Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/6AA7E3E802FA11F09FF07E9B762E951A.roa
File:                     6AA7E3E802FA11F09FF07E9B762E951A.roa (raw, json)
Hash identifier:          CzcsNO4zuMqYWv/PTvxp0/wYBiQtQCEwgIpTtuSMWHE=
Subject key identifier:   AA:F1:61:0B:CD:47:75:39:8C:8D:3D:BA:37:D2:18:22:82:8D:6B:21
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       014672
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/6AA7E3E802FA11F09FF07E9B762E951A.roa
Signing time:             Mon 17 Mar 2025 06:38:20 +0000
ROA not before:           Mon 17 Mar 2025 06:38:16 +0000
ROA not after:            Wed 02 Apr 2025 06:38:16 +0000
asID:                     39600
IP address blocks:        156.237.108.0/24 maxlen: 24
                          156.237.109.0/24 maxlen: 24
                          156.237.110.0/24 maxlen: 24
                          156.237.111.0/24 maxlen: 24
                          156.237.117.0/24 maxlen: 24
                          156.237.120.0/24 maxlen: 24
                          156.237.121.0/24 maxlen: 24
                          156.237.122.0/24 maxlen: 24
                          156.237.123.0/24 maxlen: 24
                          156.237.124.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 83570 (0x14672)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR
        Validity
            Not Before: Mar 17 06:38:16 2025 GMT
            Not After : Apr  2 06:38:16 2025 GMT
        Subject: CN=67d7c35c-82b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ef:73:e5:5b:39:8a:7d:d3:45:c4:58:a9:42:
                    94:5a:2b:c5:29:1e:78:a3:0a:ed:14:09:2d:26:78:
                    a7:f5:d7:1b:a1:1c:e8:75:1f:a2:a1:d1:e1:29:f6:
                    f8:c3:7f:7e:d1:2b:b8:17:50:13:70:75:20:8a:94:
                    8f:f2:dd:a2:ec:c5:bb:81:7c:9e:81:c6:85:bd:49:
                    57:7c:7a:30:3c:f2:9a:5f:e6:dc:f6:eb:4e:c2:c0:
                    c4:16:22:58:a6:85:65:cd:2b:26:4b:d4:c7:60:bc:
                    19:1c:80:26:32:c4:af:15:a0:e4:af:8a:f0:ea:27:
                    17:ee:d7:19:ef:65:fe:5c:ca:5c:84:39:9d:59:fe:
                    1d:be:b3:cd:6f:95:e8:95:05:a8:91:f4:4b:4a:fa:
                    3f:96:54:57:9f:09:31:f7:d7:a8:34:57:c9:b9:aa:
                    f0:32:e8:3b:43:fe:9f:7a:c2:34:cb:86:fb:a2:76:
                    5a:24:de:6a:13:76:15:a7:13:31:39:e7:95:85:36:
                    c2:27:e1:5f:17:cc:c0:30:08:4f:ab:24:13:e0:7a:
                    e9:68:29:1c:a7:85:fd:9e:b6:03:26:16:e6:5d:76:
                    11:d9:93:1f:e5:11:6a:9e:1f:46:20:0c:eb:98:f1:
                    80:bb:ce:e7:e4:ef:d0:90:23:46:12:d3:04:1f:9e:
                    8b:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:F1:61:0B:CD:47:75:39:8C:8D:3D:BA:37:D2:18:22:82:8D:6B:21
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/6AA7E3E802FA11F09FF07E9B762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.237.108.0/22
                  156.237.117.0/24
                  156.237.120.0-156.237.124.255

    Signature Algorithm: sha256WithRSAEncryption
         22:ed:e9:13:b7:b0:db:ae:67:d5:6e:a0:9a:c8:2d:93:40:1d:
         9c:37:18:1b:31:73:36:64:98:39:e3:28:3c:6b:cd:da:7e:55:
         75:18:a2:0f:6c:1f:8d:48:df:f4:15:d1:05:ba:77:de:a3:bc:
         5f:51:68:35:a2:51:cf:fe:7c:d7:77:9d:c9:c3:a1:18:c9:42:
         29:b3:13:d5:ea:9c:3f:a1:c7:18:d9:2c:cb:ef:51:df:32:e7:
         c1:d5:be:0c:a0:4e:1d:0b:42:93:3b:49:df:c7:f3:11:8c:36:
         f4:a9:8d:92:fc:84:84:18:00:26:a2:88:cf:92:1e:2e:12:c8:
         86:20:67:d1:cf:46:e0:68:79:54:37:d8:37:80:87:40:b5:56:
         54:45:36:5c:d6:bf:0b:bb:21:2f:48:d2:c0:ea:1d:f5:b5:66:
         a5:09:d6:d3:26:1f:7e:91:7b:05:72:79:7f:24:eb:a1:e1:b3:
         c1:54:70:e3:3b:0a:a7:c5:3c:5b:9b:b4:65:60:29:7a:92:3b:
         f8:93:59:6f:d5:d0:84:b1:61:e3:69:4f:ce:13:33:cb:3e:2d:
         a4:40:67:cc:ab:d0:ee:42:3e:a7:7c:fc:86:3f:04:58:2a:d3:
         f2:ef:dc:6e:58:b6:9d:45:eb:e7:67:b8:56:8c:71:a3:5d:0f:
         8f:49:ea:7f
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgIDAUZyMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjUwMzE3MDYzODE2WhcNMjUwNDAyMDYzODE2WjAYMRYw
FAYDVQQDEw02N2Q3YzM1Yy04MmI4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAvu9z5Vs5in3TRcRYqUKUWivFKR54owrtFAktJnin9dcboRzodR+iodHh
Kfb4w39+0Su4F1ATcHUgipSP8t2i7MW7gXyegcaFvUlXfHowPPKaX+bc9utOwsDE
FiJYpoVlzSsmS9THYLwZHIAmMsSvFaDkr4rw6icX7tcZ72X+XMpchDmdWf4dvrPN
b5XolQWokfRLSvo/llRXnwkx99eoNFfJuarwMug7Q/6fesI0y4b7onZaJN5qE3YV
pxMxOeeVhTbCJ+FfF8zAMAhPqyQT4HrpaCkcp4X9nrYDJhbmXXYR2ZMf5RFqnh9G
IAzrmPGAu87n5O/QkCNGEtMEH56L/wIDAQABo4ICtjCCArIwHQYDVR0OBBYEFKrx
YQvNR3U5jI09ujfSGCKCjWshMB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC82QUE3RTNFODAyRkExMUYwOUZGMDdFOUI3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQCnO1sAwQAnO11MAwDBAOc7XgD
BACc7XwwDQYJKoZIhvcNAQELBQADggEBACLt6RO3sNuuZ9VuoJrILZNAHZw3GBsx
czZkmDnjKDxrzdp+VXUYog9sH41I3/QV0QW6d96jvF9RaDWiUc/+fNd3ncnDoRjJ
QimzE9XqnD+hxxjZLMvvUd8y58HVvgygTh0LQpM7Sd/H8xGMNvSpjZL8hIQYACai
iM+SHi4SyIYgZ9HPRuBoeVQ32DeAh0C1VlRFNlzWvwu7IS9I0sDqHfW1ZqUJ1tMm
H36RewVyeX8k66Hhs8FUcOM7CqfFPFubtGVgKXqSO/iTWW/V0ISxYeNpT84TM8s+
LaRAZ8yr0O5CPqd8/IY/BFgq0/Lv3G5Ytp1F6+dnuFaMcaNdD49J6n8=
-----END CERTIFICATE-----