Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131322e37382e3135362e302f32342d3234203d3e203137343531.roa
File:                     3131322e37382e3135362e302f32342d3234203d3e203137343531.roa (raw, json)
Hash identifier:          yv2i03WLmP2zd0iiDmC0Qjrk8y9oH0DoXObn5Tco6Lc=
Subject key identifier:   4A:3C:2C:89:3B:9B:46:FA:39:59:CD:95:53:CB:64:24:79:F3:2A:E8
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       5CDAEFDCBCDD33BA308998BC127F580A22E6F3FB
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131322e37382e3135362e302f32342d3234203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:01:03 +0000
ROA not before:           Wed 29 Sep 2021 23:56:03 +0000
ROA not after:            Fri 30 Sep 2022 00:01:03 +0000
asID:                     17451
IP address blocks:        112.78.156.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:da:ef:dc:bc:dd:33:ba:30:89:98:bc:12:7f:58:0a:22:e6:f3:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:56:03 2021 GMT
            Not After : Sep 30 00:01:03 2022 GMT
        Subject: CN=3082010A0282010100BFD30F947FD8CECD8DDF3EC3DC0C55DF96083962BE109C4BBAB5F533F1334824777786DBB094B09791F7215CAE74F165E93A92E37020FE5E2B9318E68A4C203B2050B5D15A7BD671058A62CB70C26645EB9851FB8C5D52C3B374B9B31DB1EA6075E5CF3336D513DB6ADEC94459C95409A704B15929333618058EC581162538401AB625A74326A7C0FF94EB079065E16B70A03C39892F7B860EB0886DE7BF8B2CE971DB592AD782F82C34835C3391A3542B8884386CC7B5FD91CCFF7F7787C2C8297BADA21743ED4774C277DAF40D8EC25DB7414BC7EF8D7EAB00890A8CED144D31AD67189599943B8328468181D48497BC5D068E4EE42911B7CA14CD598DC4410203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d3:0f:94:7f:d8:ce:cd:8d:df:3e:c3:dc:0c:
                    55:df:96:08:39:62:be:10:9c:4b:ba:b5:f5:33:f1:
                    33:48:24:77:77:86:db:b0:94:b0:97:91:f7:21:5c:
                    ae:74:f1:65:e9:3a:92:e3:70:20:fe:5e:2b:93:18:
                    e6:8a:4c:20:3b:20:50:b5:d1:5a:7b:d6:71:05:8a:
                    62:cb:70:c2:66:45:eb:98:51:fb:8c:5d:52:c3:b3:
                    74:b9:b3:1d:b1:ea:60:75:e5:cf:33:36:d5:13:db:
                    6a:de:c9:44:59:c9:54:09:a7:04:b1:59:29:33:36:
                    18:05:8e:c5:81:16:25:38:40:1a:b6:25:a7:43:26:
                    a7:c0:ff:94:eb:07:90:65:e1:6b:70:a0:3c:39:89:
                    2f:7b:86:0e:b0:88:6d:e7:bf:8b:2c:e9:71:db:59:
                    2a:d7:82:f8:2c:34:83:5c:33:91:a3:54:2b:88:84:
                    38:6c:c7:b5:fd:91:cc:ff:7f:77:87:c2:c8:29:7b:
                    ad:a2:17:43:ed:47:74:c2:77:da:f4:0d:8e:c2:5d:
                    b7:41:4b:c7:ef:8d:7e:ab:00:89:0a:8c:ed:14:4d:
                    31:ad:67:18:95:99:94:3b:83:28:46:81:81:d4:84:
                    97:bc:5d:06:8e:4e:e4:29:11:b7:ca:14:cd:59:8d:
                    c4:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:3C:2C:89:3B:9B:46:FA:39:59:CD:95:53:CB:64:24:79:F3:2A:E8
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131322e37382e3135362e302f32342d3234203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  112.78.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:4a:0b:0f:63:b4:80:65:53:7c:21:b0:e0:a6:9b:6b:44:27:
         2a:1b:bc:bf:71:33:b8:b9:3d:d7:9d:47:02:ee:79:f8:81:60:
         99:7b:b7:ec:b5:e2:38:10:6b:60:98:32:63:e5:f1:9e:c8:a3:
         d4:98:4e:3c:32:03:6c:3d:ea:d1:c8:32:28:f1:91:8b:b8:6b:
         7d:e1:93:0e:a2:cb:73:eb:18:60:4e:88:19:dd:f8:89:60:ef:
         0b:32:5b:03:4c:bb:5e:61:e4:cf:cc:56:0b:a2:d3:4b:6d:31:
         97:be:24:76:c5:99:79:c8:e1:fb:20:90:10:bd:7b:73:a7:be:
         71:c8:fd:6a:d7:c5:22:c7:55:98:f2:6c:66:32:f8:8c:48:c0:
         c1:92:aa:7d:a4:ab:5f:bd:ad:42:cc:f8:c3:35:52:b4:b9:b8:
         51:18:21:30:45:47:b2:84:f4:09:43:c5:06:ba:8e:d3:84:f8:
         9e:9f:86:41:99:ce:25:69:f9:ab:46:a1:9d:a5:6c:4e:6b:cb:
         65:5d:3a:50:38:12:5e:c7:77:86:65:01:14:bc:6f:2d:8c:f0:
         bd:36:55:73:a1:ce:aa:91:e3:be:2a:84:e8:c6:92:db:e5:60:
         68:39:64:aa:2c:3c:fe:c3:62:f5:a3:88:fa:94:f6:e9:53:a5:
         bf:fe:6d:4d
-----BEGIN CERTIFICATE-----
MIIHJDCCBgygAwIBAgIUXNrv3LzdM7owiZi8En9YCiLm8/swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU2MDNaFw0yMjA5MzAwMDAxMDNaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQkZEMzBGOTQ3RkQ4Q0VDRDhE
REYzRUMzREMwQzU1REY5NjA4Mzk2MkJFMTA5QzRCQkFCNUY1MzNGMTMzNDgyNDc3
Nzc4NkRCQjA5NEIwOTc5MUY3MjE1Q0FFNzRGMTY1RTkzQTkyRTM3MDIwRkU1RTJC
OTMxOEU2OEE0QzIwM0IyMDUwQjVEMTVBN0JENjcxMDU4QTYyQ0I3MEMyNjY0NUVC
OTg1MUZCOEM1RDUyQzNCMzc0QjlCMzFEQjFFQTYwNzVFNUNGMzMzNkQ1MTNEQjZB
REVDOTQ0NTlDOTU0MDlBNzA0QjE1OTI5MzMzNjE4MDU4RUM1ODExNjI1Mzg0MDFB
QjYyNUE3NDMyNkE3QzBGRjk0RUIwNzkwNjVFMTZCNzBBMDNDMzk4OTJGN0I4NjBF
QjA4ODZERTdCRjhCMkNFOTcxREI1OTJBRDc4MkY4MkMzNDgzNUMzMzkxQTM1NDJC
ODg4NDM4NkNDN0I1RkQ5MUNDRkY3Rjc3ODdDMkM4Mjk3QkFEQTIxNzQzRUQ0Nzc0
QzI3N0RBRjQwRDhFQzI1REI3NDE0QkM3RUY4RDdFQUIwMDg5MEE4Q0VEMTQ0RDMx
QUQ2NzE4OTU5OTk0M0I4MzI4NDY4MTgxRDQ4NDk3QkM1RDA2OEU0RUU0MjkxMUI3
Q0ExNENENTk4REM0NDEwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAv9MPlH/Yzs2N3z7D3AxV35YIOWK+EJxLurX1M/EzSCR3d4bbsJSw
l5H3IVyudPFl6TqS43Ag/l4rkxjmikwgOyBQtdFae9ZxBYpiy3DCZkXrmFH7jF1S
w7N0ubMdsepgdeXPMzbVE9tq3slEWclUCacEsVkpMzYYBY7FgRYlOEAatiWnQyan
wP+U6weQZeFrcKA8OYkve4YOsIht57+LLOlx21kq14L4LDSDXDORo1QriIQ4bMe1
/ZHM/393h8LIKXutohdD7Ud0wnfa9A2Owl23QUvH741+qwCJCoztFE0xrWcYlZmU
O4MoRoGB1ISXvF0Gjk7kKRG3yhTNWY3EQQIDAQABo4ICMjCCAi4wHQYDVR0OBBYE
FEo8LIk7m0b6OVnNlVPLZCR58yroMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGiBggrBgEFBQcB
CwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MTMxMzIyZTM3MzgyZTMxMzUzNjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzcz
NDM1MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBABwTpwwDQYJKoZIhvcNAQELBQADggEBABlKCw9jtIBl
U3whsOCmm2tEJyobvL9xM7i5PdedRwLuefiBYJl7t+y14jgQa2CYMmPl8Z7Io9SY
TjwyA2w96tHIMijxkYu4a33hkw6iy3PrGGBOiBnd+Ilg7wsyWwNMu15h5M/MVgui
00ttMZe+JHbFmXnI4fsgkBC9e3OnvnHI/WrXxSLHVZjybGYy+IxIwMGSqn2kq1+9
rULM+MM1UrS5uFEYITBFR7KE9AlDxQa6jtOE+J6fhkGZziVp+atGoZ2lbE5ry2Vd
OlA4El7Hd4ZlARS8by2M8L02VXOhzqqR474qhOjGktvlYGg5ZKosPP7DYvWjiPqU
9ulTpb/+bU0=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:13:44 2023 by rpki-client on console-fra.rpki-client.org