Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230332e3134322e38302e302f32312d3231203d3e203137343531.roa
File:                     3230332e3134322e38302e302f32312d3231203d3e203137343531.roa (raw, json)
Hash identifier:          w/rmvT63iGYlhem0DleAf8SCGJnh/A/OdEZDEfxP+y8=
Subject key identifier:   3B:97:6E:96:18:0F:EF:7D:71:78:4E:1F:8B:CA:08:65:85:E0:28:1D
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       507D3F91C68EBBE0E5A38FAFE09ED29D63C7F033
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230332e3134322e38302e302f32312d3231203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:00:49 +0000
ROA not before:           Wed 29 Sep 2021 23:55:49 +0000
ROA not after:            Fri 30 Sep 2022 00:00:49 +0000
asID:                     17451
IP address blocks:        203.142.80.0/21 maxlen: 21

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:7d:3f:91:c6:8e:bb:e0:e5:a3:8f:af:e0:9e:d2:9d:63:c7:f0:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:55:49 2021 GMT
            Not After : Sep 30 00:00:49 2022 GMT
        Subject: CN=3082010A0282010100BC7E43206B0F40BAA74D58B30AF8D5F5E8D9E91A425854768B04A9C85533C730CEE148C06F24AF28C3E119F68355E6627CB97F287A3384B4AE2858A512DB2D7A6925E97B1FFF44AC2B733C43E56DB3D06513D71C7CDAD9F14DCBA3BE053E9276B37FFBACB6609C1C1DEDD81286A2BAEE851D18E84D02CA45FFDF58A773E8E3BB4A78420577DBF3C580445DA5C301328F7E8D1E0DA1EB4034C37730DD5894FEBFD0977716D9E90CE68A8FD062E0D9BB29CA3EF044874838CB8ECE0ED35430B2CF9F2EE4AC06255E958DC342B544030CB2C6FD694EBCB3B86D07C098312405B84F70A9E4922020D4AAE85CBC59E7EBCA5373EDE5DF830392AA34679A6DF3A620C50203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:7e:43:20:6b:0f:40:ba:a7:4d:58:b3:0a:f8:
                    d5:f5:e8:d9:e9:1a:42:58:54:76:8b:04:a9:c8:55:
                    33:c7:30:ce:e1:48:c0:6f:24:af:28:c3:e1:19:f6:
                    83:55:e6:62:7c:b9:7f:28:7a:33:84:b4:ae:28:58:
                    a5:12:db:2d:7a:69:25:e9:7b:1f:ff:44:ac:2b:73:
                    3c:43:e5:6d:b3:d0:65:13:d7:1c:7c:da:d9:f1:4d:
                    cb:a3:be:05:3e:92:76:b3:7f:fb:ac:b6:60:9c:1c:
                    1d:ed:d8:12:86:a2:ba:ee:85:1d:18:e8:4d:02:ca:
                    45:ff:df:58:a7:73:e8:e3:bb:4a:78:42:05:77:db:
                    f3:c5:80:44:5d:a5:c3:01:32:8f:7e:8d:1e:0d:a1:
                    eb:40:34:c3:77:30:dd:58:94:fe:bf:d0:97:77:16:
                    d9:e9:0c:e6:8a:8f:d0:62:e0:d9:bb:29:ca:3e:f0:
                    44:87:48:38:cb:8e:ce:0e:d3:54:30:b2:cf:9f:2e:
                    e4:ac:06:25:5e:95:8d:c3:42:b5:44:03:0c:b2:c6:
                    fd:69:4e:bc:b3:b8:6d:07:c0:98:31:24:05:b8:4f:
                    70:a9:e4:92:20:20:d4:aa:e8:5c:bc:59:e7:eb:ca:
                    53:73:ed:e5:df:83:03:92:aa:34:67:9a:6d:f3:a6:
                    20:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:97:6E:96:18:0F:EF:7D:71:78:4E:1F:8B:CA:08:65:85:E0:28:1D
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230332e3134322e38302e302f32312d3231203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.142.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         72:b5:07:93:b1:5d:91:63:e6:bc:ed:8a:3b:9d:f9:f5:ff:f0:
         6e:fa:8a:f1:11:73:c8:24:ca:89:36:60:9e:3e:50:50:b2:7a:
         7e:47:0f:74:47:53:38:84:4d:9f:1b:34:e6:f3:72:e4:f9:29:
         1a:eb:e6:c0:23:44:25:8c:32:7f:a6:bb:d9:df:f9:9c:4b:07:
         ba:1f:d9:ae:03:2a:f6:79:c0:01:39:e0:6a:30:42:cb:8e:f4:
         48:52:eb:07:c2:99:71:ba:2f:2e:5b:a8:a8:d8:5d:0c:4e:5a:
         6e:97:ff:d7:97:5d:8c:06:f1:3f:64:73:3e:d1:58:9a:e4:59:
         b7:46:cd:c1:c3:bf:9c:9f:30:07:a0:a9:83:a5:a3:ce:34:e1:
         42:d7:a8:46:b0:92:95:63:e3:9d:9a:f4:47:35:71:5e:a7:fe:
         5f:72:57:07:24:61:eb:ed:4a:8d:fe:23:6b:dd:c1:a4:7e:ad:
         e5:be:9c:c5:c5:ae:b3:1f:b4:5c:ff:87:df:da:4a:87:c2:b9:
         14:c9:21:b3:fa:79:ef:28:5a:fa:d6:16:4c:48:fa:b0:07:3e:
         5e:ec:f7:8d:4b:26:78:c9:b5:69:d6:a6:74:0c:24:31:db:9a:
         49:00:9e:98:f7:bb:8b:31:b6:f6:2d:ab:f4:ce:ad:54:1b:61:
         76:9e:e7:4f
-----BEGIN CERTIFICATE-----
MIIHJDCCBgygAwIBAgIUUH0/kcaOu+Dlo4+v4J7SnWPH8DMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU1NDlaFw0yMjA5MzAwMDAwNDlaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQkM3RTQzMjA2QjBGNDBCQUE3
NEQ1OEIzMEFGOEQ1RjVFOEQ5RTkxQTQyNTg1NDc2OEIwNEE5Qzg1NTMzQzczMENF
RTE0OEMwNkYyNEFGMjhDM0UxMTlGNjgzNTVFNjYyN0NCOTdGMjg3QTMzODRCNEFF
Mjg1OEE1MTJEQjJEN0E2OTI1RTk3QjFGRkY0NEFDMkI3MzNDNDNFNTZEQjNEMDY1
MTNENzFDN0NEQUQ5RjE0RENCQTNCRTA1M0U5Mjc2QjM3RkZCQUNCNjYwOUMxQzFE
RUREODEyODZBMkJBRUU4NTFEMThFODREMDJDQTQ1RkZERjU4QTc3M0U4RTNCQjRB
Nzg0MjA1NzdEQkYzQzU4MDQ0NURBNUMzMDEzMjhGN0U4RDFFMERBMUVCNDAzNEMz
NzczMERENTg5NEZFQkZEMDk3NzcxNkQ5RTkwQ0U2OEE4RkQwNjJFMEQ5QkIyOUNB
M0VGMDQ0ODc0ODM4Q0I4RUNFMEVEMzU0MzBCMkNGOUYyRUU0QUMwNjI1NUU5NThE
QzM0MkI1NDQwMzBDQjJDNkZENjk0RUJDQjNCODZEMDdDMDk4MzEyNDA1Qjg0Rjcw
QTlFNDkyMjAyMEQ0QUFFODVDQkM1OUU3RUJDQTUzNzNFREU1REY4MzAzOTJBQTM0
Njc5QTZERjNBNjIwQzUwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAvH5DIGsPQLqnTVizCvjV9ejZ6RpCWFR2iwSpyFUzxzDO4UjAbySv
KMPhGfaDVeZifLl/KHozhLSuKFilEtstemkl6Xsf/0SsK3M8Q+Vts9BlE9ccfNrZ
8U3Lo74FPpJ2s3/7rLZgnBwd7dgShqK67oUdGOhNAspF/99Yp3Po47tKeEIFd9vz
xYBEXaXDATKPfo0eDaHrQDTDdzDdWJT+v9CXdxbZ6Qzmio/QYuDZuynKPvBEh0g4
y47ODtNUMLLPny7krAYlXpWNw0K1RAMMssb9aU68s7htB8CYMSQFuE9wqeSSICDU
quhcvFnn68pTc+3l34MDkqo0Z5pt86YgxQIDAQABo4ICMjCCAi4wHQYDVR0OBBYE
FDuXbpYYD+99cXhOH4vKCGWF4CgdMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGiBggrBgEFBQcB
CwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MjMwMzMyZTMxMzQzMjJlMzgzMDJlMzAyZjMyMzEyZDMyMzEyMDNkM2UyMDMxMzcz
NDM1MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBAPLjlAwDQYJKoZIhvcNAQELBQADggEBAHK1B5OxXZFj
5rztijud+fX/8G76ivERc8gkyok2YJ4+UFCyen5HD3RHUziETZ8bNObzcuT5KRrr
5sAjRCWMMn+mu9nf+ZxLB7of2a4DKvZ5wAE54GowQsuO9EhS6wfCmXG6Ly5bqKjY
XQxOWm6X/9eXXYwG8T9kcz7RWJrkWbdGzcHDv5yfMAegqYOlo8404ULXqEawkpVj
452a9Ec1cV6n/l9yVwckYevtSo3+I2vdwaR+reW+nMXFrrMftFz/h9/aSofCuRTJ
IbP6ee8oWvrWFkxI+rAHPl7s941LJnjJtWnWpnQMJDHbmkkAnpj3u4sxtvYtq/TO
rVQbYXae508=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:14:01 2023 by rpki-client on console-ams.rpki-client.org