Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a32333a3a2f34382d3438203d3e203137343531.roa
File:                     323430343a383030303a32333a3a2f34382d3438203d3e203137343531.roa (raw, json)
Hash identifier:          Cos1B8AQff/BzBuG9CWEQf0CCZJBZjw0PGqY2031NA0=
Subject key identifier:   E2:65:9D:F1:11:DC:FF:15:64:18:A0:E2:EE:6C:E8:A2:98:38:8A:6B
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       66D0312604C7965AEF376987BDD1AA9CCFE05FBE
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a32333a3a2f34382d3438203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:00:30 +0000
ROA not before:           Wed 29 Sep 2021 23:55:30 +0000
ROA not after:            Fri 30 Sep 2022 00:00:30 +0000
asID:                     17451
IP address blocks:        2404:8000:23::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:d0:31:26:04:c7:96:5a:ef:37:69:87:bd:d1:aa:9c:cf:e0:5f:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:55:30 2021 GMT
            Not After : Sep 30 00:00:30 2022 GMT
        Subject: CN=3082010A0282010100B86842DB8AE4C144D64BF82E60B583A18561E56CEBE6A03D06E9BC95DAA124139EB38054B281D61319338152EB5766350582DFAFE9C994647CCECA9E0A5B9E33F01C5C05192FF8A5FEE8017202BC62CAC16C584A58C01D4288A7060F632C9A46ECFC628B9702E378426B758D29F5825BEF7E60284B8674DEDCBFB291D53DD06DB86941D7BDBBAC1C3506256D14002EA28F746F6F49A26942FEE15E5AB89D1BB388D3A7E9AEF4159C15F0D3881102F650866D88A9F449AE3D235A80489510BCC7E43373D3FE697BB9418038B879E26D17C1819391A996D77C5AEFFD6F0579D5F85840811A45AF6D142B211543198407FFE664FB299D1D910A912A36F0EAB2ADEB0203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:68:42:db:8a:e4:c1:44:d6:4b:f8:2e:60:b5:
                    83:a1:85:61:e5:6c:eb:e6:a0:3d:06:e9:bc:95:da:
                    a1:24:13:9e:b3:80:54:b2:81:d6:13:19:33:81:52:
                    eb:57:66:35:05:82:df:af:e9:c9:94:64:7c:ce:ca:
                    9e:0a:5b:9e:33:f0:1c:5c:05:19:2f:f8:a5:fe:e8:
                    01:72:02:bc:62:ca:c1:6c:58:4a:58:c0:1d:42:88:
                    a7:06:0f:63:2c:9a:46:ec:fc:62:8b:97:02:e3:78:
                    42:6b:75:8d:29:f5:82:5b:ef:7e:60:28:4b:86:74:
                    de:dc:bf:b2:91:d5:3d:d0:6d:b8:69:41:d7:bd:bb:
                    ac:1c:35:06:25:6d:14:00:2e:a2:8f:74:6f:6f:49:
                    a2:69:42:fe:e1:5e:5a:b8:9d:1b:b3:88:d3:a7:e9:
                    ae:f4:15:9c:15:f0:d3:88:11:02:f6:50:86:6d:88:
                    a9:f4:49:ae:3d:23:5a:80:48:95:10:bc:c7:e4:33:
                    73:d3:fe:69:7b:b9:41:80:38:b8:79:e2:6d:17:c1:
                    81:93:91:a9:96:d7:7c:5a:ef:fd:6f:05:79:d5:f8:
                    58:40:81:1a:45:af:6d:14:2b:21:15:43:19:84:07:
                    ff:e6:64:fb:29:9d:1d:91:0a:91:2a:36:f0:ea:b2:
                    ad:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:65:9D:F1:11:DC:FF:15:64:18:A0:E2:EE:6C:E8:A2:98:38:8A:6B
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a32333a3a2f34382d3438203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2404:8000:23::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:02:53:93:57:53:98:42:a6:e0:fd:fd:fd:70:fa:0e:ff:95:
         24:61:f9:84:b5:7f:4c:6c:10:5a:d2:10:cb:48:eb:d7:ae:dd:
         5f:b1:a6:55:a8:86:bc:80:de:fd:f2:f6:44:f0:dd:bb:1f:4e:
         de:25:7d:d0:e2:79:a6:04:e5:e6:31:b4:60:b4:13:c3:55:5e:
         89:c8:64:66:32:f7:0e:88:c4:df:46:af:04:0e:63:8d:cd:e7:
         a5:51:ae:4c:14:01:bd:bc:8e:76:31:bc:f3:3b:63:a3:20:2f:
         58:85:b6:ad:40:b4:b3:eb:95:58:b5:53:21:9c:93:31:db:b7:
         cf:26:9b:67:7b:1c:ca:2a:e5:dc:0b:15:82:5e:1b:4f:bd:13:
         05:ed:a0:cc:51:bc:9a:bf:16:c3:2f:50:2f:6e:43:1b:62:e4:
         bf:36:1c:40:53:2f:ac:b2:a7:19:c8:01:ba:f2:f3:a8:51:13:
         59:50:96:34:46:99:14:03:31:3b:ef:b6:e4:33:e4:e8:39:30:
         9d:70:0c:54:bc:8c:a8:48:42:5c:12:14:45:eb:a8:ab:a7:80:
         7e:7b:62:9a:6c:c8:b8:43:83:85:51:69:3f:6a:bf:2d:29:a2:
         95:87:97:1d:1f:62:9c:68:b5:67:b8:03:c5:7f:e3:7d:ce:11:
         e4:06:42:ba
-----BEGIN CERTIFICATE-----
MIIHKzCCBhOgAwIBAgIUZtAxJgTHllrvN2mHvdGqnM/gX74wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU1MzBaFw0yMjA5MzAwMDAwMzBaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQjg2ODQyREI4QUU0QzE0NEQ2
NEJGODJFNjBCNTgzQTE4NTYxRTU2Q0VCRTZBMDNEMDZFOUJDOTVEQUExMjQxMzlF
QjM4MDU0QjI4MUQ2MTMxOTMzODE1MkVCNTc2NjM1MDU4MkRGQUZFOUM5OTQ2NDdD
Q0VDQTlFMEE1QjlFMzNGMDFDNUMwNTE5MkZGOEE1RkVFODAxNzIwMkJDNjJDQUMx
NkM1ODRBNThDMDFENDI4OEE3MDYwRjYzMkM5QTQ2RUNGQzYyOEI5NzAyRTM3ODQy
NkI3NThEMjlGNTgyNUJFRjdFNjAyODRCODY3NERFRENCRkIyOTFENTNERDA2REI4
Njk0MUQ3QkRCQkFDMUMzNTA2MjU2RDE0MDAyRUEyOEY3NDZGNkY0OUEyNjk0MkZF
RTE1RTVBQjg5RDFCQjM4OEQzQTdFOUFFRjQxNTlDMTVGMEQzODgxMTAyRjY1MDg2
NkQ4OEE5RjQ0OUFFM0QyMzVBODA0ODk1MTBCQ0M3RTQzMzczRDNGRTY5N0JCOTQx
ODAzOEI4NzlFMjZEMTdDMTgxOTM5MUE5OTZENzdDNUFFRkZENkYwNTc5RDVGODU4
NDA4MTFBNDVBRjZEMTQyQjIxMTU0MzE5ODQwN0ZGRTY2NEZCMjk5RDFEOTEwQTkx
MkEzNkYwRUFCMkFERUIwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAuGhC24rkwUTWS/guYLWDoYVh5Wzr5qA9Bum8ldqhJBOes4BUsoHW
ExkzgVLrV2Y1BYLfr+nJlGR8zsqeClueM/AcXAUZL/il/ugBcgK8YsrBbFhKWMAd
QoinBg9jLJpG7Pxii5cC43hCa3WNKfWCW+9+YChLhnTe3L+ykdU90G24aUHXvbus
HDUGJW0UAC6ij3Rvb0miaUL+4V5auJ0bs4jTp+mu9BWcFfDTiBEC9lCGbYip9Emu
PSNagEiVELzH5DNz0/5pe7lBgDi4eeJtF8GBk5Gpltd8Wu/9bwV51fhYQIEaRa9t
FCshFUMZhAf/5mT7KZ0dkQqRKjbw6rKt6wIDAQABo4ICOTCCAjUwHQYDVR0OBBYE
FOJlnfER3P8VZBig4u5s6KKYOIprMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGmBggrBgEFBQcB
CwSBmTCBljCBkwYIKwYBBQUHMAuGgYZyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MjM0MzAzNDNhMzgzMDMwMzAzYTMyMzMzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAz
MTM3MzQzNTMxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAJASAAAAjMA0GCSqGSIb3DQEBCwUAA4IBAQAH
AlOTV1OYQqbg/f39cPoO/5UkYfmEtX9MbBBa0hDLSOvXrt1fsaZVqIa8gN798vZE
8N27H07eJX3Q4nmmBOXmMbRgtBPDVV6JyGRmMvcOiMTfRq8EDmONzeelUa5MFAG9
vI52MbzzO2OjIC9YhbatQLSz65VYtVMhnJMx27fPJptnexzKKuXcCxWCXhtPvRMF
7aDMUbyavxbDL1AvbkMbYuS/NhxAUy+ssqcZyAG68vOoURNZUJY0RpkUAzE777bk
M+ToOTCdcAxUvIyoSEJcEhRF66irp4B+e2KabMi4Q4OFUWk/ar8tKaKVh5cdH2Kc
aLVnuAPFf+N9zhHkBkK6
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:14:01 2023 by rpki-client on console-ams.rpki-client.org