Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/D9584E16FF2811EF8620B98A762E951A.roa
File:                     D9584E16FF2811EF8620B98A762E951A.roa (raw, json)
Hash identifier:          HbzTzk+k/o5ZKIR3OQZHjooue3CeSZop8tb5OpNC8kE=
Subject key identifier:   30:8A:3A:DF:FD:E0:F7:51:3C:D8:94:FF:DA:BD:F8:AB:85:8E:48:B9
Certificate issuer:       /CN=F368F2D0AF/serialNumber=25D63E08EABE7CFA6785D4C1D6D34116DE15B3DC
Certificate serial:       0173D9
Authority key identifier: 25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/D9584E16FF2811EF8620B98A762E951A.roa
Signing time:             Wed 12 Mar 2025 10:00:38 +0000
ROA not before:           Wed 12 Mar 2025 10:00:35 +0000
ROA not after:            Mon 31 Mar 2025 10:00:35 +0000
asID:                     212238
IP address blocks:        154.198.16.0/24 maxlen: 24
                          154.202.27.0/24 maxlen: 24
                          154.202.29.0/24 maxlen: 24
                          154.202.30.0/24 maxlen: 24
                          154.202.31.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 95193 (0x173d9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AF
        Validity
            Not Before: Mar 12 10:00:35 2025 GMT
            Not After : Mar 31 10:00:35 2025 GMT
        Subject: CN=67d15b46-11be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:7a:57:c6:0b:d5:61:f0:5b:c4:a7:45:f5:74:
                    c3:de:e0:44:f5:69:a9:76:87:fe:89:fb:20:c1:00:
                    4b:7e:ba:e0:00:58:35:24:cc:10:0a:ee:ad:61:7f:
                    28:98:81:14:43:d6:2f:7a:70:b3:0a:f4:6a:f9:ca:
                    e6:fc:46:63:53:c8:43:4d:58:8e:c2:73:42:d6:6b:
                    0a:03:fa:e1:10:4f:6c:86:20:1c:90:a7:99:d4:c1:
                    93:a1:15:0c:79:f1:ff:11:06:bd:69:51:de:c9:1c:
                    0c:ac:62:32:61:bb:30:e2:b3:36:54:e2:9d:0a:80:
                    ee:e3:e7:fb:cf:b6:5d:1a:b1:52:a3:70:76:e4:c4:
                    9d:51:97:38:c0:46:d4:79:2b:22:36:84:da:f1:e1:
                    0f:d7:fd:69:e2:7b:7a:35:a8:9e:b8:b8:bf:e1:3f:
                    d9:60:37:b3:2a:01:3b:37:9d:cd:70:b5:19:94:d7:
                    ac:21:93:1a:1b:c5:4b:76:ac:8e:8e:2c:77:66:33:
                    71:ce:04:a1:0b:89:7c:84:e2:26:40:9b:c8:73:53:
                    2f:92:6b:0a:fc:f7:b7:b9:5d:b3:d5:88:6c:a2:6a:
                    79:ec:e6:cc:f7:84:89:3e:08:c9:69:52:50:7e:8a:
                    ce:6e:be:e8:ad:33:5a:c4:46:44:9e:31:6c:bb:68:
                    65:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:8A:3A:DF:FD:E0:F7:51:3C:D8:94:FF:DA:BD:F8:AB:85:8E:48:B9
            X509v3 Authority Key Identifier:
                keyid:25:D6:3E:08:EA:BE:7C:FA:67:85:D4:C1:D6:D3:41:16:DE:15:B3:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/JdY-COq-fPpnhdTB1tNBFt4Vs9w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/JdY-COq-fPpnhdTB1tNBFt4Vs9w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/D9584E16FF2811EF8620B98A762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  154.198.16.0/24
                  154.202.27.0/24
                  154.202.29.0-154.202.31.255

    Signature Algorithm: sha256WithRSAEncryption
         94:c1:05:c5:8f:2c:77:4b:a4:1c:1c:61:b3:63:b7:45:27:61:
         fa:e5:4c:b4:5f:ba:b9:a2:a9:1d:7c:71:89:a3:b2:d3:80:11:
         a5:fa:2d:bb:5f:f7:d0:69:c0:59:ab:6c:6c:18:cd:ff:12:50:
         32:1e:fc:98:b6:0d:d4:dc:d1:47:f1:ae:8c:29:0c:44:16:e1:
         53:cf:f4:13:b6:56:70:d4:e7:61:32:77:5d:71:e0:3d:6f:7b:
         85:f3:6b:72:79:92:c2:1a:8a:77:64:0f:e9:bc:60:32:16:14:
         75:46:35:2b:eb:11:b7:b0:af:38:58:6c:bd:04:6a:a5:4d:00:
         34:ae:2b:e7:47:fe:57:56:cf:5f:5d:b7:ba:5d:0b:5d:b3:03:
         ec:38:c6:75:d5:ca:86:41:ad:c8:02:dc:dc:08:1f:ad:57:b2:
         11:2f:ba:36:bb:7d:6c:ea:86:dc:8d:07:07:7f:47:e9:1b:2e:
         35:d3:24:9c:b7:ab:dc:8d:c4:31:4b:92:2b:bd:13:e5:5e:31:
         2b:a0:62:55:7c:05:0f:2a:bb:15:e8:a6:0e:ea:b3:f6:66:6b:
         45:3a:5b:fe:a4:d5:72:30:49:01:b3:c0:51:80:72:66:68:93:
         19:f7:12:f2:c6:30:da:99:97:82:d7:62:3a:04:14:ac:99:57:
         11:df:63:f7
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgIDAXPZMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQUYxMTAvBgNVBAUTKDI1RDYzRTA4RUFCRTdDRkE2Nzg1RDRDMUQ2RDM0
MTE2REUxNUIzREMwHhcNMjUwMzEyMTAwMDM1WhcNMjUwMzMxMTAwMDM1WjAYMRYw
FAYDVQQDEw02N2QxNWI0Ni0xMWJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAu3pXxgvVYfBbxKdF9XTD3uBE9Wmpdof+ifsgwQBLfrrgAFg1JMwQCu6t
YX8omIEUQ9YvenCzCvRq+crm/EZjU8hDTViOwnNC1msKA/rhEE9shiAckKeZ1MGT
oRUMefH/EQa9aVHeyRwMrGIyYbsw4rM2VOKdCoDu4+f7z7ZdGrFSo3B25MSdUZc4
wEbUeSsiNoTa8eEP1/1p4nt6NaieuLi/4T/ZYDezKgE7N53NcLUZlNesIZMaG8VL
dqyOjix3ZjNxzgShC4l8hOImQJvIc1MvkmsK/Pe3uV2z1Yhsomp57ObM94SJPgjJ
aVJQforObr7orTNaxEZEnjFsu2hldwIDAQABo4ICuTCCArUwHQYDVR0OBBYEFDCK
Ot/94PdRPNiU/9q9+KuFjki5MB8GA1UdIwQYMBaAFCXWPgjqvnz6Z4XUwdbTQRbe
FbPcMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJGOEFFQTIyOC9KZFkt
Q09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY3JsMGcGCCsGAQUFBwEBBFswWTBXBggr
BgEFBQcwAoZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZy
aW5pYy9KZFktQ09xLWZQcG5oZFRCMXROQkZ0NFZzOXcuY2VyME8GA1UdIAEB/wRF
MEMwQQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmlu
aWMubmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYB
BQUHMAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1i
ZXJfcmVwb3NpdG9yeS9GMzY4RjJEMC83RjRBOThFQTZFMDUxMUU4OUMwRDZFNEJG
OEFFQTIyOC9EOTU4NEUxNkZGMjgxMUVGODYyMEI5OEE3NjJFOTUxQS5yb2EwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24u
eG1sMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAmsYQAwQAmsobMAwDBACa
yh0DBAWaygAwDQYJKoZIhvcNAQELBQADggEBAJTBBcWPLHdLpBwcYbNjt0UnYfrl
TLRfurmiqR18cYmjstOAEaX6Lbtf99BpwFmrbGwYzf8SUDIe/Ji2DdTc0Ufxrowp
DEQW4VPP9BO2VnDU52Eyd11x4D1ve4Xza3J5ksIaindkD+m8YDIWFHVGNSvrEbew
rzhYbL0EaqVNADSuK+dH/ldWz19dt7pdC12zA+w4xnXVyoZBrcgC3NwIH61XshEv
uja7fWzqhtyNBwd/R+kbLjXTJJy3q9yNxDFLkiu9E+VeMSugYlV8BQ8quxXopg7q
s/Zma0U6W/6k1XIwSQGzwFGAcmZokxn3EvLGMNqZl4LXYjoEFKyZVxHfY/c=
-----END CERTIFICATE-----