Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/324a65f4-4f4b-44b6-a2eb-59957bc6a4d3/0/34332e3233302e3133312e302f32342d3234203d3e203233363739.roa
File:                     34332e3233302e3133312e302f32342d3234203d3e203233363739.roa (raw, json)
Hash identifier:          /iu2X8ZN57Pz+bit0U6Htfhl/xSz7AGMu+6WWETpNoE=
Subject key identifier:   7F:44:24:35:4E:6B:69:AF:22:60:35:F5:BE:D9:31:1B:44:73:19:7F
Certificate issuer:       /CN=338DEB8D7051C63FC6CCD7B1A5DD8C9E3C93B96B
Certificate serial:       231D2D1BD2F60CE52BEC4EA23327BF5985CECD2E
Authority key identifier: 33:8D:EB:8D:70:51:C6:3F:C6:CC:D7:B1:A5:DD:8C:9E:3C:93:B9:6B
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/338DEB8D7051C63FC6CCD7B1A5DD8C9E3C93B96B.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/324a65f4-4f4b-44b6-a2eb-59957bc6a4d3/0/34332e3233302e3133312e302f32342d3234203d3e203233363739.roa
Signing time:             Wed 19 Oct 2022 06:00:00 +0000
ROA not before:           Wed 19 Oct 2022 05:55:00 +0000
ROA not after:            Wed 18 Oct 2023 06:00:00 +0000
asID:                     23679
IP address blocks:        43.230.131.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:1d:2d:1b:d2:f6:0c:e5:2b:ec:4e:a2:33:27:bf:59:85:ce:cd:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=338DEB8D7051C63FC6CCD7B1A5DD8C9E3C93B96B
        Validity
            Not Before: Oct 19 05:55:00 2022 GMT
            Not After : Oct 18 06:00:00 2023 GMT
        Subject: CN=7F4424354E6B69AF226035F5BED9311B4473197F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:26:49:05:83:f3:52:dc:2e:b9:ce:d7:c9:93:
                    0b:db:9e:bb:14:6c:f8:43:8c:fd:64:13:d8:d7:73:
                    75:47:65:c0:b6:6c:13:5c:dd:f5:30:0c:e5:cb:39:
                    1c:cc:a2:4c:5a:5b:03:74:20:ce:22:5f:06:37:5e:
                    64:f9:a1:ab:26:52:cb:2d:5b:b6:07:ee:c3:4c:18:
                    6d:38:f2:14:e2:38:17:c0:fd:fd:b5:4b:f8:87:f5:
                    cc:7f:32:8c:09:3b:c5:fe:7b:b6:f0:21:74:b4:d7:
                    1c:fc:d6:65:9c:ba:8f:67:ff:7f:37:42:ac:09:b4:
                    53:7f:ac:68:b7:09:e0:b4:35:1e:0d:7c:01:a2:3f:
                    ea:f4:82:bd:d9:09:7b:23:14:ce:1d:45:18:46:b4:
                    a9:61:03:05:da:67:b0:ef:c9:34:10:c5:45:8d:cc:
                    a6:0b:e5:47:69:33:1a:a2:30:15:00:24:40:0f:35:
                    d6:af:79:ce:cc:00:68:e1:08:07:2b:21:21:ac:b6:
                    d2:1c:d2:a9:af:08:3f:40:18:ef:50:66:11:8d:16:
                    f3:c5:53:32:23:48:c9:42:69:8b:62:c4:ba:0e:2b:
                    00:53:cc:c6:64:22:af:cb:a1:71:58:b0:3c:c7:f8:
                    be:67:3f:96:d3:10:96:0d:a4:2d:a7:36:bd:17:a7:
                    b1:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:44:24:35:4E:6B:69:AF:22:60:35:F5:BE:D9:31:1B:44:73:19:7F
            X509v3 Authority Key Identifier:
                keyid:33:8D:EB:8D:70:51:C6:3F:C6:CC:D7:B1:A5:DD:8C:9E:3C:93:B9:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/324a65f4-4f4b-44b6-a2eb-59957bc6a4d3/0/338DEB8D7051C63FC6CCD7B1A5DD8C9E3C93B96B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/338DEB8D7051C63FC6CCD7B1A5DD8C9E3C93B96B.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/324a65f4-4f4b-44b6-a2eb-59957bc6a4d3/0/34332e3233302e3133312e302f32342d3234203d3e203233363739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.230.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:06:8a:c9:f1:b2:17:88:3d:d7:bc:39:32:80:b8:f3:99:9a:
         1b:3a:f6:cd:87:a8:fb:2e:8e:37:fe:de:b0:4b:3e:79:1f:03:
         55:b5:f3:2e:20:17:ab:e6:11:ea:25:3c:bf:72:e2:a7:e7:20:
         44:7e:66:b3:d2:55:6d:e8:ed:eb:98:45:b6:c2:1c:91:c1:81:
         1b:9c:89:0c:fd:c3:c7:26:b6:5e:37:5f:74:20:6d:24:ec:5d:
         68:e6:0e:61:c5:64:10:e0:4a:30:77:e7:b8:59:d7:85:41:e6:
         3e:c4:d1:c6:f5:9f:78:7c:c1:e5:46:78:68:21:f3:44:7d:34:
         09:f8:40:2b:56:64:59:a7:80:3d:71:b7:99:9a:17:0b:81:ff:
         cb:b7:73:61:71:52:4c:ee:13:bb:9a:86:85:c1:4e:36:b0:9a:
         8e:14:0d:78:64:c5:53:0a:8c:70:88:a5:41:66:c5:54:cf:dd:
         d7:c2:07:03:a3:2f:c2:36:d1:91:6e:08:81:43:bb:58:1e:ed:
         e1:80:4b:3a:d9:8a:ea:98:ea:d4:0e:df:6e:c4:a2:70:9a:be:
         35:64:ac:d3:86:f6:ea:cc:d5:bc:55:9d:cf:79:09:03:63:c4:
         8e:ea:29:9c:2b:72:aa:d6:99:80:17:2e:11:36:13:fb:bf:13:
         3e:9b:be:71
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUIx0tG9L2DOUr7E6iMye/WYXOzS4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzM4REVCOEQ3MDUxQzYzRkM2Q0NEN0IxQTVERDhDOUUz
QzkzQjk2QjAeFw0yMjEwMTkwNTU1MDBaFw0yMzEwMTgwNjAwMDBaMDMxMTAvBgNV
BAMTKDdGNDQyNDM1NEU2QjY5QUYyMjYwMzVGNUJFRDkzMTFCNDQ3MzE5N0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJkkFg/NS3C65ztfJkwvbnrsU
bPhDjP1kE9jXc3VHZcC2bBNc3fUwDOXLORzMokxaWwN0IM4iXwY3XmT5oasmUsst
W7YH7sNMGG048hTiOBfA/f21S/iH9cx/MowJO8X+e7bwIXS01xz81mWcuo9n/383
QqwJtFN/rGi3CeC0NR4NfAGiP+r0gr3ZCXsjFM4dRRhGtKlhAwXaZ7DvyTQQxUWN
zKYL5UdpMxqiMBUAJEAPNdavec7MAGjhCAcrISGsttIc0qmvCD9AGO9QZhGNFvPF
UzIjSMlCaYtixLoOKwBTzMZkIq/LoXFYsDzH+L5nP5bTEJYNpC2nNr0Xp7H3AgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUf0QkNU5raa8iYDX1vtkxG0RzGX8wHwYDVR0j
BBgwFoAUM43rjXBRxj/GzNexpd2MnjyTuWswDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8z
MjRhNjVmNC00ZjRiLTQ0YjYtYTJlYi01OTk1N2JjNmE0ZDMvMC8zMzhERUI4RDcw
NTFDNjNGQzZDQ0Q3QjFBNUREOEM5RTNDOTNCOTZCLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMzM4REVCOEQ3MDUxQzYzRkM2Q0NEN0IxQTVERDhDOUUzQzkz
Qjk2Qi5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzMyNGE2NWY0LTRmNGItNDRiNi1h
MmViLTU5OTU3YmM2YTRkMy8wLzM0MzMyZTMyMzMzMDJlMzEzMzMxMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzIzMzM2MzczOS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEACvmgzANBgkqhkiG
9w0BAQsFAAOCAQEAlAaKyfGyF4g917w5MoC485maGzr2zYeo+y6ON/7esEs+eR8D
VbXzLiAXq+YR6iU8v3Lip+cgRH5ms9JVbejt65hFtsIckcGBG5yJDP3Dxya2Xjdf
dCBtJOxdaOYOYcVkEOBKMHfnuFnXhUHmPsTRxvWfeHzB5UZ4aCHzRH00CfhAK1Zk
WaeAPXG3mZoXC4H/y7dzYXFSTO4Tu5qGhcFONrCajhQNeGTFUwqMcIilQWbFVM/d
18IHA6MvwjbRkW4IgUO7WB7t4YBLOtmK6pjq1A7fbsSicJq+NWSs04b26szVvFWd
z3kJA2PEjuopnCtyqtaZgBcuETYT+78TPpu+cQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:37:02 2024 by rpki-client on console-fra.rpki-client.org