Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/C296DD80FA7011EFA4D3A27E762E951A.roa
File:                     C296DD80FA7011EFA4D3A27E762E951A.roa (raw, json)
Hash identifier:          9tdHHEb1CPPgr8H2wjrjYvHp/reXV5b7RTvhBJZTISE=
Subject key identifier:   B9:22:54:95:47:59:C8:FB:98:84:1C:0B:E4:83:09:33:C4:36:EC:91
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       014392
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/C296DD80FA7011EFA4D3A27E762E951A.roa
Signing time:             Thu 06 Mar 2025 09:52:48 +0000
ROA not before:           Thu 06 Mar 2025 09:52:44 +0000
ROA not after:            Wed 19 Mar 2025 09:52:44 +0000
asID:                     39600
IP address blocks:        156.237.111.0/24 maxlen: 24
                          156.237.120.0/24 maxlen: 24
                          156.237.121.0/24 maxlen: 24
                          156.237.122.0/24 maxlen: 24
                          156.237.123.0/24 maxlen: 24
                          156.237.124.0/24 maxlen: 24
                          156.237.125.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 82834 (0x14392)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR, serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
        Validity
            Not Before: Mar  6 09:52:44 2025 GMT
            Not After : Mar 19 09:52:44 2025 GMT
        Subject: CN=67c97070-19e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:16:d1:93:9c:9a:72:f7:db:73:19:46:3c:7f:
                    16:ac:d4:8f:90:fc:fa:28:62:d4:e2:5f:47:ce:b2:
                    a3:60:a8:73:c4:ea:34:b4:fc:65:98:a4:70:f3:51:
                    01:89:91:2d:38:cd:4c:57:4f:ea:ee:db:3f:e0:92:
                    b8:70:b5:cd:f7:98:8c:cd:0b:0a:1e:e8:fc:f2:cb:
                    67:80:7d:0a:87:33:b5:d1:1b:1f:7a:cc:02:25:19:
                    e5:c1:d5:16:56:6b:37:e8:e8:9c:31:4a:5a:14:b9:
                    7c:a6:0a:64:4f:7e:10:c5:38:17:f6:6d:e3:9e:b2:
                    f8:b6:41:12:73:fc:0a:3d:97:ad:87:66:16:85:9f:
                    d2:1e:70:79:69:d5:9b:96:4f:3d:87:d3:6f:c1:6b:
                    1e:a5:58:6e:1d:63:6d:d0:fe:35:0e:94:27:50:93:
                    44:02:0c:94:68:db:2a:d2:b3:ec:8f:34:6d:fd:be:
                    c3:17:8d:4b:ad:6d:77:af:dc:4f:c9:80:60:d0:ad:
                    80:31:18:1e:a0:b7:5b:46:71:3a:74:ad:a5:10:b0:
                    70:28:8f:fa:7e:c6:1a:18:b0:3c:b3:af:fb:47:34:
                    37:32:97:82:1c:14:3f:5e:a1:8d:94:00:c1:0d:3d:
                    95:58:25:44:e3:5b:b5:8d:0c:a9:67:bd:d2:94:d0:
                    0a:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:22:54:95:47:59:C8:FB:98:84:1C:0B:E4:83:09:33:C4:36:EC:91
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/C296DD80FA7011EFA4D3A27E762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.237.111.0/24
                  156.237.120.0-156.237.125.255

    Signature Algorithm: sha256WithRSAEncryption
         ae:d2:c6:d6:4c:09:51:5f:a7:5b:12:9d:c4:ca:f9:c9:51:56:
         c0:3d:9a:d5:ce:1f:5b:c6:2c:19:4a:e7:34:62:de:54:06:52:
         59:f6:54:a3:0e:c9:c9:a2:e1:c2:29:c3:a4:45:1f:90:10:b0:
         49:68:89:e1:ba:49:7c:dc:50:d8:67:ff:bd:eb:11:8d:8e:3b:
         96:02:55:21:4d:8e:6e:50:81:c0:84:35:1e:f1:df:3e:d7:3a:
         cd:8a:a3:41:63:b5:48:be:9f:f9:8b:ec:ab:c9:0f:62:9c:ae:
         31:76:91:e6:55:ea:0d:6e:a8:6e:63:87:75:50:f8:d0:c9:79:
         0c:59:7b:12:1a:11:7e:2b:d8:60:2c:e4:ab:74:54:87:df:9a:
         10:28:a3:9b:0a:33:2d:40:19:fb:db:c2:78:f8:9d:7d:56:b4:
         72:c8:d3:5b:ab:54:01:94:15:ff:e1:93:a8:b5:27:87:33:2d:
         50:28:ed:05:7b:f9:92:a7:34:15:32:a5:4b:ad:7f:76:78:ba:
         f1:53:af:94:61:5a:fe:8f:9e:ed:a1:5a:d7:5f:48:31:93:fa:
         df:09:4c:64:0a:6f:17:3d:29:de:34:28:f5:56:f6:e5:39:4c:
         91:e9:67:4b:7a:66:37:99:ee:85:e9:61:d7:34:74:a3:1a:ed:
         47:68:23:50
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgIDAUOSMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjUwMzA2MDk1MjQ0WhcNMjUwMzE5MDk1MjQ0WjAYMRYw
FAYDVQQDEw02N2M5NzA3MC0xOWUwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA3hbRk5yacvfbcxlGPH8WrNSPkPz6KGLU4l9HzrKjYKhzxOo0tPxlmKRw
81EBiZEtOM1MV0/q7ts/4JK4cLXN95iMzQsKHuj88stngH0KhzO10RsfeswCJRnl
wdUWVms36OicMUpaFLl8pgpkT34QxTgX9m3jnrL4tkESc/wKPZeth2YWhZ/SHnB5
adWblk89h9NvwWsepVhuHWNt0P41DpQnUJNEAgyUaNsq0rPsjzRt/b7DF41LrW13
r9xPyYBg0K2AMRgeoLdbRnE6dK2lELBwKI/6fsYaGLA8s6/7RzQ3MpeCHBQ/XqGN
lADBDT2VWCVE41u1jQypZ73SlNAKqQIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFLki
VJVHWcj7mIQcC+SDCTPENuyRMB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC9DMjk2REQ4MEZBNzAxMUVGQTREM0EyN0U3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAnO1vMAwDBAOc7XgDBAGc7Xww
DQYJKoZIhvcNAQELBQADggEBAK7SxtZMCVFfp1sSncTK+clRVsA9mtXOH1vGLBlK
5zRi3lQGUln2VKMOycmi4cIpw6RFH5AQsEloieG6SXzcUNhn/73rEY2OO5YCVSFN
jm5QgcCENR7x3z7XOs2Ko0FjtUi+n/mL7KvJD2KcrjF2keZV6g1uqG5jh3VQ+NDJ
eQxZexIaEX4r2GAs5Kt0VIffmhAoo5sKMy1AGfvbwnj4nX1WtHLI01urVAGUFf/h
k6i1J4czLVAo7QV7+ZKnNBUypUutf3Z4uvFTr5RhWv6Pnu2hWtdfSDGT+t8JTGQK
bxc9Kd40KPVW9uU5TJHpZ0t6ZjeZ7oXpYdc0dKMa7UdoI1A=
-----END CERTIFICATE-----