Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230322e3136392e35322e302f32342d3234203d3e203137343531.roa
File:                     3230322e3136392e35322e302f32342d3234203d3e203137343531.roa (raw, json)
Hash identifier:          AVwmTIiJd/x9TvNZ7IFmL+qcGuTNCptGaWojYFzuEiI=
Subject key identifier:   B6:E8:BA:63:7B:31:70:84:D3:CA:C6:D8:4A:2A:AA:FC:09:2E:79:0F
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       670F5B2896317089D227A5E97A927A01F75996F1
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230322e3136392e35322e302f32342d3234203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:01:12 +0000
ROA not before:           Wed 29 Sep 2021 23:56:12 +0000
ROA not after:            Fri 30 Sep 2022 00:01:12 +0000
asID:                     17451
IP address blocks:        202.169.52.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:0f:5b:28:96:31:70:89:d2:27:a5:e9:7a:92:7a:01:f7:59:96:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:56:12 2021 GMT
            Not After : Sep 30 00:01:12 2022 GMT
        Subject: CN=3082010A0282010100FAB6B522EDCB6042F3CB53C0E149FF401BE028F7BE0C96A1A3106ED1360DA51570D54B45D7DC1112EF3318163D8E359819CF769C9FC741309B66FC3E26186F2EE444E52AE01AE99EDF3CAE0A8DA8ED4ADF568CFFACB855C8F6FB0094D76C8D37B686B29A5B857667B3EEAE20F21DA32455B67770B24FA95BCAE6D4173FDE0F9E491729ED5F6246CADF7CCEDB37161BFC5C6444A230C31757D63D84F6E03FFE3F3555FBF60E9C5ABF96C04793D9AEC8BD534F651B8ED3A130C3A4D592C1329553850536F1E0A87C8E6BF496D054C06E80B264B5D9E539329BE462ACDAD98B4ADFAECE36070F97638A677EEB759FCAEE19C2B458DA79929DC389D3E67B18FDD1190203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:b6:b5:22:ed:cb:60:42:f3:cb:53:c0:e1:49:
                    ff:40:1b:e0:28:f7:be:0c:96:a1:a3:10:6e:d1:36:
                    0d:a5:15:70:d5:4b:45:d7:dc:11:12:ef:33:18:16:
                    3d:8e:35:98:19:cf:76:9c:9f:c7:41:30:9b:66:fc:
                    3e:26:18:6f:2e:e4:44:e5:2a:e0:1a:e9:9e:df:3c:
                    ae:0a:8d:a8:ed:4a:df:56:8c:ff:ac:b8:55:c8:f6:
                    fb:00:94:d7:6c:8d:37:b6:86:b2:9a:5b:85:76:67:
                    b3:ee:ae:20:f2:1d:a3:24:55:b6:77:70:b2:4f:a9:
                    5b:ca:e6:d4:17:3f:de:0f:9e:49:17:29:ed:5f:62:
                    46:ca:df:7c:ce:db:37:16:1b:fc:5c:64:44:a2:30:
                    c3:17:57:d6:3d:84:f6:e0:3f:fe:3f:35:55:fb:f6:
                    0e:9c:5a:bf:96:c0:47:93:d9:ae:c8:bd:53:4f:65:
                    1b:8e:d3:a1:30:c3:a4:d5:92:c1:32:95:53:85:05:
                    36:f1:e0:a8:7c:8e:6b:f4:96:d0:54:c0:6e:80:b2:
                    64:b5:d9:e5:39:32:9b:e4:62:ac:da:d9:8b:4a:df:
                    ae:ce:36:07:0f:97:63:8a:67:7e:eb:75:9f:ca:ee:
                    19:c2:b4:58:da:79:92:9d:c3:89:d3:e6:7b:18:fd:
                    d1:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:E8:BA:63:7B:31:70:84:D3:CA:C6:D8:4A:2A:AA:FC:09:2E:79:0F
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230322e3136392e35322e302f32342d3234203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.169.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:65:f1:a5:d0:47:02:5e:73:9a:18:54:c7:b2:f1:ec:b3:c0:
         43:99:ef:4b:0d:48:16:73:98:7e:3c:2c:79:76:a8:58:65:2c:
         53:50:8d:32:5f:36:ff:2d:04:b0:3f:43:98:15:f8:d7:db:6b:
         67:a5:a7:a1:3d:3f:5e:89:4d:35:0d:6a:e0:d7:6c:73:f8:d1:
         61:8d:3b:99:f3:30:89:8e:12:83:ca:f9:54:3e:5d:d8:ea:bb:
         e0:be:78:7f:c1:69:c1:2e:e7:fd:cd:15:1c:73:f7:77:89:db:
         75:c9:3a:a4:5d:13:2d:bc:10:d7:85:05:f7:70:61:7e:3c:d1:
         dd:ea:cb:20:3c:1e:7d:a3:fc:d1:d1:93:5c:c4:8f:6f:f1:be:
         6b:41:87:d6:e9:e0:21:4c:1c:0d:c0:4e:58:51:ec:d0:8e:49:
         37:15:c4:ec:cc:90:e9:8e:9b:1f:b4:55:ce:bf:02:2d:13:51:
         0a:f7:c4:bd:64:28:23:3b:bb:c2:cf:f2:fe:90:8b:c1:45:db:
         d0:0e:d5:46:be:f4:bd:86:1f:63:f5:5b:6b:8a:d8:01:89:b7:
         4b:5c:c6:58:22:8e:41:83:a7:32:5b:d0:02:00:26:71:67:f7:
         8f:20:6d:79:02:8f:fb:c7:1a:ac:f4:f5:f1:f2:36:a1:08:ef:
         23:21:da:c2
-----BEGIN CERTIFICATE-----
MIIHJDCCBgygAwIBAgIUZw9bKJYxcInSJ6XpepJ6AfdZlvEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU2MTJaFw0yMjA5MzAwMDAxMTJaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwRkFCNkI1MjJFRENCNjA0MkYz
Q0I1M0MwRTE0OUZGNDAxQkUwMjhGN0JFMEM5NkExQTMxMDZFRDEzNjBEQTUxNTcw
RDU0QjQ1RDdEQzExMTJFRjMzMTgxNjNEOEUzNTk4MTlDRjc2OUM5RkM3NDEzMDlC
NjZGQzNFMjYxODZGMkVFNDQ0RTUyQUUwMUFFOTlFREYzQ0FFMEE4REE4RUQ0QURG
NTY4Q0ZGQUNCODU1QzhGNkZCMDA5NEQ3NkM4RDM3QjY4NkIyOUE1Qjg1NzY2N0Iz
RUVBRTIwRjIxREEzMjQ1NUI2Nzc3MEIyNEZBOTVCQ0FFNkQ0MTczRkRFMEY5RTQ5
MTcyOUVENUY2MjQ2Q0FERjdDQ0VEQjM3MTYxQkZDNUM2NDQ0QTIzMEMzMTc1N0Q2
M0Q4NEY2RTAzRkZFM0YzNTU1RkJGNjBFOUM1QUJGOTZDMDQ3OTNEOUFFQzhCRDUz
NEY2NTFCOEVEM0ExMzBDM0E0RDU5MkMxMzI5NTUzODUwNTM2RjFFMEE4N0M4RTZC
RjQ5NkQwNTRDMDZFODBCMjY0QjVEOUU1MzkzMjlCRTQ2MkFDREFEOThCNEFERkFF
Q0UzNjA3MEY5NzYzOEE2NzdFRUI3NTlGQ0FFRTE5QzJCNDU4REE3OTkyOURDMzg5
RDNFNjdCMThGREQxMTkwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA+ra1Iu3LYELzy1PA4Un/QBvgKPe+DJahoxBu0TYNpRVw1UtF19wR
Eu8zGBY9jjWYGc92nJ/HQTCbZvw+JhhvLuRE5SrgGume3zyuCo2o7UrfVoz/rLhV
yPb7AJTXbI03toaymluFdmez7q4g8h2jJFW2d3CyT6lbyubUFz/eD55JFyntX2JG
yt98zts3Fhv8XGREojDDF1fWPYT24D/+PzVV+/YOnFq/lsBHk9muyL1TT2UbjtOh
MMOk1ZLBMpVThQU28eCofI5r9JbQVMBugLJktdnlOTKb5GKs2tmLSt+uzjYHD5dj
imd+63Wfyu4ZwrRY2nmSncOJ0+Z7GP3RGQIDAQABo4ICMjCCAi4wHQYDVR0OBBYE
FLboumN7MXCE08rG2EoqqvwJLnkPMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGiBggrBgEFBQcB
CwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MjMwMzIyZTMxMzYzOTJlMzUzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzcz
NDM1MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBADKqTQwDQYJKoZIhvcNAQELBQADggEBAFVl8aXQRwJe
c5oYVMey8eyzwEOZ70sNSBZzmH48LHl2qFhlLFNQjTJfNv8tBLA/Q5gV+Nfba2el
p6E9P16JTTUNauDXbHP40WGNO5nzMImOEoPK+VQ+Xdjqu+C+eH/BacEu5/3NFRxz
93eJ23XJOqRdEy28ENeFBfdwYX480d3qyyA8Hn2j/NHRk1zEj2/xvmtBh9bp4CFM
HA3ATlhR7NCOSTcVxOzMkOmOmx+0Vc6/Ai0TUQr3xL1kKCM7u8LP8v6Qi8FF29AO
1Ua+9L2GH2P1W2uK2AGJt0tcxlgijkGDpzJb0AIAJnFn948gbXkCj/vHGqz09fHy
NqEI7yMh2sI=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:13:46 2023 by rpki-client on console-fra.rpki-client.org