Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230332e3134322e37302e302f32342d3234203d3e203137343531.roa
File:                     3230332e3134322e37302e302f32342d3234203d3e203137343531.roa (raw, json)
Hash identifier:          iY0DTVbYL/Ksot4xb0Ny9fRtbkNf1BaT3aJjhL9pKNE=
Subject key identifier:   D5:67:31:C2:08:CC:24:9A:9C:89:D6:DD:72:FA:48:9A:ED:A2:F4:53
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       0ACEA25BFB7B117401A0F35541A111851F028E44
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230332e3134322e37302e302f32342d3234203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:01:10 +0000
ROA not before:           Wed 29 Sep 2021 23:56:10 +0000
ROA not after:            Fri 30 Sep 2022 00:01:10 +0000
asID:                     17451
IP address blocks:        203.142.70.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:ce:a2:5b:fb:7b:11:74:01:a0:f3:55:41:a1:11:85:1f:02:8e:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:56:10 2021 GMT
            Not After : Sep 30 00:01:10 2022 GMT
        Subject: CN=3082010A0282010100D2199119FBFBD80D2A9B8B1C94AEB0E0CFAE4E126BE42D90F76D3EE844A4C1F623B5834C079F61E4202194300A67895AFEE5E87E2ADB8377F89BBAB3C4E175105A69421E88E4909500EED445E67FA9F9F629058A504A6EA8BC0E7960AC8398AC42447A51DFC45C300DC4817D47406523BBE55B2C00A6998C7F35CBF64F022FF7EF17371F30AEAA3A6634F947B16116BC88937406DF34AF192C0BA569AB85F00D93D89D4BB3DAA9D7278D8FFDC1F05F1F5AA35A320A12FBA4C3BB7D323B42A4261F27B6352077868AB3CC652729EFA581BF224AA2EB6FC742D00ECA78E6DB9E4DF7E39582A6BC8DCBF0B7DFA4733A23D4E6E7A0B38C24A6F17EFA5754FCA1B7FB0203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:19:91:19:fb:fb:d8:0d:2a:9b:8b:1c:94:ae:
                    b0:e0:cf:ae:4e:12:6b:e4:2d:90:f7:6d:3e:e8:44:
                    a4:c1:f6:23:b5:83:4c:07:9f:61:e4:20:21:94:30:
                    0a:67:89:5a:fe:e5:e8:7e:2a:db:83:77:f8:9b:ba:
                    b3:c4:e1:75:10:5a:69:42:1e:88:e4:90:95:00:ee:
                    d4:45:e6:7f:a9:f9:f6:29:05:8a:50:4a:6e:a8:bc:
                    0e:79:60:ac:83:98:ac:42:44:7a:51:df:c4:5c:30:
                    0d:c4:81:7d:47:40:65:23:bb:e5:5b:2c:00:a6:99:
                    8c:7f:35:cb:f6:4f:02:2f:f7:ef:17:37:1f:30:ae:
                    aa:3a:66:34:f9:47:b1:61:16:bc:88:93:74:06:df:
                    34:af:19:2c:0b:a5:69:ab:85:f0:0d:93:d8:9d:4b:
                    b3:da:a9:d7:27:8d:8f:fd:c1:f0:5f:1f:5a:a3:5a:
                    32:0a:12:fb:a4:c3:bb:7d:32:3b:42:a4:26:1f:27:
                    b6:35:20:77:86:8a:b3:cc:65:27:29:ef:a5:81:bf:
                    22:4a:a2:eb:6f:c7:42:d0:0e:ca:78:e6:db:9e:4d:
                    f7:e3:95:82:a6:bc:8d:cb:f0:b7:df:a4:73:3a:23:
                    d4:e6:e7:a0:b3:8c:24:a6:f1:7e:fa:57:54:fc:a1:
                    b7:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:67:31:C2:08:CC:24:9A:9C:89:D6:DD:72:FA:48:9A:ED:A2:F4:53
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230332e3134322e37302e302f32342d3234203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.142.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:9c:48:94:69:e8:43:a2:e1:cb:27:bf:b7:fc:fe:84:95:55:
         97:00:ef:69:d8:cd:a8:4d:19:8f:60:92:f1:f9:3a:13:58:7a:
         27:7f:84:5e:93:f8:4a:61:32:b4:0c:80:38:15:4b:d5:f1:11:
         fe:08:58:49:7b:40:a9:d4:a6:59:d9:fa:d5:df:f2:9b:ed:cd:
         93:86:20:09:c2:0d:60:e8:01:8e:8c:b5:e8:9e:61:32:81:e2:
         b1:cb:3c:bc:4a:50:a4:ef:07:a6:07:2a:e4:42:f6:05:92:81:
         81:29:99:c3:c9:31:82:98:b1:46:43:b4:44:87:15:a8:29:3d:
         b0:3c:c0:4d:51:13:4f:20:a5:be:6e:eb:4b:fd:00:4e:cc:5c:
         69:4c:a2:67:4a:42:c9:d7:19:c5:8c:07:ce:51:65:ac:a1:a0:
         57:9d:38:24:4b:a7:b3:b9:2e:5b:76:11:33:7b:f8:a5:96:49:
         4b:21:d1:eb:e8:15:71:70:4d:d3:95:ca:df:59:e8:e7:c8:79:
         6d:c3:b4:5d:79:a1:b0:c5:0b:1f:38:fc:dd:ba:fa:e8:70:e4:
         0c:21:00:3d:28:56:79:ff:68:da:eb:d8:f1:65:b9:e8:9d:d8:
         05:f0:fc:61:ae:2b:b7:e6:ca:0a:88:ae:ea:23:13:97:64:dd:
         96:60:6a:86
-----BEGIN CERTIFICATE-----
MIIHJDCCBgygAwIBAgIUCs6iW/t7EXQBoPNVQaERhR8CjkQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU2MTBaFw0yMjA5MzAwMDAxMTBaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwRDIxOTkxMTlGQkZCRDgwRDJB
OUI4QjFDOTRBRUIwRTBDRkFFNEUxMjZCRTQyRDkwRjc2RDNFRTg0NEE0QzFGNjIz
QjU4MzRDMDc5RjYxRTQyMDIxOTQzMDBBNjc4OTVBRkVFNUU4N0UyQURCODM3N0Y4
OUJCQUIzQzRFMTc1MTA1QTY5NDIxRTg4RTQ5MDk1MDBFRUQ0NDVFNjdGQTlGOUY2
MjkwNThBNTA0QTZFQThCQzBFNzk2MEFDODM5OEFDNDI0NDdBNTFERkM0NUMzMDBE
QzQ4MTdENDc0MDY1MjNCQkU1NUIyQzAwQTY5OThDN0YzNUNCRjY0RjAyMkZGN0VG
MTczNzFGMzBBRUFBM0E2NjM0Rjk0N0IxNjExNkJDODg5Mzc0MDZERjM0QUYxOTJD
MEJBNTY5QUI4NUYwMEQ5M0Q4OUQ0QkIzREFBOUQ3Mjc4RDhGRkRDMUYwNUYxRjVB
QTM1QTMyMEExMkZCQTRDM0JCN0QzMjNCNDJBNDI2MUYyN0I2MzUyMDc3ODY4QUIz
Q0M2NTI3MjlFRkE1ODFCRjIyNEFBMkVCNkZDNzQyRDAwRUNBNzhFNkRCOUU0REY3
RTM5NTgyQTZCQzhEQ0JGMEI3REZBNDczM0EyM0Q0RTZFN0EwQjM4QzI0QTZGMTdF
RkE1NzU0RkNBMUI3RkIwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA0hmRGfv72A0qm4sclK6w4M+uThJr5C2Q920+6ESkwfYjtYNMB59h
5CAhlDAKZ4la/uXofirbg3f4m7qzxOF1EFppQh6I5JCVAO7UReZ/qfn2KQWKUEpu
qLwOeWCsg5isQkR6Ud/EXDANxIF9R0BlI7vlWywAppmMfzXL9k8CL/fvFzcfMK6q
OmY0+UexYRa8iJN0Bt80rxksC6Vpq4XwDZPYnUuz2qnXJ42P/cHwXx9ao1oyChL7
pMO7fTI7QqQmHye2NSB3hoqzzGUnKe+lgb8iSqLrb8dC0A7KeObbnk3345WCpryN
y/C336RzOiPU5uegs4wkpvF++ldU/KG3+wIDAQABo4ICMjCCAi4wHQYDVR0OBBYE
FNVnMcIIzCSanInW3XL6SJrtovRTMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGiBggrBgEFBQcB
CwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MjMwMzMyZTMxMzQzMjJlMzczMDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzcz
NDM1MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBADLjkYwDQYJKoZIhvcNAQELBQADggEBAGucSJRp6EOi
4csnv7f8/oSVVZcA72nYzahNGY9gkvH5OhNYeid/hF6T+EphMrQMgDgVS9XxEf4I
WEl7QKnUplnZ+tXf8pvtzZOGIAnCDWDoAY6MteieYTKB4rHLPLxKUKTvB6YHKuRC
9gWSgYEpmcPJMYKYsUZDtESHFagpPbA8wE1RE08gpb5u60v9AE7MXGlMomdKQsnX
GcWMB85RZayhoFedOCRLp7O5Llt2ETN7+KWWSUsh0evoFXFwTdOVyt9Z6OfIeW3D
tF15obDFCx84/N26+uhw5AwhAD0oVnn/aNrr2PFlueid2AXw/GGuK7fmygqIruoj
E5dk3ZZgaoY=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:14:01 2023 by rpki-client on console-ams.rpki-client.org