78:d4:42:90:89:dd:a1:b2:bd:74:38:a1:
         3d:31:ab:12
-----BEGIN CERTIFICATE-----
MIIFljCCBH6gAwIBAgIDAXPLMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwMzEyMDkyMjM4WhcNMjUwMzMxMDkyMjM4WjAYMRYw
FAYDVQQDEw02N2QxNTI2My0wNTJiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA2KQFBBsIMWkA7ZZ51mMDJkttqZ5pciuDCTlClhClGV3P4SiVFCNgZdYI
+kXDB14Ggqzw1pZjb+5+eDC+6tI6Z/bWw90zVf0jaWTi949u9x298Ezd5+113tFq
E8o/0yfFD8QjRPQbVMiTEmuROh1QoFABH/NpuMtMBjaVFqhQSJsp32MzwZXgwyxq
RNVWSla40aD6cit5uQS0zhdpM8hum2dESkd5ZQpR7Og7fabgvZoysQ2LOpY2JDvO
MjtCxV0Zd3h+ln3lrVKvxHeIrq1FGwUkdATgia7R76KKYO7z9svSFjsLolGYv2Fe
GWh88NuSJzghsWDz5/UxG/HD95XBaQIDAQABo4ICtzCCArMwHQYDVR0OBBYEFIIi
Xdv2WtPMtt4aC16hw+delABQMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC84RDBDQkMyMkZGMjMxMUVGOEUzREFCNjg3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCmsYUAwQAms0xAwQCmtQU
AwQAmtQaMA0GCSqGSIb3DQEBCwUAA4IBAQCfGqlIhBnonEbjE85LxP+3dEkc69Xr
EOtpNX/1UKQPqJ/qG6htcg1L0dvshKyPuPLrudvvcDGVZEIS0dRYpaCkcQtSFlSD
5rOZOq9xYg7Q0bwQga4OYcY4BlxqATuOg87nPZHktiBIz0h73TOMoNezmif1YLc/
iS26b6HjcZPcfza5AOxDeHKdetCO0XLXGiCupwOXCPrtvFl5SAYQWDt0G45mrS9T
lrh95Iv/9br25mTGZcgGFsd9QFNlEDwpW+K1hCyMIOPKv68NyDvO5z99h722/qMo
vNTlGqs4JWj0M1bgAH62iSwvSfwiv7OHdSJ41EKQid2hsr10OKE9MasS
-----END CERTIFICATE-----