Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/85I6UPi4hzDoYBUp0zRybtfneKI.roa
File:                     85I6UPi4hzDoYBUp0zRybtfneKI.roa (raw, json)
Hash identifier:          3oM/A423iFhLAcxr1y1Ue/Mhl4LnH9DgPJAqBYnJP3s=
Subject key identifier:   F3:92:3A:50:F8:B8:87:30:E8:60:15:29:D3:34:72:6E:D7:E7:78:A2
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       038BB670
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/85I6UPi4hzDoYBUp0zRybtfneKI.roa
Signing time:             Tue 10 May 2022 11:25:02 +0000
ROA not before:           Tue 10 May 2022 11:25:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     400377
IP address blocks:        85.158.145.0/24 maxlen: 24
                          5.178.4.0/24 maxlen: 24
                          109.205.211.0/24 maxlen: 24
                          5.178.6.0/24 maxlen: 24
                          5.178.7.0/24 maxlen: 24
                          5.178.5.0/24 maxlen: 24
                          5.10.243.0/24 maxlen: 24
                          5.10.246.0/24 maxlen: 24
                          5.10.249.0/24 maxlen: 24
                          5.10.252.0/24 maxlen: 24
                          5.10.255.0/24 maxlen: 24
                          88.151.197.0/24 maxlen: 24
                          88.151.199.0/24 maxlen: 24
                          164.215.96.0/24 maxlen: 24
                          164.215.97.0/24 maxlen: 24
                          164.215.98.0/24 maxlen: 24
                          164.215.99.0/24 maxlen: 24
                          5.10.240.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 59487856 (0x38bb670)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: May 10 11:25:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f3923a50f8b88730e8601529d334726ed7e778a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:2e:b2:13:5b:10:73:e5:53:53:0c:4c:92:88:
                    c0:08:26:86:9f:b7:25:63:fd:9e:49:75:6d:14:c5:
                    3b:37:80:93:04:13:44:3b:eb:98:9d:7c:b1:80:0f:
                    71:71:46:f5:11:e2:15:c9:2e:43:39:3f:76:f4:77:
                    d4:a5:77:be:69:eb:8f:3c:05:fe:f9:02:66:97:7b:
                    f7:77:13:33:e1:f6:eb:80:b5:7c:4f:ff:aa:dc:03:
                    b2:c3:e0:4a:32:db:6c:99:3f:b1:20:1c:95:a9:ae:
                    52:2c:24:c3:3c:de:a9:56:c8:eb:7c:9d:21:c7:60:
                    92:bc:45:3a:75:c4:e0:fc:69:95:c0:5f:3e:c3:d6:
                    b9:6a:01:29:8d:14:ae:4d:1e:f1:7f:42:53:d5:ed:
                    29:3a:fc:43:f4:82:1f:0f:b9:a2:ff:d4:11:58:cc:
                    c1:c2:a7:29:f2:1a:db:ff:54:f0:88:d8:51:5f:23:
                    da:ca:56:da:0b:5c:18:cb:6f:61:d0:92:e8:84:30:
                    98:c1:e3:7f:08:86:b4:fc:26:d2:a2:c9:42:47:b5:
                    de:52:63:3d:a9:9d:d1:cb:0e:68:03:f2:76:22:03:
                    81:99:47:28:4c:e8:2e:50:13:62:62:d9:73:01:d3:
                    ca:30:20:ab:d7:75:30:2c:9f:ef:4f:15:45:7d:d4:
                    10:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:92:3A:50:F8:B8:87:30:E8:60:15:29:D3:34:72:6E:D7:E7:78:A2
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/85I6UPi4hzDoYBUp0zRybtfneKI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.240.0/24
                  5.10.243.0/24
                  5.10.246.0/24
                  5.10.249.0/24
                  5.10.252.0/24
                  5.10.255.0/24
                  5.178.4.0/22
                  85.158.145.0/24
                  88.151.197.0/24
                  88.151.199.0/24
                  109.205.211.0/24
                  164.215.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:42:5b:b5:ac:f5:b9:f9:74:53:5c:f4:50:04:4b:20:db:5b:
         3b:fa:7c:83:6f:1e:64:a9:c1:38:04:ea:84:a4:da:e1:13:66:
         47:10:07:fc:a6:4d:d9:5f:60:ea:4b:8d:fa:0d:d1:68:36:ab:
         0f:74:be:27:99:c8:9e:2a:6f:59:37:ec:ec:97:c6:db:25:dc:
         b8:4c:c7:87:53:fe:df:17:25:c4:d6:c2:e4:16:b0:3e:99:f5:
         19:46:b4:bd:83:4d:1e:bc:c7:98:9c:b8:97:4b:b3:a7:68:1a:
         ec:9d:73:bf:14:18:5e:6e:4e:34:c2:ca:b0:78:ce:89:3e:84:
         be:17:56:60:2d:db:d4:c1:38:6a:be:ec:e7:76:51:ad:03:87:
         d8:66:05:18:5c:16:37:86:1b:60:9e:bd:fb:c9:d7:af:f7:9b:
         22:27:ab:19:d5:0a:f5:6c:71:ee:55:dd:9c:3a:04:5f:7d:da:
         52:08:a4:67:61:df:e2:b7:f7:7f:89:9d:6c:de:a0:68:c9:66:
         19:5c:88:00:67:84:9c:ef:05:5a:61:ce:d7:7a:1a:b2:6d:8c:
         ea:88:1f:70:e3:7d:5f:0d:be:c1:38:0b:da:0a:68:4e:6e:e4:
         59:3a:24:20:6f:3b:f4:cb:b7:d4:53:eb:d5:ac:fd:fc:f4:53:
         ed:da:28:7d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIEA4u2cDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
ZDA2YTQyYmIyNDQ2ZTUxZjE5MmVhMzc1YmRmN2VlYzVhNTFjNzdmMB4XDTIyMDUx
MDExMjUwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjM5MjNhNTBmOGI4
ODczMGU4NjAxNTI5ZDMzNDcyNmVkN2U3NzhhMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL4ushNbEHPlU1MMTJKIwAgmhp+3JWP9nkl1bRTFOzeAkwQT
RDvrmJ18sYAPcXFG9RHiFckuQzk/dvR31KV3vmnrjzwF/vkCZpd793cTM+H264C1
fE//qtwDssPgSjLbbJk/sSAclamuUiwkwzzeqVbI63ydIcdgkrxFOnXE4PxplcBf
PsPWuWoBKY0Urk0e8X9CU9XtKTr8Q/SCHw+5ov/UEVjMwcKnKfIa2/9U8IjYUV8j
2spW2gtcGMtvYdCS6IQwmMHjfwiGtPwm0qLJQke13lJjPamd0csOaAPydiIDgZlH
KEzoLlATYmLZcwHTyjAgq9d1MCyf708VRX3UEAkCAwEAAaOCAkswggJHMB0GA1Ud
DgQWBBTzkjpQ+LiHMOhgFSnTNHJu1+d4ojAfBgNVHSMEGDAWgBR9BqQrskRuUfGS
6jdb337sWlHHfzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2ZRYWtLN0pFYmxIeGt1bzNXOTktN0ZwUngzOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZWMvNzgwMDJhLTRmYzAtNGRiZi04NTg1LTJjZjgwNmIyZDBmMi8x
Lzg1STZVUGk0aHpEb1lCVXAwelJ5YnRmbmVLSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWMv
NzgwMDJhLTRmYzAtNGRiZi04NTg1LTJjZjgwNmIyZDBmMi8xL2ZRYWtLN0pFYmxI
eGt1bzNXOTktN0ZwUngzOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBh
BggrBgEFBQcBBwEB/wRSMFAwTgQCAAEwSAMEAAUK8AMEAAUK8wMEAAUK9gMEAAUK
+QMEAAUK/AMEAAUK/wMEAgWyBAMEAFWekQMEAFiXxQMEAFiXxwMEAG3N0wMEAqTX
YDANBgkqhkiG9w0BAQsFAAOCAQEAR0Jbtaz1ufl0U1z0UARLINtbO/p8g28eZKnB
OATqhKTa4RNmRxAH/KZN2V9g6kuN+g3RaDarD3S+J5nInipvWTfs7JfG2yXcuEzH
h1P+3xclxNbC5BawPpn1GUa0vYNNHrzHmJy4l0uzp2ga7J1zvxQYXm5ONMLKsHjO
iT6EvhdWYC3b1ME4ar7s53ZRrQOH2GYFGFwWN4YbYJ69+8nXr/ebIierGdUK9Wxx
7lXdnDoEX33aUgikZ2Hf4rf3f4mdbN6gaMlmGVyIAGeEnO8FWmHO13oasm2M6ogf
cON9Xw2+wTgL2gpoTm7kWTokIG879Mu31FPr1az9/PRT7doofQ==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:09:50 2023 by rpki-client on console-ams.rpki-client.org