Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230322e3136392e33392e302f32342d3234203d3e203137343531.roa
File:                     3230322e3136392e33392e302f32342d3234203d3e203137343531.roa (raw, json)
Hash identifier:          TQVWZU1rmDZe+hvKF84rd6rJePdjtc/ImukmY/ZCL3A=
Subject key identifier:   2C:E7:6F:A6:EE:35:9A:94:3C:B4:8C:2A:9B:C8:06:A7:F3:F7:95:A8
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       3E8A9B766D411DE6C6D2D92864C3ECA43C5B4981
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230322e3136392e33392e302f32342d3234203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:00:57 +0000
ROA not before:           Wed 29 Sep 2021 23:55:57 +0000
ROA not after:            Fri 30 Sep 2022 00:00:57 +0000
asID:                     17451
IP address blocks:        202.169.39.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:8a:9b:76:6d:41:1d:e6:c6:d2:d9:28:64:c3:ec:a4:3c:5b:49:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:55:57 2021 GMT
            Not After : Sep 30 00:00:57 2022 GMT
        Subject: CN=3082010A02820101009F6FE6AC2C65FD92AAD9FF42A6F44EB27F7507732AFB215EF925D1CF25B645540E9421A44CA8D3F5F1083DD7D623DD2F786239A9BD2644F6E0C609EB57579A693AE89C360CEA1F1367CE3416053F3F06B1BDBB1D85621F8373475E7D756CBB954E36AB016C38B16111126AC7F2812F9718E38B310C17379CE3703820AD9A3DB8EA3A2281CEF866015BF28A1C680ADA71012FDF54EB152D1E12EF71A439E8472464120DD9B7B67E9332E2F712C74DC02687B332AA44B5AF89ACCE2E867358C9B623F4B79546D1329399A94D0A64FB71833FA40386F72567E947B5D34EC4D24F2EB149FCE47E7FDA5F5F12A73D4D6112B1E4C711C9C2F006340C5195491729F1490203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:6f:e6:ac:2c:65:fd:92:aa:d9:ff:42:a6:f4:
                    4e:b2:7f:75:07:73:2a:fb:21:5e:f9:25:d1:cf:25:
                    b6:45:54:0e:94:21:a4:4c:a8:d3:f5:f1:08:3d:d7:
                    d6:23:dd:2f:78:62:39:a9:bd:26:44:f6:e0:c6:09:
                    eb:57:57:9a:69:3a:e8:9c:36:0c:ea:1f:13:67:ce:
                    34:16:05:3f:3f:06:b1:bd:bb:1d:85:62:1f:83:73:
                    47:5e:7d:75:6c:bb:95:4e:36:ab:01:6c:38:b1:61:
                    11:12:6a:c7:f2:81:2f:97:18:e3:8b:31:0c:17:37:
                    9c:e3:70:38:20:ad:9a:3d:b8:ea:3a:22:81:ce:f8:
                    66:01:5b:f2:8a:1c:68:0a:da:71:01:2f:df:54:eb:
                    15:2d:1e:12:ef:71:a4:39:e8:47:24:64:12:0d:d9:
                    b7:b6:7e:93:32:e2:f7:12:c7:4d:c0:26:87:b3:32:
                    aa:44:b5:af:89:ac:ce:2e:86:73:58:c9:b6:23:f4:
                    b7:95:46:d1:32:93:99:a9:4d:0a:64:fb:71:83:3f:
                    a4:03:86:f7:25:67:e9:47:b5:d3:4e:c4:d2:4f:2e:
                    b1:49:fc:e4:7e:7f:da:5f:5f:12:a7:3d:4d:61:12:
                    b1:e4:c7:11:c9:c2:f0:06:34:0c:51:95:49:17:29:
                    f1:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:E7:6F:A6:EE:35:9A:94:3C:B4:8C:2A:9B:C8:06:A7:F3:F7:95:A8
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230322e3136392e33392e302f32342d3234203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.169.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:42:b6:aa:2a:2a:8a:cd:ed:fd:55:61:2e:72:9e:fb:ed:ea:
         43:66:71:2b:ee:d1:d1:53:62:18:81:5b:b0:ed:49:d2:b9:d6:
         fb:dd:6e:dd:ef:a8:0f:03:bd:4d:d5:c9:24:68:b4:84:23:b6:
         75:6c:0f:a8:2e:39:c0:77:99:34:df:73:9d:2f:fa:dc:60:1f:
         8a:27:01:c3:5f:fd:6a:59:cc:f6:0d:6e:f0:56:f1:52:ab:29:
         df:41:82:a4:8e:ee:bf:26:c9:ed:78:f0:fb:e2:eb:28:17:1f:
         c6:a6:b0:85:09:7a:f7:bb:21:b8:e1:08:0c:3e:60:bb:eb:82:
         10:f3:ea:e0:48:df:48:09:c9:2c:3f:87:2a:3b:94:30:5a:68:
         df:56:df:4e:aa:6f:45:04:2d:61:d8:66:f6:08:3c:f7:20:63:
         62:85:b6:64:d3:05:3b:78:94:f4:29:be:e5:3e:a4:91:2f:70:
         64:6b:14:0e:48:6d:34:a1:1e:1a:78:eb:c4:aa:13:40:6f:98:
         85:5d:3b:5a:ee:9b:f2:9a:79:8c:66:d9:c5:0a:e9:b6:5a:d8:
         a2:9e:99:c3:bf:3b:eb:c3:d2:42:5e:8d:36:b6:03:42:5a:b0:
         f3:55:c0:20:54:da:0b:61:31:c4:37:ac:af:50:9e:5f:34:44:
         2d:8c:66:d3
-----BEGIN CERTIFICATE-----
MIIHJDCCBgygAwIBAgIUPoqbdm1BHebG0tkoZMPspDxbSYEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU1NTdaFw0yMjA5MzAwMDAwNTdaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwOUY2RkU2QUMyQzY1RkQ5MkFB
RDlGRjQyQTZGNDRFQjI3Rjc1MDc3MzJBRkIyMTVFRjkyNUQxQ0YyNUI2NDU1NDBF
OTQyMUE0NENBOEQzRjVGMTA4M0REN0Q2MjNERDJGNzg2MjM5QTlCRDI2NDRGNkUw
QzYwOUVCNTc1NzlBNjkzQUU4OUMzNjBDRUExRjEzNjdDRTM0MTYwNTNGM0YwNkIx
QkRCQjFEODU2MjFGODM3MzQ3NUU3RDc1NkNCQjk1NEUzNkFCMDE2QzM4QjE2MTEx
MTI2QUM3RjI4MTJGOTcxOEUzOEIzMTBDMTczNzlDRTM3MDM4MjBBRDlBM0RCOEVB
M0EyMjgxQ0VGODY2MDE1QkYyOEExQzY4MEFEQTcxMDEyRkRGNTRFQjE1MkQxRTEy
RUY3MUE0MzlFODQ3MjQ2NDEyMEREOUI3QjY3RTkzMzJFMkY3MTJDNzREQzAyNjg3
QjMzMkFBNDRCNUFGODlBQ0NFMkU4NjczNThDOUI2MjNGNEI3OTU0NkQxMzI5Mzk5
QTk0RDBBNjRGQjcxODMzRkE0MDM4NkY3MjU2N0U5NDdCNUQzNEVDNEQyNEYyRUIx
NDlGQ0U0N0U3RkRBNUY1RjEyQTczRDRENjExMkIxRTRDNzExQzlDMkYwMDYzNDBD
NTE5NTQ5MTcyOUYxNDkwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAn2/mrCxl/ZKq2f9CpvROsn91B3Mq+yFe+SXRzyW2RVQOlCGkTKjT
9fEIPdfWI90veGI5qb0mRPbgxgnrV1eaaTronDYM6h8TZ840FgU/PwaxvbsdhWIf
g3NHXn11bLuVTjarAWw4sWEREmrH8oEvlxjjizEMFzec43A4IK2aPbjqOiKBzvhm
AVvyihxoCtpxAS/fVOsVLR4S73GkOehHJGQSDdm3tn6TMuL3EsdNwCaHszKqRLWv
iazOLoZzWMm2I/S3lUbRMpOZqU0KZPtxgz+kA4b3JWfpR7XTTsTSTy6xSfzkfn/a
X18Spz1NYRKx5McRycLwBjQMUZVJFynxSQIDAQABo4ICMjCCAi4wHQYDVR0OBBYE
FCznb6buNZqUPLSMKpvIBqfz95WoMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGiBggrBgEFBQcB
CwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MjMwMzIyZTMxMzYzOTJlMzMzOTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzcz
NDM1MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBADKqScwDQYJKoZIhvcNAQELBQADggEBAKZCtqoqKorN
7f1VYS5ynvvt6kNmcSvu0dFTYhiBW7DtSdK51vvdbt3vqA8DvU3VySRotIQjtnVs
D6guOcB3mTTfc50v+txgH4onAcNf/WpZzPYNbvBW8VKrKd9BgqSO7r8mye148Pvi
6ygXH8amsIUJeve7IbjhCAw+YLvrghDz6uBI30gJySw/hyo7lDBaaN9W306qb0UE
LWHYZvYIPPcgY2KFtmTTBTt4lPQpvuU+pJEvcGRrFA5IbTShHhp468SqE0BvmIVd
O1rum/KaeYxm2cUK6bZa2KKemcO/O+vD0kJejTa2A0JasPNVwCBU2gthMcQ3rK9Q
nl80RC2MZtM=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:14:00 2023 by rpki-client on console-ams.rpki-client.org