Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/B8EE6EBC0E1911F09738E36A762E951A.roa
File:                     B8EE6EBC0E1911F09738E36A762E951A.roa (raw, json)
Hash identifier:          mrO/gyOH9BljQ+cCr3VSSp/I8pTWjopMrJ0eS8mh66Y=
Subject key identifier:   82:13:F1:30:89:02:D8:55:7D:FE:1B:66:7D:64:86:E7:A8:7F:B4:C2
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       01771E
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/B8EE6EBC0E1911F09738E36A762E951A.roa
Signing time:             Mon 31 Mar 2025 10:20:09 +0000
ROA not before:           Mon 31 Mar 2025 10:20:05 +0000
ROA not after:            Thu 10 Apr 2025 10:20:05 +0000
asID:                     45669
IP address blocks:        154.80.0.0/18 maxlen: 24
                          154.80.64.0/18 maxlen: 24
                          154.81.224.0/21 maxlen: 24
                          154.81.232.0/21 maxlen: 24
                          154.81.240.0/21 maxlen: 24
                          154.81.248.0/21 maxlen: 24
                          154.91.160.0/22 maxlen: 24
                          154.91.164.0/23 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 96030 (0x1771e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF
        Validity
            Not Before: Mar 31 10:20:05 2025 GMT
            Not After : Apr 10 10:20:05 2025 GMT
        Subject: CN=67ea6c59-8e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:c6:00:c4:be:34:f9:5d:c7:69:5d:fc:1a:79:
                    16:0c:cb:24:1a:f0:65:45:d9:c8:e1:7e:aa:51:d3:
                    5c:0a:63:63:be:89:86:a2:c0:eb:71:b4:3c:13:fa:
                    6b:c7:b9:03:ea:23:54:64:3b:13:95:76:c9:43:ba:
                    f2:f8:63:d3:47:63:2a:53:35:57:19:52:b0:02:e4:
                    9b:e6:2d:5e:69:65:b9:2a:40:ef:31:4f:7f:2d:d4:
                    b8:93:a3:7c:8c:e7:40:59:41:91:86:78:11:73:fe:
                    4f:84:d6:8e:0a:8a:9d:e0:16:b5:1c:db:5c:b2:24:
                    7d:e1:48:e6:47:0e:2e:77:d9:46:77:e5:14:a8:50:
                    ff:0c:0c:2d:63:52:87:4a:b6:e4:20:98:e5:4f:3d:
                    92:ad:eb:98:82:b9:4f:5c:d0:8d:7d:42:11:39:e2:
                    2c:cd:13:6d:23:98:50:ce:8e:01:ef:5c:3f:66:06:
                    9c:3d:d3:5f:8d:6e:1b:59:20:24:50:69:a8:f1:e3:
                    44:a0:a8:1a:e4:f7:dd:3a:74:18:10:c4:bf:df:2f:
                    2a:46:2c:a3:d8:88:84:78:e8:01:87:ce:04:1b:f8:
                    bf:8d:b1:b7:3d:e3:92:5c:55:51:81:d7:1d:0e:69:
                    91:f4:d4:80:ae:ec:33:27:12:3a:e0:f0:c9:cd:91:
                    c2:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:13:F1:30:89:02:D8:55:7D:FE:1B:66:7D:64:86:E7:A8:7F:B4:C2
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/B8EE6EBC0E1911F09738E36A762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.80.0.0/17
                  154.81.224.0/19
                  154.91.160.0-154.91.165.255

    Signature Algorithm: sha256WithRSAEncryption
         5f:8f:b6:49:6d:ea:f8:23:53:58:e2:10:ba:b4:e8:74:31:bf:
         08:3c:52:c1:ee:ce:92:95:89:41:54:6f:38:e5:e0:75:aa:80:
         1e:81:79:da:a6:7d:f5:c3:64:8a:49:49:ee:7b:ae:5a:19:07:
         68:3b:a3:00:dd:ff:76:65:27:6b:bf:a9:bc:0b:1b:78:37:42:
         66:53:86:2d:ab:3a:1d:f6:f6:6d:16:b0:ee:5f:83:aa:0c:d6:
         34:e5:01:2f:36:77:8e:cf:0f:53:94:84:81:c9:77:44:98:fb:
         3d:97:98:f0:b1:01:30:13:e7:20:7e:42:4a:be:33:45:37:88:
         7f:0b:55:c8:6b:23:f5:b2:37:ae:96:bc:aa:b8:1d:70:56:37:
         65:25:33:11:1b:7c:13:16:21:9f:da:11:29:1f:36:43:92:47:
         79:67:25:05:3b:f8:6e:d6:89:41:36:a0:f7:ee:ad:f7:43:c6:
         b7:9b:5b:8e:54:34:df:a7:5f:6b:d8:cf:c2:88:f3:5e:8d:59:
         f5:ef:e7:16:d8:5e:c8:98:52:1c:81:12:36:64:56:18:56:82:
         1d:92:4b:c7:bb:c1:31:4a:cc:a4:1c:fb:0c:57:f3:b7:ee:10:
         7f:d1:68:90:ee:46:fd:79:95:ce:a4:8b:29:76:f5:9e:ce:0a:
         2f:2c:59:ed
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgIDAXceMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwMzMxMTAyMDA1WhcNMjUwNDEwMTAyMDA1WjAYMRYw
FAYDVQQDEw02N2VhNmM1OS04ZTIyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA18YAxL40+V3HaV38GnkWDMskGvBlRdnI4X6qUdNcCmNjvomGosDrcbQ8
E/prx7kD6iNUZDsTlXbJQ7ry+GPTR2MqUzVXGVKwAuSb5i1eaWW5KkDvMU9/LdS4
k6N8jOdAWUGRhngRc/5PhNaOCoqd4Ba1HNtcsiR94UjmRw4ud9lGd+UUqFD/DAwt
Y1KHSrbkIJjlTz2SreuYgrlPXNCNfUIROeIszRNtI5hQzo4B71w/ZgacPdNfjW4b
WSAkUGmo8eNEoKga5PfdOnQYEMS/3y8qRiyj2IiEeOgBh84EG/i/jbG3PeOSXFVR
gdcdDmmR9NSAruwzJxI64PDJzZHCSQIDAQABo4ICuTCCArUwHQYDVR0OBBYEFIIT
8TCJAthVff4bZn1khueof7TCMB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC9COEVFNkVCQzBFMTkxMUYwOTczOEUzNkE3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQHmlAAAwQFmlHgMAwDBAWa
W6ADBAGaW6QwDQYJKoZIhvcNAQELBQADggEBAF+Ptklt6vgjU1jiELq06HQxvwg8
UsHuzpKViUFUbzjl4HWqgB6BedqmffXDZIpJSe57rloZB2g7owDd/3ZlJ2u/qbwL
G3g3QmZThi2rOh329m0WsO5fg6oM1jTlAS82d47PD1OUhIHJd0SY+z2XmPCxATAT
5yB+Qkq+M0U3iH8LVchrI/WyN66WvKq4HXBWN2UlMxEbfBMWIZ/aESkfNkOSR3ln
JQU7+G7WiUE2oPfurfdDxrebW45UNN+nX2vYz8KI816NWfXv5xbYXsiYUhyBEjZk
VhhWgh2SS8e7wTFKzKQc+wxX87fuEH/RaJDuRv15lc6kiyl29Z7OCi8sWe0=
-----END CERTIFICATE-----