Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131372e3130322e39322e302f32342d3234203d3e203137343531.roa
File:                     3131372e3130322e39322e302f32342d3234203d3e203137343531.roa (raw, json)
Hash identifier:          oqAFOC3YmIWA78B0Dd4Dkr5XMDcUlL3GKTd3jaYwFYM=
Subject key identifier:   C6:EC:27:B5:DE:AE:AB:B2:D6:27:FC:39:A1:18:9B:7E:FD:3D:8F:40
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       49523D453DB6DBAE9FDA4133C67A2E1AC1F8E1D9
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131372e3130322e39322e302f32342d3234203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:00:14 +0000
ROA not before:           Wed 29 Sep 2021 23:55:14 +0000
ROA not after:            Fri 30 Sep 2022 00:00:14 +0000
asID:                     17451
IP address blocks:        117.102.92.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:52:3d:45:3d:b6:db:ae:9f:da:41:33:c6:7a:2e:1a:c1:f8:e1:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:55:14 2021 GMT
            Not After : Sep 30 00:00:14 2022 GMT
        Subject: CN=3082010A0282010100BEFDB48635E3B2F1323665BED5141260FFD8DC227BCC7DB362B24B20216FFFA1877E854FF13E0AD28D5106732B0B26811CEB22A545D9565F2807901C94684CFB9DAAB24EE70AD474720B5FB8A6FD3F67CA9AC0D9257AC7BC62A245A1113CC3708A73109E3997A27457105677BC945F810BD1034B0F3B4FBD890904E0D89A5CE13DDAD254F30C850AE340614D790F035E80F8DB64ACAEB0A817197BA205AE7D509B60FBCCD45F6D1EE57F9A67F480FCD77C15793940B59CF4AA0F400FD77B20AA7954FC56AF8D7A389B38D1C147A72F61DE4C75170521F695CC635E4A3D9C7DCB54D7456485133E8B8525E1664B0F111AAB73EE8DEA9662E72D17416BFD51AE1D0203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:fd:b4:86:35:e3:b2:f1:32:36:65:be:d5:14:
                    12:60:ff:d8:dc:22:7b:cc:7d:b3:62:b2:4b:20:21:
                    6f:ff:a1:87:7e:85:4f:f1:3e:0a:d2:8d:51:06:73:
                    2b:0b:26:81:1c:eb:22:a5:45:d9:56:5f:28:07:90:
                    1c:94:68:4c:fb:9d:aa:b2:4e:e7:0a:d4:74:72:0b:
                    5f:b8:a6:fd:3f:67:ca:9a:c0:d9:25:7a:c7:bc:62:
                    a2:45:a1:11:3c:c3:70:8a:73:10:9e:39:97:a2:74:
                    57:10:56:77:bc:94:5f:81:0b:d1:03:4b:0f:3b:4f:
                    bd:89:09:04:e0:d8:9a:5c:e1:3d:da:d2:54:f3:0c:
                    85:0a:e3:40:61:4d:79:0f:03:5e:80:f8:db:64:ac:
                    ae:b0:a8:17:19:7b:a2:05:ae:7d:50:9b:60:fb:cc:
                    d4:5f:6d:1e:e5:7f:9a:67:f4:80:fc:d7:7c:15:79:
                    39:40:b5:9c:f4:aa:0f:40:0f:d7:7b:20:aa:79:54:
                    fc:56:af:8d:7a:38:9b:38:d1:c1:47:a7:2f:61:de:
                    4c:75:17:05:21:f6:95:cc:63:5e:4a:3d:9c:7d:cb:
                    54:d7:45:64:85:13:3e:8b:85:25:e1:66:4b:0f:11:
                    1a:ab:73:ee:8d:ea:96:62:e7:2d:17:41:6b:fd:51:
                    ae:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:EC:27:B5:DE:AE:AB:B2:D6:27:FC:39:A1:18:9B:7E:FD:3D:8F:40
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131372e3130322e39322e302f32342d3234203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  117.102.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:79:fd:4a:ac:88:3d:f7:60:59:af:4c:a3:74:57:99:ea:64:
         cc:da:93:a2:f2:e3:e0:0c:40:24:e4:82:20:dc:c1:d2:8b:3d:
         44:aa:09:30:89:61:bd:4b:03:ca:bc:c3:51:7b:fb:6d:1b:26:
         46:33:ab:b9:b0:b6:b9:0a:f3:08:28:64:89:ab:e8:35:de:37:
         80:83:8f:84:7b:bd:c1:4b:89:31:8b:be:a4:c1:e5:f3:1c:e8:
         4b:84:3a:69:27:de:6a:65:e9:90:e0:58:a2:05:6a:db:68:4b:
         f6:6c:49:4e:ea:09:91:37:8f:0b:80:fb:df:c3:3b:9d:1a:a3:
         3c:b3:6a:35:42:14:2b:49:f2:83:97:66:14:ea:4a:95:72:de:
         ab:96:a4:dd:eb:b0:47:d1:04:07:48:57:ee:aa:55:fb:4f:1d:
         f3:d5:34:16:8d:5c:07:44:b6:55:fe:1b:52:e9:5e:c3:2c:ba:
         c5:7e:36:9f:d6:2d:cc:3f:0b:00:3e:4b:22:22:4f:01:82:2e:
         61:78:15:9f:33:45:54:90:f4:a3:00:89:01:95:ca:18:e5:a4:
         e7:53:bf:ff:55:42:2e:e1:cc:14:bb:0f:ef:c8:79:4e:cf:41:
         2f:95:19:e2:d1:32:05:fa:5c:f9:ea:3c:fe:36:45:2d:a0:bb:
         c9:bf:82:f3
-----BEGIN CERTIFICATE-----
MIIHJDCCBgygAwIBAgIUSVI9RT22266f2kEzxnouGsH44dkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU1MTRaFw0yMjA5MzAwMDAwMTRaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQkVGREI0ODYzNUUzQjJGMTMy
MzY2NUJFRDUxNDEyNjBGRkQ4REMyMjdCQ0M3REIzNjJCMjRCMjAyMTZGRkZBMTg3
N0U4NTRGRjEzRTBBRDI4RDUxMDY3MzJCMEIyNjgxMUNFQjIyQTU0NUQ5NTY1RjI4
MDc5MDFDOTQ2ODRDRkI5REFBQjI0RUU3MEFENDc0NzIwQjVGQjhBNkZEM0Y2N0NB
OUFDMEQ5MjU3QUM3QkM2MkEyNDVBMTExM0NDMzcwOEE3MzEwOUUzOTk3QTI3NDU3
MTA1Njc3QkM5NDVGODEwQkQxMDM0QjBGM0I0RkJEODkwOTA0RTBEODlBNUNFMTNE
REFEMjU0RjMwQzg1MEFFMzQwNjE0RDc5MEYwMzVFODBGOERCNjRBQ0FFQjBBODE3
MTk3QkEyMDVBRTdENTA5QjYwRkJDQ0Q0NUY2RDFFRTU3RjlBNjdGNDgwRkNENzdD
MTU3OTM5NDBCNTlDRjRBQTBGNDAwRkQ3N0IyMEFBNzk1NEZDNTZBRjhEN0EzODlC
MzhEMUMxNDdBNzJGNjFERTRDNzUxNzA1MjFGNjk1Q0M2MzVFNEEzRDlDN0RDQjU0
RDc0NTY0ODUxMzNFOEI4NTI1RTE2NjRCMEYxMTFBQUI3M0VFOERFQTk2NjJFNzJE
MTc0MTZCRkQ1MUFFMUQwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAvv20hjXjsvEyNmW+1RQSYP/Y3CJ7zH2zYrJLICFv/6GHfoVP8T4K
0o1RBnMrCyaBHOsipUXZVl8oB5AclGhM+52qsk7nCtR0cgtfuKb9P2fKmsDZJXrH
vGKiRaERPMNwinMQnjmXonRXEFZ3vJRfgQvRA0sPO0+9iQkE4NiaXOE92tJU8wyF
CuNAYU15DwNegPjbZKyusKgXGXuiBa59UJtg+8zUX20e5X+aZ/SA/Nd8FXk5QLWc
9KoPQA/XeyCqeVT8Vq+NejibONHBR6cvYd5MdRcFIfaVzGNeSj2cfctU10VkhRM+
i4Ul4WZLDxEaq3PujeqWYuctF0Fr/VGuHQIDAQABo4ICMjCCAi4wHQYDVR0OBBYE
FMbsJ7Xerquy1if8OaEYm379PY9AMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGiBggrBgEFBQcB
CwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MTMxMzcyZTMxMzAzMjJlMzkzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzcz
NDM1MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBAB1ZlwwDQYJKoZIhvcNAQELBQADggEBAEd5/UqsiD33
YFmvTKN0V5nqZMzak6Ly4+AMQCTkgiDcwdKLPUSqCTCJYb1LA8q8w1F7+20bJkYz
q7mwtrkK8wgoZImr6DXeN4CDj4R7vcFLiTGLvqTB5fMc6EuEOmkn3mpl6ZDgWKIF
attoS/ZsSU7qCZE3jwuA+9/DO50aozyzajVCFCtJ8oOXZhTqSpVy3quWpN3rsEfR
BAdIV+6qVftPHfPVNBaNXAdEtlX+G1LpXsMsusV+Np/WLcw/CwA+SyIiTwGCLmF4
FZ8zRVSQ9KMAiQGVyhjlpOdTv/9VQi7hzBS7D+/IeU7PQS+VGeLRMgX6XPnqPP42
RS2gu8m/gvM=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:13:44 2023 by rpki-client on console-fra.rpki-client.org