Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/8DD5213A5BB611EC9ECE51C35A40D577.roa
File:                     8DD5213A5BB611EC9ECE51C35A40D577.roa (raw, json)
Hash identifier:          FF1gw33jjB8YQvwm+sZG3dgQByiIPfjiKm9nK1HzUVc=
Subject key identifier:   DE:B4:0D:BB:70:80:87:1F:1E:CD:2B:4C:2B:C0:E2:64:D2:03:CF:59
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       13AF
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/8DD5213A5BB611EC9ECE51C35A40D577.roa
Signing time:             Mon 13 Dec 2021 01:46:56 +0000
ROA not before:           Mon 13 Dec 2021 01:46:53 +0000
ROA not after:            Fri 30 Dec 2022 01:46:53 +0000
asID:                     133201
IP address blocks:        154.204.71.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5039 (0x13af)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: Dec 13 01:46:53 2021 GMT
            Not After : Dec 30 01:46:53 2022 GMT
        Subject: CN=61b6a610-0245
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:45:e2:e6:cd:5d:66:89:08:8f:a1:65:66:a9:
                    10:be:c1:70:00:fa:1b:5c:d4:74:33:ef:bc:a1:a4:
                    7e:14:47:72:13:97:16:f1:08:44:7d:aa:9f:46:30:
                    10:e4:8a:a2:32:21:7c:56:81:6e:28:3f:b7:da:8f:
                    29:f2:7e:00:26:2f:4b:db:da:b2:f6:c1:c5:eb:04:
                    ba:04:39:ac:38:58:92:d9:66:90:c9:87:f9:4f:73:
                    bb:4b:d2:7d:13:4b:8a:9c:0f:22:ac:f2:b4:d3:d1:
                    ac:26:e9:59:4b:64:37:d7:90:27:3c:b8:27:d2:7b:
                    2c:8c:5d:bd:c6:90:9f:17:2e:9d:06:64:4c:7b:c9:
                    5d:12:19:52:a1:f6:e7:6c:5d:4f:cb:55:34:41:c7:
                    e0:02:9d:88:e0:72:8d:95:8a:86:5e:ca:20:24:9a:
                    19:af:49:de:b5:0c:05:64:c4:a0:de:6b:98:69:b4:
                    e8:5c:2f:ff:63:3a:f4:86:6f:dd:25:fa:ce:06:e1:
                    cb:68:50:03:8b:96:a9:cd:ea:7b:4e:35:7d:35:49:
                    67:32:69:fa:c0:69:10:70:01:52:5e:26:c7:77:a7:
                    90:e6:ee:a8:08:5b:fd:61:af:aa:68:3e:47:ce:74:
                    86:d4:dc:e2:f3:e5:e9:3e:4a:43:13:f0:4a:c9:4f:
                    03:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:B4:0D:BB:70:80:87:1F:1E:CD:2B:4C:2B:C0:E2:64:D2:03:CF:59
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/8DD5213A5BB611EC9ECE51C35A40D577.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.204.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:7f:0b:2d:ae:3f:46:dc:6f:6e:ec:cb:a4:ba:e3:1b:96:cc:
         1c:4b:2d:c9:43:f5:cd:63:ce:9c:6f:3a:12:78:34:00:1e:f2:
         75:2e:b8:4b:54:dc:e8:37:ea:61:8a:8b:68:b4:3c:1b:1e:ad:
         c0:b5:0e:1f:58:72:c4:4c:2d:60:b1:ed:8f:54:cf:f3:b7:2a:
         40:2d:db:4d:7e:1e:16:19:b1:d4:48:71:2c:00:9f:5f:b8:2f:
         81:df:0d:1d:3b:8a:87:19:39:20:fd:92:0d:d9:de:b9:18:a1:
         47:ef:65:f4:2c:75:05:a4:76:14:0e:15:4e:42:c9:a4:27:f2:
         ff:7b:bc:27:4e:ce:e2:45:2d:ac:cc:a1:42:c7:b6:47:bc:59:
         8b:b0:45:b4:88:2d:ad:ad:89:1b:f2:52:bc:4d:40:cf:6e:62:
         46:6f:37:8c:b4:11:91:24:15:94:87:5f:25:36:22:04:86:de:
         bb:06:79:8e:fb:8f:df:97:ec:3a:86:57:ef:37:59:f4:13:d5:
         c5:dc:53:8b:36:03:c4:9c:83:ef:a8:83:37:b1:20:1f:48:a4:
         50:6a:88:a5:29:01:5b:74:49:07:53:08:ab:81:45:f4:1c:ab:
         37:de:c6:59:c0:ae:7d:29:ff:48:dd:e6:b7:be:3a:bc:81:c7:
         54:5e:9c:97
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICE68wDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
OEYyRDBBRjExMC8GA1UEBRMoMjVENjNFMDhFQUJFN0NGQTY3ODVENEMxRDZEMzQx
MTZERTE1QjNEQzAeFw0yMTEyMTMwMTQ2NTNaFw0yMjEyMzAwMTQ2NTNaMBgxFjAU
BgNVBAMMDTYxYjZhNjEwLTAyNDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDZReLmzV1miQiPoWVmqRC+wXAA+htc1HQz77yhpH4UR3ITlxbxCER9qp9G
MBDkiqIyIXxWgW4oP7fajynyfgAmL0vb2rL2wcXrBLoEOaw4WJLZZpDJh/lPc7tL
0n0TS4qcDyKs8rTT0awm6VlLZDfXkCc8uCfSeyyMXb3GkJ8XLp0GZEx7yV0SGVKh
9udsXU/LVTRBx+ACnYjgco2VioZeyiAkmhmvSd61DAVkxKDea5hptOhcL/9jOvSG
b90l+s4G4ctoUAOLlqnN6ntONX01SWcyafrAaRBwAVJeJsd3p5Dm7qgIW/1hr6po
PkfOdIbU3OLz5ek+SkMT8ErJTwNbAgMBAAGjggKlMIICoTAdBgNVHQ4EFgQU3rQN
u3CAhx8ezStMK8DiZNIDz1kwHwYDVR0jBBgwFoAUJdY+COq+fPpnhdTB1tNBFt4V
s9wwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjhGMkQwLzdGNEE5OEVBNkUwNTExRTg5QzBENkU0QkY4QUVBMjI4L0pkWS1D
T3EtZlBwbmhkVEIxdE5CRnQ0VnM5dy5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL0pkWS1DT3EtZlBwbmhkVEIxdE5CRnQ0VnM5dy5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjhGMkQwLzdGNEE5OEVBNkUwNTExRTg5QzBENkU0QkY4
QUVBMjI4LzhERDUyMTNBNUJCNjExRUM5RUNFNTFDMzVBNDBENTc3LnJvYTA1Bggr
BgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54
bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACazEcwDQYJKoZIhvcNAQEL
BQADggEBAAZ/Cy2uP0bcb27sy6S64xuWzBxLLclD9c1jzpxvOhJ4NAAe8nUuuEtU
3Og36mGKi2i0PBsercC1Dh9YcsRMLWCx7Y9Uz/O3KkAt201+HhYZsdRIcSwAn1+4
L4HfDR07iocZOSD9kg3Z3rkYoUfvZfQsdQWkdhQOFU5CyaQn8v97vCdOzuJFLazM
oULHtke8WYuwRbSILa2tiRvyUrxNQM9uYkZvN4y0EZEkFZSHXyU2IgSG3rsGeY77
j9+X7DqGV+83WfQT1cXcU4s2A8Scg++ogzexIB9IpFBqiKUpAVt0SQdTCKuBRfQc
qzfexlnArn0p/0jd5re+OryBx1RenJc=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:11 2023 by rpki-client on console-fra.rpki-client.org