Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/c88555-abb7-4b10-ab64-19c5427e416f/1/bThqEhtk_G-GoCteOCswnHkuR78.roa
File:                     bThqEhtk_G-GoCteOCswnHkuR78.roa (raw, json)
Hash identifier:          S9etA5JVkelxn2lDvTQS+mG1vc/NtXhiDG/1MX0hetc=
Subject key identifier:   6D:38:6A:12:1B:64:FC:6F:86:A0:2B:5E:38:2B:30:9C:79:2E:47:BF
Certificate issuer:       /CN=494d0eaf80250ab8248989be71a4039718d6935a
Certificate serial:       08C396AD
Authority key identifier: 49:4D:0E:AF:80:25:0A:B8:24:89:89:BE:71:A4:03:97:18:D6:93:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SU0Or4AlCrgkiYm-caQDlxjWk1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/c88555-abb7-4b10-ab64-19c5427e416f/1/bThqEhtk_G-GoCteOCswnHkuR78.roa
Signing time:             Sat 01 Jan 2022 06:03:11 +0000
ROA not before:           Sat 01 Jan 2022 06:03:11 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42275
IP address blocks:        85.208.68.0/22 maxlen: 24
                          2a09:8340::/29 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 147035821 (0x8c396ad)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=494d0eaf80250ab8248989be71a4039718d6935a
        Validity
            Not Before: Jan  1 06:03:11 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6d386a121b64fc6f86a02b5e382b309c792e47bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b7:9b:98:90:f2:f4:88:0c:6f:ae:43:53:ae:
                    47:16:dd:85:da:f3:41:15:a6:d0:ed:79:09:eb:24:
                    0f:72:ab:cb:a0:85:c9:f2:c5:79:11:6a:47:75:4c:
                    ab:78:a0:95:48:9c:e2:08:10:1a:cf:83:f7:3e:24:
                    cc:92:84:31:25:33:1d:05:05:49:87:d9:6e:14:c2:
                    66:5a:89:1a:c2:8c:96:d9:2a:6d:19:c9:aa:40:21:
                    c3:32:08:a8:d4:6e:01:e0:3c:be:92:24:d8:5f:57:
                    8b:fc:45:38:c1:fb:4a:9e:5a:8f:99:a8:c0:ca:fb:
                    c7:03:22:2b:50:89:2e:5e:fe:b4:b4:e9:f6:0b:14:
                    69:fa:0a:e9:9f:1f:35:ec:cc:0d:d8:e1:90:36:43:
                    92:9f:49:77:ba:1f:c9:c4:88:88:57:88:9c:49:4e:
                    1b:5b:73:ca:7b:03:ab:2a:5e:a9:1d:13:3d:eb:c9:
                    51:fa:c2:e1:4c:cf:1c:3d:58:63:b0:f9:9b:9b:69:
                    55:04:7b:01:02:bb:cc:01:db:27:be:dd:41:fa:d0:
                    23:e6:ea:3d:96:d0:18:51:36:81:21:93:e1:5d:19:
                    28:99:a0:57:32:e4:ee:39:c2:57:30:ce:cc:d7:91:
                    a4:6f:a6:e8:88:30:f4:6d:e8:42:74:b6:2e:7e:cc:
                    58:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:38:6A:12:1B:64:FC:6F:86:A0:2B:5E:38:2B:30:9C:79:2E:47:BF
            X509v3 Authority Key Identifier:
                keyid:49:4D:0E:AF:80:25:0A:B8:24:89:89:BE:71:A4:03:97:18:D6:93:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SU0Or4AlCrgkiYm-caQDlxjWk1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c88555-abb7-4b10-ab64-19c5427e416f/1/bThqEhtk_G-GoCteOCswnHkuR78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c88555-abb7-4b10-ab64-19c5427e416f/1/SU0Or4AlCrgkiYm-caQDlxjWk1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.68.0/22
                IPv6:
                  2a09:8340::/29

    Signature Algorithm: sha256WithRSAEncryption
         40:4a:89:06:6d:d4:d6:35:c5:00:f7:d1:a0:b2:92:ca:39:bf:
         1e:a6:c5:f6:21:ee:fc:2c:b6:3e:3c:3a:f2:bd:f1:ac:cc:e7:
         0f:7f:f7:46:73:f5:b6:0d:6a:5e:b4:3e:99:a7:6b:11:41:dc:
         91:de:2d:3a:ff:95:22:e0:58:66:e1:50:94:07:ff:73:cc:0d:
         aa:9d:0d:25:1e:bb:7a:e3:3b:bc:ce:94:9b:2a:d0:d7:ae:d3:
         0a:fa:d2:f0:67:56:b5:57:4c:a3:83:aa:92:b8:db:f8:18:ea:
         5f:66:5a:11:f1:63:ff:e5:72:9a:ed:95:e5:52:61:fd:1b:37:
         a7:7b:dc:c8:f1:9f:c9:f9:b7:15:6a:76:ef:1c:0e:ab:70:d8:
         6e:43:ee:15:6e:10:82:7e:61:10:43:cd:4b:31:28:04:69:c7:
         1e:5b:e3:df:ea:f2:6c:b5:20:aa:b9:de:8b:86:a1:21:88:2f:
         c1:e3:d1:f5:3f:ad:d8:03:21:f9:4e:d4:6e:16:69:69:05:20:
         89:fb:32:f3:a9:0e:4c:62:be:85:9b:ef:11:78:0e:1e:d3:0b:
         fd:d3:99:1f:04:c0:30:f1:6a:b8:aa:e2:4f:5c:61:26:69:f9:
         63:e1:c2:5d:8e:e9:14:dd:d6:50:bb:80:69:cd:07:c1:d5:a9:
         fb:14:0f:eb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIECMOWrTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
OTRkMGVhZjgwMjUwYWI4MjQ4OTg5YmU3MWE0MDM5NzE4ZDY5MzVhMB4XDTIyMDEw
MTA2MDMxMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmQzODZhMTIxYjY0
ZmM2Zjg2YTAyYjVlMzgyYjMwOWM3OTJlNDdiZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJS3m5iQ8vSIDG+uQ1OuRxbdhdrzQRWm0O15CeskD3Kry6CF
yfLFeRFqR3VMq3iglUic4ggQGs+D9z4kzJKEMSUzHQUFSYfZbhTCZlqJGsKMltkq
bRnJqkAhwzIIqNRuAeA8vpIk2F9Xi/xFOMH7Sp5aj5mowMr7xwMiK1CJLl7+tLTp
9gsUafoK6Z8fNezMDdjhkDZDkp9Jd7ofycSIiFeInElOG1tzynsDqypeqR0TPevJ
UfrC4UzPHD1YY7D5m5tpVQR7AQK7zAHbJ77dQfrQI+bqPZbQGFE2gSGT4V0ZKJmg
VzLk7jnCVzDOzNeRpG+m6Igw9G3oQnS2Ln7MWHUCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBRtOGoSG2T8b4agK144KzCceS5HvzAfBgNVHSMEGDAWgBRJTQ6vgCUKuCSJ
ib5xpAOXGNaTWjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1NVME9yNEFsQ3Jna2lZbS1jYVFEbHhqV2sxby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvN2UvYzg4NTU1LWFiYjctNGIxMC1hYjY0LTE5YzU0MjdlNDE2Zi8x
L2JUaHFFaHRrX0ctR29DdGVPQ3N3bkhrdVI3OC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2Uv
Yzg4NTU1LWFiYjctNGIxMC1hYjY0LTE5YzU0MjdlNDE2Zi8xL1NVME9yNEFsQ3Jn
a2lZbS1jYVFEbHhqV2sxby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAlXQRDANBAIAAjAHAwUDKgmDQDAN
BgkqhkiG9w0BAQsFAAOCAQEAQEqJBm3U1jXFAPfRoLKSyjm/HqbF9iHu/Cy2Pjw6
8r3xrMznD3/3RnP1tg1qXrQ+madrEUHckd4tOv+VIuBYZuFQlAf/c8wNqp0NJR67
euM7vM6UmyrQ167TCvrS8GdWtVdMo4Oqkrjb+BjqX2ZaEfFj/+Vymu2V5VJh/Rs3
p3vcyPGfyfm3FWp27xwOq3DYbkPuFW4Qgn5hEEPNSzEoBGnHHlvj3+rybLUgqrne
i4ahIYgvwePR9T+t2AMh+U7UbhZpaQUgifsy86kOTGK+hZvvEXgOHtML/dOZHwTA
MPFquKriT1xhJmn5Y+HCXY7pFN3WULuAac0HwdWp+xQP6w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:32 2024 by rpki-client on console-fra.rpki-client.org