Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230322e3136392e36312e302f32342d3234203d3e203137343531.roa
File:                     3230322e3136392e36312e302f32342d3234203d3e203137343531.roa (raw, json)
Hash identifier:          IK3MenxUQHUAEg7U3cDb3cOB0u82RaLJ8RWw0jN49ok=
Subject key identifier:   77:6B:B9:3F:B1:B3:77:DE:68:AD:5C:A3:3B:E8:C8:F3:DC:25:42:19
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       249B9EE5DBEC60658AB4E466967DAE96DB24EA10
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230322e3136392e36312e302f32342d3234203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:00:54 +0000
ROA not before:           Wed 29 Sep 2021 23:55:54 +0000
ROA not after:            Fri 30 Sep 2022 00:00:54 +0000
asID:                     17451
IP address blocks:        202.169.61.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:9b:9e:e5:db:ec:60:65:8a:b4:e4:66:96:7d:ae:96:db:24:ea:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:55:54 2021 GMT
            Not After : Sep 30 00:00:54 2022 GMT
        Subject: CN=3082010A0282010100B95DDBAF8A480167F1DF09F8F0D2124A6356A42DF66D8E3D3B2F117A3E9DB4FB95EC4F2FB2D16A4E6107C12F43B206BFE28A2E5DBFAF140DF54E731C3A79589CA1BC34EE054ED5C6693E25923422CAFFD92B77DE43BD11A23B0B4C907606541371C4CD15AE775870C09EB24642A376C906353351C427502C9F6BD0EF519CAA7C381E9E048F17980C3CDC3EA9890DC3381D09D7565604949F1B96ACB722458CE8A3B93103850590BD5806CF56E8067A6DF8C56114649BF718A6C55D7D21F55D55DBCEAE34B15BBA88D9E317EAED959AB9703DA8A67ECFE571E5D556389C0895088DD1CB3CFBFA630FC817535FF9C50212FC6492BFE1599A70FFB5E64D368278E10203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:5d:db:af:8a:48:01:67:f1:df:09:f8:f0:d2:
                    12:4a:63:56:a4:2d:f6:6d:8e:3d:3b:2f:11:7a:3e:
                    9d:b4:fb:95:ec:4f:2f:b2:d1:6a:4e:61:07:c1:2f:
                    43:b2:06:bf:e2:8a:2e:5d:bf:af:14:0d:f5:4e:73:
                    1c:3a:79:58:9c:a1:bc:34:ee:05:4e:d5:c6:69:3e:
                    25:92:34:22:ca:ff:d9:2b:77:de:43:bd:11:a2:3b:
                    0b:4c:90:76:06:54:13:71:c4:cd:15:ae:77:58:70:
                    c0:9e:b2:46:42:a3:76:c9:06:35:33:51:c4:27:50:
                    2c:9f:6b:d0:ef:51:9c:aa:7c:38:1e:9e:04:8f:17:
                    98:0c:3c:dc:3e:a9:89:0d:c3:38:1d:09:d7:56:56:
                    04:94:9f:1b:96:ac:b7:22:45:8c:e8:a3:b9:31:03:
                    85:05:90:bd:58:06:cf:56:e8:06:7a:6d:f8:c5:61:
                    14:64:9b:f7:18:a6:c5:5d:7d:21:f5:5d:55:db:ce:
                    ae:34:b1:5b:ba:88:d9:e3:17:ea:ed:95:9a:b9:70:
                    3d:a8:a6:7e:cf:e5:71:e5:d5:56:38:9c:08:95:08:
                    8d:d1:cb:3c:fb:fa:63:0f:c8:17:53:5f:f9:c5:02:
                    12:fc:64:92:bf:e1:59:9a:70:ff:b5:e6:4d:36:82:
                    78:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:6B:B9:3F:B1:B3:77:DE:68:AD:5C:A3:3B:E8:C8:F3:DC:25:42:19
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230322e3136392e36312e302f32342d3234203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.169.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:06:38:8d:02:dc:55:64:dd:e7:47:0f:6f:e9:40:40:88:4e:
         3a:55:bc:81:e6:09:52:95:ed:e6:9f:ea:a8:21:f5:db:db:64:
         3c:16:ab:59:ca:f7:7a:0a:eb:7b:ef:0c:01:20:5d:07:f6:30:
         aa:7b:72:44:3c:3d:99:0e:dc:58:28:16:2e:14:37:af:5e:0d:
         25:51:fd:2f:3f:a4:38:c4:bf:11:fc:e0:55:22:72:f4:6f:f4:
         9a:a0:47:5d:96:1e:bb:4e:9d:02:9d:03:fc:e9:13:c3:2f:bd:
         96:5a:dd:a1:29:aa:74:6a:aa:c2:e9:f9:b6:5e:73:44:73:8d:
         19:f3:20:eb:a8:6c:34:2f:d0:08:de:44:4e:5c:58:59:3c:be:
         05:fe:57:d6:ca:a8:35:c9:23:7c:5c:d4:50:59:66:47:b1:84:
         3b:ef:49:8c:10:71:56:d4:ae:c5:68:35:aa:3e:7e:da:d8:d1:
         79:f7:d4:a3:2e:56:84:c6:7d:63:de:9f:eb:4c:22:e2:12:ad:
         5b:7c:63:7c:00:4d:54:d4:d7:ef:f3:a7:d2:66:38:da:4a:3c:
         42:8a:4f:80:42:7b:e0:3d:85:18:49:41:f1:9a:da:fb:cd:72:
         ea:5d:22:12:53:7d:78:98:c7:64:ee:bf:bf:ae:98:43:47:53:
         22:94:45:96
-----BEGIN CERTIFICATE-----
MIIHJDCCBgygAwIBAgIUJJue5dvsYGWKtORmln2ultsk6hAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU1NTRaFw0yMjA5MzAwMDAwNTRaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQjk1RERCQUY4QTQ4MDE2N0Yx
REYwOUY4RjBEMjEyNEE2MzU2QTQyREY2NkQ4RTNEM0IyRjExN0EzRTlEQjRGQjk1
RUM0RjJGQjJEMTZBNEU2MTA3QzEyRjQzQjIwNkJGRTI4QTJFNURCRkFGMTQwREY1
NEU3MzFDM0E3OTU4OUNBMUJDMzRFRTA1NEVENUM2NjkzRTI1OTIzNDIyQ0FGRkQ5
MkI3N0RFNDNCRDExQTIzQjBCNEM5MDc2MDY1NDEzNzFDNENEMTVBRTc3NTg3MEMw
OUVCMjQ2NDJBMzc2QzkwNjM1MzM1MUM0Mjc1MDJDOUY2QkQwRUY1MTlDQUE3QzM4
MUU5RTA0OEYxNzk4MEMzQ0RDM0VBOTg5MERDMzM4MUQwOUQ3NTY1NjA0OTQ5RjFC
OTZBQ0I3MjI0NThDRThBM0I5MzEwMzg1MDU5MEJENTgwNkNGNTZFODA2N0E2REY4
QzU2MTE0NjQ5QkY3MThBNkM1NUQ3RDIxRjU1RDU1REJDRUFFMzRCMTVCQkE4OEQ5
RTMxN0VBRUQ5NTlBQjk3MDNEQThBNjdFQ0ZFNTcxRTVENTU2Mzg5QzA4OTUwODhE
RDFDQjNDRkJGQTYzMEZDODE3NTM1RkY5QzUwMjEyRkM2NDkyQkZFMTU5OUE3MEZG
QjVFNjREMzY4Mjc4RTEwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAuV3br4pIAWfx3wn48NISSmNWpC32bY49Oy8Rej6dtPuV7E8vstFq
TmEHwS9Dsga/4oouXb+vFA31TnMcOnlYnKG8NO4FTtXGaT4lkjQiyv/ZK3feQ70R
ojsLTJB2BlQTccTNFa53WHDAnrJGQqN2yQY1M1HEJ1Asn2vQ71Gcqnw4Hp4EjxeY
DDzcPqmJDcM4HQnXVlYElJ8blqy3IkWM6KO5MQOFBZC9WAbPVugGem34xWEUZJv3
GKbFXX0h9V1V286uNLFbuojZ4xfq7ZWauXA9qKZ+z+Vx5dVWOJwIlQiN0cs8+/pj
D8gXU1/5xQIS/GSSv+FZmnD/teZNNoJ44QIDAQABo4ICMjCCAi4wHQYDVR0OBBYE
FHdruT+xs3feaK1cozvoyPPcJUIZMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGiBggrBgEFBQcB
CwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MjMwMzIyZTMxMzYzOTJlMzYzMTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzcz
NDM1MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBADKqT0wDQYJKoZIhvcNAQELBQADggEBAHIGOI0C3FVk
3edHD2/pQECITjpVvIHmCVKV7eaf6qgh9dvbZDwWq1nK93oK63vvDAEgXQf2MKp7
ckQ8PZkO3FgoFi4UN69eDSVR/S8/pDjEvxH84FUicvRv9JqgR12WHrtOnQKdA/zp
E8MvvZZa3aEpqnRqqsLp+bZec0RzjRnzIOuobDQv0AjeRE5cWFk8vgX+V9bKqDXJ
I3xc1FBZZkexhDvvSYwQcVbUrsVoNao+ftrY0Xn31KMuVoTGfWPen+tMIuISrVt8
Y3wATVTU1+/zp9JmONpKPEKKT4BCe+A9hRhJQfGa2vvNcupdIhJTfXiYx2Tuv7+u
mENHUyKURZY=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:14:01 2023 by rpki-client on console-ams.rpki-client.org