Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230322e3136392e35382e302f32342d3234203d3e203137343531.roa
File:                     3230322e3136392e35382e302f32342d3234203d3e203137343531.roa (raw, json)
Hash identifier:          6qIMfHTvOu7mpeV+K5KY9dOZojbWnALxTykov7SL3AM=
Subject key identifier:   B0:63:2F:C5:46:E6:2F:60:20:D2:EC:23:97:18:FE:02:91:18:59:3B
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       41D590AFC9177188C6718FD0AAEB6C88C58300F2
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230322e3136392e35382e302f32342d3234203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:01:17 +0000
ROA not before:           Wed 29 Sep 2021 23:56:17 +0000
ROA not after:            Fri 30 Sep 2022 00:01:17 +0000
asID:                     17451
IP address blocks:        202.169.58.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:d5:90:af:c9:17:71:88:c6:71:8f:d0:aa:eb:6c:88:c5:83:00:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:56:17 2021 GMT
            Not After : Sep 30 00:01:17 2022 GMT
        Subject: CN=3082010A0282010100D9B42A89B73BCB1A3F4BA86C4921BBDEAD8E20F55932A2E5DE67A4AE8447553310F8E8056EFD917AD01B7D474C4D08AC179CF93A78B140F16F72F77B1688B531FF8018F99B6B46A9FAF6C27B00660F9830BA0244FDD2C1FC2B55D527172FAAB4A49F896AE58826020C36A63CB6F33331148D15605959919B452B8527F7726BC640B032E9C62C5C7FFEBD19A941BCB3ADBC3402DBCD08B54BF9BC4F0537C808E2DF6E33EDFB82137F57E87A1DEE5091D1FA8FAE84701E925C56F19DB36CE1CE43C3E1394CEBC87B8F93E065BB9A89986E2D2F70F52FAA80FE8656ADC821D4EDAB82F1246FD1BF1B5499C4B0DF23210FEDE4BF8B779C88CD5D7AE9BC6FCE2344550203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:b4:2a:89:b7:3b:cb:1a:3f:4b:a8:6c:49:21:
                    bb:de:ad:8e:20:f5:59:32:a2:e5:de:67:a4:ae:84:
                    47:55:33:10:f8:e8:05:6e:fd:91:7a:d0:1b:7d:47:
                    4c:4d:08:ac:17:9c:f9:3a:78:b1:40:f1:6f:72:f7:
                    7b:16:88:b5:31:ff:80:18:f9:9b:6b:46:a9:fa:f6:
                    c2:7b:00:66:0f:98:30:ba:02:44:fd:d2:c1:fc:2b:
                    55:d5:27:17:2f:aa:b4:a4:9f:89:6a:e5:88:26:02:
                    0c:36:a6:3c:b6:f3:33:31:14:8d:15:60:59:59:91:
                    9b:45:2b:85:27:f7:72:6b:c6:40:b0:32:e9:c6:2c:
                    5c:7f:fe:bd:19:a9:41:bc:b3:ad:bc:34:02:db:cd:
                    08:b5:4b:f9:bc:4f:05:37:c8:08:e2:df:6e:33:ed:
                    fb:82:13:7f:57:e8:7a:1d:ee:50:91:d1:fa:8f:ae:
                    84:70:1e:92:5c:56:f1:9d:b3:6c:e1:ce:43:c3:e1:
                    39:4c:eb:c8:7b:8f:93:e0:65:bb:9a:89:98:6e:2d:
                    2f:70:f5:2f:aa:80:fe:86:56:ad:c8:21:d4:ed:ab:
                    82:f1:24:6f:d1:bf:1b:54:99:c4:b0:df:23:21:0f:
                    ed:e4:bf:8b:77:9c:88:cd:5d:7a:e9:bc:6f:ce:23:
                    44:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:63:2F:C5:46:E6:2F:60:20:D2:EC:23:97:18:FE:02:91:18:59:3B
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230322e3136392e35382e302f32342d3234203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.169.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:72:5a:b3:04:0e:16:a1:0e:74:02:48:6d:21:bc:16:7d:5a:
         ee:60:0d:90:f4:23:89:c8:5f:bc:e6:64:d2:7e:37:fc:ce:6c:
         65:08:5c:c0:0d:bd:cd:e4:b4:4b:a6:d8:51:d3:62:b0:95:16:
         e4:fb:46:bd:18:6a:e9:6e:b8:a4:18:c1:70:cf:89:b6:38:a8:
         da:dd:9e:c8:b9:f4:a1:2a:f9:52:48:8d:0a:b2:59:5f:2b:f7:
         50:02:ba:09:41:1c:03:8c:1c:e0:d9:92:6e:27:93:1a:d2:a2:
         20:11:a9:4d:69:ca:de:39:d2:f5:3b:91:8e:62:10:79:9f:56:
         4d:da:a4:f2:b0:06:b3:ee:a9:b2:30:a9:42:3f:d7:95:1b:45:
         c5:31:78:b0:f3:55:7f:59:a3:82:a0:cc:0a:80:0c:e1:55:ef:
         be:a1:dd:84:61:6a:b3:30:5a:ac:57:ca:8b:75:fc:87:59:1a:
         35:28:31:30:0d:ef:f7:ae:43:d6:1f:98:e1:7a:2f:d0:d9:61:
         88:4c:11:a0:14:d9:00:d1:f4:d7:e5:8d:de:91:86:5d:59:5c:
         46:62:41:80:eb:95:b3:92:8e:af:7b:39:0c:8a:79:00:82:88:
         c8:51:49:a8:59:40:dc:1f:97:9a:c3:26:5f:69:d7:9b:71:91:
         31:1c:27:b2
-----BEGIN CERTIFICATE-----
MIIHJDCCBgygAwIBAgIUQdWQr8kXcYjGcY/QqutsiMWDAPIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU2MTdaFw0yMjA5MzAwMDAxMTdaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwRDlCNDJBODlCNzNCQ0IxQTNG
NEJBODZDNDkyMUJCREVBRDhFMjBGNTU5MzJBMkU1REU2N0E0QUU4NDQ3NTUzMzEw
RjhFODA1NkVGRDkxN0FEMDFCN0Q0NzRDNEQwOEFDMTc5Q0Y5M0E3OEIxNDBGMTZG
NzJGNzdCMTY4OEI1MzFGRjgwMThGOTlCNkI0NkE5RkFGNkMyN0IwMDY2MEY5ODMw
QkEwMjQ0RkREMkMxRkMyQjU1RDUyNzE3MkZBQUI0QTQ5Rjg5NkFFNTg4MjYwMjBD
MzZBNjNDQjZGMzMzMzExNDhEMTU2MDU5NTk5MTlCNDUyQjg1MjdGNzcyNkJDNjQw
QjAzMkU5QzYyQzVDN0ZGRUJEMTlBOTQxQkNCM0FEQkMzNDAyREJDRDA4QjU0QkY5
QkM0RjA1MzdDODA4RTJERjZFMzNFREZCODIxMzdGNTdFODdBMURFRTUwOTFEMUZB
OEZBRTg0NzAxRTkyNUM1NkYxOURCMzZDRTFDRTQzQzNFMTM5NENFQkM4N0I4Rjkz
RTA2NUJCOUE4OTk4NkUyRDJGNzBGNTJGQUE4MEZFODY1NkFEQzgyMUQ0RURBQjgy
RjEyNDZGRDFCRjFCNTQ5OUM0QjBERjIzMjEwRkVERTRCRjhCNzc5Qzg4Q0Q1RDdB
RTlCQzZGQ0UyMzQ0NTUwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA2bQqibc7yxo/S6hsSSG73q2OIPVZMqLl3mekroRHVTMQ+OgFbv2R
etAbfUdMTQisF5z5OnixQPFvcvd7Foi1Mf+AGPmba0ap+vbCewBmD5gwugJE/dLB
/CtV1ScXL6q0pJ+JauWIJgIMNqY8tvMzMRSNFWBZWZGbRSuFJ/dya8ZAsDLpxixc
f/69GalBvLOtvDQC280ItUv5vE8FN8gI4t9uM+37ghN/V+h6He5QkdH6j66EcB6S
XFbxnbNs4c5Dw+E5TOvIe4+T4GW7momYbi0vcPUvqoD+hlatyCHU7auC8SRv0b8b
VJnEsN8jIQ/t5L+Ld5yIzV166bxvziNEVQIDAQABo4ICMjCCAi4wHQYDVR0OBBYE
FLBjL8VG5i9gINLsI5cY/gKRGFk7MB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGiBggrBgEFBQcB
CwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MjMwMzIyZTMxMzYzOTJlMzUzODJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzcz
NDM1MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBADKqTowDQYJKoZIhvcNAQELBQADggEBAH9yWrMEDhah
DnQCSG0hvBZ9Wu5gDZD0I4nIX7zmZNJ+N/zObGUIXMANvc3ktEum2FHTYrCVFuT7
Rr0YauluuKQYwXDPibY4qNrdnsi59KEq+VJIjQqyWV8r91ACuglBHAOMHODZkm4n
kxrSoiARqU1pyt450vU7kY5iEHmfVk3apPKwBrPuqbIwqUI/15UbRcUxeLDzVX9Z
o4KgzAqADOFV776h3YRharMwWqxXyot1/IdZGjUoMTAN7/euQ9YfmOF6L9DZYYhM
EaAU2QDR9Nfljd6Rhl1ZXEZiQYDrlbOSjq97OQyKeQCCiMhRSahZQNwfl5rDJl9p
15txkTEcJ7I=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:14:01 2023 by rpki-client on console-ams.rpki-client.org