Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a32303a3a2f34382d3438203d3e203137343531.roa
File:                     323430343a383030303a32303a3a2f34382d3438203d3e203137343531.roa (raw, json)
Hash identifier:          q7VJzGP4Q5F6FoBEOl5mHF8qpgHQhXFbmzX3hQTmrd0=
Subject key identifier:   4D:97:6D:1E:A9:B1:A6:C4:3C:63:1E:52:49:13:31:3E:D9:79:DD:34
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       49EFE885989213ABCB6D7405F536A54008AE30F8
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a32303a3a2f34382d3438203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:00:24 +0000
ROA not before:           Wed 29 Sep 2021 23:55:24 +0000
ROA not after:            Fri 30 Sep 2022 00:00:24 +0000
asID:                     17451
IP address blocks:        2404:8000:20::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:ef:e8:85:98:92:13:ab:cb:6d:74:05:f5:36:a5:40:08:ae:30:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:55:24 2021 GMT
            Not After : Sep 30 00:00:24 2022 GMT
        Subject: CN=3082010A0282010100FE39B735B8B605D625EBB93623D82C9F9533278B56CE4031015D74D73B7ACB0F9273EB4C2B9831915FC982810885E4CADBE02AE7542750C26B16F64A2E63F9F6213C71A33C34FC87338865110346AAD749E0BED8496E6AC24CE0C3195D9BAEF9EDE4DA65AC1CC22674DE78CC1EDD073BF9971EEAE237E666975711B9C2BE08DD03F134C694937663A50C1EE8F9B8DAA8E9EC4E768854BAD73047C8A304D9B12DB02966F37CCF204F7C6BD0F0A14B4CBB373AA59B3F24F06C8B1B21928128D05769AFD532082B4520E3D5B53F43A4E6A59C64B8AAE6C127E451AB2CC698FE9E69142CB0588DA63018F413252504DCE4B17BAE01DB85F8A7B660D4B9494D276A730203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fe:39:b7:35:b8:b6:05:d6:25:eb:b9:36:23:d8:
                    2c:9f:95:33:27:8b:56:ce:40:31:01:5d:74:d7:3b:
                    7a:cb:0f:92:73:eb:4c:2b:98:31:91:5f:c9:82:81:
                    08:85:e4:ca:db:e0:2a:e7:54:27:50:c2:6b:16:f6:
                    4a:2e:63:f9:f6:21:3c:71:a3:3c:34:fc:87:33:88:
                    65:11:03:46:aa:d7:49:e0:be:d8:49:6e:6a:c2:4c:
                    e0:c3:19:5d:9b:ae:f9:ed:e4:da:65:ac:1c:c2:26:
                    74:de:78:cc:1e:dd:07:3b:f9:97:1e:ea:e2:37:e6:
                    66:97:57:11:b9:c2:be:08:dd:03:f1:34:c6:94:93:
                    76:63:a5:0c:1e:e8:f9:b8:da:a8:e9:ec:4e:76:88:
                    54:ba:d7:30:47:c8:a3:04:d9:b1:2d:b0:29:66:f3:
                    7c:cf:20:4f:7c:6b:d0:f0:a1:4b:4c:bb:37:3a:a5:
                    9b:3f:24:f0:6c:8b:1b:21:92:81:28:d0:57:69:af:
                    d5:32:08:2b:45:20:e3:d5:b5:3f:43:a4:e6:a5:9c:
                    64:b8:aa:e6:c1:27:e4:51:ab:2c:c6:98:fe:9e:69:
                    14:2c:b0:58:8d:a6:30:18:f4:13:25:25:04:dc:e4:
                    b1:7b:ae:01:db:85:f8:a7:b6:60:d4:b9:49:4d:27:
                    6a:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:97:6D:1E:A9:B1:A6:C4:3C:63:1E:52:49:13:31:3E:D9:79:DD:34
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a32303a3a2f34382d3438203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2404:8000:20::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:12:53:a7:f0:d9:4c:dd:1a:5b:9c:d2:50:79:d0:ab:cd:32:
         3d:1f:4a:8d:80:0d:67:00:ec:87:f8:59:c1:8f:3b:08:26:8a:
         84:2c:7d:50:b2:d4:62:d7:41:05:a2:81:b6:e6:e7:92:d7:3f:
         ea:15:5a:7e:85:3c:e1:1b:57:f5:5d:8a:7d:4c:12:1c:29:55:
         5f:09:b5:27:0a:73:a9:96:19:95:ed:83:95:5b:a2:51:66:29:
         4a:33:a5:de:58:86:c5:94:96:22:a8:47:6c:7a:56:1b:4e:6f:
         49:ef:94:3a:fb:1a:55:b0:8a:7e:7d:0f:81:c2:3e:53:72:d7:
         40:73:95:8e:c1:b0:e7:e9:ad:05:07:93:8a:da:e6:c1:e5:e5:
         ae:2a:4e:05:8e:c0:ac:da:52:32:a4:2c:5b:e4:28:f8:ca:71:
         2a:2e:eb:36:a3:d2:84:51:e9:16:19:b4:9d:c8:9a:66:14:2c:
         af:3a:de:bb:c3:b6:f1:db:ba:9c:98:b5:0b:25:49:07:84:95:
         13:17:4f:5b:84:50:8b:9b:3b:87:33:e7:ff:7a:7d:25:1c:ff:
         de:ea:ef:15:f8:2d:58:fa:b7:fd:be:6a:7c:ee:5a:15:28:d1:
         ff:56:61:a3:fe:de:99:5c:f3:a2:d9:d5:fc:a5:7e:fc:0b:c4:
         6f:a6:16:bb
-----BEGIN CERTIFICATE-----
MIIHKzCCBhOgAwIBAgIUSe/ohZiSE6vLbXQF9TalQAiuMPgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU1MjRaFw0yMjA5MzAwMDAwMjRaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwRkUzOUI3MzVCOEI2MDVENjI1
RUJCOTM2MjNEODJDOUY5NTMzMjc4QjU2Q0U0MDMxMDE1RDc0RDczQjdBQ0IwRjky
NzNFQjRDMkI5ODMxOTE1RkM5ODI4MTA4ODVFNENBREJFMDJBRTc1NDI3NTBDMjZC
MTZGNjRBMkU2M0Y5RjYyMTNDNzFBMzNDMzRGQzg3MzM4ODY1MTEwMzQ2QUFENzQ5
RTBCRUQ4NDk2RTZBQzI0Q0UwQzMxOTVEOUJBRUY5RURFNERBNjVBQzFDQzIyNjc0
REU3OENDMUVERDA3M0JGOTk3MUVFQUUyMzdFNjY2OTc1NzExQjlDMkJFMDhERDAz
RjEzNEM2OTQ5Mzc2NjNBNTBDMUVFOEY5QjhEQUE4RTlFQzRFNzY4ODU0QkFENzMw
NDdDOEEzMDREOUIxMkRCMDI5NjZGMzdDQ0YyMDRGN0M2QkQwRjBBMTRCNENCQjM3
M0FBNTlCM0YyNEYwNkM4QjFCMjE5MjgxMjhEMDU3NjlBRkQ1MzIwODJCNDUyMEUz
RDVCNTNGNDNBNEU2QTU5QzY0QjhBQUU2QzEyN0U0NTFBQjJDQzY5OEZFOUU2OTE0
MkNCMDU4OERBNjMwMThGNDEzMjUyNTA0RENFNEIxN0JBRTAxREI4NUY4QTdCNjYw
RDRCOTQ5NEQyNzZBNzMwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA/jm3Nbi2BdYl67k2I9gsn5UzJ4tWzkAxAV101zt6yw+Sc+tMK5gx
kV/JgoEIheTK2+Aq51QnUMJrFvZKLmP59iE8caM8NPyHM4hlEQNGqtdJ4L7YSW5q
wkzgwxldm6757eTaZawcwiZ03njMHt0HO/mXHuriN+Zml1cRucK+CN0D8TTGlJN2
Y6UMHuj5uNqo6exOdohUutcwR8ijBNmxLbApZvN8zyBPfGvQ8KFLTLs3OqWbPyTw
bIsbIZKBKNBXaa/VMggrRSDj1bU/Q6TmpZxkuKrmwSfkUassxpj+nmkULLBYjaYw
GPQTJSUE3OSxe64B24X4p7Zg1LlJTSdqcwIDAQABo4ICOTCCAjUwHQYDVR0OBBYE
FE2XbR6psabEPGMeUkkTMT7Zed00MB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGmBggrBgEFBQcB
CwSBmTCBljCBkwYIKwYBBQUHMAuGgYZyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MjM0MzAzNDNhMzgzMDMwMzAzYTMyMzAzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAz
MTM3MzQzNTMxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAJASAAAAgMA0GCSqGSIb3DQEBCwUAA4IBAQAV
ElOn8NlM3RpbnNJQedCrzTI9H0qNgA1nAOyH+FnBjzsIJoqELH1QstRi10EFooG2
5ueS1z/qFVp+hTzhG1f1XYp9TBIcKVVfCbUnCnOplhmV7YOVW6JRZilKM6XeWIbF
lJYiqEdselYbTm9J75Q6+xpVsIp+fQ+Bwj5TctdAc5WOwbDn6a0FB5OK2ubB5eWu
Kk4FjsCs2lIypCxb5Cj4ynEqLus2o9KEUekWGbSdyJpmFCyvOt67w7bx27qcmLUL
JUkHhJUTF09bhFCLmzuHM+f/en0lHP/e6u8V+C1Y+rf9vmp87loVKNH/VmGj/t6Z
XPOi2dX8pX78C8Rvpha7
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:13:46 2023 by rpki-client on console-fra.rpki-client.org