Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/9890BCBAF86611EF9D74C6A5762E951A.roa
File:                     9890BCBAF86611EF9D74C6A5762E951A.roa (raw, json)
Hash identifier:          FIJp+rZhZHWBOmrxQvlPd4roXaquHdHhKy2CMALLTpY=
Subject key identifier:   9F:D8:7C:7E:55:A4:B7:89:BD:B2:AD:B1:13:CF:D2:10:C1:01:D0:47
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       017125
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/9890BCBAF86611EF9D74C6A5762E951A.roa
Signing time:             Mon 03 Mar 2025 19:35:00 +0000
ROA not before:           Mon 03 Mar 2025 19:34:56 +0000
ROA not after:            Mon 31 Mar 2025 19:34:56 +0000
asID:                     44559
IP address blocks:        154.209.194.0/24 maxlen: 24
                          154.209.195.0/24 maxlen: 24
                          154.209.196.0/24 maxlen: 24
                          154.209.197.0/24 maxlen: 24
                          154.209.199.0/24 maxlen: 24
                          154.209.200.0/24 maxlen: 24
                          154.209.201.0/24 maxlen: 24
                          154.209.202.0/24 maxlen: 24
                          154.209.203.0/24 maxlen: 24
                          154.209.205.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 94501 (0x17125)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF, serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
        Validity
            Not Before: Mar  3 19:34:56 2025 GMT
            Not After : Mar 31 19:34:56 2025 GMT
        Subject: CN=67c60464-d834
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e3:02:5a:7e:86:e5:3f:db:4e:01:85:ea:0f:
                    45:84:47:8c:54:84:56:c5:89:7a:5e:61:cd:b7:87:
                    32:f1:3b:93:29:4c:0a:2b:d9:18:21:fe:3c:90:3c:
                    8d:51:e1:7f:f7:86:15:85:c5:7d:90:a5:e0:d3:00:
                    c7:db:7c:8c:9b:f8:c4:53:49:00:1d:73:c6:38:78:
                    aa:33:95:6c:fa:a4:34:23:2f:62:3d:46:a9:0e:c3:
                    24:af:e7:62:72:6a:b4:9e:61:ab:6f:0c:5c:94:ce:
                    2d:45:f4:39:e7:de:98:33:36:16:09:7f:80:85:1c:
                    50:31:7d:bb:e2:51:bb:1c:71:a3:04:30:e4:14:36:
                    24:e7:48:38:9b:94:2e:f7:37:aa:64:fa:bd:28:37:
                    a5:fa:d1:d9:83:55:bc:71:4e:83:f0:d1:ee:a5:a1:
                    66:cf:20:91:7d:7f:15:c6:c1:d3:24:b4:e6:e3:a6:
                    43:44:bd:1f:af:aa:2d:c0:6f:66:20:2d:82:8f:eb:
                    c8:19:e9:da:a0:69:57:49:f4:e6:9e:ab:f8:55:df:
                    4b:e2:e7:c5:36:36:b1:b6:9e:2d:4e:e5:08:54:57:
                    64:75:d2:8a:8c:ff:be:8d:da:98:57:6d:c3:a8:76:
                    12:18:c0:59:63:26:12:98:a7:7e:60:4e:05:da:cc:
                    88:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:D8:7C:7E:55:A4:B7:89:BD:B2:AD:B1:13:CF:D2:10:C1:01:D0:47
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/9890BCBAF86611EF9D74C6A5762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.209.194.0-154.209.197.255
                  154.209.199.0-154.209.203.255
                  154.209.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:19:e8:76:de:d7:08:8c:2f:4b:90:d4:0e:c0:d5:05:16:ad:
         e8:a6:91:b7:5c:0d:4a:f4:81:6b:73:96:8d:bb:65:01:ba:b2:
         75:9d:49:06:c3:be:c3:f6:bd:e5:d8:52:3e:04:76:90:78:f1:
         a0:b5:93:53:b9:90:6e:ff:a8:c7:d7:44:26:5e:cb:54:e7:9f:
         ad:3b:1c:32:52:8c:a9:f4:83:60:0f:db:e7:8b:75:18:35:ff:
         fa:b4:9e:36:50:99:a2:d5:b9:d6:5e:f6:00:b3:a3:23:c9:0e:
         a2:14:80:aa:eb:3a:19:24:ce:ee:5a:9c:84:84:eb:20:dc:5d:
         c0:37:65:2f:08:7f:2b:bd:bc:6d:1a:f6:2a:bd:a5:58:eb:06:
         34:78:50:62:8a:55:24:82:23:e4:a2:0d:b9:b7:dc:96:3c:e0:
         b2:50:97:4f:72:30:7a:cf:b4:3e:c0:c7:bc:70:0e:eb:a2:40:
         1a:2f:94:57:0a:76:4b:6b:01:90:b1:ad:69:7b:4a:a2:3c:cf:
         2d:42:af:ba:a0:25:c7:3b:6d:13:7f:3e:12:53:e0:22:eb:73:
         41:f3:fc:6f:8b:91:05:ae:e7:25:3c:2f:e7:e7:85:27:61:a5:
         e8:e9:e1:49:c0:67:42:38:47:c8:04:15:f4:c5:6f:4e:40:69:
         e5:e0:55:f4
-----BEGIN CERTIFICATE-----
MIIFoDCCBIigAwIBAgIDAXElMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwMzAzMTkzNDU2WhcNMjUwMzMxMTkzNDU2WjAYMRYw
FAYDVQQDEw02N2M2MDQ2NC1kODM0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAqeMCWn6G5T/bTgGF6g9FhEeMVIRWxYl6XmHNt4cy8TuTKUwKK9kYIf48
kDyNUeF/94YVhcV9kKXg0wDH23yMm/jEU0kAHXPGOHiqM5Vs+qQ0Iy9iPUapDsMk
r+dicmq0nmGrbwxclM4tRfQ5596YMzYWCX+AhRxQMX274lG7HHGjBDDkFDYk50g4
m5Qu9zeqZPq9KDel+tHZg1W8cU6D8NHupaFmzyCRfX8VxsHTJLTm46ZDRL0fr6ot
wG9mIC2Cj+vIGenaoGlXSfTmnqv4Vd9L4ufFNjaxtp4tTuUIVFdkddKKjP++jdqY
V23DqHYSGMBZYyYSmKd+YE4F2syI/QIDAQABo4ICwTCCAr0wHQYDVR0OBBYEFJ/Y
fH5VpLeJvbKtsRPP0hDBAdBHMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC85ODkwQkNCQUY4NjYxMUVGOUQ3NEM2QTU3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiMAwDBAGa0cIDBAGa0cQwDAME
AJrRxwMEAprRyAMEAJrRzTANBgkqhkiG9w0BAQsFAAOCAQEAKBnodt7XCIwvS5DU
DsDVBRat6KaRt1wNSvSBa3OWjbtlAbqydZ1JBsO+w/a95dhSPgR2kHjxoLWTU7mQ
bv+ox9dEJl7LVOefrTscMlKMqfSDYA/b54t1GDX/+rSeNlCZotW51l72ALOjI8kO
ohSAqus6GSTO7lqchITrINxdwDdlLwh/K728bRr2Kr2lWOsGNHhQYopVJIIj5KIN
ubfcljzgslCXT3Iwes+0PsDHvHAO66JAGi+UVwp2S2sBkLGtaXtKojzPLUKvuqAl
xzttE38+ElPgIutzQfP8b4uRBa7nJTwv5+eFJ2Gl6OnhScBnQjhHyAQV9MVvTkBp
5eBV9A==
-----END CERTIFICATE-----