Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131372e3130322e37352e302f32342d3234203d3e203137343531.roa
File:                     3131372e3130322e37352e302f32342d3234203d3e203137343531.roa (raw, json)
Hash identifier:          JYJRy6ntb9bUEiY6CtHdUt25VfF4uCz6PY6XHuNnToM=
Subject key identifier:   E9:E2:88:EC:FF:19:E6:70:00:D1:97:3F:A7:F2:35:D6:E2:45:65:3F
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       0BACE4D553A7DFCB67A42AEC1DA8A9689AB62301
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131372e3130322e37352e302f32342d3234203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:00:48 +0000
ROA not before:           Wed 29 Sep 2021 23:55:48 +0000
ROA not after:            Fri 30 Sep 2022 00:00:48 +0000
asID:                     17451
IP address blocks:        117.102.75.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:ac:e4:d5:53:a7:df:cb:67:a4:2a:ec:1d:a8:a9:68:9a:b6:23:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:55:48 2021 GMT
            Not After : Sep 30 00:00:48 2022 GMT
        Subject: CN=3082010A0282010100C854112C656958CA2217E441401EB8973D58CA523D985EA72934130D823A712C1568B71F4841623ECEFFE774CF786426ED7C604B8262CB2F8994515BC7E1E9C6BFA7737882EDB493E6359DA1C057AC0D4A85EE29DD11163AEF69D3E3B531E401C5ECFDFEC2537CD6518D3F5126FC1C413E4DB634AEB3299CB08CB4838A48DB2E0B0E43184ABCF9A9FAF7450D7AAC215260A4E25D14AA7B971245A095E385EDD2D94F2304737FC9276BBA1903017E47A6CB37E7B3F02BDBE44345AEE19F0E8B59009C7702FAB051625927AC23C14BB56A5F80CAF3394D0262287E5A278538483488AC9B7A07EE86E2D190574333E2A80DAA1C796457338785A103E356237DD25F0203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:54:11:2c:65:69:58:ca:22:17:e4:41:40:1e:
                    b8:97:3d:58:ca:52:3d:98:5e:a7:29:34:13:0d:82:
                    3a:71:2c:15:68:b7:1f:48:41:62:3e:ce:ff:e7:74:
                    cf:78:64:26:ed:7c:60:4b:82:62:cb:2f:89:94:51:
                    5b:c7:e1:e9:c6:bf:a7:73:78:82:ed:b4:93:e6:35:
                    9d:a1:c0:57:ac:0d:4a:85:ee:29:dd:11:16:3a:ef:
                    69:d3:e3:b5:31:e4:01:c5:ec:fd:fe:c2:53:7c:d6:
                    51:8d:3f:51:26:fc:1c:41:3e:4d:b6:34:ae:b3:29:
                    9c:b0:8c:b4:83:8a:48:db:2e:0b:0e:43:18:4a:bc:
                    f9:a9:fa:f7:45:0d:7a:ac:21:52:60:a4:e2:5d:14:
                    aa:7b:97:12:45:a0:95:e3:85:ed:d2:d9:4f:23:04:
                    73:7f:c9:27:6b:ba:19:03:01:7e:47:a6:cb:37:e7:
                    b3:f0:2b:db:e4:43:45:ae:e1:9f:0e:8b:59:00:9c:
                    77:02:fa:b0:51:62:59:27:ac:23:c1:4b:b5:6a:5f:
                    80:ca:f3:39:4d:02:62:28:7e:5a:27:85:38:48:34:
                    88:ac:9b:7a:07:ee:86:e2:d1:90:57:43:33:e2:a8:
                    0d:aa:1c:79:64:57:33:87:85:a1:03:e3:56:23:7d:
                    d2:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:E2:88:EC:FF:19:E6:70:00:D1:97:3F:A7:F2:35:D6:E2:45:65:3F
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131372e3130322e37352e302f32342d3234203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  117.102.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:d9:aa:94:d8:dc:c9:67:20:7d:fe:03:17:b6:05:cd:dd:a4:
         31:67:39:40:58:b2:7b:68:d7:cb:ef:8d:1b:2c:65:9e:ce:f9:
         88:5b:29:cf:5b:95:c0:2f:d5:d3:f5:51:49:5b:5e:e5:18:2d:
         b7:0b:34:16:b1:a2:e4:b2:e8:d1:99:28:6d:9e:78:5c:d8:f4:
         84:ab:23:c6:82:0e:ee:e7:58:39:6e:f9:61:69:72:4d:73:f4:
         83:1b:d6:bd:bd:a7:71:64:d7:47:a2:a9:80:b9:3e:c9:9f:a8:
         fe:7d:de:ff:4a:f2:74:1c:60:19:2b:99:6c:0b:19:d3:aa:58:
         bb:fb:d2:ff:ec:34:d7:2d:ae:59:c2:2b:43:d7:00:7e:2e:ce:
         9a:c5:67:a1:52:7f:0e:f2:c8:13:ec:06:9b:f0:35:d5:db:5d:
         53:28:0e:7d:7c:42:37:ad:e4:ca:26:2c:cb:a8:c8:9e:aa:43:
         75:4e:17:df:94:ce:63:7e:e6:6e:b5:26:a6:41:19:c5:80:93:
         40:aa:5a:f7:0e:82:34:0f:e3:2d:2f:51:e5:87:b6:54:b9:77:
         5d:60:ac:8e:3d:db:73:f9:00:75:c8:2b:cf:92:68:e9:97:92:
         e4:3c:5d:fc:97:2a:0b:cc:7b:40:85:65:d2:a5:0f:c7:bd:16:
         49:53:19:33
-----BEGIN CERTIFICATE-----
MIIHJDCCBgygAwIBAgIUC6zk1VOn38tnpCrsHaipaJq2IwEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU1NDhaFw0yMjA5MzAwMDAwNDhaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQzg1NDExMkM2NTY5NThDQTIy
MTdFNDQxNDAxRUI4OTczRDU4Q0E1MjNEOTg1RUE3MjkzNDEzMEQ4MjNBNzEyQzE1
NjhCNzFGNDg0MTYyM0VDRUZGRTc3NENGNzg2NDI2RUQ3QzYwNEI4MjYyQ0IyRjg5
OTQ1MTVCQzdFMUU5QzZCRkE3NzM3ODgyRURCNDkzRTYzNTlEQTFDMDU3QUMwRDRB
ODVFRTI5REQxMTE2M0FFRjY5RDNFM0I1MzFFNDAxQzVFQ0ZERkVDMjUzN0NENjUx
OEQzRjUxMjZGQzFDNDEzRTREQjYzNEFFQjMyOTlDQjA4Q0I0ODM4QTQ4REIyRTBC
MEU0MzE4NEFCQ0Y5QTlGQUY3NDUwRDdBQUMyMTUyNjBBNEUyNUQxNEFBN0I5NzEy
NDVBMDk1RTM4NUVERDJEOTRGMjMwNDczN0ZDOTI3NkJCQTE5MDMwMTdFNDdBNkNC
MzdFN0IzRjAyQkRCRTQ0MzQ1QUVFMTlGMEU4QjU5MDA5Qzc3MDJGQUIwNTE2MjU5
MjdBQzIzQzE0QkI1NkE1RjgwQ0FGMzM5NEQwMjYyMjg3RTVBMjc4NTM4NDgzNDg4
QUM5QjdBMDdFRTg2RTJEMTkwNTc0MzMzRTJBODBEQUExQzc5NjQ1NzMzODc4NUEx
MDNFMzU2MjM3REQyNUYwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAyFQRLGVpWMoiF+RBQB64lz1YylI9mF6nKTQTDYI6cSwVaLcfSEFi
Ps7/53TPeGQm7XxgS4Jiyy+JlFFbx+Hpxr+nc3iC7bST5jWdocBXrA1Khe4p3REW
Ou9p0+O1MeQBxez9/sJTfNZRjT9RJvwcQT5NtjSusymcsIy0g4pI2y4LDkMYSrz5
qfr3RQ16rCFSYKTiXRSqe5cSRaCV44Xt0tlPIwRzf8kna7oZAwF+R6bLN+ez8Cvb
5ENFruGfDotZAJx3AvqwUWJZJ6wjwUu1al+AyvM5TQJiKH5aJ4U4SDSIrJt6B+6G
4tGQV0Mz4qgNqhx5ZFczh4WhA+NWI33SXwIDAQABo4ICMjCCAi4wHQYDVR0OBBYE
FOniiOz/GeZwANGXP6fyNdbiRWU/MB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGiBggrBgEFBQcB
CwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MTMxMzcyZTMxMzAzMjJlMzczNTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzcz
NDM1MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBAB1ZkswDQYJKoZIhvcNAQELBQADggEBAGjZqpTY3Mln
IH3+Axe2Bc3dpDFnOUBYsnto18vvjRssZZ7O+YhbKc9blcAv1dP1UUlbXuUYLbcL
NBaxouSy6NGZKG2eeFzY9ISrI8aCDu7nWDlu+WFpck1z9IMb1r29p3Fk10eiqYC5
PsmfqP593v9K8nQcYBkrmWwLGdOqWLv70v/sNNctrlnCK0PXAH4uzprFZ6FSfw7y
yBPsBpvwNdXbXVMoDn18Qjet5MomLMuoyJ6qQ3VOF9+UzmN+5m61JqZBGcWAk0Cq
WvcOgjQP4y0vUeWHtlS5d11grI4923P5AHXIK8+SaOmXkuQ8XfyXKgvMe0CFZdKl
D8e9FklTGTM=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:13:44 2023 by rpki-client on console-fra.rpki-client.org