Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a313030323a3a2f34382d3438203d3e203137343531.roa
File:                     323430343a383030303a313030323a3a2f34382d3438203d3e203137343531.roa (raw, json)
Hash identifier:          EtAc03FEX/nANmtjBMp3nRA2d5hRuMSKPiyUmKGj+xI=
Subject key identifier:   40:A1:06:D8:DB:C8:D1:FE:40:96:35:64:55:D0:B2:BA:C3:97:C9:49
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       0E9A52A8D7EA3BF690A6AC4BDCB35B687FA4E68A
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a313030323a3a2f34382d3438203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:00:17 +0000
ROA not before:           Wed 29 Sep 2021 23:55:17 +0000
ROA not after:            Fri 30 Sep 2022 00:00:17 +0000
asID:                     17451
IP address blocks:        2404:8000:1002::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:9a:52:a8:d7:ea:3b:f6:90:a6:ac:4b:dc:b3:5b:68:7f:a4:e6:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:55:17 2021 GMT
            Not After : Sep 30 00:00:17 2022 GMT
        Subject: CN=3082010A0282010100C1BED24D648AF75EE974986BF83D910AAE440979C1CE4158EE6DB749D908A51C83A622DD0706777CBEA0479590DA9B15D8096A96F39AA30921EF151CB7C5F6A3DA00524E20FC5AD81C43C81AA127175867E128711DF80E2C15B61198E12AE08589FD3912886D5ABAD1A0102627402A09142EE400A8DB7145CEF3E3A46031E5A5E448CC384A0A728CBA128992844E8F91736ABCEC45616C66A01AEAABD0A12C621148FAB28CA1B341E0D35D851F634C7AD3E2E3F86D08802A6BCF569E44923AD98EC1CC28F8BEF0B5C3870270D566B7D21F2D8E5E03A508618CF8DEBFFDC7E14AE4FC19E6B4CECF351FEEEDCFBE996DE28FABF04DE0B5702EDEE6D123128792150203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:be:d2:4d:64:8a:f7:5e:e9:74:98:6b:f8:3d:
                    91:0a:ae:44:09:79:c1:ce:41:58:ee:6d:b7:49:d9:
                    08:a5:1c:83:a6:22:dd:07:06:77:7c:be:a0:47:95:
                    90:da:9b:15:d8:09:6a:96:f3:9a:a3:09:21:ef:15:
                    1c:b7:c5:f6:a3:da:00:52:4e:20:fc:5a:d8:1c:43:
                    c8:1a:a1:27:17:58:67:e1:28:71:1d:f8:0e:2c:15:
                    b6:11:98:e1:2a:e0:85:89:fd:39:12:88:6d:5a:ba:
                    d1:a0:10:26:27:40:2a:09:14:2e:e4:00:a8:db:71:
                    45:ce:f3:e3:a4:60:31:e5:a5:e4:48:cc:38:4a:0a:
                    72:8c:ba:12:89:92:84:4e:8f:91:73:6a:bc:ec:45:
                    61:6c:66:a0:1a:ea:ab:d0:a1:2c:62:11:48:fa:b2:
                    8c:a1:b3:41:e0:d3:5d:85:1f:63:4c:7a:d3:e2:e3:
                    f8:6d:08:80:2a:6b:cf:56:9e:44:92:3a:d9:8e:c1:
                    cc:28:f8:be:f0:b5:c3:87:02:70:d5:66:b7:d2:1f:
                    2d:8e:5e:03:a5:08:61:8c:f8:de:bf:fd:c7:e1:4a:
                    e4:fc:19:e6:b4:ce:cf:35:1f:ee:ed:cf:be:99:6d:
                    e2:8f:ab:f0:4d:e0:b5:70:2e:de:e6:d1:23:12:87:
                    92:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:A1:06:D8:DB:C8:D1:FE:40:96:35:64:55:D0:B2:BA:C3:97:C9:49
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a313030323a3a2f34382d3438203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2404:8000:1002::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:6f:70:51:f3:4f:76:7c:49:ed:05:3c:b1:f4:90:7a:ab:72:
         93:62:53:9e:7e:86:b6:f5:3c:59:a6:d3:39:a8:bc:23:62:46:
         0b:ef:c7:75:e8:67:37:5b:0b:5b:79:81:2f:e9:92:84:b9:aa:
         0c:8c:14:90:fe:fe:b4:4f:0f:74:f1:9a:8e:62:bf:45:5c:9e:
         c9:cc:7c:e4:8a:80:1c:b0:bf:f6:80:ef:d5:c0:80:20:a3:83:
         13:c7:67:67:76:7d:29:cd:03:79:d7:a6:f3:40:c6:98:6e:03:
         db:ac:bf:bb:f4:a1:f0:d6:83:5e:c1:97:d3:5c:5f:b3:be:96:
         d8:15:1d:0e:47:d6:e4:9f:b0:92:f5:58:c6:5f:24:2d:df:7c:
         66:d4:86:57:16:ff:03:93:ce:23:48:02:bc:c7:da:e3:6b:56:
         bb:dd:8c:35:2f:ba:8b:63:de:77:8a:d6:69:7d:fc:fa:d3:92:
         24:1e:e7:9c:f3:f8:db:63:18:7b:72:23:d1:52:57:79:1c:20:
         2b:72:aa:d0:41:23:92:b1:86:49:2c:e2:27:e7:8d:19:09:0c:
         0e:f1:35:fa:02:44:6d:ff:22:36:33:a9:1a:ff:30:6d:62:15:
         17:05:8a:0e:aa:bf:eb:04:94:1d:71:b9:f2:42:a2:c0:b6:92:
         80:e4:c3:03
-----BEGIN CERTIFICATE-----
MIIHLzCCBhegAwIBAgIUDppSqNfqO/aQpqxL3LNbaH+k5oowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU1MTdaFw0yMjA5MzAwMDAwMTdaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQzFCRUQyNEQ2NDhBRjc1RUU5
NzQ5ODZCRjgzRDkxMEFBRTQ0MDk3OUMxQ0U0MTU4RUU2REI3NDlEOTA4QTUxQzgz
QTYyMkREMDcwNjc3N0NCRUEwNDc5NTkwREE5QjE1RDgwOTZBOTZGMzlBQTMwOTIx
RUYxNTFDQjdDNUY2QTNEQTAwNTI0RTIwRkM1QUQ4MUM0M0M4MUFBMTI3MTc1ODY3
RTEyODcxMURGODBFMkMxNUI2MTE5OEUxMkFFMDg1ODlGRDM5MTI4ODZENUFCQUQx
QTAxMDI2Mjc0MDJBMDkxNDJFRTQwMEE4REI3MTQ1Q0VGM0UzQTQ2MDMxRTVBNUU0
NDhDQzM4NEEwQTcyOENCQTEyODk5Mjg0NEU4RjkxNzM2QUJDRUM0NTYxNkM2NkEw
MUFFQUFCRDBBMTJDNjIxMTQ4RkFCMjhDQTFCMzQxRTBEMzVEODUxRjYzNEM3QUQz
RTJFM0Y4NkQwODgwMkE2QkNGNTY5RTQ0OTIzQUQ5OEVDMUNDMjhGOEJFRjBCNUMz
ODcwMjcwRDU2NkI3RDIxRjJEOEU1RTAzQTUwODYxOENGOERFQkZGREM3RTE0QUU0
RkMxOUU2QjRDRUNGMzUxRkVFRURDRkJFOTk2REUyOEZBQkYwNERFMEI1NzAyRURF
RTZEMTIzMTI4NzkyMTUwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAwb7STWSK917pdJhr+D2RCq5ECXnBzkFY7m23SdkIpRyDpiLdBwZ3
fL6gR5WQ2psV2AlqlvOaowkh7xUct8X2o9oAUk4g/FrYHEPIGqEnF1hn4ShxHfgO
LBW2EZjhKuCFif05EohtWrrRoBAmJ0AqCRQu5ACo23FFzvPjpGAx5aXkSMw4Sgpy
jLoSiZKETo+Rc2q87EVhbGagGuqr0KEsYhFI+rKMobNB4NNdhR9jTHrT4uP4bQiA
KmvPVp5EkjrZjsHMKPi+8LXDhwJw1Wa30h8tjl4DpQhhjPjev/3H4Urk/BnmtM7P
NR/u7c++mW3ij6vwTeC1cC7e5tEjEoeSFQIDAQABo4ICPTCCAjkwHQYDVR0OBBYE
FEChBtjbyNH+QJY1ZFXQsrrDl8lJMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGqBggrBgEFBQcB
CwSBnTCBmjCBlwYIKwYBBQUHMAuGgYpyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MjM0MzAzNDNhMzgzMDMwMzAzYTMxMzAzMDMyM2EzYTJmMzQzODJkMzQzODIwM2Qz
ZTIwMzEzNzM0MzUzMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggr
BgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACQEgAAQAjANBgkqhkiG9w0BAQsFAAOC
AQEAJG9wUfNPdnxJ7QU8sfSQeqtyk2JTnn6GtvU8WabTOai8I2JGC+/HdehnN1sL
W3mBL+mShLmqDIwUkP7+tE8PdPGajmK/RVyeycx85IqAHLC/9oDv1cCAIKODE8dn
Z3Z9Kc0Dedem80DGmG4D26y/u/Sh8NaDXsGX01xfs76W2BUdDkfW5J+wkvVYxl8k
Ld98ZtSGVxb/A5POI0gCvMfa42tWu92MNS+6i2Ped4rWaX38+tOSJB7nnPP422MY
e3Ij0VJXeRwgK3Kq0EEjkrGGSSziJ+eNGQkMDvE1+gJEbf8iNjOpGv8wbWIVFwWK
Dqq/6wSUHXG58kKiwLaSgOTDAw==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:14:01 2023 by rpki-client on console-ams.rpki-client.org