Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a63353a3a2f34382d3438203d3e203137343531.roa
File:                     323430343a383030303a63353a3a2f34382d3438203d3e203137343531.roa (raw, json)
Hash identifier:          ymN5Zl84X8kFt8v8qsdt1W6j7ub5NtUZ1TPImglAnQ4=
Subject key identifier:   BC:CF:B8:12:E4:80:FA:60:B1:C4:E9:04:B5:6F:C1:BB:D0:7D:D3:F2
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       7483E3C42714AC3D33CF1F73159D4ADC429C1949
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a63353a3a2f34382d3438203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:00:38 +0000
ROA not before:           Wed 29 Sep 2021 23:55:38 +0000
ROA not after:            Fri 30 Sep 2022 00:00:38 +0000
asID:                     17451
IP address blocks:        2404:8000:c5::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:83:e3:c4:27:14:ac:3d:33:cf:1f:73:15:9d:4a:dc:42:9c:19:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:55:38 2021 GMT
            Not After : Sep 30 00:00:38 2022 GMT
        Subject: CN=3082010A0282010100A0542A69451F475683E5A79119DE51C4BDDCF24D6BC4ED6E0CB0FE310422FA97028DB73D570E2DF94CAB18F77AC1A10736F70E94C1450B2155AB51B442CD4A0DC97A00C2D8CEF63C8D6BFBBA8E2A3256FDD9137F8BCA61EAACAFD0A1FAD651BCD0DE1A0E543807087D9758119C65A0BED97F0BB22D3C2AB95825E0C16C5D23ADB4499717E9D7302436568D42FB6DD96BB69E3B1A93974D9F71B31D9EB409F00333F9058DD6A49CB3D6DE1D272CA948640FBF2B96033577944293497D625D3F68CF20FFE2A07BD6B2533FF2D7863BBCE24D5548A6F89D4B6CD6E17C96BA053AED6802BE4C821615B2416821D490094F86E62B2827E8B0C571D534E207DDCE06390203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:54:2a:69:45:1f:47:56:83:e5:a7:91:19:de:
                    51:c4:bd:dc:f2:4d:6b:c4:ed:6e:0c:b0:fe:31:04:
                    22:fa:97:02:8d:b7:3d:57:0e:2d:f9:4c:ab:18:f7:
                    7a:c1:a1:07:36:f7:0e:94:c1:45:0b:21:55:ab:51:
                    b4:42:cd:4a:0d:c9:7a:00:c2:d8:ce:f6:3c:8d:6b:
                    fb:ba:8e:2a:32:56:fd:d9:13:7f:8b:ca:61:ea:ac:
                    af:d0:a1:fa:d6:51:bc:d0:de:1a:0e:54:38:07:08:
                    7d:97:58:11:9c:65:a0:be:d9:7f:0b:b2:2d:3c:2a:
                    b9:58:25:e0:c1:6c:5d:23:ad:b4:49:97:17:e9:d7:
                    30:24:36:56:8d:42:fb:6d:d9:6b:b6:9e:3b:1a:93:
                    97:4d:9f:71:b3:1d:9e:b4:09:f0:03:33:f9:05:8d:
                    d6:a4:9c:b3:d6:de:1d:27:2c:a9:48:64:0f:bf:2b:
                    96:03:35:77:94:42:93:49:7d:62:5d:3f:68:cf:20:
                    ff:e2:a0:7b:d6:b2:53:3f:f2:d7:86:3b:bc:e2:4d:
                    55:48:a6:f8:9d:4b:6c:d6:e1:7c:96:ba:05:3a:ed:
                    68:02:be:4c:82:16:15:b2:41:68:21:d4:90:09:4f:
                    86:e6:2b:28:27:e8:b0:c5:71:d5:34:e2:07:dd:ce:
                    06:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:CF:B8:12:E4:80:FA:60:B1:C4:E9:04:B5:6F:C1:BB:D0:7D:D3:F2
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a63353a3a2f34382d3438203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2404:8000:c5::/48

    Signature Algorithm: sha256WithRSAEncryption
         36:0a:03:48:03:16:0d:bb:9f:91:2d:28:5b:21:59:70:24:18:
         16:fc:64:9a:4a:1b:e8:4d:60:5d:9a:70:2b:5d:7f:de:81:17:
         ab:78:fa:02:3c:e2:44:11:31:ff:a0:54:26:16:86:5a:2f:5c:
         72:3c:84:ad:3e:52:b1:35:fc:56:d3:ca:04:d0:aa:93:c9:4f:
         0a:49:d6:d6:54:92:ea:50:6f:11:a0:38:07:d9:1a:eb:10:90:
         ab:a6:28:0a:2a:b5:5f:1c:cc:8d:de:7f:dc:7b:f3:74:96:74:
         75:07:1a:59:59:df:e3:2b:11:4b:4f:98:3f:d7:c6:ac:ab:ef:
         df:bf:8b:81:87:b6:45:7f:5f:7f:a6:22:b1:f1:b1:74:a3:5f:
         64:99:87:55:eb:ec:83:6e:35:cb:a6:55:46:03:85:a3:51:5c:
         38:62:d7:34:5c:c5:ff:89:9e:bf:1b:c7:aa:6b:a4:c8:41:ce:
         c6:94:f9:8d:11:ed:e3:ac:93:28:67:8c:5e:47:b6:73:4d:29:
         a5:6a:0c:2a:ec:a7:28:d0:ec:dd:85:e7:31:c1:b9:fa:4e:37:
         02:8d:24:11:dc:7c:f1:ed:04:92:ea:a7:80:22:b2:13:4d:06:
         f0:e5:23:35:11:ee:0f:ed:e0:0a:6a:b7:df:43:4b:08:32:e4:
         50:ce:b0:7e
-----BEGIN CERTIFICATE-----
MIIHKzCCBhOgAwIBAgIUdIPjxCcUrD0zzx9zFZ1K3EKcGUkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU1MzhaFw0yMjA5MzAwMDAwMzhaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQTA1NDJBNjk0NTFGNDc1Njgz
RTVBNzkxMTlERTUxQzRCRERDRjI0RDZCQzRFRDZFMENCMEZFMzEwNDIyRkE5NzAy
OERCNzNENTcwRTJERjk0Q0FCMThGNzdBQzFBMTA3MzZGNzBFOTRDMTQ1MEIyMTU1
QUI1MUI0NDJDRDRBMERDOTdBMDBDMkQ4Q0VGNjNDOEQ2QkZCQkE4RTJBMzI1NkZE
RDkxMzdGOEJDQTYxRUFBQ0FGRDBBMUZBRDY1MUJDRDBERTFBMEU1NDM4MDcwODdE
OTc1ODExOUM2NUEwQkVEOTdGMEJCMjJEM0MyQUI5NTgyNUUwQzE2QzVEMjNBREI0
NDk5NzE3RTlENzMwMjQzNjU2OEQ0MkZCNkREOTZCQjY5RTNCMUE5Mzk3NEQ5Rjcx
QjMxRDlFQjQwOUYwMDMzM0Y5MDU4REQ2QTQ5Q0IzRDZERTFEMjcyQ0E5NDg2NDBG
QkYyQjk2MDMzNTc3OTQ0MjkzNDk3RDYyNUQzRjY4Q0YyMEZGRTJBMDdCRDZCMjUz
M0ZGMkQ3ODYzQkJDRTI0RDU1NDhBNkY4OUQ0QjZDRDZFMTdDOTZCQTA1M0FFRDY4
MDJCRTRDODIxNjE1QjI0MTY4MjFENDkwMDk0Rjg2RTYyQjI4MjdFOEIwQzU3MUQ1
MzRFMjA3RERDRTA2MzkwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAoFQqaUUfR1aD5aeRGd5RxL3c8k1rxO1uDLD+MQQi+pcCjbc9Vw4t
+UyrGPd6waEHNvcOlMFFCyFVq1G0Qs1KDcl6AMLYzvY8jWv7uo4qMlb92RN/i8ph
6qyv0KH61lG80N4aDlQ4Bwh9l1gRnGWgvtl/C7ItPCq5WCXgwWxdI620SZcX6dcw
JDZWjUL7bdlrtp47GpOXTZ9xsx2etAnwAzP5BY3WpJyz1t4dJyypSGQPvyuWAzV3
lEKTSX1iXT9ozyD/4qB71rJTP/LXhju84k1VSKb4nUts1uF8lroFOu1oAr5MghYV
skFoIdSQCU+G5isoJ+iwxXHVNOIH3c4GOQIDAQABo4ICOTCCAjUwHQYDVR0OBBYE
FLzPuBLkgPpgscTpBLVvwbvQfdPyMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGmBggrBgEFBQcB
CwSBmTCBljCBkwYIKwYBBQUHMAuGgYZyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MjM0MzAzNDNhMzgzMDMwMzAzYTYzMzUzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAz
MTM3MzQzNTMxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAJASAAADFMA0GCSqGSIb3DQEBCwUAA4IBAQA2
CgNIAxYNu5+RLShbIVlwJBgW/GSaShvoTWBdmnArXX/egRerePoCPOJEETH/oFQm
FoZaL1xyPIStPlKxNfxW08oE0KqTyU8KSdbWVJLqUG8RoDgH2RrrEJCrpigKKrVf
HMyN3n/ce/N0lnR1BxpZWd/jKxFLT5g/18asq+/fv4uBh7ZFf19/piKx8bF0o19k
mYdV6+yDbjXLplVGA4WjUVw4Ytc0XMX/iZ6/G8eqa6TIQc7GlPmNEe3jrJMoZ4xe
R7ZzTSmlagwq7Kco0Ozdhecxwbn6TjcCjSQR3Hzx7QSS6qeAIrITTQbw5SM1Ee4P
7eAKarffQ0sIMuRQzrB+
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:14:01 2023 by rpki-client on console-ams.rpki-client.org