Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230332e3134322e38352e302f32342d3234203d3e203137343531.roa
File:                     3230332e3134322e38352e302f32342d3234203d3e203137343531.roa (raw, json)
Hash identifier:          3LOQ0XKZGs1eBe0xUj+zQB5li7q4TTWlfQ7B9Lv125c=
Subject key identifier:   0C:45:D5:6E:AB:CB:39:20:E6:DE:9A:B1:55:BA:FA:54:68:4B:88:3A
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       667AB8F69A56468641F4088E1067E17B743366C3
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230332e3134322e38352e302f32342d3234203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:00:53 +0000
ROA not before:           Wed 29 Sep 2021 23:55:53 +0000
ROA not after:            Fri 30 Sep 2022 00:00:53 +0000
asID:                     17451
IP address blocks:        203.142.85.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:7a:b8:f6:9a:56:46:86:41:f4:08:8e:10:67:e1:7b:74:33:66:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:55:53 2021 GMT
            Not After : Sep 30 00:00:53 2022 GMT
        Subject: CN=3082010A0282010100DE99927502D14779FA09A6EBEA76E21B7FB73F159E024C9910CAE3B1D859F26E211DEF2DE8364C052F390587977D0B7B0E84904DEFB161E1FF6589E1D7255B71302E51F0D0CFB2A9A053EA5CF241436F273EBC86F8A64D405D8A34BB1830EBC6448AC671292C6FE17F3061E8F03E538C3742D5393C6205BAD060C204BA3117841982C309FB7B48EB8ECC467D52DE5F52E1B8A5EB868A7F9454CE089042B10A007602FB593542B52DEFBCFD87FE12A3E0E96CE20499C839FBB047343391BC6DF785287EE081E55A78F643BC9A53EEC879486C7F5F5C27D2E42596D640030927E91C8BEAC560237B5D1A3666B62EF51B238001D1A1E92A094020F1050CAF6957EB0203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:99:92:75:02:d1:47:79:fa:09:a6:eb:ea:76:
                    e2:1b:7f:b7:3f:15:9e:02:4c:99:10:ca:e3:b1:d8:
                    59:f2:6e:21:1d:ef:2d:e8:36:4c:05:2f:39:05:87:
                    97:7d:0b:7b:0e:84:90:4d:ef:b1:61:e1:ff:65:89:
                    e1:d7:25:5b:71:30:2e:51:f0:d0:cf:b2:a9:a0:53:
                    ea:5c:f2:41:43:6f:27:3e:bc:86:f8:a6:4d:40:5d:
                    8a:34:bb:18:30:eb:c6:44:8a:c6:71:29:2c:6f:e1:
                    7f:30:61:e8:f0:3e:53:8c:37:42:d5:39:3c:62:05:
                    ba:d0:60:c2:04:ba:31:17:84:19:82:c3:09:fb:7b:
                    48:eb:8e:cc:46:7d:52:de:5f:52:e1:b8:a5:eb:86:
                    8a:7f:94:54:ce:08:90:42:b1:0a:00:76:02:fb:59:
                    35:42:b5:2d:ef:bc:fd:87:fe:12:a3:e0:e9:6c:e2:
                    04:99:c8:39:fb:b0:47:34:33:91:bc:6d:f7:85:28:
                    7e:e0:81:e5:5a:78:f6:43:bc:9a:53:ee:c8:79:48:
                    6c:7f:5f:5c:27:d2:e4:25:96:d6:40:03:09:27:e9:
                    1c:8b:ea:c5:60:23:7b:5d:1a:36:66:b6:2e:f5:1b:
                    23:80:01:d1:a1:e9:2a:09:40:20:f1:05:0c:af:69:
                    57:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:45:D5:6E:AB:CB:39:20:E6:DE:9A:B1:55:BA:FA:54:68:4B:88:3A
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230332e3134322e38352e302f32342d3234203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.142.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:a3:56:c0:ed:e4:29:5b:ad:29:8b:cb:21:be:ba:2b:bc:a2:
         0d:4e:eb:7d:f8:03:05:5f:d9:5b:2b:14:5d:7b:19:2d:44:c3:
         61:45:20:c8:8d:04:35:b4:f0:8e:29:8a:23:2f:02:48:04:61:
         e6:2e:4e:e0:fc:21:1f:9d:d6:b1:13:77:3e:d8:ad:26:dc:3c:
         59:70:53:06:44:4c:6f:68:9b:62:15:29:57:5f:6c:ce:0c:1a:
         e3:1e:db:1a:68:a6:27:a2:5c:81:aa:c7:07:28:6b:d5:3e:07:
         38:99:b8:82:56:74:00:ad:7b:25:3c:0a:28:39:c9:d7:c6:0d:
         9a:49:ec:1e:f9:c7:43:95:af:cd:b4:49:6e:05:7f:a2:94:48:
         0b:57:2d:bf:5e:81:7b:66:9e:36:56:ff:a4:e9:5c:72:f4:8c:
         03:46:5f:5e:74:e2:65:10:d8:af:fe:18:0f:1a:ed:7f:7c:bc:
         1e:07:e1:11:31:42:3f:1c:ee:c9:77:31:7c:e8:a5:3f:8b:91:
         b0:9f:09:84:ed:2c:64:93:1b:19:7f:31:54:2d:c5:99:d0:63:
         ca:63:c0:23:8e:74:1f:e5:10:f7:fd:e9:69:48:da:6b:f3:d0:
         4e:4d:4a:f9:f4:a2:29:44:c3:89:1a:a2:9b:af:67:d3:05:3e:
         2c:15:24:78
-----BEGIN CERTIFICATE-----
MIIHJDCCBgygAwIBAgIUZnq49ppWRoZB9AiOEGfhe3QzZsMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU1NTNaFw0yMjA5MzAwMDAwNTNaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwREU5OTkyNzUwMkQxNDc3OUZB
MDlBNkVCRUE3NkUyMUI3RkI3M0YxNTlFMDI0Qzk5MTBDQUUzQjFEODU5RjI2RTIx
MURFRjJERTgzNjRDMDUyRjM5MDU4Nzk3N0QwQjdCMEU4NDkwNERFRkIxNjFFMUZG
NjU4OUUxRDcyNTVCNzEzMDJFNTFGMEQwQ0ZCMkE5QTA1M0VBNUNGMjQxNDM2RjI3
M0VCQzg2RjhBNjRENDA1RDhBMzRCQjE4MzBFQkM2NDQ4QUM2NzEyOTJDNkZFMTdG
MzA2MUU4RjAzRTUzOEMzNzQyRDUzOTNDNjIwNUJBRDA2MEMyMDRCQTMxMTc4NDE5
ODJDMzA5RkI3QjQ4RUI4RUNDNDY3RDUyREU1RjUyRTFCOEE1RUI4NjhBN0Y5NDU0
Q0UwODkwNDJCMTBBMDA3NjAyRkI1OTM1NDJCNTJERUZCQ0ZEODdGRTEyQTNFMEU5
NkNFMjA0OTlDODM5RkJCMDQ3MzQzMzkxQkM2REY3ODUyODdFRTA4MUU1NUE3OEY2
NDNCQzlBNTNFRUM4Nzk0ODZDN0Y1RjVDMjdEMkU0MjU5NkQ2NDAwMzA5MjdFOTFD
OEJFQUM1NjAyMzdCNUQxQTM2NjZCNjJFRjUxQjIzODAwMUQxQTFFOTJBMDk0MDIw
RjEwNTBDQUY2OTU3RUIwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA3pmSdQLRR3n6Cabr6nbiG3+3PxWeAkyZEMrjsdhZ8m4hHe8t6DZM
BS85BYeXfQt7DoSQTe+xYeH/ZYnh1yVbcTAuUfDQz7KpoFPqXPJBQ28nPryG+KZN
QF2KNLsYMOvGRIrGcSksb+F/MGHo8D5TjDdC1Tk8YgW60GDCBLoxF4QZgsMJ+3tI
647MRn1S3l9S4bil64aKf5RUzgiQQrEKAHYC+1k1QrUt77z9h/4So+DpbOIEmcg5
+7BHNDORvG33hSh+4IHlWnj2Q7yaU+7IeUhsf19cJ9LkJZbWQAMJJ+kci+rFYCN7
XRo2ZrYu9RsjgAHRoekqCUAg8QUMr2lX6wIDAQABo4ICMjCCAi4wHQYDVR0OBBYE
FAxF1W6ryzkg5t6asVW6+lRoS4g6MB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGiBggrBgEFBQcB
CwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MjMwMzMyZTMxMzQzMjJlMzgzNTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzcz
NDM1MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBADLjlUwDQYJKoZIhvcNAQELBQADggEBAE+jVsDt5Clb
rSmLyyG+uiu8og1O6334AwVf2VsrFF17GS1Ew2FFIMiNBDW08I4piiMvAkgEYeYu
TuD8IR+d1rETdz7YrSbcPFlwUwZETG9om2IVKVdfbM4MGuMe2xpopieiXIGqxwco
a9U+BziZuIJWdACteyU8Cig5ydfGDZpJ7B75x0OVr820SW4Ff6KUSAtXLb9egXtm
njZW/6TpXHL0jANGX1504mUQ2K/+GA8a7X98vB4H4RExQj8c7sl3MXzopT+LkbCf
CYTtLGSTGxl/MVQtxZnQY8pjwCOOdB/lEPf96WlI2mvz0E5NSvn0oilEw4kaopuv
Z9MFPiwVJHg=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:14:01 2023 by rpki-client on console-ams.rpki-client.org