Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131372e3130322e36362e302f32342d3234203d3e203137343531.roa
File:                     3131372e3130322e36362e302f32342d3234203d3e203137343531.roa (raw, json)
Hash identifier:          UgszMktuEfMOZHLQiO3CBj7IFsSMy6BPUKzR8WBZ4Yk=
Subject key identifier:   D6:5B:3B:0D:BE:E5:63:88:75:F0:7E:14:4D:F8:73:D4:B8:77:1E:EA
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       67A54B2D8AA81068BF1DE2DF75697731E2DF8F76
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131372e3130322e36362e302f32342d3234203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:00:41 +0000
ROA not before:           Wed 29 Sep 2021 23:55:41 +0000
ROA not after:            Fri 30 Sep 2022 00:00:41 +0000
asID:                     17451
IP address blocks:        117.102.66.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:a5:4b:2d:8a:a8:10:68:bf:1d:e2:df:75:69:77:31:e2:df:8f:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:55:41 2021 GMT
            Not After : Sep 30 00:00:41 2022 GMT
        Subject: CN=3082010A0282010100BCEFFBE7829AAD1B639888B9344DB20DE3198F90D61865D408F575F1A93F572132BF694E08273C7C01A70524C82B663F50ADCDCBEF4B453A945C2A38C86AF12351386BB85B28AF2333FDE4865FAC715D4A8A4B8966161D3D6C22F3A6AE1DDEB4921490C8B232D6C5A175E043E551BF1BE2E152516D2B5B1A41673014EE28A9DD7BB758B7B1DD49FE81D19EB1717D9B61CFA56E3A6403F82796D206F08182A25F33F63BCB26E23973E350FBD326F068454E8722AD9D8CFDED557F7F63011A6764413B2E09D997790C217C2A787DD8A1368747BE7F30AA7A48A1A92CE3784EBA2D3EBAB7F15011DE6B5E12A9B02D999170B5FEABBB95554B978F180E873EA144170203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ef:fb:e7:82:9a:ad:1b:63:98:88:b9:34:4d:
                    b2:0d:e3:19:8f:90:d6:18:65:d4:08:f5:75:f1:a9:
                    3f:57:21:32:bf:69:4e:08:27:3c:7c:01:a7:05:24:
                    c8:2b:66:3f:50:ad:cd:cb:ef:4b:45:3a:94:5c:2a:
                    38:c8:6a:f1:23:51:38:6b:b8:5b:28:af:23:33:fd:
                    e4:86:5f:ac:71:5d:4a:8a:4b:89:66:16:1d:3d:6c:
                    22:f3:a6:ae:1d:de:b4:92:14:90:c8:b2:32:d6:c5:
                    a1:75:e0:43:e5:51:bf:1b:e2:e1:52:51:6d:2b:5b:
                    1a:41:67:30:14:ee:28:a9:dd:7b:b7:58:b7:b1:dd:
                    49:fe:81:d1:9e:b1:71:7d:9b:61:cf:a5:6e:3a:64:
                    03:f8:27:96:d2:06:f0:81:82:a2:5f:33:f6:3b:cb:
                    26:e2:39:73:e3:50:fb:d3:26:f0:68:45:4e:87:22:
                    ad:9d:8c:fd:ed:55:7f:7f:63:01:1a:67:64:41:3b:
                    2e:09:d9:97:79:0c:21:7c:2a:78:7d:d8:a1:36:87:
                    47:be:7f:30:aa:7a:48:a1:a9:2c:e3:78:4e:ba:2d:
                    3e:ba:b7:f1:50:11:de:6b:5e:12:a9:b0:2d:99:91:
                    70:b5:fe:ab:bb:95:55:4b:97:8f:18:0e:87:3e:a1:
                    44:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:5B:3B:0D:BE:E5:63:88:75:F0:7E:14:4D:F8:73:D4:B8:77:1E:EA
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131372e3130322e36362e302f32342d3234203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  117.102.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:e9:9e:8e:dd:97:53:0b:35:13:b1:82:99:c1:7e:0a:c1:d7:
         bc:6e:9b:0d:6a:bd:e9:a9:4d:f3:c8:37:26:79:fa:f7:0f:65:
         de:96:53:48:79:14:f1:ce:62:f0:50:6d:45:1e:81:4f:a2:8a:
         50:81:42:5a:9e:ac:39:f8:f2:37:2a:2c:41:2f:f0:ff:4e:ce:
         e4:d9:23:72:31:6e:d8:b4:eb:19:0d:fa:2c:b2:20:e8:24:13:
         5d:0e:16:7c:f1:92:13:df:09:e7:a5:a3:39:77:2f:4b:2c:57:
         6d:2c:e0:8a:44:c2:ea:46:c3:19:ac:40:3c:2c:13:d4:ed:96:
         af:01:70:a9:c9:0c:17:11:b6:29:b4:dd:3c:35:17:54:86:7a:
         4b:9a:ef:e3:7e:32:d1:a9:3c:c8:0b:ea:ad:58:22:87:dc:a7:
         4c:f4:6e:f9:fa:ad:e2:60:18:c2:d2:c9:ca:51:47:c1:04:68:
         d1:94:f0:0c:dc:4f:ee:df:5d:fb:4b:0f:86:af:07:6b:9f:50:
         38:16:cd:5d:49:d1:6b:62:9f:93:fa:71:40:62:11:c8:84:50:
         10:6b:ee:d8:4f:c2:14:df:63:8b:d9:4a:bd:9e:37:be:ca:a1:
         f5:e9:21:bd:a2:b5:7a:15:20:e6:b5:e0:70:67:26:af:3c:75:
         f6:23:a8:f3
-----BEGIN CERTIFICATE-----
MIIHJDCCBgygAwIBAgIUZ6VLLYqoEGi/HeLfdWl3MeLfj3YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU1NDFaFw0yMjA5MzAwMDAwNDFaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQkNFRkZCRTc4MjlBQUQxQjYz
OTg4OEI5MzQ0REIyMERFMzE5OEY5MEQ2MTg2NUQ0MDhGNTc1RjFBOTNGNTcyMTMy
QkY2OTRFMDgyNzNDN0MwMUE3MDUyNEM4MkI2NjNGNTBBRENEQ0JFRjRCNDUzQTk0
NUMyQTM4Qzg2QUYxMjM1MTM4NkJCODVCMjhBRjIzMzNGREU0ODY1RkFDNzE1RDRB
OEE0Qjg5NjYxNjFEM0Q2QzIyRjNBNkFFMURERUI0OTIxNDkwQzhCMjMyRDZDNUEx
NzVFMDQzRTU1MUJGMUJFMkUxNTI1MTZEMkI1QjFBNDE2NzMwMTRFRTI4QTlERDdC
Qjc1OEI3QjFERDQ5RkU4MUQxOUVCMTcxN0Q5QjYxQ0ZBNTZFM0E2NDAzRjgyNzk2
RDIwNkYwODE4MkEyNUYzM0Y2M0JDQjI2RTIzOTczRTM1MEZCRDMyNkYwNjg0NTRF
ODcyMkFEOUQ4Q0ZERUQ1NTdGN0Y2MzAxMUE2NzY0NDEzQjJFMDlEOTk3NzkwQzIx
N0MyQTc4N0REOEExMzY4NzQ3QkU3RjMwQUE3QTQ4QTFBOTJDRTM3ODRFQkEyRDNF
QkFCN0YxNTAxMURFNkI1RTEyQTlCMDJEOTk5MTcwQjVGRUFCQkI5NTU1NEI5NzhG
MTgwRTg3M0VBMTQ0MTcwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAvO/754KarRtjmIi5NE2yDeMZj5DWGGXUCPV18ak/VyEyv2lOCCc8
fAGnBSTIK2Y/UK3Ny+9LRTqUXCo4yGrxI1E4a7hbKK8jM/3khl+scV1KikuJZhYd
PWwi86auHd60khSQyLIy1sWhdeBD5VG/G+LhUlFtK1saQWcwFO4oqd17t1i3sd1J
/oHRnrFxfZthz6VuOmQD+CeW0gbwgYKiXzP2O8sm4jlz41D70ybwaEVOhyKtnYz9
7VV/f2MBGmdkQTsuCdmXeQwhfCp4fdihNodHvn8wqnpIoaks43hOui0+urfxUBHe
a14SqbAtmZFwtf6ru5VVS5ePGA6HPqFEFwIDAQABo4ICMjCCAi4wHQYDVR0OBBYE
FNZbOw2+5WOIdfB+FE34c9S4dx7qMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGiBggrBgEFBQcB
CwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MTMxMzcyZTMxMzAzMjJlMzYzNjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzcz
NDM1MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBAB1ZkIwDQYJKoZIhvcNAQELBQADggEBAIvpno7dl1ML
NROxgpnBfgrB17xumw1qvempTfPINyZ5+vcPZd6WU0h5FPHOYvBQbUUegU+iilCB
QlqerDn48jcqLEEv8P9OzuTZI3Ixbti06xkN+iyyIOgkE10OFnzxkhPfCeelozl3
L0ssV20s4IpEwupGwxmsQDwsE9Ttlq8BcKnJDBcRtim03Tw1F1SGekua7+N+MtGp
PMgL6q1YIofcp0z0bvn6reJgGMLSycpRR8EEaNGU8AzcT+7fXftLD4avB2ufUDgW
zV1J0Wtin5P6cUBiEciEUBBr7thPwhTfY4vZSr2eN77KofXpIb2itXoVIOa14HBn
Jq88dfYjqPM=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:13:44 2023 by rpki-client on console-fra.rpki-client.org