Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a62383a3a2f34382d3438203d3e203137343531.roa
File:                     323430343a383030303a62383a3a2f34382d3438203d3e203137343531.roa (raw, json)
Hash identifier:          b3BJaJvVzxahWtzs2WubGZKsub+DoiM/v03UaLa+ZV4=
Subject key identifier:   D8:A9:AF:C7:5D:F9:80:24:01:15:96:AB:9F:9A:5E:59:B6:6F:04:28
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       11931499D23C7D3298BD86C93603805AF3628BCE
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a62383a3a2f34382d3438203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:01:13 +0000
ROA not before:           Wed 29 Sep 2021 23:56:13 +0000
ROA not after:            Fri 30 Sep 2022 00:01:13 +0000
asID:                     17451
IP address blocks:        2404:8000:b8::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:93:14:99:d2:3c:7d:32:98:bd:86:c9:36:03:80:5a:f3:62:8b:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:56:13 2021 GMT
            Not After : Sep 30 00:01:13 2022 GMT
        Subject: CN=3082010A0282010100AA9927CAB6732F620F9A5DBE8B3764736B21A32AB45EF1EBCD85A265DC00007473EEA6C200F8DB36826899478692395A2398ED6FCF3F41DF3CF8DA36BA0E92A311FDEDB5FD451C771B4142E907970A0A76E93E85C46D0878B1D00F505DB10A1DD9E54D4BB790DB878C2EC7B60CF17324D722891ADEF45B6377C42670493C65488C9A9A20A00FD231F2AE54704079417B3CAD1324A01FB810A0A798536073C647BD025375F605B798BCB3A3F38539250F4D483B5A90107D29B868E739D5CC0BC103934A0FB6F5C1F41205ABB0DB5590A1A615EE085813A16FC7CDD8558A25A27807C08EE30DF3B9F47841DB9A9EDDC377925A5A97B26EF2B67784992524F0649D0203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:99:27:ca:b6:73:2f:62:0f:9a:5d:be:8b:37:
                    64:73:6b:21:a3:2a:b4:5e:f1:eb:cd:85:a2:65:dc:
                    00:00:74:73:ee:a6:c2:00:f8:db:36:82:68:99:47:
                    86:92:39:5a:23:98:ed:6f:cf:3f:41:df:3c:f8:da:
                    36:ba:0e:92:a3:11:fd:ed:b5:fd:45:1c:77:1b:41:
                    42:e9:07:97:0a:0a:76:e9:3e:85:c4:6d:08:78:b1:
                    d0:0f:50:5d:b1:0a:1d:d9:e5:4d:4b:b7:90:db:87:
                    8c:2e:c7:b6:0c:f1:73:24:d7:22:89:1a:de:f4:5b:
                    63:77:c4:26:70:49:3c:65:48:8c:9a:9a:20:a0:0f:
                    d2:31:f2:ae:54:70:40:79:41:7b:3c:ad:13:24:a0:
                    1f:b8:10:a0:a7:98:53:60:73:c6:47:bd:02:53:75:
                    f6:05:b7:98:bc:b3:a3:f3:85:39:25:0f:4d:48:3b:
                    5a:90:10:7d:29:b8:68:e7:39:d5:cc:0b:c1:03:93:
                    4a:0f:b6:f5:c1:f4:12:05:ab:b0:db:55:90:a1:a6:
                    15:ee:08:58:13:a1:6f:c7:cd:d8:55:8a:25:a2:78:
                    07:c0:8e:e3:0d:f3:b9:f4:78:41:db:9a:9e:dd:c3:
                    77:92:5a:5a:97:b2:6e:f2:b6:77:84:99:25:24:f0:
                    64:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:A9:AF:C7:5D:F9:80:24:01:15:96:AB:9F:9A:5E:59:B6:6F:04:28
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a62383a3a2f34382d3438203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2404:8000:b8::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:77:df:55:9e:8b:50:47:1d:39:ca:8d:8d:88:3a:f9:17:aa:
         67:d2:7e:f6:18:98:34:dc:03:97:b1:56:8f:f2:ab:ec:0e:72:
         ff:f7:f4:9e:33:35:47:8f:fd:87:ab:f9:34:bc:81:55:12:d7:
         1d:cc:3e:b2:89:27:b4:14:31:9c:86:fc:59:21:e9:63:f9:2e:
         2b:3b:dd:5d:30:4a:7d:f6:a0:1c:01:89:a1:7b:9c:82:84:4c:
         5c:2b:3f:83:61:8b:57:df:e9:8f:26:08:2e:f3:17:dc:00:1a:
         e7:c7:f1:0e:2a:3c:dc:71:0d:83:d1:3d:0e:f2:55:e7:34:26:
         f2:da:d8:4b:b8:0c:73:c7:46:45:57:90:c6:4e:b4:a8:65:81:
         26:90:7b:40:1f:4c:7b:b2:0b:50:58:3d:90:49:c2:f7:32:6b:
         f1:87:72:0e:56:75:17:30:e6:ad:8e:ae:d9:7c:c5:7e:8a:5a:
         46:1d:57:4c:1c:9c:bd:84:61:00:c3:48:9f:90:93:50:1a:61:
         67:4e:88:94:82:27:24:1f:0f:3f:16:03:c1:96:f6:03:25:14:
         f6:5f:bd:92:70:16:03:b3:64:41:75:84:33:e0:e5:44:52:15:
         a9:01:ea:dc:71:74:d6:43:1c:07:f9:31:b5:6f:b9:43:03:17:
         b2:d2:3b:93
-----BEGIN CERTIFICATE-----
MIIHKzCCBhOgAwIBAgIUEZMUmdI8fTKYvYbJNgOAWvNii84wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU2MTNaFw0yMjA5MzAwMDAxMTNaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQUE5OTI3Q0FCNjczMkY2MjBG
OUE1REJFOEIzNzY0NzM2QjIxQTMyQUI0NUVGMUVCQ0Q4NUEyNjVEQzAwMDA3NDcz
RUVBNkMyMDBGOERCMzY4MjY4OTk0Nzg2OTIzOTVBMjM5OEVENkZDRjNGNDFERjND
RjhEQTM2QkEwRTkyQTMxMUZERURCNUZENDUxQzc3MUI0MTQyRTkwNzk3MEEwQTc2
RTkzRTg1QzQ2RDA4NzhCMUQwMEY1MDVEQjEwQTFERDlFNTRENEJCNzkwREI4NzhD
MkVDN0I2MENGMTczMjRENzIyODkxQURFRjQ1QjYzNzdDNDI2NzA0OTNDNjU0ODhD
OUE5QTIwQTAwRkQyMzFGMkFFNTQ3MDQwNzk0MTdCM0NBRDEzMjRBMDFGQjgxMEEw
QTc5ODUzNjA3M0M2NDdCRDAyNTM3NUY2MDVCNzk4QkNCM0EzRjM4NTM5MjUwRjRE
NDgzQjVBOTAxMDdEMjlCODY4RTczOUQ1Q0MwQkMxMDM5MzRBMEZCNkY1QzFGNDEy
MDVBQkIwREI1NTkwQTFBNjE1RUUwODU4MTNBMTZGQzdDREQ4NTU4QTI1QTI3ODA3
QzA4RUUzMERGM0I5RjQ3ODQxREI5QTlFRERDMzc3OTI1QTVBOTdCMjZFRjJCNjc3
ODQ5OTI1MjRGMDY0OUQwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAqpknyrZzL2IPml2+izdkc2shoyq0XvHrzYWiZdwAAHRz7qbCAPjb
NoJomUeGkjlaI5jtb88/Qd88+No2ug6SoxH97bX9RRx3G0FC6QeXCgp26T6FxG0I
eLHQD1BdsQod2eVNS7eQ24eMLse2DPFzJNciiRre9Ftjd8QmcEk8ZUiMmpogoA/S
MfKuVHBAeUF7PK0TJKAfuBCgp5hTYHPGR70CU3X2BbeYvLOj84U5JQ9NSDtakBB9
Kbho5znVzAvBA5NKD7b1wfQSBauw21WQoaYV7ghYE6Fvx83YVYolongHwI7jDfO5
9HhB25qe3cN3klpal7Ju8rZ3hJklJPBknQIDAQABo4ICOTCCAjUwHQYDVR0OBBYE
FNipr8dd+YAkARWWq5+aXlm2bwQoMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGmBggrBgEFBQcB
CwSBmTCBljCBkwYIKwYBBQUHMAuGgYZyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MjM0MzAzNDNhMzgzMDMwMzAzYTYyMzgzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAz
MTM3MzQzNTMxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAJASAAAC4MA0GCSqGSIb3DQEBCwUAA4IBAQAo
d99VnotQRx05yo2NiDr5F6pn0n72GJg03AOXsVaP8qvsDnL/9/SeMzVHj/2Hq/k0
vIFVEtcdzD6yiSe0FDGchvxZIelj+S4rO91dMEp99qAcAYmhe5yChExcKz+DYYtX
3+mPJggu8xfcABrnx/EOKjzccQ2D0T0O8lXnNCby2thLuAxzx0ZFV5DGTrSoZYEm
kHtAH0x7sgtQWD2QScL3Mmvxh3IOVnUXMOatjq7ZfMV+ilpGHVdMHJy9hGEAw0if
kJNQGmFnToiUgickHw8/FgPBlvYDJRT2X72ScBYDs2RBdYQz4OVEUhWpAerccXTW
QxwH+TG1b7lDAxey0juT
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:14:01 2023 by rpki-client on console-ams.rpki-client.org