Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/C8586D08FA6E11EF8B335271762E951A.roa
File:                     C8586D08FA6E11EF8B335271762E951A.roa (raw, json)
Hash identifier:          a8gQDw8t5Ifz1IdM5ba1psDkLTH2UdB4GMdpjxTMUvk=
Subject key identifier:   0D:21:12:EB:0E:ED:3A:E3:AD:71:D6:83:5F:00:2D:6A:9B:EA:8D:4E
Certificate issuer:       /CN=F368F2D0AR/serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
Certificate serial:       014388
Authority key identifier: 79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B
Authority info access:    rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/C8586D08FA6E11EF8B335271762E951A.roa
Signing time:             Thu 06 Mar 2025 09:38:39 +0000
ROA not before:           Thu 06 Mar 2025 09:38:34 +0000
ROA not after:            Wed 19 Mar 2025 09:38:34 +0000
asID:                     39600
IP address blocks:        156.237.106.0/24 maxlen: 24
                          156.237.107.0/24 maxlen: 24
                          156.237.112.0/24 maxlen: 24
                          156.252.14.0/24 maxlen: 24
                          156.252.15.0/24 maxlen: 24
                          156.255.81.0/24 maxlen: 24
                          156.255.82.0/24 maxlen: 24
                          156.255.83.0/24 maxlen: 24
                          156.255.85.0/24 maxlen: 24
                          156.255.86.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 82824 (0x14388)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F368F2D0AR, serialNumber=797D88D813E20FFF982CC7419E969BAEA6BFD69B
        Validity
            Not Before: Mar  6 09:38:34 2025 GMT
            Not After : Mar 19 09:38:34 2025 GMT
        Subject: CN=67c96d1f-ef99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:db:fa:8e:da:13:a3:30:f4:05:72:2d:38:18:
                    1c:81:dc:5d:e8:3b:90:9b:58:19:cc:20:08:72:ce:
                    0e:6e:2e:6c:38:5c:a3:e0:8a:40:0b:1e:2b:dc:eb:
                    db:00:1f:b5:e8:f2:20:c5:c0:29:40:cb:6e:af:8d:
                    03:85:ef:d3:32:5e:f9:9b:4d:98:98:23:f0:fb:fb:
                    08:8e:db:47:59:b3:db:a5:20:70:f5:57:54:0e:c6:
                    95:6f:d6:ed:72:cc:5e:f1:37:84:35:74:81:9c:bc:
                    e9:ab:7f:23:86:85:4b:68:24:43:38:b1:85:e1:3b:
                    61:a1:a9:2a:cc:3e:d6:f9:ed:df:28:05:76:07:e9:
                    2f:44:88:80:13:76:00:9b:6a:10:22:25:63:30:48:
                    92:da:ab:cf:3b:55:d8:8a:5d:cc:69:cc:e6:de:2d:
                    d4:80:ea:86:b5:75:fa:bf:9a:7c:5e:7e:3f:fc:21:
                    24:42:10:9a:d3:14:6c:54:66:9d:b6:26:04:b5:20:
                    9b:e9:0d:bf:73:57:11:b0:02:aa:14:a2:5d:63:d3:
                    a6:7d:ed:1e:0e:6e:b9:a6:57:f0:68:dc:ef:84:ef:
                    65:91:24:31:3d:d2:4f:4f:59:07:6d:97:9f:f8:1d:
                    5b:3f:b4:7d:b3:ed:4c:df:37:0c:39:86:f0:7a:ef:
                    55:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:21:12:EB:0E:ED:3A:E3:AD:71:D6:83:5F:00:2D:6A:9B:EA:8D:4E
            X509v3 Authority Key Identifier:
                keyid:79:7D:88:D8:13:E2:0F:FF:98:2C:C7:41:9E:96:9B:AE:A6:BF:D6:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/eX2I2BPiD_-YLMdBnpabrqa_1ps.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/eX2I2BPiD_-YLMdBnpabrqa_1ps.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/C8586D08FA6E11EF8B335271762E951A.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.237.106.0/23
                  156.237.112.0/24
                  156.252.14.0/23
                  156.255.81.0-156.255.83.255
                  156.255.85.0-156.255.86.255

    Signature Algorithm: sha256WithRSAEncryption
         20:a0:f5:2f:ce:9c:69:51:ef:2a:4e:8f:24:4c:6f:b8:ec:ab:
         52:89:ba:24:4c:04:57:f5:0f:7d:ab:b7:2a:51:7b:92:2b:9a:
         12:db:05:9b:4f:1a:1e:10:88:e8:da:2b:ab:b4:05:b0:7e:a0:
         11:47:85:64:24:72:f3:bc:ae:78:e9:7a:46:d9:80:a5:bb:82:
         81:4c:d1:08:d7:de:24:d2:bf:88:de:7c:b2:ca:4b:ad:c9:11:
         20:bc:e4:e7:a9:99:00:ee:7e:a1:99:55:94:68:7c:e5:10:fe:
         7e:d2:68:0e:4e:a1:39:0a:24:32:00:20:16:18:7a:ed:18:1d:
         49:32:fd:2e:2f:55:58:61:1e:b9:3d:45:7e:43:31:74:44:c3:
         49:6a:6c:ac:17:17:c4:63:97:1b:c8:f7:62:b4:2a:bd:c7:f9:
         fa:ec:23:c0:0c:4b:ea:07:46:74:5a:72:9c:99:84:f3:47:15:
         2e:79:06:58:b2:a7:dc:99:1d:f9:7b:cf:17:4f:a2:7b:66:7a:
         da:23:ae:77:42:90:61:b7:48:b0:8e:ce:6c:36:49:0e:3b:5e:
         0c:a9:1b:12:75:32:11:c5:30:3a:73:c9:2f:9e:59:71:32:43:
         25:2a:b2:34:d0:cf:95:e1:28:b9:31:14:36:de:95:76:22:f2:
         a6:67:52:e7
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgIDAUOIMA0GCSqGSIb3DQEBCwUAMEgxEzARBgNVBAMTCkYz
NjhGMkQwQVIxMTAvBgNVBAUTKDc5N0Q4OEQ4MTNFMjBGRkY5ODJDQzc0MTlFOTY5
QkFFQTZCRkQ2OUIwHhcNMjUwMzA2MDkzODM0WhcNMjUwMzE5MDkzODM0WjAYMRYw
FAYDVQQDEw02N2M5NmQxZi1lZjk5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA5tv6jtoTozD0BXItOBgcgdxd6DuQm1gZzCAIcs4Obi5sOFyj4IpACx4r
3OvbAB+16PIgxcApQMtur40Dhe/TMl75m02YmCPw+/sIjttHWbPbpSBw9VdUDsaV
b9btcsxe8TeENXSBnLzpq38jhoVLaCRDOLGF4TthoakqzD7W+e3fKAV2B+kvRIiA
E3YAm2oQIiVjMEiS2qvPO1XYil3Maczm3i3UgOqGtXX6v5p8Xn4//CEkQhCa0xRs
VGadtiYEtSCb6Q2/c1cRsAKqFKJdY9Omfe0eDm65plfwaNzvhO9lkSQxPdJPT1kH
bZef+B1bP7R9s+1M3zcMOYbweu9VnQIDAQABo4ICyjCCAsYwHQYDVR0OBBYEFA0h
EusO7TrjrXHWg18ALWqb6o1OMB8GA1UdIwQYMBaAFHl9iNgT4g//mCzHQZ6Wm66m
v9abMA4GA1UdDwEB/wQEAwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3lu
YzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9y
eS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFFQTIyOC9lWDJJ
MkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYXJp
bi9lWDJJMkJQaURfLVlMTWRCbnBhYnJxYV8xcHMuY2VyME8GA1UdIAEB/wRFMEMw
QQYIKwYBBQUHDgIwNTAzBggrBgEFBQcCARYnaHR0cHM6Ly9ycGtpLmFmcmluaWMu
bmV0L3BvbGljeS9DUFMucGRmMIHbBggrBgEFBQcBCwSBzjCByzCBkQYIKwYBBQUH
MAuGgYRyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9tZW1iZXJf
cmVwb3NpdG9yeS9GMzY4RjJEMC85MkY4NkUxQzZFMDUxMUU4QTFCNTg1NEJGOEFF
QTIyOC9DODU4NkQwOEZBNkUxMUVGOEIzMzUyNzE3NjJFOTUxQS5yb2EwNQYIKwYB
BQUHMA2GKWh0dHBzOi8vcnJkcC5hZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1s
MEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQBnO1qAwQAnO1wAwQBnPwOMAwD
BACc/1EDBAKc/1AwDAMEAJz/VQMEAJz/VjANBgkqhkiG9w0BAQsFAAOCAQEAIKD1
L86caVHvKk6PJExvuOyrUom6JEwEV/UPfau3KlF7kiuaEtsFm08aHhCI6Norq7QF
sH6gEUeFZCRy87yueOl6RtmApbuCgUzRCNfeJNK/iN58sspLrckRILzk56mZAO5+
oZlVlGh85RD+ftJoDk6hOQokMgAgFhh67RgdSTL9Li9VWGEeuT1FfkMxdETDSWps
rBcXxGOXG8j3YrQqvcf5+uwjwAxL6gdGdFpynJmE80cVLnkGWLKn3Jkd+XvPF0+i
e2Z62iOud0KQYbdIsI7ObDZJDjteDKkbEnUyEcUwOnPJL55ZcTJDJSqyNNDPleEo
uTEUNt6VdiLypmdS5w==
-----END CERTIFICATE-----