Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230332e3134322e37322e302f32342d3234203d3e203137343531.roa
File:                     3230332e3134322e37322e302f32342d3234203d3e203137343531.roa (raw, json)
Hash identifier:          1VMAHKsTB2ZqIxJCUsh90eIb1WZ8GQEuyAZLvOS9QHs=
Subject key identifier:   2F:A3:56:6C:4E:48:09:CF:0E:14:52:B1:AF:34:88:50:8C:D7:E3:94
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       4978D044AB32E52FCA97C0044C0C097DC71B0644
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230332e3134322e37322e302f32342d3234203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:00:13 +0000
ROA not before:           Wed 29 Sep 2021 23:55:13 +0000
ROA not after:            Fri 30 Sep 2022 00:00:13 +0000
asID:                     17451
IP address blocks:        203.142.72.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:78:d0:44:ab:32:e5:2f:ca:97:c0:04:4c:0c:09:7d:c7:1b:06:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:55:13 2021 GMT
            Not After : Sep 30 00:00:13 2022 GMT
        Subject: CN=3082010A0282010100C4E066C3EDC7A99451B6ACD578B2414C26CEB82F6A60EA1FF26E67EF48DDFFAB5872C24715F5D5A03A9439F91D01B0C36B1651AC44A3765967EFC8705435418B9EE811EDD81DF2D4125C91467A7089DC92B3D0C0A0AEC148EA2E7DE3DDB98BA5240C5F5F286986FD334A3D970E604C8EF936132C07854102A3ECD625D85E6A660F2D81093386CEFC64143776485D1E562A28AD16259944F07625C513EBEA75A33F2D3C443FB6DCFAF274FDA2E72F4C9133A44D0AD5EB12921A3CFDEDA93E5CAF02007ED39568B5FD53E50385C98D6BC25366935518AED5F60D4E5BC27793E724377C39C6427457AB69D469630C09B1B7C65E4AB827F6A7CE1A5149876032DF610203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e0:66:c3:ed:c7:a9:94:51:b6:ac:d5:78:b2:
                    41:4c:26:ce:b8:2f:6a:60:ea:1f:f2:6e:67:ef:48:
                    dd:ff:ab:58:72:c2:47:15:f5:d5:a0:3a:94:39:f9:
                    1d:01:b0:c3:6b:16:51:ac:44:a3:76:59:67:ef:c8:
                    70:54:35:41:8b:9e:e8:11:ed:d8:1d:f2:d4:12:5c:
                    91:46:7a:70:89:dc:92:b3:d0:c0:a0:ae:c1:48:ea:
                    2e:7d:e3:dd:b9:8b:a5:24:0c:5f:5f:28:69:86:fd:
                    33:4a:3d:97:0e:60:4c:8e:f9:36:13:2c:07:85:41:
                    02:a3:ec:d6:25:d8:5e:6a:66:0f:2d:81:09:33:86:
                    ce:fc:64:14:37:76:48:5d:1e:56:2a:28:ad:16:25:
                    99:44:f0:76:25:c5:13:eb:ea:75:a3:3f:2d:3c:44:
                    3f:b6:dc:fa:f2:74:fd:a2:e7:2f:4c:91:33:a4:4d:
                    0a:d5:eb:12:92:1a:3c:fd:ed:a9:3e:5c:af:02:00:
                    7e:d3:95:68:b5:fd:53:e5:03:85:c9:8d:6b:c2:53:
                    66:93:55:18:ae:d5:f6:0d:4e:5b:c2:77:93:e7:24:
                    37:7c:39:c6:42:74:57:ab:69:d4:69:63:0c:09:b1:
                    b7:c6:5e:4a:b8:27:f6:a7:ce:1a:51:49:87:60:32:
                    df:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:A3:56:6C:4E:48:09:CF:0E:14:52:B1:AF:34:88:50:8C:D7:E3:94
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230332e3134322e37322e302f32342d3234203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.142.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:4d:f5:fc:45:78:b7:db:90:2f:ab:53:be:78:7b:52:63:6f:
         5a:61:af:36:dd:2b:b0:ed:9e:dd:db:f9:20:8d:67:07:f8:f1:
         87:c6:7e:77:65:12:0b:97:3c:24:ca:40:3b:d0:21:a3:e5:c5:
         39:93:38:54:83:ba:b0:62:85:00:38:88:5c:85:d5:51:9b:a9:
         8b:a7:6e:8e:b1:1d:a7:ec:87:19:65:40:54:72:b3:db:ca:8d:
         86:71:90:2a:63:67:e2:3d:dd:92:1c:85:14:65:ea:67:bf:e1:
         b8:91:97:af:e7:a4:74:96:20:9c:f1:72:2e:c6:12:0c:c5:46:
         13:ce:18:bd:ef:c6:27:27:61:58:83:56:fd:40:d8:6e:ed:94:
         c6:20:74:3d:38:40:37:34:d5:e5:86:a6:de:03:89:e2:f9:b4:
         04:a7:12:64:7c:f5:34:0a:9a:4e:80:ed:42:cc:d0:c3:b3:a7:
         12:03:a1:f2:8f:a6:7e:59:27:7c:8b:aa:09:3f:3b:8e:e3:73:
         96:f8:aa:49:90:b9:6a:b1:0a:7f:11:6e:39:a1:27:eb:6b:5d:
         a4:26:22:81:de:02:43:81:75:88:15:a4:c1:e6:68:19:8e:69:
         0c:01:74:2f:6b:c8:02:86:c4:4a:eb:bd:91:76:36:42:45:71:
         0b:64:23:07
-----BEGIN CERTIFICATE-----
MIIHJDCCBgygAwIBAgIUSXjQRKsy5S/Kl8AETAwJfccbBkQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU1MTNaFw0yMjA5MzAwMDAwMTNaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQzRFMDY2QzNFREM3QTk5NDUx
QjZBQ0Q1NzhCMjQxNEMyNkNFQjgyRjZBNjBFQTFGRjI2RTY3RUY0OERERkZBQjU4
NzJDMjQ3MTVGNUQ1QTAzQTk0MzlGOTFEMDFCMEMzNkIxNjUxQUM0NEEzNzY1OTY3
RUZDODcwNTQzNTQxOEI5RUU4MTFFREQ4MURGMkQ0MTI1QzkxNDY3QTcwODlEQzky
QjNEMEMwQTBBRUMxNDhFQTJFN0RFM0REQjk4QkE1MjQwQzVGNUYyODY5ODZGRDMz
NEEzRDk3MEU2MDRDOEVGOTM2MTMyQzA3ODU0MTAyQTNFQ0Q2MjVEODVFNkE2NjBG
MkQ4MTA5MzM4NkNFRkM2NDE0Mzc3NjQ4NUQxRTU2MkEyOEFEMTYyNTk5NDRGMDc2
MjVDNTEzRUJFQTc1QTMzRjJEM0M0NDNGQjZEQ0ZBRjI3NEZEQTJFNzJGNEM5MTMz
QTQ0RDBBRDVFQjEyOTIxQTNDRkRFREE5M0U1Q0FGMDIwMDdFRDM5NTY4QjVGRDUz
RTUwMzg1Qzk4RDZCQzI1MzY2OTM1NTE4QUVENUY2MEQ0RTVCQzI3NzkzRTcyNDM3
N0MzOUM2NDI3NDU3QUI2OUQ0Njk2MzBDMDlCMUI3QzY1RTRBQjgyN0Y2QTdDRTFB
NTE0OTg3NjAzMkRGNjEwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAxOBmw+3HqZRRtqzVeLJBTCbOuC9qYOof8m5n70jd/6tYcsJHFfXV
oDqUOfkdAbDDaxZRrESjdlln78hwVDVBi57oEe3YHfLUElyRRnpwidySs9DAoK7B
SOoufePduYulJAxfXyhphv0zSj2XDmBMjvk2EywHhUECo+zWJdheamYPLYEJM4bO
/GQUN3ZIXR5WKiitFiWZRPB2JcUT6+p1oz8tPEQ/ttz68nT9oucvTJEzpE0K1esS
kho8/e2pPlyvAgB+05Votf1T5QOFyY1rwlNmk1UYrtX2DU5bwneT5yQ3fDnGQnRX
q2nUaWMMCbG3xl5KuCf2p84aUUmHYDLfYQIDAQABo4ICMjCCAi4wHQYDVR0OBBYE
FC+jVmxOSAnPDhRSsa80iFCM1+OUMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGiBggrBgEFBQcB
CwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MjMwMzMyZTMxMzQzMjJlMzczMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzcz
NDM1MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBADLjkgwDQYJKoZIhvcNAQELBQADggEBAKVN9fxFeLfb
kC+rU754e1Jjb1phrzbdK7Dtnt3b+SCNZwf48YfGfndlEguXPCTKQDvQIaPlxTmT
OFSDurBihQA4iFyF1VGbqYunbo6xHafshxllQFRys9vKjYZxkCpjZ+I93ZIchRRl
6me/4biRl6/npHSWIJzxci7GEgzFRhPOGL3vxicnYViDVv1A2G7tlMYgdD04QDc0
1eWGpt4DieL5tASnEmR89TQKmk6A7ULM0MOzpxIDofKPpn5ZJ3yLqgk/O47jc5b4
qkmQuWqxCn8RbjmhJ+trXaQmIoHeAkOBdYgVpMHmaBmOaQwBdC9ryAKGxErrvZF2
NkJFcQtkIwc=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:13:46 2023 by rpki-client on console-fra.rpki-client.org