Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131372e3130322e37322e302f32342d3234203d3e203137343531.roa
File:                     3131372e3130322e37322e302f32342d3234203d3e203137343531.roa (raw, json)
Hash identifier:          tpz0i4Sw9XkrTD6F9x5/0Ki53ZKGwnxka5X1fEsZGwk=
Subject key identifier:   80:7A:C2:CA:95:29:95:A1:E9:7F:3A:F9:7C:56:DA:EB:40:D2:D7:62
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       224D0E0E2075B347C8B11381986ACE864A92686B
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131372e3130322e37322e302f32342d3234203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:01:11 +0000
ROA not before:           Wed 29 Sep 2021 23:56:11 +0000
ROA not after:            Fri 30 Sep 2022 00:01:11 +0000
asID:                     17451
IP address blocks:        117.102.72.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:4d:0e:0e:20:75:b3:47:c8:b1:13:81:98:6a:ce:86:4a:92:68:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:56:11 2021 GMT
            Not After : Sep 30 00:01:11 2022 GMT
        Subject: CN=3082010A0282010100CE1AEE2464D81190A2A5909AC2784C4A017E2EF09C66035B00B972D5F467BBEB6B12492AD61ABA536E4981CAAB91B531EFAB9EE2671C55A7AA08F8F48B992DE23060AD6FA219AB208ED4C818FA2814B101E35A8E7C6C71A00407FE22984EAC5208925E95A3471362BC435F015899FEC35455C7F141566733304E74B47356BED3421D1A0F7CAA72E026AE4599731EA5A34F4C0E66FB83D68BF46DC320F2094D785005D161EC5DEB7A1F810C3943A38D5E19BC50B443F60A4CB82D0D93CFD0827A164C4CB1699A0D2E97022DC26526A1650BFEAAE8620AFA4B86EC9FE03FF2CED59A65BF060938BB6680778A9E5954D5DEEDCBA9EBF0B107F01BDBA27A9FE4BBC90203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:1a:ee:24:64:d8:11:90:a2:a5:90:9a:c2:78:
                    4c:4a:01:7e:2e:f0:9c:66:03:5b:00:b9:72:d5:f4:
                    67:bb:eb:6b:12:49:2a:d6:1a:ba:53:6e:49:81:ca:
                    ab:91:b5:31:ef:ab:9e:e2:67:1c:55:a7:aa:08:f8:
                    f4:8b:99:2d:e2:30:60:ad:6f:a2:19:ab:20:8e:d4:
                    c8:18:fa:28:14:b1:01:e3:5a:8e:7c:6c:71:a0:04:
                    07:fe:22:98:4e:ac:52:08:92:5e:95:a3:47:13:62:
                    bc:43:5f:01:58:99:fe:c3:54:55:c7:f1:41:56:67:
                    33:30:4e:74:b4:73:56:be:d3:42:1d:1a:0f:7c:aa:
                    72:e0:26:ae:45:99:73:1e:a5:a3:4f:4c:0e:66:fb:
                    83:d6:8b:f4:6d:c3:20:f2:09:4d:78:50:05:d1:61:
                    ec:5d:eb:7a:1f:81:0c:39:43:a3:8d:5e:19:bc:50:
                    b4:43:f6:0a:4c:b8:2d:0d:93:cf:d0:82:7a:16:4c:
                    4c:b1:69:9a:0d:2e:97:02:2d:c2:65:26:a1:65:0b:
                    fe:aa:e8:62:0a:fa:4b:86:ec:9f:e0:3f:f2:ce:d5:
                    9a:65:bf:06:09:38:bb:66:80:77:8a:9e:59:54:d5:
                    de:ed:cb:a9:eb:f0:b1:07:f0:1b:db:a2:7a:9f:e4:
                    bb:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:7A:C2:CA:95:29:95:A1:E9:7F:3A:F9:7C:56:DA:EB:40:D2:D7:62
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131372e3130322e37322e302f32342d3234203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  117.102.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:04:af:ce:da:f9:0a:8c:3e:08:27:7f:a6:e7:79:ea:70:8b:
         63:4c:e1:6d:10:76:1e:93:da:3f:0b:b8:d1:2c:b4:b2:e3:3d:
         3f:9e:2a:04:1d:7f:4a:c8:46:91:1a:b0:36:96:c2:44:dc:10:
         e4:82:94:e2:c1:fa:68:d8:f5:e4:17:ff:53:a6:2e:45:bd:09:
         64:a2:af:2e:f3:35:03:ab:d8:77:31:2e:5b:82:5e:d0:b1:60:
         d0:4f:8e:40:eb:b4:0a:46:fa:23:71:ed:03:b7:34:59:49:4d:
         b9:cb:d8:d7:48:91:c5:38:a4:ce:41:7f:fe:71:ca:ae:0f:8a:
         e1:ad:6f:db:58:13:9c:2f:35:4d:48:a9:aa:c7:64:bf:d3:df:
         d7:bd:74:74:49:48:6f:63:c9:3d:ab:eb:a4:f1:96:d8:1e:48:
         78:ce:e2:05:d4:4a:e2:c2:fb:c6:30:c6:85:00:3b:9f:85:e9:
         5e:8d:bc:3d:e1:bf:98:2b:98:fe:4a:79:cb:9b:24:78:77:c0:
         d3:43:95:b0:0c:a7:be:2c:0d:d2:95:90:3a:b5:c7:9a:67:9e:
         7b:c2:de:c4:10:32:18:a4:72:1f:2d:51:5e:7b:b0:f7:4a:05:
         f8:3d:06:7f:1a:75:bb:ae:97:d4:fb:d4:81:cd:06:78:29:e2:
         5a:ad:3d:06
-----BEGIN CERTIFICATE-----
MIIHJDCCBgygAwIBAgIUIk0ODiB1s0fIsROBmGrOhkqSaGswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU2MTFaFw0yMjA5MzAwMDAxMTFaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQ0UxQUVFMjQ2NEQ4MTE5MEEy
QTU5MDlBQzI3ODRDNEEwMTdFMkVGMDlDNjYwMzVCMDBCOTcyRDVGNDY3QkJFQjZC
MTI0OTJBRDYxQUJBNTM2RTQ5ODFDQUFCOTFCNTMxRUZBQjlFRTI2NzFDNTVBN0FB
MDhGOEY0OEI5OTJERTIzMDYwQUQ2RkEyMTlBQjIwOEVENEM4MThGQTI4MTRCMTAx
RTM1QThFN0M2QzcxQTAwNDA3RkUyMjk4NEVBQzUyMDg5MjVFOTVBMzQ3MTM2MkJD
NDM1RjAxNTg5OUZFQzM1NDU1QzdGMTQxNTY2NzMzMzA0RTc0QjQ3MzU2QkVEMzQy
MUQxQTBGN0NBQTcyRTAyNkFFNDU5OTczMUVBNUEzNEY0QzBFNjZGQjgzRDY4QkY0
NkRDMzIwRjIwOTRENzg1MDA1RDE2MUVDNURFQjdBMUY4MTBDMzk0M0EzOEQ1RTE5
QkM1MEI0NDNGNjBBNENCODJEMEQ5M0NGRDA4MjdBMTY0QzRDQjE2OTlBMEQyRTk3
MDIyREMyNjUyNkExNjUwQkZFQUFFODYyMEFGQTRCODZFQzlGRTAzRkYyQ0VENTlB
NjVCRjA2MDkzOEJCNjY4MDc3OEE5RTU5NTRENURFRURDQkE5RUJGMEIxMDdGMDFC
REJBMjdBOUZFNEJCQzkwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAzhruJGTYEZCipZCawnhMSgF+LvCcZgNbALly1fRnu+trEkkq1hq6
U25JgcqrkbUx76ue4mccVaeqCPj0i5kt4jBgrW+iGasgjtTIGPooFLEB41qOfGxx
oAQH/iKYTqxSCJJelaNHE2K8Q18BWJn+w1RVx/FBVmczME50tHNWvtNCHRoPfKpy
4CauRZlzHqWjT0wOZvuD1ov0bcMg8glNeFAF0WHsXet6H4EMOUOjjV4ZvFC0Q/YK
TLgtDZPP0IJ6FkxMsWmaDS6XAi3CZSahZQv+quhiCvpLhuyf4D/yztWaZb8GCTi7
ZoB3ip5ZVNXe7cup6/CxB/Ab26J6n+S7yQIDAQABo4ICMjCCAi4wHQYDVR0OBBYE
FIB6wsqVKZWh6X86+XxW2utA0tdiMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGiBggrBgEFBQcB
CwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MTMxMzcyZTMxMzAzMjJlMzczMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzcz
NDM1MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBAB1ZkgwDQYJKoZIhvcNAQELBQADggEBAFsEr87a+QqM
Pggnf6bneepwi2NM4W0Qdh6T2j8LuNEstLLjPT+eKgQdf0rIRpEasDaWwkTcEOSC
lOLB+mjY9eQX/1OmLkW9CWSiry7zNQOr2HcxLluCXtCxYNBPjkDrtApG+iNx7QO3
NFlJTbnL2NdIkcU4pM5Bf/5xyq4PiuGtb9tYE5wvNU1IqarHZL/T39e9dHRJSG9j
yT2r66TxltgeSHjO4gXUSuLC+8YwxoUAO5+F6V6NvD3hv5grmP5KecubJHh3wNND
lbAMp74sDdKVkDq1x5pnnnvC3sQQMhikch8tUV57sPdKBfg9Bn8adbuul9T71IHN
Bngp4lqtPQY=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:13:44 2023 by rpki-client on console-fra.rpki-client.org