Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230322e3136392e33322e302f32342d3234203d3e203137343531.roa
File:                     3230322e3136392e33322e302f32342d3234203d3e203137343531.roa (raw, json)
Hash identifier:          m2t+XPH31O3NkJSZpugm1Vn2PZbHvwZVG5MuQHGHG+g=
Subject key identifier:   96:1E:C4:04:97:74:57:04:88:B7:63:10:62:ED:82:B9:94:66:7F:77
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       28FBD2C112D8BB3A2C20D4F85ECC25A4E602CC18
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230322e3136392e33322e302f32342d3234203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:00:56 +0000
ROA not before:           Wed 29 Sep 2021 23:55:56 +0000
ROA not after:            Fri 30 Sep 2022 00:00:56 +0000
asID:                     17451
IP address blocks:        202.169.32.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:fb:d2:c1:12:d8:bb:3a:2c:20:d4:f8:5e:cc:25:a4:e6:02:cc:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:55:56 2021 GMT
            Not After : Sep 30 00:00:56 2022 GMT
        Subject: CN=3082010A0282010100983EACA971F42B8E47FE4D167DD3EB2401C3C58F44EC75A374245CADBABE468BB66358C31C261CAB8D27970F85E3824D2547F21AAB6818059FFD136D80808FAFE652B16F6ED54D854430F3D3EA8563CDA13C2ECBC497822FF3BC28F7AAD78697BD58944508651FC739EB094F5D2B411D34D8379EA9D3AD7F70CE65005E392D858899B147EFE22F8C999627C0BAFD8DDAF682BA6EEC63396966BFFF2DED41EEC32A68E1239EF80A56913C026218FE1FDEE4CA94D90C7ADDB2E7E8474C588CA903E1A2B577F5AA8CC9509C8A06622866CFCAD9EE8D395E8EBA8B872BF49C1BEF4598949CF16BAA989F1DBBC360419504C2A37B8C5D97C776B9584FC6F6CB9C51250203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:3e:ac:a9:71:f4:2b:8e:47:fe:4d:16:7d:d3:
                    eb:24:01:c3:c5:8f:44:ec:75:a3:74:24:5c:ad:ba:
                    be:46:8b:b6:63:58:c3:1c:26:1c:ab:8d:27:97:0f:
                    85:e3:82:4d:25:47:f2:1a:ab:68:18:05:9f:fd:13:
                    6d:80:80:8f:af:e6:52:b1:6f:6e:d5:4d:85:44:30:
                    f3:d3:ea:85:63:cd:a1:3c:2e:cb:c4:97:82:2f:f3:
                    bc:28:f7:aa:d7:86:97:bd:58:94:45:08:65:1f:c7:
                    39:eb:09:4f:5d:2b:41:1d:34:d8:37:9e:a9:d3:ad:
                    7f:70:ce:65:00:5e:39:2d:85:88:99:b1:47:ef:e2:
                    2f:8c:99:96:27:c0:ba:fd:8d:da:f6:82:ba:6e:ec:
                    63:39:69:66:bf:ff:2d:ed:41:ee:c3:2a:68:e1:23:
                    9e:f8:0a:56:91:3c:02:62:18:fe:1f:de:e4:ca:94:
                    d9:0c:7a:dd:b2:e7:e8:47:4c:58:8c:a9:03:e1:a2:
                    b5:77:f5:aa:8c:c9:50:9c:8a:06:62:28:66:cf:ca:
                    d9:ee:8d:39:5e:8e:ba:8b:87:2b:f4:9c:1b:ef:45:
                    98:94:9c:f1:6b:aa:98:9f:1d:bb:c3:60:41:95:04:
                    c2:a3:7b:8c:5d:97:c7:76:b9:58:4f:c6:f6:cb:9c:
                    51:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:1E:C4:04:97:74:57:04:88:B7:63:10:62:ED:82:B9:94:66:7F:77
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230322e3136392e33322e302f32342d3234203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.169.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:c5:cc:8d:6b:bd:b1:26:b7:d1:15:f5:c4:00:0f:d8:c7:ff:
         9a:13:21:52:d7:50:04:74:1a:78:6d:e3:3d:3e:91:77:e2:5e:
         ff:a3:2f:3d:0b:01:f6:de:21:69:69:73:b3:7f:97:4d:ab:a1:
         70:9d:77:b4:ce:85:c8:63:f2:81:40:ee:42:42:7f:f2:c6:d6:
         d7:2b:6f:1d:8e:0b:b0:41:55:a6:ac:52:4c:3f:84:77:96:a7:
         28:6e:84:c6:99:1c:a5:2e:c7:82:f3:f5:cf:44:84:92:f0:55:
         05:e0:33:ae:6b:30:26:80:a1:d2:c6:3e:43:07:e1:dc:9e:16:
         28:bb:0d:ca:27:eb:51:7f:f0:b4:65:b8:fd:61:80:75:52:6a:
         ad:6a:8d:d8:22:bf:32:c4:49:c5:62:dd:10:f2:95:eb:b6:cf:
         08:ea:49:b6:dc:ac:2f:d8:65:8d:9f:4d:65:58:68:c4:c3:76:
         94:bb:e1:74:57:a4:7e:ba:ba:31:2a:9e:a1:e2:81:9f:b1:f4:
         34:9b:b3:f7:4e:d8:98:29:3f:00:46:d2:80:1b:b2:5e:81:84:
         aa:e4:ed:23:87:e4:a1:69:c6:41:4f:b3:c4:3b:0e:5a:2a:c4:
         79:e9:47:b5:1c:8a:24:9d:0c:73:71:08:c0:2b:60:8e:ce:c8:
         68:6f:00:33
-----BEGIN CERTIFICATE-----
MIIHJDCCBgygAwIBAgIUKPvSwRLYuzosINT4XswlpOYCzBgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU1NTZaFw0yMjA5MzAwMDAwNTZaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwOTgzRUFDQTk3MUY0MkI4RTQ3
RkU0RDE2N0REM0VCMjQwMUMzQzU4RjQ0RUM3NUEzNzQyNDVDQURCQUJFNDY4QkI2
NjM1OEMzMUMyNjFDQUI4RDI3OTcwRjg1RTM4MjREMjU0N0YyMUFBQjY4MTgwNTlG
RkQxMzZEODA4MDhGQUZFNjUyQjE2RjZFRDU0RDg1NDQzMEYzRDNFQTg1NjNDREEx
M0MyRUNCQzQ5NzgyMkZGM0JDMjhGN0FBRDc4Njk3QkQ1ODk0NDUwODY1MUZDNzM5
RUIwOTRGNUQyQjQxMUQzNEQ4Mzc5RUE5RDNBRDdGNzBDRTY1MDA1RTM5MkQ4NTg4
OTlCMTQ3RUZFMjJGOEM5OTk2MjdDMEJBRkQ4RERBRjY4MkJBNkVFQzYzMzk2OTY2
QkZGRjJERUQ0MUVFQzMyQTY4RTEyMzlFRjgwQTU2OTEzQzAyNjIxOEZFMUZERUU0
Q0E5NEQ5MEM3QUREQjJFN0U4NDc0QzU4OENBOTAzRTFBMkI1NzdGNUFBOENDOTUw
OUM4QTA2NjIyODY2Q0ZDQUQ5RUU4RDM5NUU4RUJBOEI4NzJCRjQ5QzFCRUY0NTk4
OTQ5Q0YxNkJBQTk4OUYxREJCQzM2MDQxOTUwNEMyQTM3QjhDNUQ5N0M3NzZCOTU4
NEZDNkY2Q0I5QzUxMjUwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAmD6sqXH0K45H/k0WfdPrJAHDxY9E7HWjdCRcrbq+Rou2Y1jDHCYc
q40nlw+F44JNJUfyGqtoGAWf/RNtgICPr+ZSsW9u1U2FRDDz0+qFY82hPC7LxJeC
L/O8KPeq14aXvViURQhlH8c56wlPXStBHTTYN56p061/cM5lAF45LYWImbFH7+Iv
jJmWJ8C6/Y3a9oK6buxjOWlmv/8t7UHuwypo4SOe+ApWkTwCYhj+H97kypTZDHrd
sufoR0xYjKkD4aK1d/WqjMlQnIoGYihmz8rZ7o05Xo66i4cr9Jwb70WYlJzxa6qY
nx27w2BBlQTCo3uMXZfHdrlYT8b2y5xRJQIDAQABo4ICMjCCAi4wHQYDVR0OBBYE
FJYexASXdFcEiLdjEGLtgrmUZn93MB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGiBggrBgEFBQcB
CwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MjMwMzIyZTMxMzYzOTJlMzMzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzcz
NDM1MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBADKqSAwDQYJKoZIhvcNAQELBQADggEBACrFzI1rvbEm
t9EV9cQAD9jH/5oTIVLXUAR0Gnht4z0+kXfiXv+jLz0LAfbeIWlpc7N/l02roXCd
d7TOhchj8oFA7kJCf/LG1tcrbx2OC7BBVaasUkw/hHeWpyhuhMaZHKUux4Lz9c9E
hJLwVQXgM65rMCaAodLGPkMH4dyeFii7Dcon61F/8LRluP1hgHVSaq1qjdgivzLE
ScVi3RDyleu2zwjqSbbcrC/YZY2fTWVYaMTDdpS74XRXpH66ujEqnqHigZ+x9DSb
s/dO2JgpPwBG0oAbsl6BhKrk7SOH5KFpxkFPs8Q7DloqxHnpR7UciiSdDHNxCMAr
YI7OyGhvADM=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:13:45 2023 by rpki-client on console-fra.rpki-client.org